Data Retention LIS 550 Winter 2010 Unsworth Tuesday, March 02, 2010.

Slides:

Advertisements

Similar presentations

/0403 © 2004 Business & Legal Reports, Inc. BLRs Training Presentations Privacy Issues in the Workplace.

Advertisements

Legal & Regulatory Compliance. Overview What types of information should be included? What issues or problems might there be? What benefits could be obtained?

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

Criteria For Approval 45 CFR CFR Minimized risks Reasonable risk/benefit ratio Equitable subject selection Informed consent process Informed.

NAU HIPAA Awareness Training

© 2009 The McGraw-Hill Companies, Inc. All rights reserved 3-1 LEGAL AND ETHICAL ISSUES in Medical Practice, Including HIPAA PowerPoint® presentation.

USA PATRIOT Act and Libraries Eric Johnson & Rodney Clare Jackman Sims Memorial Library.

1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,

Policing the Internet: Higher Education Law and Policy Rodney Petersen, Policy Analyst Wendy Wigen, Policy Analyst EDUCAUSE.

1 GRAND VALLEY STATE UNIVERSITY FAMILY EDUCATIONAL RIGHTS & PRIVACY ACT (FERPA) TRAINING OFFICES OF THE REGISTRAR AND UNIVERSITY COUNSEL JANUARY 20, 2009.

Coping with Electronic Records Setting Standards for Private Sector E-records Retention.

Data Protection and Records Management

Code of Conduct for Mobile Money Providers 6 November 2014 All material © GSMA The policy advocacy and regulatory work of the GSMA Mobile Money team.

HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.

Anglican Province of Canada Privacy Policy. Commitment to Privacy The Privacy Policy, including the Web Privacy Statement, is the Anglican Province of.

Information Commissioner’s Office: data protection Judith Jones Senior Policy Officer Strategic Liaison – public security 16 November 2011.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Overview

Privacy and Security Risks in Higher Education

Practical Information Management

DEFENSE PRIVACY & CIVIL LIBERTIES OFFICE Privacy Foundations Samuel P. Jenkins Director for Privacy Defense Privacy and Civil Liberties Office Identity.

Privacy After Nixon's resignation, the govt took control of all of his presidential records, including the tapes, in the Presidential Recordings and Materials.

CUI Statistical: Collaborative Efforts of Federal Statistical Agencies Eve Powell-Griner National Center for Health Statistics.

(Edited) WORKPLACE PRIVACY.

Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.

Other Laws (Primarily for E-Government) COEN 351.

Confidentiality, Consents and Disclosure Recent Legal Changes and Current Issues Presented by Pam Beach, Attorney at Law.

Confidentiality and Security Issues in ART & MTCT Clinical Monitoring Systems Meade Morgan and Xen Santas Informatics Team Surveillance and Infrastructure.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

RECORDS MANAGEMENT Office of Compliance. OBJECTIVES Four main objectives of a Records Management Program: –Increase efficiency of record keeping. –Protection.

Ecords Management Records Management Paul Smallcombe Records & Information Compliance Manager.

Privacy & Personal Information Prepared by the CBC Law Department CONFIDENTIAL – FALL 2011.

Privacy and the Civil Commitment Process Allyson K. Tysinger Assistant Attorney General June 4-5, 2008.

Lesson Title: Privacy Overview Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas 1 This.

© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.

PricewaterhouseCoopers 1 Administrative Simplification: Privacy Audioconference April 14, 2003 William R. Braithwaite, MD, PhD “Doctor HIPAA” HIPAA Today.

The right item, right place, right time. DLA Privacy Act Code of Fair Information Principles.

1 Ethical Issues in Computer Science CSCI 328, Fall 2013 Session 15 Privacy as a Value.

Twelve Guiding Principles for the Regulation of Surveillance Camera Systems Presented by: Alastair Thomas Date: 23 rd October 2013.

October 10, 2007 Fenwick & West Conference Center EFF 2007 Bootcamp 2.0 Best Practices for OSPs: Law Enforcement Information Requests Kurt Opsahl, Senior.

PROTECTION OF PERSONAL DATA. OECD GUIDELINES: BASIC PRINCIPLES OF NATIONAL APPLICATION Collection Limitation Principle There should be limits to the collection.

May 11, 2009 Golden Gate University EFF 2009 Bootcamp 2.0 Best Practices for OSPs: Law Enforcement Information Requests Kurt Opsahl, Senior Staff Attorney.

Ethical and Legal Issues Information Systems 337 Prof. Harry Plantinga.

Standards of Conduct  Training today will give you talking points  You need to read through the book and get comfortable with the information  This.

Information Technology & Ethics. Impact The impact of IT on information and communication can be categorized into 4 groups: privacy, accuracy, property,

RECORDS MANAGEMENT Office of Business Affairs. OBJECTIVES Four main objectives of a Records Management Program: –Increase efficiency of record keeping.

