Bnote3 -- version: Mon Mar 22 13:22:55 EDT 2010 Ch 5 - Privacy and Cyberspace pp.155-168 ------------------------------------------- ** PROTECTING PERSONAL PRIVACY IN PUBLIC SPACE NPI - Nonpublic Personal Information (e.g., medical records) PPI - Public Personal Information (e.g., school attended) Is that a clear split? What does "public" mean? Given/presented/used in a public place? Odd PPI example -- the nature and location of body decoration (e.g., tattoos) Do privacy "norms" apply to PPI? What sensitive information might be inferred? What about from actual shopping? Imagine a scenario... i.e., should shopping activity/purchases be private? Do privacy "norms" apply to PPI? What sensitive information might be inferred? e.g., from online shopping e.g., using data mining Note: whole online experience is being recorded! Is there public personal information to which no privacy norms apply? Has cybertechnology changed the answer? Are Google search records NPI or PPI? Potential problems with Google search records? How much information is available about you via search records? Anything you'd rather wasn't? How much information is available about you via search? Micha Hofri Micha Hofri Micha Hofri Public municipal/federal records - such as? - how sensitive is it? - should they be public at all? - who should have access? Allows "transparency of government action" But usually requires 'official' access - i.e., how transparent? But some are being proposed to be made available online - e.g., house purchases & tax assessment & plans From records: What could be concluded about a government official? Given cybertechnology, should Public municipal/federal records even be public now? ** PRIVACY ENHANCING TECHNOLOGIES (PETs) PETs - encryption, anonymity, rejecting cookies, ...? Principle of informed consent - has user been informed? - has user consented? For what? When does that happen? Can users actually consent to use that the collector doesn't yet know about? Is the default presumed consent? ** INDUSTRY SELF-REGULATION & PRIVACY LEGISLATION Industry voluntary controls e.g., 3rd party monitoring & authority They agree to follow information gathering practices and data reuse. An agency checks on them. What does the agency need to be/have? Strong enough? Publicity Principle - rules & conditions for setting up normatively private situations should be made clear and public to all involved. - should lead to openess & transparency LEGISLATION --- more about these in future Privacy Act - only applies to records held by federal agencies - permits access to an individual's own records - prohibits the disclosure of information from a databse without the written consent of the subject. - however there are exceptions where disclosure is allowed... Exceptions: * Census Bureau and the Bureau of Labor Statistics * Routine uses within a U.S. government agency * "...a record which has sufficient historical or other value to warrant its continued preservation by the United States Government" * For law enforcement purposes * For congressional investigations * Other administrative purposes What do think about these exceptions? Family Educational Rights and Privacy Act (FERPA) - educational records - site "Parents or eligible students have the right to inspect and review the student's education records maintained by the school." "Generally, schools must have written permission from the parent or eligible student in order to release any information from a student's education record. However, FERPA allows schools to disclose those records, without consent, to the following parties or under the following conditions (34 CFR 99.31):" o School officials with legitimate educational interest; o Other schools to which a student is transferring; o Specified officials for audit or evaluation purposes; o Appropriate parties in connection with financial aid to a student; o Organizations conducting certain studies for or on behalf of the school; o Accrediting organizations; o To comply with a judicial order or lawfully issued subpoena; o Appropriate officials in cases of health and safety emergencies; and o State and local authorities, within a juvenile justice system, pursuant to specific State law. "Schools may disclose, without consent, 'directory' information such as a student's name, address, telephone number, date and place of birth, honors and awards, and dates of attendance. However, schools must tell parents and eligible students about directory information and allow parents and eligible students a reasonable amount of time to request that the school not disclose directory information about them." Gramm-Leach-Bliley Act (GLBA) - financial institution and customer data - site "The privacy notice must be a clear, conspicuous, and accurate statement of the company's privacy practices; it should include what information the company collects about its consumers and customers, with whom it shares the information, and how it protects or safeguards the information. The notice applies to the 'nonpublic personal information' the company gathers and discloses about its consumers and customers; in practice, that may be most - or all - of the information a company has about them. For example, nonpublic personal information could be information that a consumer or customer puts on an application; information about the individual from another source, such as a credit bureau; or information about transactions between the individual and the company, such as an account balance. Indeed, even the fact that an individual is a consumer or customer of a particular financial institution is nonpublic person information. But information that the company has reason to believe is lawfully public - such as mortgage loan information in a jurisdiction where that information is publicly recorded - is not restricted by the GLB Act." "The GLB Act puts some limits on how anyone that receives nonpublic personal