Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Privacy Self-Regulation.

Published byAlberta Patterson Modified over 9 years ago

Similar presentations

Presentation on theme: "Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Privacy Self-Regulation."— Presentation transcript:

1 Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor http://cups.cs.cmu.edu/courses/privpolawtech-fa07/ 1 Privacy Self-Regulation and the Privacy Profession September 18, 2007

2 Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor http://cups.cs.cmu.edu/courses/privpolawtech-fa07/ 2 Privacy self-regulation Since 1995, the US FTC has pressured companies to “self regulate” in the privacy area Upcoming FTC town hall on behavioral advertising http://www.ftc.gov/opa/2007/08/ehavioral.shtm http://www.ftc.gov/opa/2007/08/ehavioral.shtm Self regulation may be completely voluntary or mandatory (or somewhere in between) Self-regulatory programs and initiatives Seals CPOs Privacy policies P3P Industry guidelines

3 Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor http://cups.cs.cmu.edu/courses/privpolawtech-fa07/ 3 Voluntary privacy guidelines Direct Marketing Association Privacy Promise http://www.the- dma.org/privacy/privacy_promise.pdf http://www.the- dma.org/privacy/privacy_promise.pdf Network Advertising Initiative Principles http://www.networkadvertising.org/ http://www.networkadvertising.org/ CTIA Location-based privacy guidelines http://files.ctia.org/pdf/filings/ctia042401.pdf http://files.ctia.org/pdf/filings/ctia042401.pdf Generally Accepted Privacy Principals http://infotech.aicpa.org/Resources/Privacy/Gene rally+Accepted+Privacy+Principles/ http://infotech.aicpa.org/Resources/Privacy/Gene rally+Accepted+Privacy+Principles/

4 Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor http://cups.cs.cmu.edu/courses/privpolawtech-fa07/ 4

5 5 Chief privacy officers Companies are increasingly appointing CPOs to have a central point of contact for privacy concerns Role of CPO varies in each company Draft privacy policy Respond to customer concerns Educate employees about company privacy policy Review new products and services for compliance with privacy policy Develop new initiatives to keep company out front on privacy issue Monitor pending privacy legislation

6 Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor http://cups.cs.cmu.edu/courses/privpolawtech-fa07/ 6 Seal programs TRUSTe – http://www.truste.org http://www.truste.org BBBOnline – http://www.bbbonline.org http://www.bbbonline.org CPA WebTrust – http://www.cpawebtrust.org/ http://www.cpawebtrust.org/ Japanese Privacy Mark http://privacymark.org/ http://privacymark.org/

7 Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor http://cups.cs.cmu.edu/courses/privpolawtech-fa07/ 7 Seal program problems Certify only compliance with stated policy Limited ability to detect non-compliance Minimal privacy requirements Don’t address privacy issues that go beyond the web site Nonetheless, reporting requirements are forcing licensees to review their own policies and practices and think carefully before introducing policy changes

8 Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor http://cups.cs.cmu.edu/courses/privpolawtech-fa07/ 8 Privacy policies Policies let consumers know about site’s privacy practices Consumers can then decide whether or not practices are acceptable, when to opt-in or opt-out, and who to do business with The presence of privacy policies increases consumer trust What are some problems with privacy policies?

9 Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor http://cups.cs.cmu.edu/courses/privpolawtech-fa07/ 9 Privacy policy problems BUT policies are often difficult to understand hard to find take a long time to read change without notice

10 Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor http://cups.cs.cmu.edu/courses/privpolawtech-fa07/ 10 There is lots of information to convey -- but policy should be brief and easy-to-read too! What is opt-in? What is opt-out? Privacy policy components Identification of site, scope, contact info Types of information collected Including information about cookies How information is used Conditions under which information might be shared Information about opt-in/opt-out Information about access Information about data retention policies Information about seal programs Security assurances Children’s privacy

11 Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor http://cups.cs.cmu.edu/courses/privpolawtech-fa07/ 11 Short Notices Project organized by Hunton & Williams law firm Short version (short notice) of human-readable policy for web and paper Also called a “layered notice” - refer to long notice for more detail Now being called “highlights notice” Focus on reducing privacy policy to at most 7 boxes Standardized format but only limited standardization of language Proponents believe they may eventually be mandated by law A work in progress - not yet in use Alternative proposals from privacy advocates focus on check boxes Interest Internationally http://www.privacyconference2003.org/resolution.asp Interest in the US for financial privacy notices http://www.ftc.gov/opa/2003/12/privnoticesjoint.htm

