Privacy Today Privacy Day January 28, 2008 International Association of Privacy Professionals.

Slides:

Advertisements

Similar presentations

Why the Financial Privacy Law is Better than People Think Professor Peter P. Swire Ohio State University University of Minnesota Symposium February 9,

Advertisements

Reflections on the White House Privacy Office Peter P. Swire U.S. Chief Counselor for Privacy, OSU College of Law, 2001-present CFP, March 8,

HIPAA In Relation to Other Federal Laws Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP Glasser LegalWorks/HIPAA Conference.

"Embedding Privacy in Federal Information Systems" Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP MITRE Corp. Workshop.

Privacy and the Use of Cost/Benefit Analysis Professor Peter Swire Ohio State University FTC Workshop on Information Flows June 18, 2003.

Research and Privacy Under HIPAA Professor Peter P. Swire Moritz College of Law Ohio State University National Academy of Science Panel on Science, Technology.

The Role of the Federal Government in Privacy Policy Professor Peter P. Swire The Ohio State University Center for American Progress The Privacy Symposium,

Mental Health Issues & Information Sharing Professor Peter P. Swire The Ohio State University NAAG Task Force on School Safety July 5, 2007.

Protect Our Students Protect Ourselves

Engineers and Lawyers in Privacy Protection Peter Swire Professor, Moritz College of Law Visiting Professor, Georgia Institute of Technology IAPP Summit.

US Constitution and Right to Privacy Generally only protects against government action Doesn’t obligate government to do something, but rather to refrain.

Understanding the Fair Debt Collection Practices Act

PIPA PRESENTATION PERSONAL INFORMATION PROTECTION ACT.

Data Protection.

1 GRAND VALLEY STATE UNIVERSITY FAMILY EDUCATIONAL RIGHTS & PRIVACY ACT (FERPA) TRAINING OFFICES OF THE REGISTRAR AND UNIVERSITY COUNSEL JANUARY 20, 2009.

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

FERPA The Family Educational Rights and Privacy Act.

FERPA: Protect our Students by Protecting their Records Prepared by Rebekah D. Mathis-Stump, JD.

Computers and Society Carnegie Mellon University Spring 2007 Cranor/Tongia 1 Regulating Online Speech / Privacy.

Disclaimer This Presentation is provided “as is” without any express or implied warranty. This Presentation is for educational purposes only and does not.

3 Ethics and Privacy.

Privacy & Personal Information -- Why do we care or do we?

FERPA 101 Student Records: Institutional Responsibility and Student Rights What Every University Employee Should Know Prepared by the Office of the Registrar.

Per Anders Eriksson

Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Practical Information Management

Data Privacy and Security Prof Sunil Wattal. Consumer Analytics  Analytics with consumer data to derive meaningful insights on actions and behaviors.

“Privacy and the Future of Justice Statistics” Peter P. Swire Chief Counselor for Privacy OMB/OIRA National Conf.on Privacy, Technology & Criminal Justice.

Introduction to the West Virginia Executive Branch Privacy Policies Executive Branch Privacy Program Education & the Arts Presented by Heather Butler,

Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.

HIPAA PRIVACY AND SECURITY AWARENESS.

© 2012 Cengage Learning. All Rights Reserved. Principles of Business, 8e C H A P T E R 15 SLIDE Consumer Buying Decisions Consumer.

STANDARD 5.3 Objective 3 Students will explain and understand the need for confidentiality.

Notes for Discussion on a Privacy Practice © Joe Cleetus.

Smart Machines, Smart Privacy: Rules of the Road and Challenges Ahead The views expressed are those of the speaker and not necessarily those of the FTC.

Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.

FERPA 101 Student Records: Institutional Responsibility and Student Rights What Every University Employee Should Know Prepared by the Office of Academic.

OCR Nationals Level 3 Unit 3.  To understand how the Data Protection Act 1998 relates to the data you will be collecting, storing and processing  To.

