1. Privacy Policy Issues & Pages Amy Reese INF385E Information Architecture and Design 1 UT iSchool 21 September 2004

2. Overview pri·va·cy (prī′ və sē; Brit. also prīv′ ə sē), n., pl –cies. The state of being private; retirement or seclusion. The state of being private; retirement or seclusion. The state of being free from intrusion or disturbance in one’s private life or affairs: the right to privacy. The state of being free from intrusion or disturbance in one’s private life or affairs: the right to privacy. Secrecy. Secrecy. Archaic. A private place. [1400-50; late ME privace. See private, -acy] Archaic. A private place. [1400-50; late ME privace. See private, -acy] Source: Webster’s New Universal Unabridged Dictionary © 1996 Barnes & Noble, Inc. by arrangement with Random House Value Publishing.

3. A Little Bit of History Federal Trade Commission Act (1914) Federal Trade Commission Act (1914) Privacy Act (1974) Privacy Act (1974) Electronic Communications Privacy Act (1986) Electronic Communications Privacy Act (1986) Children’s Online Privacy Protection Act (1988) Children’s Online Privacy Protection Act (1988) Gramm-Leach-Bliley Act (2000) Gramm-Leach-Bliley Act (2000) Report to Congress: Privacy Online (2000) Fair Credit Reporting Act (2002) Fair Credit Reporting Act (2002)

4. A Little Bit of History Federal Trade Commission Act (1914) Federal Trade Commission Act (1914) (15 U.S.C. §§ 41-58, as amended) prevent unfair methods of competition, and unfair or deceptive acts or practices in or affecting commerce prevent unfair methods of competition, and unfair or deceptive acts or practices in or affecting commerce seek monetary redress and other relief for conduct injurious to consumers seek monetary redress and other relief for conduct injurious to consumers prescribe trade regulation rules defining with specificity acts or practices that are unfair or deceptive, and establishing requirements designed to prevent such acts or practices prescribe trade regulation rules defining with specificity acts or practices that are unfair or deceptive, and establishing requirements designed to prevent such acts or practices conduct investigations relating to the organization, business, practices, and management of entities engaged in commerce conduct investigations relating to the organization, business, practices, and management of entities engaged in commerce make reports and legislative recommendations to Congress make reports and legislative recommendations to Congress http://www.ftc.gov/ogc/stat1.htm http://www.ftc.gov/ogc/stat1.htm http://www.ftc.gov/ogc/stat1.htm

5. A Little Bit of History Privacy Act (1974) Privacy Act (1974) developed with the intent to regulate the collection and use of personal information by federal executive branch agencies developed with the intent to regulate the collection and use of personal information by federal executive branch agencies problems with the dispute of outdated regulatory guidelines and misinterpretation problems with the dispute of outdated regulatory guidelines and misinterpretation unresolved issues defy attempts at clarification unresolved issues defy attempts at clarification http://www.personal.umd.umich.edu/%7Edrafalsk/Legislation.htm http://www.personal.umd.umich.edu/%7Edrafalsk/Legislation.htm http://www.personal.umd.umich.edu/%7Edrafalsk/Legislation.htm

6. A Little Bit of History Electronic Communications Privacy Act (1986) Electronic Communications Privacy Act (1986) sets out provisions for disclosure and privacy protections of electronic communications sets out provisions for disclosure and privacy protections of electronic communications this refers to is any signals, data or intelligence transmitted via wire, radio waves, photo electronic, etc. that affects interstate commerce this refers to is any signals, data or intelligence transmitted via wire, radio waves, photo electronic, etc. that affects interstate commerce the EPCA prohibits any unlawful access of electronic communication and prevents government entities from requiring disclosure of this communication from a provider without proper procedure the EPCA prohibits any unlawful access of electronic communication and prevents government entities from requiring disclosure of this communication from a provider without proper procedure http://www.personal.umd.umich.edu/%7Edrafalsk/Legislation.htm http://www.personal.umd.umich.edu/%7Edrafalsk/Legislation.htm http://www.personal.umd.umich.edu/%7Edrafalsk/Legislation.htm