HIPAA HEALTH INSURANCE PORTABILITY ACOUNTABILITY ACT.

APEC Privacy Framework “The lack of consumer trust and confidence in the privacy and security of online transactions and information networks is one element.

1 Ethics of Computing MONT 113G, Spring 2012 Session 31 Privacy as a value.

DON Code of Privacy Act Fair Information Principles DON has devised a list of principles to be applied when handling Protected Personal Information (PPI).

The Health Insurance Portability and Accountability Act of 1996 “HIPAA” Public Law

Chapter 8 Data Privacy. Data Collection IP addresses Visited urls Anonymized? If so, supposed to prevent personal identification Europe considers IP address.

CHAPTER SIXTEEN The Right to Privacy and Other Protections from Employer Intrusions.

Framework of engagement : big data for official use Roy D. Ibay AVP Regulatory PLDT – Smart.

Information Security and Privacy in HRIS

UW-Madison Guidelines for Managing the Records of Departing Employees*

Surveillance around the world

Privacy principles Individual written policies

Issues of personal data protection in scientific research

Privacy Policies & Your Library: Perfect Together?

Information Security Seminar

Legal and Ethical Issues

FOIA, Privacy & Records Management Conference 2009

Move this to online module slides 11-56

CONTRACTS PRIVILEGED COMMUNICATION PRIVACY ACT

THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner,

IAPP TRUSTe SYMPOSIUM 9-11 JUNE 2004

CONTRACTS PRIVILEGED COMMUNICATION PRIVACY ACT

Student Privacy in the age of big data

Presentation transcript:

Data Retention LIS 550 Winter 2010 Unsworth Tuesday, March 02, 2010

Garbage or information?

ALA guidelines for developing a Library Privacy Policyguidelines Data Retention: It is the responsibility of library staff to destroy information in confidential or privacy-protected records in order to safeguard data from unauthorized disclosure. Information that should be regularly purged or shredded includes PII on library resource use, material circulation history, and security/surveillance tapes and logs. If this data is maintained off site, library administrators must ensure that appropriate data retention policies and procedures are employed. Libraries that use surveillance cameras should have written policies stating that the cameras are not to be used for any other purpose. If the cameras create any records, the library must recognize its responsibility to protect their confidentiality like any other library record. This is best accomplished by purging the records as soon as their purpose is served.

School data retention policies Log files Library circulation records Student immunization records – HIPAA Dependent on financial, contractual and other types of obligations

In the US … Data preservation When contacted by the police ISPs can save specific data for longer periods 1986 law – Electronic Communication Privacy Act regulates data preservation – Requires ISPs to retain any “record” in their possession for 90 days “upon the request of a governmental entity” – search warrant – Court order – subpoena

Benefits of data retention Network monitoring Fraud prevention Billing disputes Litigation

Potential for abuse Data retention increases the potential for abuse and privacy invasion Possibility of synthesis (Blanchette and Johnson, p.34)

Transaction-generated information Phone calls Purchases Geographical location Banking transactions

Individual and Social goods “privacy is good for society insofar as it promotes the development of the kinds of individuals who are essential for democracy” (36) “social forgetfulness serves individual and social interests” (37)

It is easier to exclude bad risks and focus on derogatory information that it is to find good risks and reward the behavior Adverse information includes peripheral identifiers such as crime statistics related to place of residence

Individual behavior is regulated by: Laws Norms Technology The market (Lessing, 1999 in Blanchette and Johnson, 2002)

Code of Fair information practices The Code rested on five basic principles that would be given legal effect as "safeguard requirements" for automated personal data systems. There must be no personal data record keeping systems whose very existence is secret. There must be a way for an individual to find out what information about him is in a record and how it is used. There must be a way for an individual to prevent information about him that was obtained for one purpose from being used or made available for other purposes without his consent. There must be a way for an individual to correct or amend a record of identifiable information about him. Any organization creating, maintaining, using, or disseminating records of identifiable personal data must assure the reliability of the data for their intended use and must take precautions to prevent misuse of the data.

EU Directive on Mandatory Retention of Communications Traffic Data To help combat terrorism Standardize disparate data retention laws Requires member states to retain communication data for between 6 months and 2 years This includes traffic and location data Subscriber identifiers

Countries against the Directive Irish NGOs litigate against the act. They state the act breaches the right of privacy (Irish law and EU Convention), has chilling effect on freedom of expression, and interferes with the right to travel by retaining the mobile phone location of citizens (McIntyre 2008).McIntyre 2008 The German working group on data retention challenged the law at the Federal German Constitutional Court on January 6. They claim it is unconstitutional, because it is treating every citizen as a potential delinquent. They also state that the law would severely disrupt free communication.

The right to trust your IT equipment "a guarantee of confidentiality and integrity in information-technology systems" In Germany, all data must be deleted immediately There must be transparent control of how the information is used German Constitutional Court

Memory and forgetfulness

Trust trust in who?

Is it still possible to disappear and start over?