Privacy and the Internet Professor Peter P. Swire Ohio State University National Press Foundation February 14, 2001.

Slides:



Advertisements
Similar presentations
Tamtron Users Group April 2001 Preparing Your Laboratory for HIPAA Compliance.
Advertisements

MEDEFs View on Dot EU Domain Day – 5 novembre 2002 – Palazzo Stelline – Milano Catherine GABAY – Director Innovation and Research - Medef.
Why the Financial Privacy Law is Better than People Think Professor Peter P. Swire Ohio State University University of Minnesota Symposium February 9,
Medical Privacy in a Broader Privacy Context Professor Peter P. Swire George Washington Law School Former Chief Counselor for Privacy, U.S. Govt. HIPAA.
The United States, Privacy, and Data Protection Peter P. Swire Dutch Embassy Presentation January 19, 2001.
The Chief Privacy Officer for the U.S. Government Professor Peter P. Swire Ohio State University Visiting, George Washington University Privacy Officers.
Reflections on the White House Privacy Office Peter P. Swire U.S. Chief Counselor for Privacy, OSU College of Law, 2001-present CFP, March 8,
HIPAA In Relation to Other Federal Laws Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP Glasser LegalWorks/HIPAA Conference.
Better Security and Privacy for Home Broadband Peter P. Swire Moritz College of Law The Ohio State University Morrison & Foerster LLP Privacy 2002 Conference.
"Embedding Privacy in Federal Information Systems" Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP MITRE Corp. Workshop.
Elephants and Mice Revisited: Law and Choice of Law on the Internet Professor Peter P. Swire Moritz College of Law Ohio State University Penn Law Review.
Research and Privacy Under HIPAA Professor Peter P. Swire Moritz College of Law Ohio State University National Academy of Science Panel on Science, Technology.
The Role of the Federal Government in Privacy Policy Professor Peter P. Swire The Ohio State University Center for American Progress The Privacy Symposium,
Trustwrap: The Importance of Legal Rules to E-Commerce and Internet Privacy Professor Peter P. Swire Moritz College of Law The Ohio State University Enforcing.
Online Profiling and Consumer Choice Peter P. Swire Center for American Progress Ohio State University ATL Hill Briefing April 28, 2008.
Mental Health Issues & Information Sharing Professor Peter P. Swire The Ohio State University NAAG Task Force on School Safety July 5, 2007.
Reflections on the White House Privacy Office Peter P. Swire Ohio State University Center for American Progress N.C. State Privacy Day January 29, 2008.
HIPAA AWARENESS TRAINING
IT Security Policy Framework
1 State Service of Ukraine on Personal Data Protection. Volodymyr Kozak, State Service of Ukraine on Personal Data Protection, Deputy Head, PhD Prague,
The Law of Privacy Prof. Michael Madison – University of Pittsburgh School of Law – January 22, 2004 [1] What is privacy? [2] What law regulates privacy?
Mobile Payments and the FTC Manas Mohapatra Director of Mobile Policy Mobile Technology Unit Federal Trade Commission The views expressed are not necessarily.
Background Credit reporting agencies are a key player, helping facilitate modern commerce Credit records help predict the risk of a transaction Credit.
Big Data - Ethical Data Use Kimberlin Cranford. Ethical Use in the Era of Big Data  Landscape has Changed  Attitudes about Big Data  PII, Anonymous,
Silicon Valley Apps for Kids Meetup Laura D. Berger October 22, 2012 The views expressed herein are those of the speaker, and do not represent the views.
Protecting Personal Information Guidance for Business.
IS3350 Security Issues in Legal Context
The Internet industry’s privacy seal program Silicon Valley Web Guild.
Can the US Meet International Privacy Standards in an Era of Personal Health Records, Consumer Scores and Watch Lists? UNSW's Cyberspace Law and Policy.
