Privacy - USC 2005


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Privacy - USC 2005

  1. 1. Internet Technologies Privacy – October 25, 2005
  2. 2. <ul><li> </li></ul><ul><li>Who do you share your personal information with? </li></ul>Question:
  3. 3. A Lot of People Friends & Family Utilities Public Postings Insurance Professional Medical Church & Affiliations Retail Education Credit & Banking Government You
  4. 4. <ul><li> </li></ul><ul><li>Who has access to your personal information? </li></ul>Question:
  5. 5. A Lot of People
  6. 6. What is privacy? <ul><li>pri·va·cy </li></ul><ul><li>n. The quality or condition of being secluded from the presence or view of others. The state of being free from unsanctioned intrusion: a person's right to privacy. The state of being concealed; secrecy. </li></ul>
  7. 7. Evolution of the Right of Privacy <ul><li>1791 – Bill of Rights </li></ul><ul><li>3 rd Amendment No Soldier shall, in time of peace be quartered in any house, without the consent of the Owner, nor in time of war, but in a manner to be prescribed by law. </li></ul><ul><li>4 th Amendment The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated . . . </li></ul><ul><li>5 th Amendment No person shall be . . . deprived of life, liberty, or property, without due process of law . . . </li></ul><ul><li>9 th Amendment The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.&quot; </li></ul>
  8. 8. <ul><li>1890 - The Right To Privacy </li></ul><ul><li>by Samuel Warren and Louis D. Brandeis - Harvard Law Review (1890) </li></ul><ul><li>1948 – Universal Declaration of Human Rights </li></ul><ul><li>No one shall be subjected to arbitrary interference with his privacy . . . Everyone has the right to the protection of the law against such interference. </li></ul><ul><li>1965 – Griswold v. Connecticut </li></ul><ul><li>Doctor charged for issuing birth control. </li></ul><ul><li>The court held that: specific guarantees in the Bill of Rights have penumbras, formed by emanations from those guarantees that help give them life and substance . . . [which includes] zones of privacy. </li></ul><ul><li>1972 – California Constitutional Amendment </li></ul><ul><li>&quot;All people are by nature free and independent and have inalienable rights. Among these are enjoying and defending life and liberty, acquiring, possessing, and protecting property, and pursuing and obtaining safety, happiness, and privacy .” </li></ul>Right of Privacy (con’t)
  9. 9. Privacy After Watergate
  10. 10. Early Privacy Legislation <ul><li>1970 </li></ul><ul><li>Fair Credit Reporting Act </li></ul><ul><li>Accuracy, fairness, and the privacy of personal information assembled by Credit Reporting Agencies </li></ul><ul><li>1972 </li></ul><ul><li>Freedom of Information Act </li></ul><ul><li>Permits access to government records </li></ul><ul><li>1974 </li></ul><ul><li>Privacy Act </li></ul><ul><li>Established rules for the collection, use and disclosure of personal information held by federal agencies and specifically prohibited data matching of those government files </li></ul><ul><li>Family Education Rights Privacy Act </li></ul><ul><li>Educational Record Privacy </li></ul><ul><li>1978 </li></ul><ul><li>Right to Financial Privacy Act </li></ul><ul><li>Consumers Must Get Notice & opportunity to object before government obtains financial records. </li></ul><ul><li>1986 </li></ul><ul><li>Electronic Communications Privacy Act </li></ul><ul><li>Addresses access, use, disclosure, interception and privacy protections of electronic communications. </li></ul><ul><li>Mail communications already protected </li></ul><ul><li>Computer Fraud & Abuse Act </li></ul><ul><li>Protect against intruders </li></ul><ul><li>1988 </li></ul><ul><li>Computer Matching and Privacy </li></ul><ul><li>Protection Act </li></ul><ul><li>Regulates government computer matching </li></ul><ul><li>Video Privacy Protection Act </li></ul><ul><li>Video rentals are private </li></ul>
  11. 11. The Internet Age
  12. 12. A Typical Website IP Address IP Address Registration Info Globe VCLK Registration Info