12 Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor http://cups.cs.cmu.edu/courses/privpolawtech-fa07/ 12 Acme Company Privacy Notice Highlights For more information about our privacy policy, write to: Consumer Department Acme Company 11 Main Street Anywhere, NY 10100 Or go to the privacy statement on our website at acme.com. We collect information directly from you and maintain information on your activity with us, including your visits to our website. We obtain information, such as your credit report and demographic and lifestyle information, from other information providers. PERSONAL INFORMATION We use information about you to manage your account and offer you other products and services we think may interest you. We share information about you with our sister companies to offer you products and services. We share information about you with other companies, like insurance companies, to offer you a wider array of jointly-offered products and services. We share information about you with other companies so they can offer you their products and services. USES You may opt out of receiving promotional information from us and our sharing your contact information with other companies. To exercise your choices, call (800) 123-1234 or click on “choice” at ACME.com. YOUR CHOICES You may request information on your billing and payment activities. IMPORTANT INFORMATION HOW TO REACH US This statement applies to Acme Company and several members of the Acme family of companies. SCOPE NY142510v1 5/28/2002 Dated: May 28, 2002 Template prepared by the Notices Project, a program ofthe Center for Information Policy Leadership at Hunton &Williams © 2002 Center for Information Policy Leadership Privacy Notice Highlights Template

13 Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor http://cups.cs.cmu.edu/courses/privpolawtech-fa07/ 13 Checkbox proposal WE SHARE [DO NOT SHARE] PERSONAL INFORMATION WITH OTHER WEBSITES OR COMPANIES. Collection: YESNO We collect personal information directly from you   We collect information about you from other sources:   We use cookies on our website   We use web bugs or other invisible collection methods   We install monitoring programs on your computer   Uses: We use information about you to:With YourWithout Your ConsentConsent Send you advertising mail   Send you electronic mail   Call you on the telephone   Sharing: We allow others to use your information to:With YourWithout YourConsent Maintain shared databases about you   Send you advertising mail   Send you electronic mail   Call you on the telephoneN/AN/A Access: You can see and correct {ALL, SOME, NONE} of the information we have about you. Choices: You can opt-out of receiving fromUsAffiliatesThird Parties Advertising mail   Electronic mail   Telemarketing  N/A Retention: We keep your personal data for:{Six Months Three Years Forever} Change:We can change our data use policy {AT ANY TIME, WITH NOTICE TO YOU, ONLY FOR DATA COLLECTED IN THE FUTURE} Source: Robert Gellman, July 3, 2003

14 Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor http://cups.cs.cmu.edu/courses/privpolawtech-fa07/ 14 Highlights notice on IBM web site

15 Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor http://cups.cs.cmu.edu/courses/privpolawtech-fa07/ 15 Highlights notice on P&G web site

16 Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor http://cups.cs.cmu.edu/courses/privpolawtech-fa07/ 16 Is industry self-regulation working? What are the arguments for and against privacy self-regulation? What are the arguments for and against privacy laws?

17 Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor http://cups.cs.cmu.edu/courses/privpolawtech-fa07/ 17 IAPP International Association of Privacy Professionals http://www.privacyassociation.org/

18 Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor http://cups.cs.cmu.edu/courses/privpolawtech-fa07/ 18 Privacy organizations (and organizations that work on privacy issues as part of their larger mission) http://www.aclu.org/ http://www.cdt.org/ http://www.cpsr.org/ http://www.eff.org/ http://www.epic.org/ http://www.healthprivacy.org/ http://www.privacyinternational.org/ http://www.privacyrights.org/

19 Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor http://cups.cs.cmu.edu/courses/privpolawtech-fa07/ 19 Privacy policy project http://cups.cs.cmu.edu/courses/privpolawte ch-fa07/policy_project.html http://cups.cs.cmu.edu/courses/privpolawte ch-fa07/policy_project.html

Download ppt "Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Privacy Self-Regulation."