JO807: Advanced Journalism Research JO807: Week 13 “Freedom of Information Act” and the WWW.
HIPAA Security Standards What’s happening in your office?
Disclaimer This Presentation is provided “as is” without any express or implied warranty. This Presentation is for educational purposes only and does not.
Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario.
Class 13 Internet Privacy Law European Privacy.
“Breach of Privacy” nPresented by Sumit Yadav. Computer Science and Engineering Computer security Aspects nPrivacy (confidentiality ) n integrity n availability.
“Privacy and the Future of Justice Statistics” Peter P. Swire Chief Counselor for Privacy OMB/OIRA National Conf.on Privacy, Technology & Criminal Justice.
How Can We Deal with Risks from the Internet: Why Privacy Legislation Is Hot Right Now Professor Peter Swire Ohio State University/Center for American.
Staying Safe Online Keep your Information Secure.
Enterprise data (decentralized control, data security and privacy) Incident Response: State and Federal Law Rodney Petersen Security Task Force Coordinator.
Smart Machines, Smart Privacy: Rules of the Road and Challenges Ahead The views expressed are those of the speaker and not necessarily those of the FTC.
Privacy & Security Online Ivy, Kris & Neil Privacy Threat - Ivy Is Big Brother Watching You? - Kris Identity Theft - Kris Medical Privacy - Neil Children’s.
OCR Nationals Level 3 Unit 3.  To understand how the Data Protection Act 1998 relates to the data you will be collecting, storing and processing  To.
IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.
Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.
Where Did HIPAA Come From? “HIPAA Then and Now” Peter Swire Georgia Tech Scheller College of Business Alston & Bird LLP IAPP-Las Vegas 2015.
© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.
The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;
LAW OF COMPUTER TECHNOLOGY FALL 2015 © 2015 MICHAEL I. SHAMOS Regulatory Law Michael I. Shamos, Ph.D., J.D. Institute for Software Research School of.
IT Security Policy Framework ● Policies ● Standards ● Procedures ● Guidelines.
ECT 455/HCI 513 ECT 4 55/HCI 513 E-Commerce Web Site Engineering Legal Issues.
Student Financial Assistance. Session 55-2 Session 55 Internet Privacy Laws.
Lecture 8 ETHICAL AND SOCIAL ISSUES IN INFORMATION SYSTEMS (continued) © Prentice Hall
HIPAA History March 3, HIPAA Ruling Health Insurance Portability Accountability Act Health Insurance Portability Accountability Act Passed by Congress.
Protecting Yourself from Fraud including Identity Theft Personal Finance.
Computer Laws Data Protection Act 1998 Computer Misuse Act 1990.
1 Law, Ethical Impacts, and Internet Security. 2 Legal Issues vs. Ethical Issues Ethics — the branch of philosophy that deals with what is considered.
An Overview of Legislation and Board Policy. Federal Legislation (CIPA, COPPA) WCPSS Board of Education ◦ Policy 2313, 3013, and 4013 Federally Mandated.
Data protection—training materials [Name and details of speaker]
Privacy Déjà Vu: Crypto, Government Surveillance and Safe Harbor, Peter Swire Georgia Tech/Alston & Bird IAPP Summit April 4, 2016.
Consumer Information Federal Trade Commission Act grants Federal Trade Commission (FTC) responsibility regarding unfair methods of competition and unfair.
Teaching Internet Safety
Protecting Personal Information Guidance for Business.
Data Breach Overview Mike Schenk, VP Research and Policy Analysis
CompTIA Security+ Study Guide (SY0-401)
Other Sources of Information
Health Care: Privacy in a Digital Age
Protecting Yourself from Fraud including Identity Theft
Protecting Yourself from Fraud including Identity Theft
Protecting Yourself from Fraud including Identity Theft
Presentation transcript:

