Bnote3 -- version: Mon Mar 22 13:22:55 EDT 2010

Ch 5 - Privacy and Cyberspace  pp.155-168


NPI - Nonpublic Personal Information  (e.g., medical records)

PPI - Public Personal Information (e.g., school attended)

Is that a clear split?

What does "public" mean?  

Given/presented/used in a public place? 

Odd PPI example -- the nature and location of body decoration  (e.g., tattoos)

Do privacy "norms" apply to PPI? 

What sensitive information might be inferred? 

What about from actual shopping?   Imagine a scenario...

i.e., should shopping activity/purchases be private? 

Do privacy "norms" apply to PPI? 

What sensitive information might be inferred? 

e.g., from online shopping

e.g., using data mining 

Note: whole online experience is being recorded! 

Is there public personal information to which no privacy norms apply? 

Has cybertechnology changed the answer? 

Are Google search records NPI or PPI? 

Potential problems with Google search records? 

How much information is available about you via search records? 

Anything you'd rather wasn't? 

How much information is available about you via search? 

Micha Hofri

Micha Hofri

Micha Hofri

Public municipal/federal records 

   - such as? 
   - how sensitive is it? 
   - should they be public at all? 
   - who should have access?

Allows "transparency of government action"

But usually requires 'official' access - i.e., how transparent? 

But some are being proposed to be made available online 
     - e.g., house purchases & tax assessment & plans 

From records: What could be concluded about a government official? 

Given cybertechnology, should Public municipal/federal records even be public now? 


PETs - encryption, anonymity, rejecting cookies, ...?

Principle of informed consent
  - has user been informed?
  - has user consented? 

For what? 
When does that happen?  
Can users actually consent to use that the collector doesn't yet know about? 
Is the default presumed consent?


Industry voluntary controls

e.g., 3rd party monitoring & authority 

They agree to follow information gathering practices and data reuse. 
An agency checks on them. 
What does the agency need to be/have? 

Strong enough? 

Publicity Principle 

     - rules & conditions for setting up normatively private
       situations should be made clear and public to all involved.

     - should lead to openess & transparency 

LEGISLATION --- more about these in future

Privacy Act - only applies to records held by federal agencies 
            - permits access to an individual's own records
            - prohibits the disclosure of information from a databse
                without the written consent of the subject.  
            - however there are exceptions where disclosure is allowed...

    * Census Bureau and the Bureau of Labor Statistics
    * Routine uses within a U.S. government agency
    * "...a record which has sufficient historical or other value
          to warrant its continued preservation by the United States Government" 
    * For law enforcement purposes
    * For congressional investigations
    * Other administrative purposes

  What do think about these exceptions? 

Family Educational Rights and Privacy Act (FERPA) 
     - educational records
     - site

   "Parents or eligible students have the right to inspect and review
    the student's education records maintained by the school."

   "Generally, schools must have written permission from the parent or
    eligible student in order to release any information from a
    student's education record. However, FERPA allows schools to
    disclose those records, without consent, to the following parties
    or under the following conditions (34 CFR  99.31):"

          o School officials with legitimate educational interest;
          o Other schools to which a student is transferring;
          o Specified officials for audit or evaluation purposes;
          o Appropriate parties in connection with financial aid to a student;
          o Organizations conducting certain studies for or on behalf of the school;
          o Accrediting organizations;
          o To comply with a judicial order or lawfully issued subpoena;
          o Appropriate officials in cases of health and safety emergencies; and
          o State and local authorities, within a juvenile justice
            system, pursuant to specific State law.

   "Schools may disclose, without consent, 'directory' information
    such as a student's name, address, telephone number, date and place
    of birth, honors and awards, and dates of attendance. However,
    schools must tell parents and eligible students about directory
    information and allow parents and eligible students a reasonable
    amount of time to request that the school not disclose directory
    information about them."

Gramm-Leach-Bliley Act (GLBA) 
     - financial institution and customer data 
     - site 

    "The privacy notice must be a clear, conspicuous, and accurate
    statement of the company's privacy practices; it should include
    what information the company collects about its consumers and
    customers, with whom it shares the information, and how it
    protects or safeguards the information.  The notice applies to the
    'nonpublic personal information' the company gathers and discloses
    about its consumers and customers; in practice, that may be most -
    or all - of the information a company has about them.  For example,
    nonpublic personal information could be information that a
    consumer or customer puts on an application; information about the
    individual from another source, such as a credit bureau; or
    information about transactions between the individual and the
    company, such as an account balance.  Indeed, even the fact that an
    individual is a consumer or customer of a particular financial
    institution is nonpublic person information.  But information that
    the company has reason to believe is lawfully public - such as
    mortgage loan information in a jurisdiction where that information
    is publicly recorded - is not restricted by the GLB Act."

   "The GLB Act puts some limits on how anyone that receives nonpublic
   personal information from a financial institution can use or
   re-disclose the information. Take the case of a lender that
   discloses customer information to a service provider responsible
   for mailing account statements, where the consumer has no right to
   opt out: The service provider may use the information for limited
   purposes - that is, for mailing account statements. It may not sell
   the information to other organizations or use it for marketing."

