SlideShare a Scribd company logo

Privacy and Civil Liberties

Download as PPTX, PDF
Upekha Vandebona
Upekha Vandebona

Discussing about privacy related issues in the areas of Financial Data, Health Information and Children’s Personal Data with identifying regulations in USA and EU. Also it focus on Fair Information Practices.

1 of 45
Chapter 9 - Privacy and Civil Liberties IT 5105 – Professional Issues in IT Upekha Vandebona upe.vand@gmail.com Regulations Abroad [USA and EU] Ref : George W. Reynolds, “Ethics in Information Technology” , 5th Edition.
Privacy Violations for Making Decisions  Hire a job candidate (Specifically in IT industry)  Consumers’ purchasing habits and financial condition for target marketing efforts to consumers who are most likely to buy their products and services.
Privacy Violations for Making Decisions - Defending Arguments  Organizations also need basic information about customers to serve them better.  It is hard to imagine an organization having productive relationships with its customers without having data about them.
Right to Privacy/ Information Privacy  Information privacy is the combination of communications privacy (the ability to communicate with others without those communications being monitored by other persons or organizations) data privacy (the ability to limit access to one’s personal data by other individuals and organizations in order to exercise a substantial degree of control over that data and its use).
Areas  Financial Data,  Health Information,  Children’s Personal Data,  Fair Information Practices,  Electronic Surveillance, and Access to Government Records. ***
Financial Data  Individuals must reveal much of their personal financial data in order to take advantage of the wide range of financial products and services available.  To access many of these financial products and services, individuals must use a personal logon name, password, account number, or PIN.  The inadvertent loss or disclosure of this personal financial data carries a high risk of loss of privacy and potential financial loss.
Gramm-Leach-Bliley Act (1999) - USA  GLBA or Financial Services Modernization Act.  Three key rules that affect personal privacy  Implications after the law was passed.
1) Financial Privacy Rule  This rule established mandatory guidelines for the collection and disclosure of personal financial information by financial organizations.  Under this provision, financial institutions must provide a privacy notice to each consumer that explains what data about the consumer is gathered, with whom that data is shared, how the data is used, and how the data is protected.
1) Financial Privacy Rule  The notice must also explain the consumer’s right to opt out  to refuse to give the institution the right to collect and share personal data with unaffiliated parties.  Anytime a company’s privacy policy is changed, customers must be contacted again and given the right to opt out.  The privacy notice must be provided to the consumer at the time the consumer relationship is formed and once each year thereafter.
1) Financial Privacy Rule  Customers who take no action automatically opt in and give financial institutions the right to share personal data, such as annual earnings, net worth, employers, personal investment information, loan amounts, and Social Security numbers, to other financial institutions.
2) Safeguards Rule  This rule requires each financial institution to document a data security plan describing the company’s preparation and plans for the ongoing protection of clients’ personal data.
3) Pretexting Rule  This rule addresses attempts by people to access personal information without proper authority by such means as impersonating an account holder or phishing.  GLBA encourages financial institutions to implement safeguards against pretexting.
Health Information  The use of electronic medical records and the subsequent interlinking and transferring of this electronic information among different organizations has become widespread.  Individuals fear intrusions into their health data by employers, schools, insurance firms, law enforcement agencies, and even marketing firms looking to promote their products and services.
HIPPA - Health Insurance Portability Act - USA -1996  To improve the portability and continuity of health insurance coverage; to reduce fraud, waste, and abuse in health insurance and healthcare delivery; and to simplify the administration of health insurance.
HIPPA - Health Insurance Portability Act  Requires healthcare organizations to employ standardized electronic transactions, codes, and identifiers to enable them to fully digitize medical records, thus making it possible to exchange medical data over the Internet.
Privacy Under the HIPAA Provisions  Healthcare providers must obtain written consent from patients prior to disclosing any information in their medical records.  Thus, patients need to sign a HIPAA disclosure form each time they are treated at a hospital, and such a form must be kept on file with their primary care physician.  In addition, healthcare providers are required to keep track of everyone who receives information from a patient’s medical file.
Privacy Under the HIPAA Provisions  Healthcare companies must appoint a privacy officer to develop privacy policies and procedures as well as train employees on how to handle sensitive patient data.  These actions must address the potential for unauthorized access to data by outside hackers as well as the more likely threat of internal misuse of data.
Privacy Under the HIPAA Provisions  HIPAA assigns responsibility to healthcare organizations, as the originators of individual medical data, for certifying that their business partners also comply with HIPAA security and privacy rules.
Children’s Personal Data  Facts How much hours teens spend on surfing the web per week? Does parents have the idea what they are looking at online? High percentage of teens have received an online request for personal information. High percentage of children have been approached online by a stranger.
Children’s Personal Data  Many people feel that there is a need to protect children from being exposed to inappropriate material and online predators; becoming the target of harassment; divulging personal data; and becoming involved in gambling or other inappropriate behavior.  To date, only a few laws have been implemented to protect children online.  How does this conflict with freedom of expression?
FERPA - Family Educational Rights and Privacy Act (1974) - USA  Assigns certain rights to parents regarding their children’s educational records.  These rights transfer to the student once the student reaches the age of 18 or if he or she attends a school beyond the high school level.  Under FERPA, the presumption is that a student’s records are private and not available to the public without the consent of the student.
FERPA - Family Educational Rights and Privacy Act (1974) - USA  These rights include the right to access educational records maintained by a school; the right to demand that educational records be disclosed only with student consent; the right to amend educational records; and the right to file complaints against a school for disclosing educational records in violation of FERPA
COPPA - Children’s Online Privacy Protection Act (1998) - USA  As an attempt to give parents control over the collection, use, and disclosure of their children’s personal information; it does not cover the dissemination of information to children.  Any Web site that caters to children must offer comprehensive privacy policies, notify parents or guardians about its data collection practices, and receive parental consent before collecting any personal information from children under 13 years of age.
COPPA - Children’s Online Privacy Protection Act (1998) - USA  The law has had a major impact and has required many companies to spend hundreds of thousands of dollars to make their sites compliant; other companies eliminated preteens as a target audience.
Fair Information Practices  Fair information practices is a term for a set of guidelines that govern the collection and use of personal data.  Various organizations as well as countries have developed their own set of such guidelines and call them by different names.
Fair Information Practices  The overall goal of such guidelines is to stop the unlawful storage of personal data, eliminate the storage of inaccurate personal data, and prevent the abuse or unauthorized disclosure of such data.
Fair Information Practices  For some organizations and countries, a key issue is the flow of personal data across national boundaries (transborder data flow).  Fair information practices are important because they form the underlying basis for many national laws addressing data privacy and data protection issues.
European Union Data Protection Directive (1995)  Requires any company doing business within the borders of the countries comprising the European Union to implement a set of privacy directives on the fair and appropriate use of information.  Basically, this directive requires member countries to ensure that data transferred to non-European Union (EU) countries is protected.
European Union Data Protection Directive (1995)  It also bars the export of data to countries that do not have data privacy protection standards comparable to those of the EU.  For example, in 2012, the European Commission approved New Zealand as a country that provides “adequate protection” of personal data under the directive so that personal information from Europe may flow freely to New Zealand.
EU Data Protection Directive Rules  Notice—An individual has the right to know if his or her personal data is being collected, and any data must be collected for clearly stated, legitimate purposes.  Choice—An individual has the right to elect not to have his or her personal data collected.  Use—An individual has the right to know how personal data will be used and the right to restrict its use.  Security—Organizations must “implement appropriate technical and organizations measures” to protect personal data, and the individual has the right to know what these measures are.  Correction—An individual has the right to challenge the accuracy of the data and to provide corrected data.  Enforcement—An individual has the right to seek legal relief through appropriate channels to protect privacy rights.
What is the Sri Lankan Context?
MCQ  The purpose of the Bill of Rights was to; a) grant additional powers to the government b) identify exceptions to specific portions of the Constitution c) identify additional rights of individuals d) identify requirements for being a “good” citizen
MCQ  In USA under the provisions of ___________, healthcare providers must obtain written consent from patients prior to disclosing any information in their medical records. a) HIPAA b) COPPA c) Computer Crimes Act No. 24 of 2007 d) FERPA e) ADA Section 508
MCQ  According to the Children’s Online Privacy Protection Act, a Web site that caters to children must: a) offer comprehensive privacy policies b) notify parents or guardians about its data collection practices c) receive parental consent before collecting any personal information from preteens d) all of the above
MCQ  In USA, ________ is a federal law that assigns certain rights to parents regarding their children’s educational records. a) HIPAA b) COPPA c) Computer Crimes Act No. 24 of 2007 d) FERPA e) ADA Section 508
MCQ  Which of the following identifies the numbers dialed for outgoing calls? a) pen register b) wiretap c) trap and trace d) all of the above
True / False ?  Sri Lanka has a single, overarching national data privacy policy. True or False?  The European philosophy of addressing privacy concerns employs strict government regulation, including enforcement by a set of commissioners; it differs greatly from the U.S. philosophy of having no federal privacy policy. True or False?
Fill Blanks  A(n)____________ is a text file that a Web site can download to a visitor’s hard drive to identify visitors on subsequent visits.
Short Answers  What is a pen register?
Justify  Are surveillance cameras worth the cost in terms of resources and loss of privacy, given the role that they play in deterring or solving crimes?  Do you feel that information systems to fight terrorism should be developed and used even if they infringe the privacy rights of ordinary citizens? Mail me the justification if anyone interested to answer
Justify  Why do employers monitor workers? Do you think they have the right to do so? Mail me the justification if anyone interested to answer
What Would You Do? - Scenario 1  You are a recent college graduate with only a year of experience with your employer. You were recently promoted to Head of Administration of email services.  You are quite surprised to receive a phone call at home on a Saturday from the Chief Financial Officer of the firm asking that you immediately delete all email from all email servers, including the archive and back-up servers, that is older than six months.
What Would You Do? - Scenario 1  He states that the reason for his request is that there have been an increasing number of complaints about the slowness of email services. In addition, he says he is concerned about the cost of storing so much email.  This does not sound right to you because you recently have taken several measures that have speeded up email services.  An alarm goes off when you recall muted conversations in the lunchroom last week about an officer of the company passing along inside trade information to an outsider.  What do you say to the Chief Financial Officer? Why?
What Would You Do? - Scenario 2  You are a new brand manager for a product line of gardening equipments. You are considering collecting information from various organizations about the people who are going to retiring from their service. The information which includes list of names and their mailing addresses, places of living, lands owned, email addresses, annual income received, and highest level of education achieved.  You could use the data to identify likely purchasers of your gardening equipments, and you could then send those people emails announcing the new product line and touting its many features.  List the advantages and disadvantages of such a marketing strategy. Would you recommend this means of promotion in this instance? Why or why not?
What Would You Do? - Scenario 3  Your company is rolling out a training program to ensure that everyone is familiar with the company’s Internet usage policy.  As a member of the Human Resources Department, you have been asked to develop a key piece of the training relating to why this policy is needed.  What kind of concerns can you expect your audience to raise? How can you deal with this anticipated resistance to the policy?