Privacy and the Internet Professor Peter P. Swire Ohio State University National Press Foundation February 14, 2001

Do People Care About Privacy? n 90 percent of Americans say they have lost all control over their personal information n WSJ poll 9/99

Overview n The Clinton Administration and privacy n This year

The Clinton Administration n Supported self-regulation generally n Sensitive categories deserve legal protection – Medical & Genetic – Financial – Childrens Online n Government should lead by example n Chief Counselor for Privacy

Internet Privacy n Quantity of policies – 15% to 66% to 88% from 1998 to 2000 n Quality of policies – Seek continued improvement on choice, access & security n Enforcement if company breaks its privacy promise – Unfair and deceptive trade practice

Internet Sectors n Individual Reference Services Group (1998) – Look up services code of conduct – Limits on distribution of SSNs n Network Advertising Initiative (2000) – Special sensitivity when a 3d party, unknown to user, compiles information n Safe Harbor for transfers with E.U. (2000) – Self-regulation as a core achievement

Childrens Online Privacy Protection Act of 1998 n FTC rules took effect 4/00 n Web sites targeted at under 13s n Key is verifiable parental consent

Medical Records Privacy n HIPAA 1996 called for legislation by 8/99 n President announced proposed regs 10/99 n Over 52,000 submissions of comments n Final rules 12/00 n Administration decision by February 26

Medical Records (cont.) n Fair information practices – Notice – Patient choice – Access – Security – Enforcement

Medical -- Who is Covered? n Covered entities – Providers – Plans – Clearninghouses n Business associates n Online/offline neutrality

Financial Privacy n Title V of Gramm-Leach-Bliley – Notice – Opt-out 3d parties – Enforcement n Online/offline neutrality n President Clinton called for greater protections last year

Government as a Model n Government web sites – Privacy policies at major sites – Presumption against cookies n Computer security n Coordination & oversight mechanisms

Government computer security n Good security is necessary for privacy – Weak security allows access to tax records, criminal investigative files, etc. – Good security helps stop hackers and other unauthorized users n Good security is not sufficient for privacy – What can an authorized user do with the data? – Post it to the Internet? – Privacy policies govern authorized users

Coordination & oversight n Coordination -- Chief Counselor position 3/99 n Must become aware of issues before you can affect them-- clearance n Alert decisionmakers before problems become public n No announcement on Bush approach

II. This Year n Fair information practices and Internet Privacy n Notice – Some favor notice only – Can do with technology, such as P3P – Less strict -- no other requirements – More strict -- a new law more likely later

Choice n The biggest debate so far n Opt out – Customer gets choice – But opt out may be hard to find on web page – Maybe spyware and no one to give notice

Choice (cont.) n Opt in – Strong privacy protection – Forces web site to explain why sharing is good – But, how do small sites find customers? n Robust opt out – Possible compromise

Access n Like FOIA -- check on abuse n Reasonable access – Cost matters n Some exceptions – Information about other persons – Trade secrets and proprietary

Access (cont.) n Access only to decisional information – Credit reports – Medical records n Access to all information – Psychographic information – Every memo in the company n Target marketing – Decisional? – Proprietary?

Security n Good security in layers – Hardware – Software – Personnel policies n Hard to measure n Law focuses on notice of security? n Detailed regs on security? n Must update anti-virus at least once a week?

Enforcement n FTC new powers n State AGs to help n Private right of action?

Enforcement (cont.) n What role for TRUSTe, BBBOnline? – Safe harbor in COPPA – Multiplies enforcement resources – Teams enforcement with consulting – Privatizes enforcement – Target for EU pressure

Other Internet Privacy Issues n Preemption n In favor: – Same web site sells to all 50 states – Possibly inconsistent state laws n Opposed: – The big reason for industry to accept legislation – Financial and engine for continued change – Dont place ceiling on human rights

Other Issues (cont.) n Customer lists in bankruptcy – Toysmart case n Law enforcement access to Internet records n Extend to offline, too? – Leary -- consistency requires it – But, ready to regulate each corner store?

Concluding thoughts n Many flows are good in Information Age, but not all flows are good n Self-regulation has been central to date n Treat sensitive data more carefully, subject to legal protections where appropriate n Will political system insist on Internet legislation? n In closing, a common sense test:

President Clinton, at Aspen Institute: Do you have privacy policies you can be proud of? Do you have privacy policies you would be glad to have reported in the media? If so, your policies are far more likely to survive, and help your organization prosper, in the information age.