privacy - usc 2005
TRANSCRIPT
Company
LOGO
Internet Technologies
Privacy – October 25, 2005
Who do you share your personal information with?
Question:
A Lot of People
Friends & Family
Utilities
Public Postings
Insurance
Professional Medical
Church & Affiliations
Retail
Education
Credit & Banking
Government
You
Who has access to your personal information?
Question:
A Lot of People
What is privacy?
pri·va·cy
n. The quality or condition of being secluded from the presence or view of others.
The state of being free from unsanctioned intrusion: a person's right to privacy.
The state of being concealed; secrecy.
Evolution of the Right of Privacy
1791 – Bill of Rights
3rd AmendmentNo Soldier shall, in time of peace be quartered in any house, without the consent of the Owner, nor in time of war, but in a manner to be prescribed by law.
4th AmendmentThe right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated . . .
5th AmendmentNo person shall be . . . deprived of life, liberty, or property, without due process of law . . .
9th AmendmentThe enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people."
1890 - The Right To Privacy by Samuel Warren and Louis D. Brandeis - Harvard Law Review (1890)
1948 – Universal Declaration of Human Rights No one shall be subjected to arbitrary interference with his privacy . . .
Everyone has the right to the protection of the law against such interference.
1965 – Griswold v. Connecticut Doctor charged for issuing birth control. The court held that: specific guarantees in the Bill of Rights have
penumbras, formed by emanations from those guarantees that help give them life and substance . . . [which includes] zones of privacy.
1972 – California Constitutional Amendment "All people are by nature free and independent and have inalienable rights.
Among these are enjoying and defending life and liberty, acquiring, possessing, and protecting property, and pursuing and obtaining safety, happiness, and privacy.”
Right of Privacy (con’t)
Privacy After Watergate
Early Privacy Legislation
1970Fair Credit Reporting Act Accuracy, fairness, and the privacy of personal
information assembled by Credit Reporting Agencies
1972 Freedom of Information Act Permits access to government records
1974 Privacy Act Established rules for the collection, use and
disclosure of personal information held by federal agencies and specifically prohibited data matching of those government files
Family Education Rights Privacy Act Educational Record Privacy
1978 Right to Financial Privacy Act Consumers Must Get Notice & opportunity to object
before government obtains financial records.
1986Electronic Communications Privacy Act
Addresses access, use, disclosure, interception and privacy protections of electronic communications.
Mail communications already protected
Computer Fraud & Abuse Act Protect against intruders
1988
Computer Matching and Privacy Protection Act Regulates government computer matching
Video Privacy Protection Act Video rentals are private
The Internet Age
A Typical Website
IP Address
IP A
dd
res
s
Registration Info
Globe
VC
LK
Registration Info
What Cookies Do
Identity Verification Personalization
E.g., remember user name
Preference Management
Shopping Baskets Site Traffic Analysis Load Management
across servers
Advertising Controls Rotation Frequency Profile targeting Customer Targeting
Advertising Management Identify Referral Source Track Referrals for
compensation
Cookies and Choice
Allows Userto Delete Cookies
Allows User to Block Cookies
Anatomy of a Privacy Policy
TYPES OF INFORMATION COLLECTED
Information You Provide Us Site Usage Information
Email Communications Information from Other Sources
HOW INFORMATION MAY BE COLLECTED Registration
. Newsletters and Site Emails Contests or Sweepstakes Surveys or Voting Cookies IP Addresses and Click-stream Data Transaction Information
HOW WE USE THE COLLECTED INFORMATION Personally identifiable information will not be sold or
otherwise transferred on an individual basis to unaffiliated third parties without the approval of the user at the time of collection. . . ..
WITH WHOM THE INFORMATION MAY BE SHARED Agents: Promotional Offers:. Aggregate Information Opt-in and Opt-out Programs Partners Subsidiaries and Affiliates: Business Transfers: Legal Process:
SECURITY This Site incorporates reasonable safeguards to
protect the security, integrity, completeness, accuracy and privacy of the personal information that we may collect . . .
Privacy Policies
No requirement to have privacy policies
Privacy Policy Requirements
When you register with Toysmart.com, you can rest assured that your information will never be shared with a third party
Self Regulatory Initiatives
Privacy Seals TRUSTe
Platform for Privacy Preferences Project (P3P)
Industry Best Practices Network Advertising
Initiative
EU Privacy Directive
EU Privacy DirectiveData subjects have
a right of access to that data
a right to know where the data originated (if such information is available)
a right to have inaccurate data rectified
a right of recourse in the event of unlawful processing
a right to withhold permission to use their data in certain circumstances
EU Data Transfer
May not transfer to non-EU countries that do not meet EU standards
Exceptions where affirmative consent or necessary to serve data subject
EU Safe Harbor
NoticeOrganizations must notify individuals about the purposes for which they collect and use information about them.
ChoiceOrganizations must give individuals the opportunity to choose (opt out) whether their personal information will be disclosed to a third party
Transfers to Third PartiesSubject to Notice and Choice.
AccessIndividuals must have access to personal information and be able to correct, amend, or delete that information where it is inaccurate,
Security: Organizations must take reasonable precautions to protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction.
Data integrity
Personal information must be relevant for the purposes for which it is to be used. An organization should take reasonable steps to ensure that data is reliable for its intended use, accurate, complete, and current.
Enforcement Mechanism
How a bill becomes law
Recent Legislation
FEDERALCOPPA Websites directed at children OR if know
under 13 Must post notice on Website Must obtain parental consent before using
PII
Gramm-Leach-Bliley (GLB)Financial institutions must securely store personal financial information advise you of their policies on sharing of
personal financial information give consumers the option to opt-out of
some sharing of personal financial information.
Health Insurance Portability and Accountability Act (HIPAA ) Same concept as GLB Notice, consent, security
CALIFORNIA
Shine the Light Law
Either disclose a list of the categories of PII disclosed to other companies for their marketing purposes (with the names and addresses of those companies); OR
Allow opt-out option via privacy policy
Online Privacy Protection Act If collect PII from California residents Must conspicuously post a privacy policy
and identify the categories of PII collected and how it is shared.
Security Breach Notification California Resident Unencrypted Social Security number, driver's license or
state ID card number, or financial account numbers
This law requires a business or a State
ChoicePoint
145,000 records accessed
Discovered because of California law
In first eight months after ChoicePoint Over 70 incidents Involving over 50 Million Records
Hall of Shame
Government & Health Care
Other Companies
Financial Companies
PCS Rankings
Ranked
Non-Ranked
The Wares
Adware Software bundled with ad
service software Notice & consent?
Spyware Gathers information on
user without knowledge Email addresses Passwords Credit Card Information Keystroke Logging Alters default settings
Malware Software designed
specifically to damage or disrupt a system, such as a virus or a Trojan horse.
Scareware “Faux Spyware”, i.e.,
benign applications falsely labeled as Spyware
Spyware Legislation
California Spyware Act
Prohibits deceptive downloading and/or collection of information
Prohibits taking over third party computer or altering default settings
Federal Legislation Questions
Do you regulate conduct or technology?
Is spyware already illegal?
Status House passed bill in
2004 and 2005 Action stalled in the
Senate
OnGuardOnline.Gov
Protect your personal information. It's valuable.
Know who you're dealing with.
Use anti-virus software and a firewall, and update both regularly.
Make sure your operating system and Web browser are set up properly and update them regularly.
Protect your passwords.
Back up important files.
Learn who to contact if something goes wrong online.