Recommended

Network Topologies in Simple (Logical, Physical and Types)
Network Topologies in Simple (Logical, Physical and Types)Network Topologies in Simple (Logical, Physical and Types)
Network Topologies in Simple (Logical, Physical and Types)
Amity University | FMS - DU | IMT | Stratford University | KKMI International Institute | AIMA | DTU
 
Theory Cyberspace
Theory CyberspaceTheory Cyberspace
Theory Cyberspace
kannanchirayath
 
Internet Protocols
Internet ProtocolsInternet Protocols
Internet Protocols
EILLEN IVY PORTUGUEZ
 
Right to privacy on internet and Data Protection
Right to privacy on internet and Data ProtectionRight to privacy on internet and Data Protection
Right to privacy on internet and Data Protection
atuljaybhaye
 
Ip address presentation
Ip address presentationIp address presentation
Ip address presentation
muhammad amir
 
Basic concept of computer network
Basic concept of computer networkBasic concept of computer network
Basic concept of computer network
SaahilIT
 
The Osi Model
The Osi ModelThe Osi Model
The Osi ModelAmit Pandey
 
Cyberspace jurisdiction meaning and concept
Cyberspace jurisdiction meaning and conceptCyberspace jurisdiction meaning and concept
Cyberspace jurisdiction meaning and concept
gagan deep
 

Recommended

Network Topologies in Simple (Logical, Physical and Types)
Network Topologies in Simple (Logical, Physical and Types)Network Topologies in Simple (Logical, Physical and Types)
Network Topologies in Simple (Logical, Physical and Types)
Amity University | FMS - DU | IMT | Stratford University | KKMI International Institute | AIMA | DTU
 