Privacy BBA361 Business Ethics and Corporate Governance Lecture 4 Department of Business Administration Chapter 6, “Ethics and the Conduct of Business”,John.

2006 SISO Executive Conference Legal Issues in Using Mailing Lists: The CAN-SPAM ACT The Junk Fax Prevention Act The National Do Not Call Registry.

IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.

What makes a good interactive resume? Click for detailed information Multimedia Navigation Communication.

© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.

Chapter 45 Consumer Law McGraw-Hill/Irwin Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.

HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.

BTEC ICT Legal Issues Data Protection Act (1998) Computer Misuse Act (1990) Freedom of Information Act (2000)

Front Page Title Name Introduction Appropriate Images The Legal Issues -Personal Data -Freedom of Information -Computer Crimes Ethical Issues -

Federal Agencies and Laws for Consumer Rights

Student Financial Assistance. Session 55-2 Session 55 Internet Privacy Laws.

Ethical and Legal Issues Information Systems 337 Prof. Harry Plantinga.

The Legalities of using U.S.(foreign) Servers with Canadian students by Erin Gibbs and Rob Airey.

Rules of Engagement Mark Dwyer. AGENDA 1.Spam and Consent 2.Privacy 3.Advice Warnings and Notices 4.Disclosures 5.Other Matters.

Copyright © 2015 by Saunders, an imprint of Elsevier Inc. All rights reserved. Chapter 3 Privacy, Confidentiality, and Security.

APEC Privacy Framework “The lack of consumer trust and confidence in the privacy and security of online transactions and information networks is one element.

Legal, Regulations, Investigations, and Compliance Chapter 9 Part 2 Pages 1006 to 1022.

Welcome to Unit Nine CJ230 Identity Theft Prof. Hulvat.

CHAPTER SIXTEEN The Right to Privacy and Other Protections from Employer Intrusions.

Denise Chrysler, JD Director, Mid-States Region

Nassau Association of School Technologists

Protect Our Students Protect Ourselves

Privacy and the Law.

Federal Agencies and Laws for Consumer Rights

Michael Spiegel, Esq Timothy Shimeall, Ph.D.

Privacy principles Individual written policies

Obligations of Educational Agencies: Parents’ Bill of Rights

E&O Risk Management: Meeting the Challenge of Change

Disability Services Agencies Briefing On HIPAA

IAPP TRUSTe SYMPOSIUM 9-11 JUNE 2004

13 Managing Medical Records Lesson 3:

Presentation transcript:

Privacy Today Privacy Day January 28, 2008 International Association of Privacy Professionals

Overview What is privacy Ways to protect privacy – Technology – Law – Markets – What you do yourself 4 types of privacy harms Fair information practices Conclusion

I. What is Privacy? Privacy is the claim of individuals, groups or institutions to determine for themselves when, how, and to what extent information about them is communicated to others – Alan Westin: Privacy & Freedom,1967 Privacy is not an absolute We disclose, and we keep private

Privacy as a Process Each individual is continually engaged in a personal adjustment process in which he balances the desire for privacy with the desire for disclosure and communication…. - Alan Westin, 1967

Westins four states of privacy Solitude – individual separated from the group and freed from the observation of other persons Intimacy – individual is part of a small unit Anonymity – individual in public but still seeks and finds freedom from identification and surveillance Reserve – the creation of a psychological barrier against unwanted intrusion - holding back communication

II. Ways to Protect Privacy There are four basic ways to protect privacy: – Technology – Law – Markets – Your choices as an individual

Example: Reducing Spam Unwanted can be an intrusion on your privacy and can reduce the usefulness of Technology: Spam filters Law: the CAN-SPAM Act – Illegal to send commercial with false headers – You can unsubscribe from the sender Markets: you choose an provider that does a good job of reducing spam Your choices: you decide not to open that with the unpleasant header

III. 4 Types of Privacy Harms Well look more closely at 4 categories of privacy harms: – Intrusions – Information collection – Information processing – Information dissemination