Similar presentations

Data Privacy and Security in the Cloud Presented by Robert J. Scott Managing Partner Scott & Scott, LLP www.ScottandScottllp.com.

Data Privacy and Security in the Cloud Presented by Robert J. Scott Managing Partner Scott & Scott, LLP
EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure.

EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure.
Rosemarie Day Deputy Director and Chief Operating Officer Thursday, May 8, 2008 Operations Report Current Priorities and Future Plans.

Rosemarie Day Deputy Director and Chief Operating Officer Thursday, May 8, 2008 Operations Report Current Priorities and Future Plans.
Accessibility Awareness Training for Customer Service Representatives © 2014, T-Base Communications Inc. Welcome to Accessibility Awareness Training for.

Accessibility Awareness Training for Customer Service Representatives © 2014, T-Base Communications Inc. Welcome to Accessibility Awareness Training for.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2005 Lorrie Cranor 1 Privacy Authorization Languages.

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2005 Lorrie Cranor 1 Privacy Authorization Languages.
Privacy Laws & Higher Education. Agenda 1.Five Privacy Laws a.FERPA b.HIPAA c.GLB d.FACTA Disposal Rule e.CAN-SPAM 2.Overview of the Laws a.What does.

Privacy Laws & Higher Education. Agenda 1.Five Privacy Laws a.FERPA b.HIPAA c.GLB d.FACTA Disposal Rule e.CAN-SPAM 2.Overview of the Laws a.What does.
WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.

WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.
CHAPTER 4 E-ENVIRONMENT

CHAPTER 4 E-ENVIRONMENT
Consumer Privacy and Information Access Professor Matt Thatcher.

Consumer Privacy and Information Access Professor Matt Thatcher.
Surviving a Privacy Exam Barbara B. Fitch 2 nd VP–Market Conduct & Compliance National Life Insurance Company October 3, 2005.

Surviving a Privacy Exam Barbara B. Fitch 2 nd VP–Market Conduct & Compliance National Life Insurance Company October 3, 2005.
Protecting Yourself Against Identity Theft TSCPA Member Name, CPA Firm/Company Name.

Protecting Yourself Against Identity Theft TSCPA Member Name, CPA Firm/Company Name.
The Internet industry’s privacy seal program Silicon Valley Web Guild.

The Internet industry’s privacy seal program Silicon Valley Web Guild.
Minding Your Own Business The Platform for Privacy Preferences Project and Privacy Minder Lorrie Faith Cranor AT&T Labs-Research

Minding Your Own Business The Platform for Privacy Preferences Project and Privacy Minder Lorrie Faith Cranor AT&T Labs-Research
The Platform for Privacy Preferences Project (P3P) Lorrie Faith Cranor AT&T Labs-Research P3P Interest Group Co-Chair October 1998.

The Platform for Privacy Preferences Project (P3P) Lorrie Faith Cranor AT&T Labs-Research P3P Interest Group Co-Chair October 1998.
BGS Customer Relationship Management Chapter 13 Privacy and Ethics Considerations Chapter 13 Privacy and Ethics Considerations Thomson Publishing 2007.

BGS Customer Relationship Management Chapter 13 Privacy and Ethics Considerations Chapter 13 Privacy and Ethics Considerations Thomson Publishing 2007.
Chapter 20 Additional Assurance Services: Other Information

Chapter 20 Additional Assurance Services: Other Information
Internet Privacy Policies Presented by: Paul Frenken President, COLAIP.

Internet Privacy Policies Presented by: Paul Frenken President, COLAIP.
1 The End Of The Privacy Policy As We Know It Fran Maier President TRUSTe.

1 The End Of The Privacy Policy As We Know It Fran Maier President TRUSTe.
Usable Privacy and Security Carnegie Mellon University Spring 2008 Lorrie Cranor 1 Introduction to Privacy January.

Usable Privacy and Security Carnegie Mellon University Spring 2008 Lorrie Cranor 1 Introduction to Privacy January.
Usable Privacy and Security Carnegie Mellon University Spring 2007 Cranor/Hong 1 Introduction to Privacy January.

Usable Privacy and Security Carnegie Mellon University Spring 2007 Cranor/Hong 1 Introduction to Privacy January.

Similar presentations

Ads by Google