Theory Cyberspace
Theory CyberspaceTheory Cyberspace
Theory Cyberspace
kannanchirayath
 
Internet Protocols
Internet ProtocolsInternet Protocols
Internet Protocols
EILLEN IVY PORTUGUEZ
 
Right to privacy on internet and Data Protection
Right to privacy on internet and Data ProtectionRight to privacy on internet and Data Protection
Right to privacy on internet and Data Protection
atuljaybhaye
 
Ip address presentation
Ip address presentationIp address presentation
Ip address presentation
muhammad amir
 
Basic concept of computer network
Basic concept of computer networkBasic concept of computer network
Basic concept of computer network
SaahilIT
 
The Osi Model
The Osi ModelThe Osi Model
The Osi ModelAmit Pandey
 
Cyberspace jurisdiction meaning and concept
Cyberspace jurisdiction meaning and conceptCyberspace jurisdiction meaning and concept
Cyberspace jurisdiction meaning and concept
gagan deep
 
Chapter 1 powerpoint
Chapter 1 powerpointChapter 1 powerpoint
Chapter 1 powerpoint
stanbridge
 
Ppt of types of-network
Ppt of types of-network Ppt of types of-network
Ppt of types of-network
Darshit narechania
 
Computer ethics
Computer ethicsComputer ethics
Computer ethicsJagan Nath
 
Basics of Networks ,Advantages and Disadvantages
Basics of Networks ,Advantages and DisadvantagesBasics of Networks ,Advantages and Disadvantages
Basics of Networks ,Advantages and Disadvantages
sabari Giri
 
Personal privacy and computer technologies
Personal privacy and computer technologiesPersonal privacy and computer technologies
Personal privacy and computer technologies
sidra batool
 
Assignment 1,computer networks-317
Assignment 1,computer networks-317Assignment 1,computer networks-317
Assignment 1,computer networks-317
Khondoker Sadia
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud ComputingShanmugapriyaa Sandassilane
 
Freedom of speech
Freedom of speechFreedom of speech
Freedom of speech
Uc Man
 
Lan technologies
Lan technologiesLan technologies
Lan technologies
Online
 
IP address & Domain name
IP address & Domain nameIP address & Domain name
IP address & Domain name
Akshay Jain
 
Web Technology UPTU UNIT 1
Web Technology UPTU UNIT 1 Web Technology UPTU UNIT 1
Web Technology UPTU UNIT 1
Abhishek Kesharwani
 
Networking concepts
Networking conceptsNetworking concepts
Networking concepts
seemadav1
 
Lecture #5 Data Communication and Network
Lecture #5 Data Communication and NetworkLecture #5 Data Communication and Network
Lecture #5 Data Communication and Network
vasanthimuniasamy
 
IP Address
IP AddressIP Address
IP Address
baabtra.com - No. 1 supplier of quality freshers
 
Protocols and the TCP/IP Protocol Suite
Protocols and the TCP/IP Protocol SuiteProtocols and the TCP/IP Protocol Suite
Protocols and the TCP/IP Protocol Suite
Atharaw Deshmukh
 
Human computer interaction -Input output channel with Scenario
Human computer interaction -Input output channel with ScenarioHuman computer interaction -Input output channel with Scenario
Human computer interaction -Input output channel with Scenario
N.Jagadish Kumar
 
Chapter 3 Computers and Mobile Devices
Chapter 3 Computers and Mobile DevicesChapter 3 Computers and Mobile Devices
Chapter 3 Computers and Mobile Devices
xtin101
 
Working principles of internet
Working principles of internetWorking principles of internet
Working principles of internet
RubaNagarajan
 
Guided Transmission Media
Guided Transmission MediaGuided Transmission Media
Guided Transmission Media
asrabatool
 
What is a static ip address
What is a static ip addressWhat is a static ip address
What is a static ip address
Hexa Howe
 
CSR PII White Paper
CSR PII White PaperCSR PII White Paper
CSR PII White PaperDmcenter
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hr
Tushar Rajput
 

More Related Content

What's hot

Chapter 1 powerpoint
Chapter 1 powerpointChapter 1 powerpoint
Chapter 1 powerpoint
stanbridge
 
Ppt of types of-network
Ppt of types of-network Ppt of types of-network
Ppt of types of-network
Darshit narechania
 
Computer ethics
Computer ethicsComputer ethics
Computer ethicsJagan Nath
 
Basics of Networks ,Advantages and Disadvantages
Basics of Networks ,Advantages and DisadvantagesBasics of Networks ,Advantages and Disadvantages
Basics of Networks ,Advantages and Disadvantages
sabari Giri
 
Personal privacy and computer technologies
Personal privacy and computer technologiesPersonal privacy and computer technologies
Personal privacy and computer technologies
sidra batool
 
Assignment 1,computer networks-317
Assignment 1,computer networks-317Assignment 1,computer networks-317
Assignment 1,computer networks-317
Khondoker Sadia
 
Freedom of speech
Freedom of speechFreedom of speech
Freedom of speech
Uc Man
 
Lan technologies
Lan technologiesLan technologies
Lan technologies
Online
 
IP address & Domain name
IP address & Domain nameIP address & Domain name
IP address & Domain name
Akshay Jain
 
Web Technology UPTU UNIT 1
Web Technology UPTU UNIT 1 Web Technology UPTU UNIT 1
Web Technology UPTU UNIT 1
Abhishek Kesharwani
 
Networking concepts
Networking conceptsNetworking concepts
Networking concepts
seemadav1
 
Lecture #5 Data Communication and Network
Lecture #5 Data Communication and NetworkLecture #5 Data Communication and Network
Lecture #5 Data Communication and Network
vasanthimuniasamy
 
Protocols and the TCP/IP Protocol Suite
Protocols and the TCP/IP Protocol SuiteProtocols and the TCP/IP Protocol Suite
Protocols and the TCP/IP Protocol Suite
Atharaw Deshmukh
 
Human computer interaction -Input output channel with Scenario
Human computer interaction -Input output channel with ScenarioHuman computer interaction -Input output channel with Scenario
Human computer interaction -Input output channel with Scenario
N.Jagadish Kumar
 