  13. 13. What Cookies Do <ul><li>Identity Verification </li></ul><ul><li>Personalization </li></ul><ul><ul><li>E.g., remember user name </li></ul></ul><ul><li>Preference Management </li></ul><ul><li>Shopping Baskets </li></ul><ul><li>Site Traffic Analysis </li></ul><ul><li>Load Management across servers </li></ul><ul><li>Advertising Controls </li></ul><ul><ul><li>Rotation </li></ul></ul><ul><ul><li>Frequency </li></ul></ul><ul><ul><li>Profile targeting </li></ul></ul><ul><ul><li>Customer Targeting </li></ul></ul><ul><li>Advertising Management </li></ul><ul><ul><li>Identify Referral Source </li></ul></ul><ul><ul><li>Track Referrals for compensation </li></ul></ul>
  14. 14. Cookies and Choice Allows User to Delete Cookies Allows User to Block Cookies
  15. 15. Anatomy of a Privacy Policy <ul><li>TYPES OF INFORMATION COLLECTED </li></ul><ul><li>Information You Provide Us </li></ul><ul><li>  </li></ul><ul><li>Site Usage Information </li></ul><ul><li>Email Communications </li></ul><ul><li>  </li></ul><ul><li>Information from Other Sources </li></ul><ul><li>HOW INFORMATION MAY BE COLLECTED </li></ul><ul><li>  </li></ul><ul><li>Registration . </li></ul><ul><li>Newsletters and Site Emails </li></ul><ul><li>  </li></ul><ul><li>Contests or Sweepstakes </li></ul><ul><li>  </li></ul><ul><li>Surveys or Voting </li></ul><ul><li>  </li></ul><ul><li>Cookies </li></ul><ul><li>  </li></ul><ul><li>IP Addresses and Click-stream Data </li></ul><ul><li>  </li></ul><ul><li>Transaction Information </li></ul><ul><li>  </li></ul><ul><li>HOW WE USE THE COLLECTED </li></ul><ul><li>INFORMATION </li></ul><ul><li>  </li></ul><ul><li>Personally identifiable information will not be sold or otherwise transferred on an individual basis to unaffiliated third parties without the approval of the user at the time of collection. . . . . </li></ul><ul><li>WITH WHOM THE INFORMATION MAY BE </li></ul><ul><li>SHARED </li></ul><ul><li>  </li></ul><ul><li>Agents: </li></ul><ul><li>Promotional Offers:. </li></ul><ul><li>Aggregate Information </li></ul><ul><li>Opt-in and Opt-out Programs </li></ul><ul><li>Partners Subsidiaries and Affiliates: </li></ul><ul><li>Business Transfers: </li></ul><ul><li>Legal Process: </li></ul><ul><li>SECURITY </li></ul><ul><li>  </li></ul><ul><li>This Site incorporates reasonable safeguards to protect the security, integrity, completeness, accuracy and privacy of the personal information that we may collect . . . </li></ul>
  16. 16. Privacy Policies <ul><li>No requirement to have privacy policies </li></ul><ul><li>Privacy Policy Requirements </li></ul><ul><ul><li>When you register with, you can rest assured that your information will never be shared with a third party </li></ul></ul><ul><li>Self Regulatory Initiatives </li></ul><ul><ul><li>Privacy Seals </li></ul></ul><ul><ul><ul><li>TRUSTe </li></ul></ul></ul><ul><ul><li>Platform for Privacy Preferences Project (P3P) </li></ul></ul><ul><ul><li>Industry Best Practices </li></ul></ul><ul><ul><ul><li>Network Advertising Initiative </li></ul></ul></ul>
  17. 17. EU Privacy Directive <ul><li>EU Privacy Directive </li></ul><ul><li>Data subjects have </li></ul><ul><li>a right of access to that data </li></ul><ul><li>a right to know where the data originated (if such information is available) </li></ul><ul><li>a right to have inaccurate data rectified </li></ul><ul><li>a right of recourse in the event of unlawful processing </li></ul><ul><li>a right to withhold permission to use their data in certain circumstances </li></ul><ul><li>EU Data Transfer </li></ul><ul><li>May not transfer to non-EU countries that do not meet EU standards </li></ul><ul><li>Exceptions where affirmative consent or necessary to serve data subject </li></ul>
  18. 18. EU Safe Harbor <ul><li>Notice Organizations must notify individuals about the purposes for which they collect and use information about them. </li></ul><ul><li>Choice Organizations must give individuals the opportunity to choose (opt out) whether their personal information will be disclosed to a third party </li></ul><ul><li>Transfers to Third Parties Subject to Notice and Choice. </li></ul><ul><li>Access Individuals must have access to personal information and be able to correct, amend, or delete that information where it is inaccurate, </li></ul><ul><li>Security : Organizations must take reasonable precautions to protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction . </li></ul><ul><li>Data integrity Personal information must be relevant for the purposes for which it is to be used. An organization should take reasonable steps to ensure that data is reliable for its intended use, accurate, complete, and current. </li></ul><ul><li>Enforcement Mechanism </li></ul>
