Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data Retention LIS 550 Winter 2010 Unsworth Tuesday, March 02, 2010.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Data Retention LIS 550 Winter 2010 Unsworth Tuesday, March 02, 2010."— Presentation transcript:

1 Data Retention LIS 550 Winter 2010 Unsworth Tuesday, March 02, 2010

2 Garbage or information?

3 ALA guidelines for developing a Library Privacy Policyguidelines Data Retention: It is the responsibility of library staff to destroy information in confidential or privacy-protected records in order to safeguard data from unauthorized disclosure. Information that should be regularly purged or shredded includes PII on library resource use, material circulation history, and security/surveillance tapes and logs. If this data is maintained off site, library administrators must ensure that appropriate data retention policies and procedures are employed. Libraries that use surveillance cameras should have written policies stating that the cameras are not to be used for any other purpose. If the cameras create any records, the library must recognize its responsibility to protect their confidentiality like any other library record. This is best accomplished by purging the records as soon as their purpose is served.

4 School data retention policies Log files Library circulation records Student immunization records – HIPAA Dependent on financial, contractual and other types of obligations

5 In the US … Data preservation When contacted by the police ISPs can save specific data for longer periods 1986 law – Electronic Communication Privacy Act regulates data preservation – Requires ISPs to retain any “record” in their possession for 90 days “upon the request of a governmental entity” – search warrant – Court order – subpoena

6 Benefits of data retention Network monitoring Fraud prevention Billing disputes Litigation

7 Potential for abuse Data retention increases the potential for abuse and privacy invasion Possibility of synthesis (Blanchette and Johnson, p.34)

8 Transaction-generated information Phone calls Purchases Geographical location Banking transactions

9

10

11 Individual and Social goods “privacy is good for society insofar as it promotes the development of the kinds of individuals who are essential for democracy” (36) “social forgetfulness serves individual and social interests” (37)

12 It is easier to exclude bad risks and focus on derogatory information that it is to find good risks and reward the behavior Adverse information includes peripheral identifiers such as crime statistics related to place of residence

13 Individual behavior is regulated by: Laws Norms Technology The market (Lessing, 1999 in Blanchette and Johnson, 2002)

14 Code of Fair information practices The Code rested on five basic principles that would be given legal effect as "safeguard requirements" for automated personal data systems. There must be no personal data record keeping systems whose very existence is secret. There must be a way for an individual to find out what information about him is in a record and how it is used. There must be a way for an individual to prevent information about him that was obtained for one purpose from being used or made available for other purposes without his consent. There must be a way for an individual to correct or amend a record of identifiable information about him. Any organization creating, maintaining, using, or disseminating records of identifiable personal data must assure the reliability of the data for their intended use and must take precautions to prevent misuse of the data. http://itlaw.wikia.com/wiki/Code_of_Fair_Information_Practice

15 EU Directive on Mandatory Retention of Communications Traffic Data To help combat terrorism Standardize disparate data retention laws Requires member states to retain communication data for between 6 months and 2 years This includes traffic and location data Subscriber identifiers

16 Countries against the Directive Irish NGOs litigate against the act. They state the act breaches the right of privacy (Irish law and EU Convention), has chilling effect on freedom of expression, and interferes with the right to travel by retaining the mobile phone location of citizens (McIntyre 2008).McIntyre 2008 The German working group on data retention challenged the law at the Federal German Constitutional Court on January 6. They claim it is unconstitutional, because it is treating every citizen as a potential delinquent. They also state that the law would severely disrupt free communication.

17 The right to trust your IT equipment "a guarantee of confidentiality and integrity in information-technology systems" In Germany, all data must be deleted immediately There must be transparent control of how the information is used German Constitutional Court

18 Memory and forgetfulness

19 Trust trust in who?

20 Is it still possible to disappear and start over?

Download ppt "Data Retention LIS 550 Winter 2010 Unsworth Tuesday, March 02, 2010."

Similar presentations

31511230/0403 © 2004 Business & Legal Reports, Inc. BLRs Training Presentations Privacy Issues in the Workplace.

/0403 © 2004 Business & Legal Reports, Inc. BLRs Training Presentations Privacy Issues in the Workplace.
Legal & Regulatory Compliance. Overview What types of information should be included? What issues or problems might there be? What benefits could be obtained?

Legal & Regulatory Compliance. Overview What types of information should be included? What issues or problems might there be? What benefits could be obtained?
HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.
The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.
Criteria For Approval 45 CFR 46.111 25 CFR 56.111 Minimized risks Reasonable risk/benefit ratio Equitable subject selection Informed consent process Informed.

Criteria For Approval 45 CFR CFR Minimized risks Reasonable risk/benefit ratio Equitable subject selection Informed consent process Informed.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
© 2009 The McGraw-Hill Companies, Inc. All rights reserved 3-1 LEGAL AND ETHICAL ISSUES in Medical Practice, Including HIPAA PowerPoint® presentation.

© 2009 The McGraw-Hill Companies, Inc. All rights reserved 3-1 LEGAL AND ETHICAL ISSUES in Medical Practice, Including HIPAA PowerPoint® presentation.
USA PATRIOT Act and Libraries Eric Johnson & Rodney Clare Jackman Sims Memorial Library.

USA PATRIOT Act and Libraries Eric Johnson & Rodney Clare Jackman Sims Memorial Library.
1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,

1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,
Policing the Internet: Higher Education Law and Policy Rodney Petersen, Policy Analyst Wendy Wigen, Policy Analyst EDUCAUSE.

Policing the Internet: Higher Education Law and Policy Rodney Petersen, Policy Analyst Wendy Wigen, Policy Analyst EDUCAUSE.
1 GRAND VALLEY STATE UNIVERSITY FAMILY EDUCATIONAL RIGHTS & PRIVACY ACT (FERPA) TRAINING OFFICES OF THE REGISTRAR AND UNIVERSITY COUNSEL JANUARY 20, 2009.

1 GRAND VALLEY STATE UNIVERSITY FAMILY EDUCATIONAL RIGHTS & PRIVACY ACT (FERPA) TRAINING OFFICES OF THE REGISTRAR AND UNIVERSITY COUNSEL JANUARY 20, 2009.
Coping with Electronic Records Setting Standards for Private Sector E-records Retention.

Coping with Electronic Records Setting Standards for Private Sector E-records Retention.
Data Protection and Records Management

Data Protection and Records Management
Code of Conduct for Mobile Money Providers 6 November 2014 All material © GSMA 2014. The policy advocacy and regulatory work of the GSMA Mobile Money team.

Code of Conduct for Mobile Money Providers 6 November 2014 All material © GSMA The policy advocacy and regulatory work of the GSMA Mobile Money team.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.

HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
Anglican Province of Canada Privacy Policy. Commitment to Privacy The Privacy Policy, including the Web Privacy Statement, is the Anglican Province of.

Anglican Province of Canada Privacy Policy. Commitment to Privacy The Privacy Policy, including the Web Privacy Statement, is the Anglican Province of.
Information Commissioner’s Office: data protection Judith Jones Senior Policy Officer Strategic Liaison – public security 16 November 2011.

Information Commissioner’s Office: data protection Judith Jones Senior Policy Officer Strategic Liaison – public security 16 November 2011.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview

Data Protection Overview
Privacy and Security Risks in Higher Education

Privacy and Security Risks in Higher Education

Similar presentations

Ads by Google