Chapter 3 Computers and Mobile Devices
Chapter 3 Computers and Mobile DevicesChapter 3 Computers and Mobile Devices
Chapter 3 Computers and Mobile Devices
xtin101
 
Working principles of internet
Working principles of internetWorking principles of internet
Working principles of internet
RubaNagarajan
 
Guided Transmission Media
Guided Transmission MediaGuided Transmission Media
Guided Transmission Media
asrabatool
 
What is a static ip address
What is a static ip addressWhat is a static ip address
What is a static ip address
Hexa Howe
 

What's hot (20)

Chapter 1 powerpoint
Chapter 1 powerpointChapter 1 powerpoint
Chapter 1 powerpoint
 
Ppt of types of-network
Ppt of types of-network Ppt of types of-network
Ppt of types of-network
 
Computer ethics
Computer ethicsComputer ethics
Computer ethics
 
Basics of Networks ,Advantages and Disadvantages
Basics of Networks ,Advantages and DisadvantagesBasics of Networks ,Advantages and Disadvantages
Basics of Networks ,Advantages and Disadvantages
 
Personal privacy and computer technologies
Personal privacy and computer technologiesPersonal privacy and computer technologies
Personal privacy and computer technologies
 
Assignment 1,computer networks-317
Assignment 1,computer networks-317Assignment 1,computer networks-317
Assignment 1,computer networks-317
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
Freedom of speech
Freedom of speechFreedom of speech
Freedom of speech
 
Lan technologies
Lan technologiesLan technologies
Lan technologies
 
IP address & Domain name
IP address & Domain nameIP address & Domain name
IP address & Domain name
 
Web Technology UPTU UNIT 1
Web Technology UPTU UNIT 1 Web Technology UPTU UNIT 1
Web Technology UPTU UNIT 1
 
Networking concepts
Networking conceptsNetworking concepts
Networking concepts
 
Lecture #5 Data Communication and Network
Lecture #5 Data Communication and NetworkLecture #5 Data Communication and Network
Lecture #5 Data Communication and Network
 
IP Address
IP AddressIP Address
IP Address
 
Protocols and the TCP/IP Protocol Suite
Protocols and the TCP/IP Protocol SuiteProtocols and the TCP/IP Protocol Suite
Protocols and the TCP/IP Protocol Suite
 
Human computer interaction -Input output channel with Scenario
Human computer interaction -Input output channel with ScenarioHuman computer interaction -Input output channel with Scenario
Human computer interaction -Input output channel with Scenario
 
Chapter 3 Computers and Mobile Devices
Chapter 3 Computers and Mobile DevicesChapter 3 Computers and Mobile Devices
Chapter 3 Computers and Mobile Devices
 
Working principles of internet
Working principles of internetWorking principles of internet
Working principles of internet
 
Guided Transmission Media
Guided Transmission MediaGuided Transmission Media
Guided Transmission Media
 
What is a static ip address
What is a static ip addressWhat is a static ip address
What is a static ip address
 

Similar to Privacy and Civil Liberties

CSR PII White Paper
CSR PII White PaperCSR PII White Paper
CSR PII White PaperDmcenter
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hr
Tushar Rajput
 
Data Privacy and consent management .. .
Data Privacy and consent management .. .Data Privacy and consent management .. .
Data Privacy and consent management .. .
ClinosolIndia
 
Data privacy and consent management (K.sailaja).pptx
Data privacy and consent management (K.sailaja).pptxData privacy and consent management (K.sailaja).pptx
Data privacy and consent management (K.sailaja).pptx
kandalamsailaja17
 
Challenges to Achieve Privacy for Online Consumers in Mexico
Challenges to Achieve Privacy for Online Consumers in MexicoChallenges to Achieve Privacy for Online Consumers in Mexico
Challenges to Achieve Privacy for Online Consumers in Mexico
Joel A. Gómez Treviño
 
Dpl november colombia
Dpl november colombiaDpl november colombia
Dpl november colombia
Luis Alberto Montezuma Chávez
 
GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for Dummies
Caroline Boscher
 
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Financial Poise
 
Introduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsIntroduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and Requirements
Financial Poise
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data Security
WilmerHale
 
Uchi data local presentation 2020
Uchi data local presentation 2020Uchi data local presentation 2020
Uchi data local presentation 2020
Christo W. Meyer
 
Data Security and Regulatory Compliance
Data Security and Regulatory ComplianceData Security and Regulatory Compliance
Data Security and Regulatory Compliance
Lifeline Data Centers
 
Privacy and Data Protection CLE Presentation for Touro Law Center
Privacy and Data Protection CLE Presentation for Touro Law CenterPrivacy and Data Protection CLE Presentation for Touro Law Center
Privacy and Data Protection CLE Presentation for Touro Law Center
Jonathan Ezor
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Financial Poise
 
social, legal and ethical issues of e-commerce..
social, legal and ethical issues of e-commerce..social, legal and ethical issues of e-commerce..
social, legal and ethical issues of e-commerce..
home based
 
Privacy Needs to be Personal
Privacy Needs to be PersonalPrivacy Needs to be Personal
Privacy Needs to be Personal
National University
 
HIPAA and HITECH : What you need to know
HIPAA and HITECH : What you need to knowHIPAA and HITECH : What you need to know
HIPAA and HITECH : What you need to know
Shred-it
 

Similar to Privacy and Civil Liberties (20)

CSR PII White Paper
CSR PII White PaperCSR PII White Paper
CSR PII White Paper
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hr
 
Data Privacy and consent management .. .
Data Privacy and consent management .. .Data Privacy and consent management .. .
Data Privacy and consent management .. .
 
