Privacy Privacy PolicyPolicy Issues & Issues & PagesPages

Amy ReeseINF385E Information Architecture and Design 1

UT iSchool21 September 2004

OverviewOverviewpri·va·cypri·va·cy   (prī (prī′′ v vəə sē; sē; Brit. alsoBrit. also prīv prīv′′ əə sē), sē), n., pln., pl – –

cies.cies. The state of being private; retirement or The state of being private; retirement or

seclusion.seclusion. The state of being free from intrusion or The state of being free from intrusion or

disturbance in one’s private life or affairs: disturbance in one’s private life or affairs: the the right to privacyright to privacy..

Secrecy.Secrecy. ArchaicArchaic. A private place. [1400-50; late ME . A private place. [1400-50; late ME

privace. privace. See See private, -acyprivate, -acy]]Source: Webster’s New Universal Unabridged Dictionary © 1996 Source: Webster’s New Universal Unabridged Dictionary © 1996 Barnes & Noble, Inc. by arrangement with Random House Value Barnes & Noble, Inc. by arrangement with Random House Value

Publishing.Publishing.

A Little Bit of A Little Bit of HistoryHistory Federal Trade Commission Act (1914)Federal Trade Commission Act (1914)

Privacy Act (1974)Privacy Act (1974) Electronic Communications Privacy Act Electronic Communications Privacy Act

(1986)(1986) Children’s Online Privacy Protection Act Children’s Online Privacy Protection Act

(1988)(1988) Gramm-Leach-Bliley Act (2000)Gramm-Leach-Bliley Act (2000) Report to Congress: Privacy Online (2000) Fair Credit Reporting Act (2002)Fair Credit Reporting Act (2002)

A Little Bit of A Little Bit of HistoryHistory Federal Trade Commission Act (1914)Federal Trade Commission Act (1914)

(15 U.S.C. §§ 41-58, (15 U.S.C. §§ 41-58, as amendedas amended) ) prevent unfair methods of competition, and unfair or prevent unfair methods of competition, and unfair or

deceptive acts or practices in or affecting commercedeceptive acts or practices in or affecting commerce seek monetary redress and other relief for conduct injurious seek monetary redress and other relief for conduct injurious

to consumersto consumers prescribe trade regulation rules defining with specificity acts prescribe trade regulation rules defining with specificity acts

or practices that are unfair or deceptive, and establishing or practices that are unfair or deceptive, and establishing requirements designed to prevent such acts or practicesrequirements designed to prevent such acts or practices

conduct investigations relating to the organization, business, conduct investigations relating to the organization, business, practices, and management of entities engaged in commercepractices, and management of entities engaged in commerce

make reports and legislative recommendations to Congressmake reports and legislative recommendations to Congress http://www.ftc.gov/ogc/stat1.htmhttp://www.ftc.gov/ogc/stat1.htm

A Little Bit of A Little Bit of HistoryHistory Privacy Act (1974)Privacy Act (1974)

developed with the intent to regulate the collection and developed with the intent to regulate the collection and use of personal information by federal executive branch use of personal information by federal executive branch agenciesagencies

problems with the dispute of outdated regulatory problems with the dispute of outdated regulatory guidelines and misinterpretationguidelines and misinterpretation

unresolved issues defy attempts at clarificationunresolved issues defy attempts at clarification

http://www.personal.umd.umich.edu/%7Edrafalsk/Legislathttp://www.personal.umd.umich.edu/%7Edrafalsk/Legislation.htmion.htm

A Little Bit of A Little Bit of HistoryHistory Electronic Communications Privacy Act Electronic Communications Privacy Act

(1986)(1986) sets out provisions for disclosure and privacy protections of sets out provisions for disclosure and privacy protections of

electronic communicationselectronic communications

this refers to is any signals, data or intelligence transmitted via this refers to is any signals, data or intelligence transmitted via wire, radio waves, photo electronic, etc. that affects interstate wire, radio waves, photo electronic, etc. that affects interstate commercecommerce

the EPCA prohibits any unlawful access of electronic the EPCA prohibits any unlawful access of electronic communication and prevents government entities from requiring communication and prevents government entities from requiring disclosure of this communication from a provider without proper disclosure of this communication from a provider without proper procedureprocedure

http://www.personal.umd.umich.edu/%7Edrafalsk/http://www.personal.umd.umich.edu/%7Edrafalsk/Legislation.htmLegislation.htm