7. A Little Bit of History Children's Online Privacy Protection Act (1988) Children's Online Privacy Protection Act (1988) gives parents control over what information is collected from children under age 13 online and how that information is used gives parents control over what information is collected from children under age 13 online and how that information is used applies to operators of web sites directed to children or that collect personal information from children applies to operators of web sites directed to children or that collect personal information from children The Rule requires operators to: The Rule requires operators to: Post a privacy policy on the page and provide a link to the policy everywhere personal information is collected Post a privacy policy on the page and provide a link to the policy everywhere personal information is collected Provide notice to parents about collection practices and obtain verifiable parental consent before collecting personal information Provide notice to parents about collection practices and obtain verifiable parental consent before collecting personal information Give parents a choice as to whether their child’s personal information will be disclosed to third parties Give parents a choice as to whether their child’s personal information will be disclosed to third parties Provide parents to access or delete their child’s personal information, or opt-out of future information collection or use Provide parents to access or delete their child’s personal information, or opt-out of future information collection or use Allow activity access without disclosing more personal information than is reasonably necessary Allow activity access without disclosing more personal information than is reasonably necessary Maintain the confidentiality, security and integrity of personal information collected from children Maintain the confidentiality, security and integrity of personal information collected from children http://www.ftc.gov/privacy/privacyinitiatives/childrens.html http://www.ftc.gov/privacy/privacyinitiatives/childrens.html http://www.ftc.gov/privacy/privacyinitiatives/childrens.html

8. A Little Bit of History Gramm-Leach-Bliley Act (2000) Gramm-Leach-Bliley Act (2000) requires companies to provide their consumers with privacy notices, explaining the institutions’ information-sharing process requires companies to provide their consumers with privacy notices, explaining the institutions’ information-sharing process consumers are given the right to limit some sharing of their information consumers are given the right to limit some sharing of their information companies have the right to share the consumers’ information within the organization, but not with outside sources, such as telemarketers. companies have the right to share the consumers’ information within the organization, but not with outside sources, such as telemarketers. http://www.personal.umd.umich.edu/%7Edrafalsk/ Legislation.htm http://www.personal.umd.umich.edu/%7Edrafalsk/ Legislation.htm http://www.personal.umd.umich.edu/%7Edrafalsk/ Legislation.htm http://www.personal.umd.umich.edu/%7Edrafalsk/ Legislation.htm

9. A Little Bit of History Report to Congress: Privacy Online (2000) commercial Web sites that collect personal identifying information (Pii) from or about consumers online would be required to comply with the four widely-accepted fair information practices: commercial Web sites that collect personal identifying information (Pii) from or about consumers online would be required to comply with the four widely-accepted fair information practices: Notice Notice Choice Choice Access Access Security Security http://www.ftc.gov/reports/privacy2000/privacy2000.pdf http://www.ftc.gov/reports/privacy2000/privacy2000.pdf http://www.ftc.gov/reports/privacy2000/privacy2000.pdf

10. A Little Bit of History Fair Credit Reporting Act (2002) Fair Credit Reporting Act (2002) Accuracy and fairness of credit reporting Accuracy and fairness of credit reporting the banking system is dependent upon fair and accurate credit reporting the banking system is dependent upon fair and accurate credit reporting investigate and evaluate the credit worthiness, standing, capacity, character, and reputation investigate and evaluate the credit worthiness, standing, capacity, character, and reputation consumer reporting agencies are vital in assembling and evaluating consumer credit and other information consumer reporting agencies are vital in assembling and evaluating consumer credit and other information insure that consumer reporting agencies exercise their responsibilities with fairness, impartiality, and respect for the right to privacy insure that consumer reporting agencies exercise their responsibilities with fairness, impartiality, and respect for the right to privacy Reasonable procedures Reasonable procedures adopt reasonable procedures for meeting the needs of information in a fair and equitable manner, with regard to the confidentiality, accuracy, relevancy, and proper utilization adopt reasonable procedures for meeting the needs of information in a fair and equitable manner, with regard to the confidentiality, accuracy, relevancy, and proper utilization http://www.techlawjournal.com/cong107/privacy/hollings/20020 418summary.asp http://www.techlawjournal.com/cong107/privacy/hollings/20020 418summary.asp http://www.techlawjournal.com/cong107/privacy/hollings/20020 418summary.asp http://www.techlawjournal.com/cong107/privacy/hollings/20020 418summary.asp

11. What Information is Out There? Information Mining Information Mining Government & Private Sectors differ vastly Government & Private Sectors differ vastly What information do businesses collect? What information do businesses collect? Corporate liability? Corporate liability? What do they do with it? What do they do with it? How secure is the information out there? How secure is the information out there? What can I do to control my information? What can I do to control my information?

