Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy: Accountability and Enforceability Jamie Yoo April 11, 2006 CPSC 457: Sensitive Information in a Wired World.

Published byReginald Morrison Modified over 9 years ago

Similar presentations

Presentation on theme: "Privacy: Accountability and Enforceability Jamie Yoo April 11, 2006 CPSC 457: Sensitive Information in a Wired World."— Presentation transcript:

1 Privacy: Accountability and Enforceability Jamie Yoo April 11, 2006 CPSC 457: Sensitive Information in a Wired World

2 Control of Personal Information  Basic Problem:  Data subject lacks control of sensitive information after initial disclosure  Organizations lack control of the information that they manage once they disclose it to third parties

3 Fair Information Practices Principles  Collection limitation  Data quality  Security safeguards  Openness  Purpose specification  Use limitation  Individual participation  Accountability

4 Fair Information Practice Principles are guiding principles not law. Problem: Companies will claim to follow fair information practice principles but degree of implementation varies among companies.

5 Example: Data Resellers

6 Data Resellers (Brokers)  Information Resellers are businesses that collect and aggregate personal information from multiple sources and make it available to their customers.

7 Collection Limitation Information Resellers Generally Do Not Limit Data Collection to Specific Purposes and Do Not Notify Data Subjects Privacy Problems

8 Collection Limitation Problem  Resellers are limited only by laws that apply to specific kinds of information.  Otherwise, resellers aggregate unrestricted amounts of personal information.  No provisions are made to notify the data subjects when the reseller obtains personal data.  Individuals are not afforded an opportunity to express or withhold their consent because many times resellers do not have a direct relationship with data subjects.  Some offer an “opt-out” option but usually under limited circumstances for specific types of data and under specific conditions.

9 Data Quality Information Resellers Do Not Ensure That Personal Information They Provide is Accurate for Specific Purposes Privacy Problems

10 Data Quality Problem  No standard mechanism for verifying the accuracy of the data obtained  Some privacy policies state that resellers expect their data to contain some errors  Varying policies regarding correction of data determined to be inaccurate as obtained by them  Because they are not the original source of the personal information, information resellers generally direct individuals to the original sources to correct any errors.  That is, data that may be perfectly adequate for one purpose may not be precise enough or appropriate for another purpose.

11 Purpose Specification Information Resellers’ Specification of the Purpose of Data Collection Consists of Broad Descriptions of Business Categories Privacy Problems

12 Purpose Specification Problem  Information resellers specify purpose in a broad, general way by describing the types of businesses that use their data.  They generally do not designate specific intended uses for each of their data collections.  Generally, resellers obtain information that has already been collected for a specific purpose and make that information available to their customers, who in turn have a much broader variety of purposes for using it.

13 Accountability Often times, data subjects do not even know that data resellers are selling their personal information, so accountability from an individual data subject’s standpoint is less than ideal. Privacy Problems

14 Problems with Current “Solutions”

15 Limitations of Legislation  Either too broad or too specific  Slow to change  Difficulty to enforce  Especially across borders

16 Limitations of the FTC  The Commission prosecutes “unfair and deceptive practices” violations.  However, usually “letters from consumers or businesses, Congressional inquiries, or articles on consumer or economic subjects” triggers an FTC investigation.  Unfortunately, data subjects are often not even aware of privacy violations, especially since they are not usually aware of specific instances of data disclosures by authorized data recipients to third parties

17 P3P  P3P is a semi-structured privacy policy specification language that allows an organization to specify its website privacy practices in a machine-readable format.  A P3P policy expresses the privacy practices related to the particular page or pages it governs; it covers any information collection on those pages, the purposes of that collection, the information recipient, and the length of that information’s retention.  Specifications are checked by a browser/user agent, against user-specified preferences, to determine whether the organization follows user-acceptable privacy practices.  User’s agent allows the load of a page, prevents the load, or notifies the user that the site does not (or may not) comply with the user’s preset preferences.  Limitations: After initial disclosure of personal information, user has no mechanism for enforcement.