A Little Bit of A Little Bit of HistoryHistory Children's Online Privacy Protection Act (1988)Children's Online Privacy Protection Act (1988)

gives parents control over what information is collected from children under gives parents control over what information is collected from children under age 13 online and how that information is usedage 13 online and how that information is used

applies to operators of web sites directed to children or that collect applies to operators of web sites directed to children or that collect personal information from childrenpersonal information from children

The Rule requires operators to:The Rule requires operators to: Post a privacy policy on the page and provide a link to the policy Post a privacy policy on the page and provide a link to the policy

everywhere personal information is collectedeverywhere personal information is collected Provide notice to parents about collection practices and obtain verifiable Provide notice to parents about collection practices and obtain verifiable

parental consent parental consent beforebefore collecting personal information collecting personal information Give parents a choice as to whether their child’s personal information Give parents a choice as to whether their child’s personal information

will be disclosed to third partieswill be disclosed to third parties Provide parents to access or delete their child’s personal information, or Provide parents to access or delete their child’s personal information, or

opt-out of future information collection or useopt-out of future information collection or use Allow activity access without disclosing more personal information than Allow activity access without disclosing more personal information than

is reasonably necessary is reasonably necessary Maintain the confidentiality, security and integrity of personal Maintain the confidentiality, security and integrity of personal

information collected from childreninformation collected from children http://www.ftc.gov/privacy/privacyinitiatives/childrens.htmlhttp://www.ftc.gov/privacy/privacyinitiatives/childrens.html

A Little Bit of A Little Bit of HistoryHistory Gramm-Leach-Bliley Act (2000)Gramm-Leach-Bliley Act (2000)

requires companies to provide their requires companies to provide their consumers with privacy notices, explaining consumers with privacy notices, explaining the institutions’ information-sharing processthe institutions’ information-sharing process

consumers are given the right to limit some consumers are given the right to limit some sharing of their informationsharing of their information

companies have the right to share the companies have the right to share the consumers’ information within the consumers’ information within the organization, but not with outside sources, organization, but not with outside sources, such as telemarketers. such as telemarketers.

http://www.personal.umd.umich.edu/http://www.personal.umd.umich.edu/%7Edrafalsk/Legislation.htm%7Edrafalsk/Legislation.htm

A Little Bit of A Little Bit of HistoryHistory Report to Congress: Privacy Online

(2000) commercial Web sites that collect personal identifying commercial Web sites that collect personal identifying

information (Pii) from or about consumers online would information (Pii) from or about consumers online would be required to comply with the four widely-accepted fair be required to comply with the four widely-accepted fair information practices:information practices:

NoticeNotice ChoiceChoice AccessAccess SecuritySecurity

http://www.ftc.gov/reports/privacy2000/privacy2000.pdfhttp://www.ftc.gov/reports/privacy2000/privacy2000.pdf

A Little Bit of A Little Bit of HistoryHistory Fair Credit Reporting Act (2002)Fair Credit Reporting Act (2002)

Accuracy and fairness of credit reportingAccuracy and fairness of credit reporting the banking system isthe banking system is dependent dependent upon fair and accurate credit upon fair and accurate credit

reportingreporting investigate and evaluate the credit worthiness, standing, capacity, investigate and evaluate the credit worthiness, standing, capacity,

character, and reputation character, and reputation consumer reporting agencies are vital in assembling and consumer reporting agencies are vital in assembling and

evaluating consumer credit and other information evaluating consumer credit and other information insure that consumer reporting agencies exercise their insure that consumer reporting agencies exercise their

responsibilities with fairness, impartiality, and respect for the right responsibilities with fairness, impartiality, and respect for the right to privacyto privacy

Reasonable proceduresReasonable procedures adopt reasonable procedures for meeting the needs of information adopt reasonable procedures for meeting the needs of information

in a fair and equitable manner, with regard to the confidentiality, in a fair and equitable manner, with regard to the confidentiality, accuracy, relevancy, and proper utilizationaccuracy, relevancy, and proper utilization

http://www.techlawjournal.com/cong107/privacy/hollings/http://www.techlawjournal.com/cong107/privacy/hollings/20020418summary.asp20020418summary.asp

What Information is What Information is Out There?Out There?

Information MiningInformation Mining Government & Private Sectors differ Government & Private Sectors differ

vastlyvastly What information do businesses collect?What information do businesses collect?

Corporate liability?Corporate liability? What do they do with it?What do they do with it? How secure is the information out there?How secure is the information out there? What can I do to control my What can I do to control my

information?information?

Do We Really Have Do We Really Have Privacy?Privacy?

