Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy as an International Information Issue MD823 September 22, 2003.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Privacy as an International Information Issue MD823 September 22, 2003."— Presentation transcript:

1 Privacy as an International Information Issue MD823 September 22, 2003

2 What Is Privacy? Definitions differ depending on perspective –US legal perspective “The right to be left alone” (Justice Brandeis, 1890) –EU perspective: Explicit and informed consent about how any personal information is collected and how it will be used Legal protection to prevent unwanted transfer or re- use of personal data files –Consumer view: Individual control over whether and how to share information –Corporate view: Does privacy prevent security? Employee view: Is anything really private at work?

3 Sorting Out Legitimate and Non- Acceptable Uses of Personal Information Would you agree to : –Background check of your education, credit history, and arrest record as part of an employment application or a graduate school application? How about your medical (including psychological) records? –Regular tracking and recording of all your online searches and browsing activities? –Profiling of the pattern of your credit card purchases to match it against criminal and terrorist behaviors?

4 Privacy in a networked society: An oxymoron? Have you: –Changed your address? –Made a credit card purchase? –Opened a commercial e-mail account? –Surfed the web? There is a record of your activities in a database and probably on the web too You don’t own it or control who uses it (if you are a US citizen)

5 Online Customer Information Common Web Practices: –Collecting personal information for one site or application, then using it for other purposes or selling it to a third party –Tracking online behavior (clickstreams) on a large number of popular web sites and pooling that data to design targeted advertising –Aggregating and analyzing individual data across media--from storefronts, direct mail and phone responses, and online sources

6 Profiling the dog AND its owner  Cartoon by Peter Steiner. Reproduced from page 61, July 5, 1993 issue of The New Yorker, (Vol. 69 (LXIX) no. 20) only for academic discussion, evaluation, and research. Customer Name Street Address & Zip Phone Number SSN / Drivers License Number Age Income Family Size and Ages Stated Product Preferences Family Interests Number & Types of Pets Frequency of Visits Total Purchase Volume Purchase History - Categories Purchase History - Items Purchase History Brands Slide Courtesy Ernst & Young LLP Typical Customer Database

7 Offering “Instant” Screening (…or Prying)

8

9 European Union Regulations Restrict These Practices--For All EU Citizen Data Overview of EU Regulations –Notice up front about the purpose of data gathering, active consent, right to correct, restrictions on re-use, and other protections Enforcement provisions Impact on US companies Attempts at compromise (Safe Harbor provisions)

10 Highlights of the EU Provisions  Notice: each data collector must disclose what personal information is collected and how it is going to be used  Choice: user must explicitly agree to every specific reuse of information for different purposes or any sharing with 3rd parties  Access: user may request to see all collected information and be able to correct errors  Security/Integrity: collector must protect info from errors and unauthorized access  Extra protection is required for “sensitive” info  There must be a recourse for users who feel that these directives are not being followed; enforcement provisions in the law of each country

11 One Voluntary Effort: P3P Platform for Privacy Preferences –Project of the World Wide Web Consortium –Standard for translating individual web sites’ privacy policies into machine readable form and matching the specifics of the policy in real time with the individual privacy preferences of a customer who visits that particular web site Goal is to alert users as soon as they arrive on a site that the privacy policy in effect may not match their personal preferences Voluntary participation by web sites

12 Four Different Approaches to Privacy Laws and regulations Comprehensive: consistent across instances Sectoral: different from case to case Markets: Consumers can choose not do business with firms that have poor privacy policies Employees can leave companies that violate their privacy Self-Regulation: Industry and institutions police themselves Technology: Individuals and organizations implement technologies to enforce their preferred level of privacy protection (encrypt all e-mails, use anonymizer web sites, etc.) What are the pros and cons of each approach?

13 Possible Privacy Gate Keepers: Whom Do We Trust? Government roles –Monitor mounds of data for administration, security and law enforcement Record keeper, tax collector, largest data owner –Privacy protector, security gatekeeper, or big brother? Corporate roles –For customers Prospecting, tracking, and marketing opportunities Individual and aggregated info as a commercial product –For employees Maintaining HR, payroll, health & other records Monitoring online behavior and employee e-mails Third party roles –Developing privacy best practices guidelines –Providing “seals of approval” to compliant companies

14 International Privacy Issues Global networks enable/require regular trans- border data flows Different countries have different norms and laws governing privacy US generally supports corporate self-regulation within broad privacy protection guidelines Europe and some Asia/Pacific countries have enacted stricter privacy regulations Common Internet/web practices raise immediate enforcement issues

