Presentation on theme: "Privacy: Accountability and Enforceability Jamie Yoo April 11, 2006 CPSC 457: Sensitive Information in a Wired World."— Presentation transcript:
Privacy: Accountability and Enforceability Jamie Yoo April 11, 2006 CPSC 457: Sensitive Information in a Wired World
Control of Personal Information Basic Problem: Data subject lacks control of sensitive information after initial disclosure Organizations lack control of the information that they manage once they disclose it to third parties
Fair Information Practices Principles Collection limitation Data quality Security safeguards Openness Purpose specification Use limitation Individual participation Accountability
Fair Information Practice Principles are guiding principles not law. Problem: Companies will claim to follow fair information practice principles but degree of implementation varies among companies.
Example: Data Resellers
Data Resellers (Brokers) Information Resellers are businesses that collect and aggregate personal information from multiple sources and make it available to their customers.
Collection Limitation Information Resellers Generally Do Not Limit Data Collection to Specific Purposes and Do Not Notify Data Subjects Privacy Problems
Collection Limitation Problem Resellers are limited only by laws that apply to specific kinds of information. Otherwise, resellers aggregate unrestricted amounts of personal information. No provisions are made to notify the data subjects when the reseller obtains personal data. Individuals are not afforded an opportunity to express or withhold their consent because many times resellers do not have a direct relationship with data subjects. Some offer an “opt-out” option but usually under limited circumstances for specific types of data and under specific conditions.
Data Quality Information Resellers Do Not Ensure That Personal Information They Provide is Accurate for Specific Purposes Privacy Problems
Data Quality Problem No standard mechanism for verifying the accuracy of the data obtained Some privacy policies state that resellers expect their data to contain some errors Varying policies regarding correction of data determined to be inaccurate as obtained by them Because they are not the original source of the personal information, information resellers generally direct individuals to the original sources to correct any errors. That is, data that may be perfectly adequate for one purpose may not be precise enough or appropriate for another purpose.
Purpose Specification Information Resellers’ Specification of the Purpose of Data Collection Consists of Broad Descriptions of Business Categories Privacy Problems
Purpose Specification Problem Information resellers specify purpose in a broad, general way by describing the types of businesses that use their data. They generally do not designate specific intended uses for each of their data collections. Generally, resellers obtain information that has already been collected for a specific purpose and make that information available to their customers, who in turn have a much broader variety of purposes for using it.
Accountability Often times, data subjects do not even know that data resellers are selling their personal information, so accountability from an individual data subject’s standpoint is less than ideal. Privacy Problems
Problems with Current “Solutions”
Limitations of Legislation Either too broad or too specific Slow to change Difficulty to enforce Especially across borders
Limitations of the FTC The Commission prosecutes “unfair and deceptive practices” violations. However, usually “letters from consumers or businesses, Congressional inquiries, or articles on consumer or economic subjects” triggers an FTC investigation. Unfortunately, data subjects are often not even aware of privacy violations, especially since they are not usually aware of specific instances of data disclosures by authorized data recipients to third parties
Service ProviderConsumer Reveals Personal Information Accepts or Rejects Consumer bases her decision on announced P3P policy, which is not formally related to operative EPAL policy. P3P Policy Transmits User Agent Configures Respects EPAL Policy Current Usage Scenario
Issues Privacy promises made without mechanism for enforcement The “stickiness” of policies is not enforceable Too much trust in the enterprise Leakages can still happen Minimal user involvement (negotiation) Privacy management is more than authorization
Suggested Scenario Trust Auditing and Tracing Authority Enterprise 1 Enterprise 2 Personal Data (encrypted) Privacy Policies Data Subject Personal Data (encrypted) Privacy Policies (EPAL rules) Decryption Key
Limitations Difficult to build a trusted network of this type Inherent technical difficulty in representing privacy policies as machine-readable code remains Ex: A very large number of EPAL rules required to implement HIPAA, making it difficult to implement as well as maintain. Future of Trusted Computing is unknown Regardless of technical solutions, there must be legislative enforcement to encourage this type of rigorous auditing and also to prosecute violations