Data privacy and consent management (K.sailaja).pptx
Data privacy and consent management (K.sailaja).pptxData privacy and consent management (K.sailaja).pptx
Data privacy and consent management (K.sailaja).pptx
 
POPI Seminar FINAL
POPI Seminar FINALPOPI Seminar FINAL
POPI Seminar FINAL
 
Challenges to Achieve Privacy for Online Consumers in Mexico
Challenges to Achieve Privacy for Online Consumers in MexicoChallenges to Achieve Privacy for Online Consumers in Mexico
Challenges to Achieve Privacy for Online Consumers in Mexico
 
Dpl november colombia
Dpl november colombiaDpl november colombia
Dpl november colombia
 
GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for Dummies
 
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
 
Introduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsIntroduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and Requirements
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data Security
 
Uchi data local presentation 2020
Uchi data local presentation 2020Uchi data local presentation 2020
Uchi data local presentation 2020
 
ClientAdvisoryNote - Obama's Privacy Action Plan
ClientAdvisoryNote - Obama's Privacy Action PlanClientAdvisoryNote - Obama's Privacy Action Plan
ClientAdvisoryNote - Obama's Privacy Action Plan
 
Privacy - USC 2005
Privacy - USC 2005Privacy - USC 2005
Privacy - USC 2005
 
Data Security and Regulatory Compliance
Data Security and Regulatory ComplianceData Security and Regulatory Compliance
Data Security and Regulatory Compliance
 
Privacy and Data Protection CLE Presentation for Touro Law Center
Privacy and Data Protection CLE Presentation for Touro Law CenterPrivacy and Data Protection CLE Presentation for Touro Law Center
Privacy and Data Protection CLE Presentation for Touro Law Center
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
 
social, legal and ethical issues of e-commerce..
social, legal and ethical issues of e-commerce..social, legal and ethical issues of e-commerce..
social, legal and ethical issues of e-commerce..
 
Privacy Needs to be Personal
Privacy Needs to be PersonalPrivacy Needs to be Personal
Privacy Needs to be Personal
 
HIPAA and HITECH : What you need to know
HIPAA and HITECH : What you need to knowHIPAA and HITECH : What you need to know
HIPAA and HITECH : What you need to know
 

More from Upekha Vandebona

Software Engineering Ethics
Software Engineering EthicsSoftware Engineering Ethics
Software Engineering Ethics
Upekha Vandebona
 
Need for Software Engineering
Need for Software EngineeringNeed for Software Engineering
Need for Software Engineering
Upekha Vandebona
 
Characteristics of Software
Characteristics of SoftwareCharacteristics of Software
Characteristics of Software
Upekha Vandebona
 
Introduction to Software Engineering
Introduction to Software EngineeringIntroduction to Software Engineering
Introduction to Software Engineering
Upekha Vandebona
 
Porter Forces and eBusiness Models
Porter Forces and eBusiness ModelsPorter Forces and eBusiness Models
Porter Forces and eBusiness Models
Upekha Vandebona
 
Porter Forces and eBusiness Strategies
Porter Forces and eBusiness StrategiesPorter Forces and eBusiness Strategies
Porter Forces and eBusiness Strategies
Upekha Vandebona
 
Revenue Models for e-Business on The Web
Revenue Models for e-Business on The WebRevenue Models for e-Business on The Web
Revenue Models for e-Business on The Web
Upekha Vandebona
 
Michael Porter’s Five Forces
Michael Porter’s Five ForcesMichael Porter’s Five Forces
Michael Porter’s Five Forces
Upekha Vandebona
 
eCommerce Business Strategies
eCommerce Business StrategieseCommerce Business Strategies
eCommerce Business Strategies
Upekha Vandebona
 
Supply Chain Management, Customer Relationship Management and Knowledge Manag...
Supply Chain Management, Customer Relationship Management and Knowledge Manag...Supply Chain Management, Customer Relationship Management and Knowledge Manag...
Supply Chain Management, Customer Relationship Management and Knowledge Manag...
Upekha Vandebona
 
eBusiness Roadmap
eBusiness RoadmapeBusiness Roadmap
eBusiness Roadmap
Upekha Vandebona
 
eBusiness Environment
eBusiness EnvironmenteBusiness Environment
eBusiness Environment
Upekha Vandebona
 
Direct to Customer Interaction through eBusiness
Direct to Customer Interaction through eBusinessDirect to Customer Interaction through eBusiness
Direct to Customer Interaction through eBusiness
Upekha Vandebona
 
eBusiness Benefits and Issues
eBusiness Benefits and IssueseBusiness Benefits and Issues
eBusiness Benefits and Issues
Upekha Vandebona
 
Orientation of eBusiness Applications
Orientation of eBusiness ApplicationsOrientation of eBusiness Applications
Orientation of eBusiness Applications
Upekha Vandebona
 
Professional and Ethical, Issues and Responsibilities
Professional and Ethical, Issues and ResponsibilitiesProfessional and Ethical, Issues and Responsibilities
Professional and Ethical, Issues and Responsibilities
Upekha Vandebona
 
Organizational Context - Processes
Organizational Context - ProcessesOrganizational Context - Processes
Organizational Context - Processes
Upekha Vandebona
 
Professional Communication in Computing - Writing
Professional Communication in Computing - WritingProfessional Communication in Computing - Writing
Professional Communication in Computing - Writing
Upekha Vandebona
 
Professional Communication in Computing
Professional Communication in ComputingProfessional Communication in Computing
Professional Communication in Computing
Upekha Vandebona
 
Virtual Valipilla - Air Gesture Based Tool for Practicing Writing
Virtual Valipilla - Air Gesture Based Tool for Practicing WritingVirtual Valipilla - Air Gesture Based Tool for Practicing Writing
Virtual Valipilla - Air Gesture Based Tool for Practicing Writing
Upekha Vandebona
 

More from Upekha Vandebona (20)

Software Engineering Ethics
Software Engineering EthicsSoftware Engineering Ethics
Software Engineering Ethics
 
Need for Software Engineering
Need for Software EngineeringNeed for Software Engineering
Need for Software Engineering
 
Characteristics of Software
Characteristics of SoftwareCharacteristics of Software
Characteristics of Software
 
Introduction to Software Engineering
Introduction to Software EngineeringIntroduction to Software Engineering
Introduction to Software Engineering
 
Porter Forces and eBusiness Models
Porter Forces and eBusiness ModelsPorter Forces and eBusiness Models
Porter Forces and eBusiness Models
 
Porter Forces and eBusiness Strategies
Porter Forces and eBusiness StrategiesPorter Forces and eBusiness Strategies
Porter Forces and eBusiness Strategies
 
Revenue Models for e-Business on The Web
Revenue Models for e-Business on The WebRevenue Models for e-Business on The Web
Revenue Models for e-Business on The Web
 
Michael Porter’s Five Forces
Michael Porter’s Five ForcesMichael Porter’s Five Forces
Michael Porter’s Five Forces
 
eCommerce Business Strategies
eCommerce Business StrategieseCommerce Business Strategies
eCommerce Business Strategies
 