15 US Privacy Guidelines Basic principles are similar to other countries: –notice, consent, access, data integrity Key difference is enforcement--government vs. self-regulation by industry and voluntary compliance by individual companies Economic interests and competitive advantage in E-Commerce are at stake and many companies are in violation of guidelines Security concerns and corporate liability issues also seem sometimes at odds with privacy protection

16 Tracking Voluntary Privacy Efforts in the US: A Mixed Record Random sample of 335 Web sites from top 5000 Web sites (Nielsen Net Ratings) 88% had at least one privacy disclosure and 62% posted a privacy policy But only 20% of total have a policy that specifically addresses at least one element of fair information practices (FTC Study June 2000) Increased membership and support for third party “good practice” privacy programs Compliance with EU regulations by largest companies But FTC studies show practice is not in line with rhetoric of privacy protection online

17 “Total Information Awareness” Increased Emphasis on Security over Privacy

18 Workplace and Employee Privacy Is your privacy protected at work? Monitoring of e-mail and web browsing Has your company published a policy spelling out appropriate use of e-mail and the Internet at work? –What does it say? Best practices for employee privacy

Download ppt "Privacy as an International Information Issue MD823 September 22, 2003."

Similar presentations

EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure.

EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure.
Privacy on the WEB Privacy on the WEB Group 0227 Efrain Castro, Dinesh Parmer, Michael Raiford Robert Reich, Kim Walker, Claudia Worme.

Privacy on the WEB Privacy on the WEB Group 0227 Efrain Castro, Dinesh Parmer, Michael Raiford Robert Reich, Kim Walker, Claudia Worme.
BUSINESS B2 Ethics.

BUSINESS B2 Ethics.
Interaction of RFID Technology and Public Policy Presentation at RFID Privacy MIT 15 TH November 2003 By Rakesh Kumar

Interaction of RFID Technology and Public Policy Presentation at RFID Privacy MIT 15 TH November 2003 By Rakesh Kumar
The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act (GLBA) UNDERSTANDING AND DEVELOPING A STRATEGIC PLAN TO BECOME COMPLIANT.

The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act (GLBA) UNDERSTANDING AND DEVELOPING A STRATEGIC PLAN TO BECOME COMPLIANT.
Ethical and Social...J.M.Kizza 1 Module 5: Anonymity, Security, Privacy and Civil Liberties IntroductionAnonymitySecurityPrivacy Ethical and Social Issues.

Ethical and Social...J.M.Kizza 1 Module 5: Anonymity, Security, Privacy and Civil Liberties IntroductionAnonymitySecurityPrivacy Ethical and Social Issues.
Consumer Privacy and Information Access Professor Matt Thatcher.

Consumer Privacy and Information Access Professor Matt Thatcher.
IS3350 Security Issues in Legal Context

IS3350 Security Issues in Legal Context
PRIVACY A Consumer Reporting Agency Perspective. Collect and Sell Information on People Credit Bureaus – Equifax, Experian & TransUnion – are CRA’s But.

PRIVACY A Consumer Reporting Agency Perspective. Collect and Sell Information on People Credit Bureaus – Equifax, Experian & TransUnion – are CRA’s But.
Ethical Issues concerning Internet Privacy 1.  Personal information on the Internet has become a hot commodity because it can be collected, exchanged,

Ethical Issues concerning Internet Privacy 1.  Personal information on the Internet has become a hot commodity because it can be collected, exchanged,
The Internet industry’s privacy seal program Silicon Valley Web Guild.

The Internet industry’s privacy seal program Silicon Valley Web Guild.
Privacy No matter how exemplary your life is, there are things you want to keep to yourself © 2004, Lawrence Snyder.

Privacy No matter how exemplary your life is, there are things you want to keep to yourself © 2004, Lawrence Snyder.
Internet Privacy Policies Presented by: Paul Frenken President, COLAIP.

Internet Privacy Policies Presented by: Paul Frenken President, COLAIP.
P3P: Platform for Privacy Preferences Charlin Lu Sensitive Information in a Wired World November 11, 2003.

P3P: Platform for Privacy Preferences Charlin Lu Sensitive Information in a Wired World November 11, 2003.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
3 Ethics and Privacy.

3 Ethics and Privacy.
Privacy as an International Information Issue MD823 October 18, 2004.

Privacy as an International Information Issue MD823 October 18, 2004.
A European View of Privacy Protection John Woulds Director of Operations UK Data Protection Commissioner National Conference on Privacy, Technology & Criminal.

A European View of Privacy Protection John Woulds Director of Operations UK Data Protection Commissioner National Conference on Privacy, Technology & Criminal.
Per Anders Eriksson

Per Anders Eriksson
The Privacy Tug of War: Advertisers vs. Consumers Presented by Group F.

The Privacy Tug of War: Advertisers vs. Consumers Presented by Group F.

Similar presentations

Ads by Google