  19. 19. How a bill becomes law
  20. 20. Recent Legislation <ul><li>FEDERAL </li></ul><ul><li>COPPA </li></ul><ul><li>Websites directed at children OR if know under 13 </li></ul><ul><li>Must post notice on Website </li></ul><ul><li>Must obtain parental consent before using PII </li></ul><ul><li>Gramm-Leach-Bliley ( GLB) </li></ul><ul><li>Financial institutions must </li></ul><ul><li>securely store personal financial information </li></ul><ul><li>advise you of their policies on sharing of personal financial information </li></ul><ul><li>give consumers the option to opt-out of some sharing of personal financial information. </li></ul><ul><li>Health Insurance Portability and </li></ul><ul><li>Accountability Act (HIPAA ) </li></ul><ul><li>Same concept as GLB </li></ul><ul><li>Notice, consent, security </li></ul><ul><li>CALIFORNIA </li></ul><ul><li>Shine the Light Law </li></ul><ul><li>Either disclose a list of the categories of PII disclosed to other companies for their marketing purposes (with the names and addresses of those companies); OR </li></ul><ul><li>Allow opt-out option via privacy policy </li></ul><ul><li>Online Privacy Protection Act </li></ul><ul><li>If collect PII from California residents </li></ul><ul><li>Must conspicuously post a privacy policy and identify the categories of PII collected and how it is shared. </li></ul><ul><li>Security Breach Notification </li></ul><ul><li>California Resident </li></ul><ul><li>Unencrypted </li></ul><ul><li>Social Security number, driver's license or state ID card number, or financial account numbers </li></ul><ul><li>This law requires a business or a State </li></ul>
  21. 21. ChoicePoint <ul><li>145,000 records accessed </li></ul><ul><li>Discovered because of California law </li></ul><ul><li>In first eight months after ChoicePoint </li></ul><ul><ul><li>Over 70 incidents </li></ul></ul><ul><ul><li>Involving over 50 Million Records </li></ul></ul>
  22. 22. Hall of Shame <ul><li>Government & Health Care </li></ul><ul><li>Other Companies </li></ul><ul><li>Financial Companies </li></ul>
  23. 23. PCS Rankings <ul><li>Ranked </li></ul><ul><li>Non-Ranked </li></ul>
  24. 24. The Wares <ul><li>Adware </li></ul><ul><li>Software bundled with ad service software </li></ul><ul><li>Notice & consent? </li></ul><ul><li>Spyware </li></ul><ul><li>Gathers information on user without knowledge </li></ul><ul><li>Email addresses </li></ul><ul><li>Passwords </li></ul><ul><li>Credit Card Information </li></ul><ul><li>Keystroke Logging </li></ul><ul><li>Alters default settings </li></ul><ul><li>Malware </li></ul><ul><li>Software designed specifically to damage or disrupt a system, such as a virus or a Trojan horse. </li></ul><ul><li>Scareware </li></ul><ul><li>“ Faux Spyware”, i.e., benign applications falsely labeled as Spyware </li></ul>
  25. 25. Spyware Legislation <ul><li>California Spyware </li></ul><ul><li>Act </li></ul><ul><li>Prohibits deceptive downloading and/or collection of information </li></ul><ul><li>Prohibits taking over third party computer or altering default settings </li></ul><ul><li>Federal Legislation </li></ul><ul><li>Questions </li></ul><ul><ul><li>Do you regulate conduct or technology? </li></ul></ul><ul><ul><li>Is spyware already illegal? </li></ul></ul><ul><li>Status </li></ul><ul><ul><li>House passed bill in 2004 and 2005 </li></ul></ul><ul><ul><li>Action stalled in the Senate </li></ul></ul>
  26. 26. OnGuardOnline.Gov <ul><li>Protect your personal information. It's valuable. </li></ul><ul><li>Know who you're dealing with. </li></ul><ul><li>Use anti-virus software and a firewall, and update both regularly. </li></ul><ul><li>Make sure your operating system and Web browser are set up properly and update them regularly. </li></ul><ul><li>Protect your passwords. </li></ul><ul><li>Back up important files. </li></ul><ul><li>Learn who to contact if something goes wrong online. </li></ul>