Supply Chain Management, Customer Relationship Management and Knowledge Manag...
Supply Chain Management, Customer Relationship Management and Knowledge Manag...Supply Chain Management, Customer Relationship Management and Knowledge Manag...
Supply Chain Management, Customer Relationship Management and Knowledge Manag...
 
eBusiness Roadmap
eBusiness RoadmapeBusiness Roadmap
eBusiness Roadmap
 
eBusiness Environment
eBusiness EnvironmenteBusiness Environment
eBusiness Environment
 
Direct to Customer Interaction through eBusiness
Direct to Customer Interaction through eBusinessDirect to Customer Interaction through eBusiness
Direct to Customer Interaction through eBusiness
 
eBusiness Benefits and Issues
eBusiness Benefits and IssueseBusiness Benefits and Issues
eBusiness Benefits and Issues
 
Orientation of eBusiness Applications
Orientation of eBusiness ApplicationsOrientation of eBusiness Applications
Orientation of eBusiness Applications
 
Professional and Ethical, Issues and Responsibilities
Professional and Ethical, Issues and ResponsibilitiesProfessional and Ethical, Issues and Responsibilities
Professional and Ethical, Issues and Responsibilities
 
Organizational Context - Processes
Organizational Context - ProcessesOrganizational Context - Processes
Organizational Context - Processes
 
Professional Communication in Computing - Writing
Professional Communication in Computing - WritingProfessional Communication in Computing - Writing
Professional Communication in Computing - Writing
 
Professional Communication in Computing
Professional Communication in ComputingProfessional Communication in Computing
Professional Communication in Computing
 
Virtual Valipilla - Air Gesture Based Tool for Practicing Writing
Virtual Valipilla - Air Gesture Based Tool for Practicing WritingVirtual Valipilla - Air Gesture Based Tool for Practicing Writing
Virtual Valipilla - Air Gesture Based Tool for Practicing Writing
 

Recently uploaded

Supporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptxSupporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptx
Jisc
 
How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17
Celine George
 
Sha'Carri Richardson Presentation 202345
Sha'Carri Richardson Presentation 202345Sha'Carri Richardson Presentation 202345
Sha'Carri Richardson Presentation 202345
beazzy04
 
The basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptxThe basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptx
heathfieldcps1
 
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
EugeneSaldivar
 
Additional Benefits for Employee Website.pdf
Additional Benefits for Employee Website.pdfAdditional Benefits for Employee Website.pdf
Additional Benefits for Employee Website.pdf
joachimlavalley1
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
Pavel ( NSTU)
 
2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
Sandy Millin
 
CACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdfCACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdf
camakaiclarkmusic
 
The Roman Empire A Historical Colossus.pdf
The Roman Empire A Historical Colossus.pdfThe Roman Empire A Historical Colossus.pdf
The Roman Empire A Historical Colossus.pdf
kaushalkr1407
 
The French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free downloadThe French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free download
Vivekanand Anglo Vedic Academy
 
Language Across the Curriculm LAC B.Ed.
Language Across the Curriculm LAC B.Ed.Language Across the Curriculm LAC B.Ed.
Language Across the Curriculm LAC B.Ed.
Atul Kumar Singh
 
Overview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with MechanismOverview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with Mechanism
DeeptiGupta154
 
Polish students' mobility in the Czech Republic
Polish students' mobility in the Czech RepublicPolish students' mobility in the Czech Republic
Polish students' mobility in the Czech Republic
Anna Sz.
 
Acetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docxAcetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docx
vaibhavrinwa19
 
Lapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdfLapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdf
Jean Carlos Nunes Paixão
 
"Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe..."Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe...
SACHIN R KONDAGURI
 
Model Attribute Check Company Auto Property
Model Attribute Check Company Auto PropertyModel Attribute Check Company Auto Property
Model Attribute Check Company Auto Property
Celine George
 
The geography of Taylor Swift - some ideas
The geography of Taylor Swift - some ideasThe geography of Taylor Swift - some ideas
The geography of Taylor Swift - some ideas
GeoBlogs
 
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfWelcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
TechSoup
 

Recently uploaded (20)

Supporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptxSupporting (UKRI) OA monographs at Salford.pptx
Supporting (UKRI) OA monographs at Salford.pptx
 
How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17How to Make a Field invisible in Odoo 17
How to Make a Field invisible in Odoo 17
 
Sha'Carri Richardson Presentation 202345
Sha'Carri Richardson Presentation 202345Sha'Carri Richardson Presentation 202345
Sha'Carri Richardson Presentation 202345
 
The basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptxThe basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptx
 
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
 
Additional Benefits for Employee Website.pdf
Additional Benefits for Employee Website.pdfAdditional Benefits for Employee Website.pdf
Additional Benefits for Employee Website.pdf
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
 
2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
 
CACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdfCACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdf
 
The Roman Empire A Historical Colossus.pdf
The Roman Empire A Historical Colossus.pdfThe Roman Empire A Historical Colossus.pdf
The Roman Empire A Historical Colossus.pdf
 
The French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free downloadThe French Revolution Class 9 Study Material pdf free download
The French Revolution Class 9 Study Material pdf free download
 
Language Across the Curriculm LAC B.Ed.
Language Across the Curriculm LAC B.Ed.Language Across the Curriculm LAC B.Ed.
Language Across the Curriculm LAC B.Ed.
 
Overview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with MechanismOverview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with Mechanism
 
Polish students' mobility in the Czech Republic
Polish students' mobility in the Czech RepublicPolish students' mobility in the Czech Republic
Polish students' mobility in the Czech Republic
 
Acetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docxAcetabularia Information For Class 9 .docx
Acetabularia Information For Class 9 .docx
 
Lapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdfLapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdf
 
"Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe..."Protectable subject matters, Protection in biotechnology, Protection of othe...
"Protectable subject matters, Protection in biotechnology, Protection of othe...
 