information from a financial institution can use or re-disclose the information. Take the case of a lender that discloses customer information to a service provider responsible for mailing account statements, where the consumer has no right to opt out: The service provider may use the information for limited purposes - that is, for mailing account statements. It may not sell the information to other organizations or use it for marketing." Health Insurance Portability and Accountability Act (HIPAA) - The Department of Health and Human Services, Office for Civil Rights (OCR) - medical records - Summary - Penalties for noncompliance: "A person who knowingly obtains or discloses individually identifiable health information in violation of the Privacy Rule may face a criminal penalty of up to $50,000 and up to one-year imprisonment. The criminal penalties increase to $100,000 and up to five years imprisonment if the wrongful conduct involves false pretenses, and to $250,000 and up to 10 years imprisonment if the wrongful conduct involves the intent to sell, transfer, or use identifiable health information for commercial advantage, personal gain or malicious harm." Payment Card Industry (PCI) credit card guidelines - Secure Network - firewall + passwords - Protect Data - protect databases + encrypt transmission - Maintain - anti-virus software + updates - Access control - restrict physical & electronic access - Monitor & test - Policy - have a security policy in place Some States have Identity Theft legislation (more about this in the future) - mostly about keeping SS# private (or at least disassociated from other data) e.g., NJ "No person, including any public or private entity, shall publicly post or publicly display an individual's Social Security number, or any four or more consecutive numbers taken from the individual's Social Security number" - it also extends to grades e.g., NJ "No public or independent institution of higher education in the State shall display any student's social security number to identify that student for posting or public listing of grades, on class rosters or other lists provided to teachers, on student identification cards, in student directories or similar listings, unless otherwise required in accordance with applicable State or federal law." IN EUROPE Class Reading) - When American and European Ideas of Privacy Collide "On the Internet, the First Amendment is a local ordinance" - meaning? - Lets look at it carefully! European Organization for Economic Cooperation and Development (OECD) - "Recommendations of the Council Concerning Guidelines Governing the Protection of Privacy and Trans-Border Flows of Personal Data" - info - non-binding principles - US endorsed them only Notice - data subjects should be given notice when their data is being collected; Purpose - data should only be used for the purpose stated and not for any other purposes; Consent - data should not be disclosed without the data subject's consent; Security - collected data should be kept secure from any potential abuses; Disclosure - data subjects should be informed as to who is collecting their data; Access - data subjects should be allowed to access their data and make corrections to any inaccurate data; and Accountability - data subjects should have a method available to them to hold data collectors accountable for following the above principles. European Union - Directive on Protection of Personal Data - regulates processing & flow of data, not just recording & storage - privacy protection commissions & boards - incorporates the 7 principles above Personal data - "any information relating to an identified or identifiable natural person (data subject); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity;" Processing - "any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction;" Controller - "the natural or artificial person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data;" Transparency - Data may be processed only... * when the data subject has given his consent * when the processing is necessary for the performance of or the entering into a contract * when processing is necessary for compliance with a legal obligation * when processing is necessary in order to protect the vital interests of the data subject * processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or in a third party to whom the data are disclosed * processing is necessary for the purposes of the legitimate interests pursued by the controller or by the third party or parties to whom the data are disclosed, except where such interests are overridden by the interests for fundamental rights and freedoms of the data subject. The data subject has the right to access all data processed about him. The data subject even has the right to demand the rectification, deletion or blocking of data that is incomplete, inaccurate or isn't being processed in compliance with the data protection rules. Proportionality "Personal data may be processed only insofar as it is adequate, relevant and not excessive in relation to the purposes for which they are collected and/or further processed. The data must be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that data which are inaccurate or incomplete, having regard to the purposes for which they were collected or for which they are further processed, are erased or rectified; The data shouldn't be kept in a form which permits identification of data subjects for longer than is necessary for the purposes for which the data were collected or for which they are further processed. Member States shall lay down appropriate safeguards for personal data stored for longer periods for historical, statistical or scientific use." "When sensitive personal data (can be: religious beliefs, political opinions, health, sexual orientation, race, membership of past organisations) are being processed, extra restrictions apply." -------------------- |