Health Insurance Portability and Accountability Act (HIPAA) 
  - The Department of Health and Human Services, Office for Civil Rights (OCR)
  - medical records
  - Summary

  - Penalties for noncompliance:

    "A person who knowingly obtains or discloses individually
     identifiable health information in violation of the Privacy Rule
     may face a criminal penalty of up to $50,000 and up to one-year
     imprisonment.  The criminal penalties increase to $100,000 and up
     to five years imprisonment if the wrongful conduct involves false
     pretenses, and to $250,000 and up to 10 years imprisonment if the
     wrongful conduct involves the intent to sell, transfer, or use
     identifiable health information for commercial advantage,
     personal gain or malicious harm."

Payment Card Industry (PCI) credit card guidelines
     - Secure Network - firewall + passwords
     - Protect Data   - protect databases + encrypt transmission
     - Maintain       - anti-virus software + updates
     - Access control - restrict physical & electronic access
     - Monitor & test
     - Policy - have a security policy in place

Some States have Identity Theft legislation  (more about this in the future)

- mostly about keeping SS# private 
    (or at least disassociated from other data)

e.g., NJ 

  "No person, including any public or private entity, shall publicly
   post or publicly display an individual's Social Security number, or
   any four or more consecutive numbers taken from the individual's
   Social Security number"

- it also extends to grades 

e.g., NJ 

  "No public or independent institution of higher education in the
   State shall display any student's social security number to
   identify that student for posting or public listing of grades, on
   class rosters or other lists provided to teachers, on student
   identification cards, in student directories or similar listings,
   unless otherwise required in accordance with applicable State or
   federal law."


Class Reading) - When American and European Ideas of Privacy Collide

"On the Internet, the First Amendment is a local ordinance" - meaning?

   - Lets look at it carefully!

European Organization for Economic Cooperation and Development (OECD)
  -  "Recommendations of the Council Concerning Guidelines Governing the 
      Protection of Privacy and Trans-Border Flows of Personal Data"
  - info
  - non-binding principles 
  - US endorsed them only

   Notice         - data subjects should be given notice when 
                           their data is being collected;
   Purpose        - data should only be used for the purpose stated 
                           and not for any other purposes;
   Consent        - data should not be disclosed without the data subject's consent;
   Security       - collected data should be kept secure from any potential abuses;
   Disclosure     - data subjects should be informed as to who is collecting their data;
   Access         - data subjects should be allowed to access their data and
                           make corrections to any inaccurate data; and 
   Accountability - data subjects should have a method available to them to hold 
                           data collectors accountable for following the above principles.

European Union - Directive on Protection of Personal Data
               - regulates processing & flow of data, not just recording & storage
               - privacy protection commissions & boards
               - incorporates the 7 principles above

    Personal data - "any information relating to an identified or
    identifiable natural person (data subject); an identifiable
    person is one who can be identified, directly or indirectly, in
    particular by reference to an identification number or to one or
    more factors specific to his physical, physiological, mental,
    economic, cultural or social identity;" 

    Processing - "any operation or set of operations which is
    performed upon personal data, whether or not by automatic means,
    such as collection, recording, organization, storage, adaptation
    or alteration, retrieval, consultation, use, disclosure by
    transmission, dissemination or otherwise making available,
    alignment or combination, blocking, erasure or destruction;" 

    Controller - "the natural or artificial person, public
    authority, agency or any other body which alone or jointly with
    others determines the purposes and means of the processing of
    personal data;" 

Transparency - Data may be processed only...

    * when the data subject has given his consent
    * when the processing is necessary for the performance of or 
        the entering into a contract
    * when processing is necessary for compliance with a legal obligation
    * when processing is necessary in order to protect the vital 
        interests of the data subject
    * processing is necessary for the performance of a task carried
        out in the public interest or in the exercise of official
        authority vested in the controller or in a third party to whom the
        data are disclosed
    * processing is necessary for the purposes of the legitimate
        interests pursued by the controller or by the third party or
        parties to whom the data are disclosed, except where such
        interests are overridden by the interests for fundamental rights
        and freedoms of the data subject. The data subject has the right
        to access all data processed about him. The data subject even has
        the right to demand the rectification, deletion or blocking of
        data that is incomplete, inaccurate or isn't being processed in
        compliance with the data protection rules. 


    "Personal data may be processed only insofar as it is adequate,
     relevant and not excessive in relation to the purposes for which
     they are collected and/or further processed.  The data must be
     accurate and, where necessary, kept up to date; every reasonable
     step must be taken to ensure that data which are inaccurate or
     incomplete, having regard to the purposes for which they were
     collected or for which they are further processed, are erased or
     rectified; The data shouldn't be kept in a form which permits
     identification of data subjects for longer than is necessary for
     the purposes for which the data were collected or for which they
     are further processed. Member States shall lay down appropriate
     safeguards for personal data stored for longer periods for
     historical, statistical or scientific use."

    "When sensitive personal data (can be: religious beliefs,
     political opinions, health, sexual orientation, race, membership
     of past organisations) are being processed, extra restrictions