Model Attribute Check Company Auto Property
Model Attribute Check Company Auto PropertyModel Attribute Check Company Auto Property
Model Attribute Check Company Auto Property
 
The geography of Taylor Swift - some ideas
The geography of Taylor Swift - some ideasThe geography of Taylor Swift - some ideas
The geography of Taylor Swift - some ideas
 
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfWelcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
 

Privacy and Civil Liberties

  • 1. Chapter 9 - Privacy and Civil Liberties IT 5105 – Professional Issues in IT Upekha Vandebona upe.vand@gmail.com Regulations Abroad [USA and EU] Ref : George W. Reynolds, “Ethics in Information Technology” , 5th Edition.
  • 2. Privacy Violations for Making Decisions  Hire a job candidate (Specifically in IT industry)  Consumers’ purchasing habits and financial condition for target marketing efforts to consumers who are most likely to buy their products and services.
  • 3. Privacy Violations for Making Decisions - Defending Arguments  Organizations also need basic information about customers to serve them better.  It is hard to imagine an organization having productive relationships with its customers without having data about them.
  • 4. Right to Privacy/ Information Privacy  Information privacy is the combination of communications privacy (the ability to communicate with others without those communications being monitored by other persons or organizations) data privacy (the ability to limit access to one’s personal data by other individuals and organizations in order to exercise a substantial degree of control over that data and its use).
  • 5. Areas  Financial Data,  Health Information,  Children’s Personal Data,  Fair Information Practices,  Electronic Surveillance, and Access to Government Records. ***
  • 6. Financial Data  Individuals must reveal much of their personal financial data in order to take advantage of the wide range of financial products and services available.  To access many of these financial products and services, individuals must use a personal logon name, password, account number, or PIN.  The inadvertent loss or disclosure of this personal financial data carries a high risk of loss of privacy and potential financial loss.
  • 7. Gramm-Leach-Bliley Act (1999) - USA  GLBA or Financial Services Modernization Act.  Three key rules that affect personal privacy  Implications after the law was passed.
  • 8. 1) Financial Privacy Rule  This rule established mandatory guidelines for the collection and disclosure of personal financial information by financial organizations.  Under this provision, financial institutions must provide a privacy notice to each consumer that explains what data about the consumer is gathered, with whom that data is shared, how the data is used, and how the data is protected.
  • 9. 1) Financial Privacy Rule  The notice must also explain the consumer’s right to opt out  to refuse to give the institution the right to collect and share personal data with unaffiliated parties.  Anytime a company’s privacy policy is changed, customers must be contacted again and given the right to opt out.  The privacy notice must be provided to the consumer at the time the consumer relationship is formed and once each year thereafter.
  • 10. 1) Financial Privacy Rule  Customers who take no action automatically opt in and give financial institutions the right to share personal data, such as annual earnings, net worth, employers, personal investment information, loan amounts, and Social Security numbers, to other financial institutions.
  • 11. 2) Safeguards Rule  This rule requires each financial institution to document a data security plan describing the company’s preparation and plans for the ongoing protection of clients’ personal data.
  • 12. 3) Pretexting Rule  This rule addresses attempts by people to access personal information without proper authority by such means as impersonating an account holder or phishing.  GLBA encourages financial institutions to implement safeguards against pretexting.
  • 13. Health Information  The use of electronic medical records and the subsequent interlinking and transferring of this electronic information among different organizations has become widespread.  Individuals fear intrusions into their health data by employers, schools, insurance firms, law enforcement agencies, and even marketing firms looking to promote their products and services.
  • 14. HIPPA - Health Insurance Portability Act - USA -1996  To improve the portability and continuity of health insurance coverage; to reduce fraud, waste, and abuse in health insurance and healthcare delivery; and to simplify the administration of health insurance.
  • 15. HIPPA - Health Insurance Portability Act  Requires healthcare organizations to employ standardized electronic transactions, codes, and identifiers to enable them to fully digitize medical records, thus making it possible to exchange medical data over the Internet.
  • 16. Privacy Under the HIPAA Provisions  Healthcare providers must obtain written consent from patients prior to disclosing any information in their medical records.  Thus, patients need to sign a HIPAA disclosure form each time they are treated at a hospital, and such a form must be kept on file with their primary care physician.  In addition, healthcare providers are required to keep track of everyone who receives information from a patient’s medical file.
  • 17. Privacy Under the HIPAA Provisions  Healthcare companies must appoint a privacy officer to develop privacy policies and procedures as well as train employees on how to handle sensitive patient data.  These actions must address the potential for unauthorized access to data by outside hackers as well as the more likely threat of internal misuse of data.
  • 18. Privacy Under the HIPAA Provisions  HIPAA assigns responsibility to healthcare organizations, as the originators of individual medical data, for certifying that their business partners also comply with HIPAA security and privacy rules.
  • 19. Children’s Personal Data  Facts How much hours teens spend on surfing the web per week? Does parents have the idea what they are looking at online? High percentage of teens have received an online request for personal information. High percentage of children have been approached online by a stranger.
  • 20. Children’s Personal Data  Many people feel that there is a need to protect children from being exposed to inappropriate material and online predators; becoming the target of harassment; divulging personal data; and becoming involved in gambling or other inappropriate behavior.  To date, only a few laws have been implemented to protect children online.  How does this conflict with freedom of expression?
  • 21. FERPA - Family Educational Rights and Privacy Act (1974) - USA  Assigns certain rights to parents regarding their children’s educational records.  These rights transfer to the student once the student reaches the age of 18 or if he or she attends a school beyond the high school level.  Under FERPA, the presumption is that a student’s records are private and not available to the public without the consent of the student.
  • 22. FERPA - Family Educational Rights and Privacy Act (1974) - USA  These rights include the right to access educational records maintained by a school; the right to demand that educational records be disclosed only with student consent; the right to amend educational records; and the right to file complaints against a school for disclosing educational records in violation of FERPA
  • 23. COPPA - Children’s Online Privacy Protection Act (1998) - USA  As an attempt to give parents control over the collection, use, and disclosure of their children’s personal information; it does not cover the dissemination of information to children.  Any Web site that caters to children must offer comprehensive privacy policies, notify parents or guardians about its data collection practices, and receive parental consent before collecting any personal information from children under 13 years of age.
  • 24. COPPA - Children’s Online Privacy Protection Act (1998) - USA  The law has had a major impact and has required many companies to spend hundreds of thousands of dollars to make their sites compliant; other companies eliminated preteens as a target audience.
  • 25. Fair Information Practices  Fair information practices is a term for a set of guidelines that govern the collection and use of personal data.  Various organizations as well as countries have developed their own set of such guidelines and call them by different names.
  • 26. Fair Information Practices  The overall goal of such guidelines is to stop the unlawful storage of personal data, eliminate the storage of inaccurate personal data, and prevent the abuse or unauthorized disclosure of such data.
  • 27. Fair Information Practices  For some organizations and countries, a key issue is the flow of personal data across national boundaries (transborder data flow).  Fair information practices are important because they form the underlying basis for many national laws addressing data privacy and data protection issues.
  • 28. European Union Data Protection Directive (1995)  Requires any company doing business within the borders of the countries comprising the European Union to implement a set of privacy directives on the fair and appropriate use of information.  Basically, this directive requires member countries to ensure that data transferred to non-European Union (EU) countries is protected.
  • 29. European Union Data Protection Directive (1995)  It also bars the export of data to countries that do not have data privacy protection standards comparable to those of the EU.  For example, in 2012, the European Commission approved New Zealand as a country that provides “adequate protection” of personal data under the directive so that personal information from Europe may flow freely to New Zealand.
  • 30. EU Data Protection Directive Rules  Notice—An individual has the right to know if his or her personal data is being collected, and any data must be collected for clearly stated, legitimate purposes.  Choice—An individual has the right to elect not to have his or her personal data collected.  Use—An individual has the right to know how personal data will be used and the right to restrict its use.  Security—Organizations must “implement appropriate technical and organizations measures” to protect personal data, and the individual has the right to know what these measures are.  Correction—An individual has the right to challenge the accuracy of the data and to provide corrected data.  Enforcement—An individual has the right to seek legal relief through appropriate channels to protect privacy rights.
  • 31. What is the Sri Lankan Context?
  • 32. MCQ  The purpose of the Bill of Rights was to; a) grant additional powers to the government b) identify exceptions to specific portions of the Constitution c) identify additional rights of individuals d) identify requirements for being a “good” citizen
  • 33. MCQ  In USA under the provisions of ___________, healthcare providers must obtain written consent from patients prior to disclosing any information in their medical records. a) HIPAA b) COPPA c) Computer Crimes Act No. 24 of 2007 d) FERPA e) ADA Section 508
  • 34. MCQ  According to the Children’s Online Privacy Protection Act, a Web site that caters to children must: a) offer comprehensive privacy policies b) notify parents or guardians about its data collection practices c) receive parental consent before collecting any personal information from preteens d) all of the above
  • 35. MCQ  In USA, ________ is a federal law that assigns certain rights to parents regarding their children’s educational records. a) HIPAA b) COPPA c) Computer Crimes Act No. 24 of 2007 d) FERPA e) ADA Section 508
  • 36. MCQ  Which of the following identifies the numbers dialed for outgoing calls? a) pen register b) wiretap c) trap and trace d) all of the above
  • 37. True / False ?  Sri Lanka has a single, overarching national data privacy policy. True or False?  The European philosophy of addressing privacy concerns employs strict government regulation, including enforcement by a set of commissioners; it differs greatly from the U.S. philosophy of having no federal privacy policy. True or False?
  • 38. Fill Blanks  A(n)____________ is a text file that a Web site can download to a visitor’s hard drive to identify visitors on subsequent visits.
  • 39. Short Answers  What is a pen register?
  • 40. Justify  Are surveillance cameras worth the cost in terms of resources and loss of privacy, given the role that they play in deterring or solving crimes?  Do you feel that information systems to fight terrorism should be developed and used even if they infringe the privacy rights of ordinary citizens? Mail me the justification if anyone interested to answer
  • 41. Justify  Why do employers monitor workers? Do you think they have the right to do so? Mail me the justification if anyone interested to answer
  • 42. What Would You Do? - Scenario 1  You are a recent college graduate with only a year of experience with your employer. You were recently promoted to Head of Administration of email services.  You are quite surprised to receive a phone call at home on a Saturday from the Chief Financial Officer of the firm asking that you immediately delete all email from all email servers, including the archive and back-up servers, that is older than six months.
  • 43. What Would You Do? - Scenario 1  He states that the reason for his request is that there have been an increasing number of complaints about the slowness of email services. In addition, he says he is concerned about the cost of storing so much email.  This does not sound right to you because you recently have taken several measures that have speeded up email services.  An alarm goes off when you recall muted conversations in the lunchroom last week about an officer of the company passing along inside trade information to an outsider.  What do you say to the Chief Financial Officer? Why?
  • 44. What Would You Do? - Scenario 2  You are a new brand manager for a product line of gardening equipments. You are considering collecting information from various organizations about the people who are going to retiring from their service. The information which includes list of names and their mailing addresses, places of living, lands owned, email addresses, annual income received, and highest level of education achieved.  You could use the data to identify likely purchasers of your gardening equipments, and you could then send those people emails announcing the new product line and touting its many features.  List the advantages and disadvantages of such a marketing strategy. Would you recommend this means of promotion in this instance? Why or why not?
  • 45. What Would You Do? - Scenario 3  Your company is rolling out a training program to ensure that everyone is familiar with the company’s Internet usage policy.  As a member of the Human Resources Department, you have been asked to develop a key piece of the training relating to why this policy is needed.  What kind of concerns can you expect your audience to raise? How can you deal with this anticipated resistance to the policy?