[note to IAPP: insert here the basic flow chart from p. 490 of Solove article, at Keep the form of the person and the box for data holders Four labels should be: Intrusion; Information Collection; Information Processing; Information Dissemination Dont include the smaller-type words

Intrusions They come into your space and contact you or tell you what to do Examples: – Unwanted (spam) – Unwanted phone calls Technology: Caller ID to screen calls Law: National Do Not Call list – Parents entering a teens room without knocking – Government saying what you can or cant do with your own body or property

Information Collection They watch what you are doing, more than they should Surveillance & Interrogation – Visual, such as peeping Toms – Communications, such as wiretapping your phone or – Government, employers, or parents ask you private information Example of protections: with a warrant, the government can wiretap or search your house. Having to get a warrant is a protection, though, against too much information collection.

Information Processing They have a lot of data, and do things with it Identification: they learn about your anonymous actions Data mining: they learn patterns, to decide if you are a good customer or a suspected terrorist Exclusion: they decide you are not a good potential employee or customer, or go on the no-fly list at the airport Secondary use: they collect the data for one reason, but use it for others Note: Information processing can be helpful, when it personalizes and gives you better service. But it can invade your privacy when it goes too far or is used in ways that break the rules.

Information Dissemination They disclose data, perhaps more than you think they should – Breach of confidentiality: a doctor or lawyer discloses more than you wish – Transfer to third parties: a company or government shares data about you to persons you dont expect – Public disclosure of private facts: an intimate photo of you, or disclosure of intimate facts – Disclosure of untrue facts: you are put in a false light – Appropriation: they use your name or picture without your permission

Review: 4 Types of Privacy Harms [note to editors: insert the diagram from earlier, and use it for review here]

IV. Fair Information Practices We will examine five Fair Information Practices have been developed to protect against these sorts of privacy concerns The Federal Trade Commission principles: – Notice/awareness – Choice/consent – Access/participation – Integrity/security – Enforcement/redress

Notice/Awareness Individuals need notice to make an informed choice about whether to provide information – Who is collecting the data – Uses for which the data will be used – Who will receive the data – The nature of the data and the means by which it is collected if not obvious – The steps taken to preserve confidentiality, integrity, and quality of the data

Choice/Consent Choice may apply to secondary uses – uses beyond the original reasons you provided your data Sometimes choice is opt in – they wont share your data unless you say you want them to – HIPAA medical privacy rule – dont share your data unless you give consent Sometimes choice is opt out – they can share your data or contact you, but you can tell them not to – Do Not Call list – no telemarketing if you sign up at – Many web sites will not share your data if you opt out (tell them not to share)

Access/Participation Individuals in some instances can access the data held about them, and correct any inaccuracies – Fair Credit Reporting Act: no-fee credit report at (some other sites advertise free reports that arent free) – Privacy Act: right to see records held about you by the federal government

Integrity/Security Data should be secure and accurate – Without security, can have good privacy policies but hackers gain entry – Without accuracy, wrong decisions are made about individuals We should expect reasonable technical, physical, and administrative measures

Enforcement/Redress There is great variety in the ways that privacy principles are enforced Increasingly, companies and government agencies have Chief Privacy Officers to comply with their privacy promises Companies can be fined if they break the promises in their privacy policies (Section 5 of the FTC Act) For some kinds of data (medical, financial, stored communications), there is additional enforcement by individuals or government agencies

V. Conclusion Some themes from today: – The link between privacy and freedom – a zone where they do not intrude upon you – The challenges of protecting privacy in our emerging information society – The need for the right mix of technology, laws, and markets

Finally: The emergence of privacy professionals – My thanks to the International Association of Privacy Professionals for support of this Privacy Day presentation Were here – To ensure protection of privacy while also – Helping create the many ways you want information to be used in our information society Thank you for your attention

Presentation written by: Professor Peter P. Swire Ohio State University Center for American Progress On behalf of the International Association of Privacy Professionals