12. Do We Really Have Privacy? Legislative Measures Legislative Measures Is enough being done to insure our privacy? Is enough being done to insure our privacy? Is all privacy legislation in our best interests? Is all privacy legislation in our best interests? California’s Spyware Bill California’s Spyware Bill How can I help? How can I help? Personal Privacy & Freedom of Information Personal Privacy & Freedom of Information “Mommy, can I have a cookie?” “Mommy, can I have a cookie?” “Mommy, where does spam come from?” “Mommy, where does spam come from?” Identity Theft Identity Theft Corporations vs. the Individual Corporations vs. the Individual

13. Legislative Measures http://www.ftc.gov/

14. Legislative Measures

15. Do We Really Have Privacy? Legislative Measures Legislative Measures Is enough being done to insure our privacy? Is enough being done to insure our privacy? Is all privacy legislation in our best interests? Is all privacy legislation in our best interests? California’s Spyware Bill California’s Spyware Bill How can I help? How can I help? Personal Privacy & Freedom of Information Personal Privacy & Freedom of Information “Mommy, can I have a cookie?” “Mommy, can I have a cookie?” “Mommy, where does spam come from?” “Mommy, where does spam come from?” Identity Theft Identity Theft Corporations vs. the Individual Corporations vs. the Individual

16. Personal Privacy & Freedom of Information “ Essentially, cookies make use of user-specific information transmitted by the Web server onto the user's computer so that the information might be available for later access by itself or other servers. In most cases, not only does the storage of personal information into a cookie go unnoticed, so does access to it. Web servers automatically gain access to relevant cookies whenever the user establishes a connection to them, usually in the form of Web requests.”

17. Personal Privacy & Freedom of Information “Cookies are based on a two-stage process. First the cookie is stored in the user's computer without their consent or knowledge. During the second stage, the cookie is clandestinely and automatically transferred from the user's machine to a Web server.”

18. Personal Privacy & Freedom of Information

19. How savvy are you? Take the Privacy Rights Clearinghouse Identity Theft Quiz! http://www.privacyrights.org/itrc-quiz1.htm

20. Identity Theft Identity Theft If you live in California, you have the right to put a "security freeze" on your credit file. A security freeze means that your file cannot be shared with potential creditors. A security freeze can help prevent identity theft. Most businesses will not open credit accounts without checking a consumer's credit history first. If your credit file is frozen, even someone who has your name and Social Security number would probably not be able to get credit in your name. For more information on security freezes, http://www.privacy.ca.gov/financial/cfreeze.htm. If you live in California, you have the right to put a "security freeze" on your credit file. A security freeze means that your file cannot be shared with potential creditors. A security freeze can help prevent identity theft. Most businesses will not open credit accounts without checking a consumer's credit history first. If your credit file is frozen, even someone who has your name and Social Security number would probably not be able to get credit in your name. For more information on security freezes, http://www.privacy.ca.gov/financial/cfreeze.htm. Personal Privacy & Freedom of Information

21. Do We Really Have Privacy? Legislative Measures Legislative Measures Is enough being done to insure our privacy? Is enough being done to insure our privacy? Is all privacy legislation in our best interests? Is all privacy legislation in our best interests? California’s Spyware Bill California’s Spyware Bill How can I help? How can I help? Personal Privacy & Freedom of Information Personal Privacy & Freedom of Information “Mommy, can I have a cookie?” “Mommy, can I have a cookie?” “Mommy, where does spam come from?” “Mommy, where does spam come from?” Identity Theft Identity Theft Corporations vs. the Individual Corporations vs. the Individual

22. Do We Really Have Privacy? Controlling Required Information Controlling Required Information Sites must provide opt-out measures Sites must provide opt-out measures Once given, can information be controlled? Once given, can information be controlled? Background Checks & Employment Background Checks & Employment Are they really necessary? Are they really necessary? Can we opt out? Can we opt out? Can I move beyond my past? Can I move beyond my past?

23. Do We Really Have Privacy? Privacy Policies Privacy Policies What do these policies cover? What do these policies cover? Do I have recourse when they fail? Do I have recourse when they fail? What do they really do for you? What do they really do for you? Software Software How secure are the programs I’m using? How secure are the programs I’m using? Accidental security leaks Accidental security leaks Mixing software is like mixing medicine Mixing software is like mixing medicine

24. Do We Really Have Privacy? Be afraid, be very afraid….

25. Feeling Secure? Questions? Fears?