Editor's Notes

  1. , including credit cards, checking and savings accounts, loans, payroll direct deposit, and brokerage accounts. Individuals should be concerned about how this personal data is protected by businesses and other organizations and whether or not it is shared with other people or companies.
  2. Is a bank deregulation law. Repealed Glass-Steagall law. Glass-Steagall prohibited any one institution from offering investment, commercial banking, and insurance services; individual companies were only allowed to offer one of those types of financial service products. GLBA enabled such entities to merge. After the law was passed, financial institutions resorted to mass mailings to contact their customers with privacy-disclosure forms. As a result, many people received a dozen or more similar-looking forms—one from each financial institution with which they did business. However, most people did not take the time to read the long forms, which were printed in small type and full of legalese. Rather than making it easy for customers to opt out, the documents required that consumers send one of their own envelopes to a specific address and state in writing that they wanted to opt out—all this rather than sending a simple prepaid postcard that allowed customers to check off their choice. As a result, most customers threw out the forms without grasping their full implications and thus, by default, agreed to opt in to the collection and sharing of their personal data.
  3. Individuals are rightly concerned about the erosion of privacy of data concerning their health.
  4. (billing agents, insurers, debt collectors, research firms, government agencies, and charitable organizations)
  5. c
  6. a
  7. d
  8. d
  9. a
  10. F T
  11. Email Deletion Policy - Verbal? Approvals? 1 year experience/ recent promotion Inform relevant parties - No allegation