18 Enterprise Privacy Authorization Language (EPAL)  Interoperability language for exchanging privacy policy in a structured format between applications/enterprises  Access-centric  Based on “strong associations” of fine-grained privacy policies (“sticky policies”)  EPAL Policy: Defines lists of hierarchies of  Data categories  User categories  Purposes  Actions  Obligations  Conditions

19 Privacy Policy (informal): Allow a sales agent or a sales supervisor to collect a customer's data for order entry if the customer is older than 13 years of age and the customer has been notified of the privacy policy. Delete the data 3 years from now. EPAL Privacy Rule: rulingallow user categorysales department actionstore data categorycustomer-record purposeorder-processing condition the customer is older than 13 years of age obligationdelete the data 3 years from now Example of EPAL Rule

20 Service ProviderConsumer Reveals Personal Information Accepts or Rejects Consumer bases her decision on announced P3P policy, which is not formally related to operative EPAL policy. P3P Policy Transmits User Agent Configures Respects EPAL Policy Current Usage Scenario

21 Issues  Privacy promises made without mechanism for enforcement  The “stickiness” of policies is not enforceable  Too much trust in the enterprise  Leakages can still happen  Minimal user involvement (negotiation)  Privacy management is more than authorization

22 Recommendation

23 Third Party Auditor: Tracing & Auditing Data  Trusted third party to provide a mechanism for auditing/logging each disclosure  Manages and records release of data (encryption)  Validates privacy policy adhering environment of recipient  Creates a paper trail  Legislation to prosecute privacy violations  In particular, legislation regulating the data brokering industry (ex: require deletion/renewal of data after x years, etc)  Auditing should help with prosecution

24 Suggested Scenario Trust Auditing and Tracing Authority Enterprise 1 Enterprise 2 Personal Data (encrypted) Privacy Policies Data Subject Personal Data (encrypted) Privacy Policies (EPAL rules) Decryption Key

25 Details  Identity-Based Encryption: Data Sender encrypts data package (data + privacy policy), Trusted Auditing Authority provides decryption keys to verified Data Recipient  Trusted Computing defined by Auditor could be used to ensure privacy policy adhering environment  Would allow for greater “stickiness” of policies to data (tamper-proof data tags):  Privacy policy rules (ex: expiration date, etc)  Digital signatures to indicate where the data came from (third party or directly from the user)

26 Limitations  Difficult to build a trusted network of this type  Inherent technical difficulty in representing privacy policies as machine-readable code remains  Ex: A very large number of EPAL rules required to implement HIPAA, making it difficult to implement as well as maintain.  Future of Trusted Computing is unknown  Regardless of technical solutions, there must be legislative enforcement to encourage this type of rigorous auditing and also to prosecute violations

Download ppt "Privacy: Accountability and Enforceability Jamie Yoo April 11, 2006 CPSC 457: Sensitive Information in a Wired World."

Similar presentations

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
Protection of privacy for all Students!

Protection of privacy for all Students!
1 Privacy Prof. Ravi Sandhu Executive Director and Endowed Chair March 8, 2013 © Ravi Sandhu World-Leading Research.

1 Privacy Prof. Ravi Sandhu Executive Director and Endowed Chair March 8, © Ravi Sandhu World-Leading Research.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.

CHAPTER © 2011 The McGraw-Hill Companies, Inc. All rights reserved. 2 The Use of Health Information Technology in Physician Practices.
Overview of IS Controls, Auditing, and Security Fall 2005.

Overview of IS Controls, Auditing, and Security Fall 2005.
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Protecting Personal Information Guidance for Business.

Protecting Personal Information Guidance for Business.
Data Protection.

Data Protection.
The AMA Code of Ethics Could Egyptian Marketing Professionals Agree on a List of Rules, Perhaps Similar to This? The IMI Journal. Members of the AMA are.

The AMA Code of Ethics Could Egyptian Marketing Professionals Agree on a List of Rules, Perhaps Similar to This? The IMI Journal. Members of the AMA are.
6/1/2015MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA 1 PRESENTATION OF PERSONAL DATA PROTECTION BILL PRESENTATION OF PERSONAL DATA PROTECTION BILL.

6/1/2015MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA 1 PRESENTATION OF PERSONAL DATA PROTECTION BILL PRESENTATION OF PERSONAL DATA PROTECTION BILL.
Information Security Policies and Standards

Information Security Policies and Standards
Www.oaic.gov.au Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
P3P: Platform for Privacy Preferences Charlin Lu Sensitive Information in a Wired World November 11, 2003.

P3P: Platform for Privacy Preferences Charlin Lu Sensitive Information in a Wired World November 11, 2003.
FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.

FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.
Property of Common Sense Privacy - all rights reserved 01875340890 THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.
Per Anders Eriksson

Per Anders Eriksson
Transborder dataflows Flow of information across national borders Much of this data involves personal information.

Transborder dataflows Flow of information across national borders Much of this data involves personal information.
Anomalous Aspects of Transfer of Personal Data from the E.U. to the U.S. Stephen R. Bell Willkie Farr & Gallagher ABA Section of International Law New.

Anomalous Aspects of Transfer of Personal Data from the E.U. to the U.S. Stephen R. Bell Willkie Farr & Gallagher ABA Section of International Law New.
Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario.

Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario.

Similar presentations

Ads by Google