Legislative MeasuresLegislative Measures Is enough being done to insure our privacy?Is enough being done to insure our privacy? Is all privacy legislation in our best interests?Is all privacy legislation in our best interests?

California’s Spyware BillCalifornia’s Spyware Bill How can I help?How can I help?

Personal Privacy & Freedom of InformationPersonal Privacy & Freedom of Information ““Mommy, can I have a cookie?”Mommy, can I have a cookie?” ““Mommy, where does spam come from?”Mommy, where does spam come from?” Identity TheftIdentity Theft Corporations vs. the IndividualCorporations vs. the Individual

Legislative Legislative MeasuresMeasures

http://www.ftc.gov/

Legislative Legislative MeasuresMeasures

Do We Really Have Do We Really Have Privacy?Privacy?

Legislative MeasuresLegislative Measures Is enough being done to insure our privacy?Is enough being done to insure our privacy? Is all privacy legislation in our best interests?Is all privacy legislation in our best interests?

California’s Spyware BillCalifornia’s Spyware Bill How can I help?How can I help?

Personal Privacy & Freedom of InformationPersonal Privacy & Freedom of Information ““Mommy, can I have a cookie?”Mommy, can I have a cookie?” ““Mommy, where does spam come from?”Mommy, where does spam come from?” Identity TheftIdentity Theft Corporations vs. the IndividualCorporations vs. the Individual

Personal Personal Privacy & Privacy &

Freedom of Freedom of InformationInformation““Essentially, cookies make use of user-specific Essentially, cookies make use of user-specific

information transmitted by the Web server onto the information transmitted by the Web server onto the user's computer so that the information might be user's computer so that the information might be

available for later access by itself or other servers. available for later access by itself or other servers. In most cases, not only does the storage of personal In most cases, not only does the storage of personal

information into a cookie go unnoticed, information into a cookie go unnoticed, so does access to it. so does access to it. Web servers Web servers

automatically gain automatically gain access to relevant access to relevant

cookies whenever the cookies whenever the user establishes a user establishes a

connection to them, connection to them, usually in the form of usually in the form of

Web requests.”Web requests.”

Personal Personal Privacy & Privacy &

Freedom of Freedom of InformationInformation““Cookies are based on a two-stage Cookies are based on a two-stage

process. First the cookie is stored in the process. First the cookie is stored in the user's computer without their consent or user's computer without their consent or knowledge. During the second stage, the knowledge. During the second stage, the cookie is clandestinely and automatically cookie is clandestinely and automatically transferred from the user's machine to a transferred from the user's machine to a

Web server.”Web server.”

Personal Personal Privacy & Privacy &

Freedom of Freedom of InformationInformation

Personal Personal Privacy & Privacy &

Freedom of Freedom of InformationInformation

How savvy are you?Take the Privacy Rights Clearinghouse Identity Theft Quiz!

http://www.privacyrights.org/itrc-quiz1.htm

Identity TheftIdentity Theft If you live in California, you have the right to put a If you live in California, you have the right to put a

"security freeze" on your credit file. A security freeze "security freeze" on your credit file. A security freeze means that your file cannot be shared with potential means that your file cannot be shared with potential creditors. A security freeze can help prevent identity creditors. A security freeze can help prevent identity theft. Most businesses will not open credit accounts theft. Most businesses will not open credit accounts without checking a consumer's credit history first. If without checking a consumer's credit history first. If your credit file is frozen, even someone who has your credit file is frozen, even someone who has your name and Social Security number would your name and Social Security number would probably not be able to get credit in your name. For probably not be able to get credit in your name. For more information on security freezes, more information on security freezes, http://www.privacy.ca.gov/financial/cfreeze.htm. http://www.privacy.ca.gov/financial/cfreeze.htm.

Personal Personal Privacy & Privacy &

Freedom of Freedom of InformationInformation

Do We Really Have Do We Really Have Privacy?Privacy?

Legislative MeasuresLegislative Measures Is enough being done to insure our privacy?Is enough being done to insure our privacy? Is all privacy legislation in our best interests?Is all privacy legislation in our best interests?

California’s Spyware BillCalifornia’s Spyware Bill How can I help?How can I help?

Personal Privacy & Freedom of InformationPersonal Privacy & Freedom of Information ““Mommy, can I have a cookie?”Mommy, can I have a cookie?” ““Mommy, where does spam come from?”Mommy, where does spam come from?” Identity TheftIdentity Theft Corporations vs. the IndividualCorporations vs. the Individual

Do We Really Have Do We Really Have Privacy?Privacy?

Controlling Required InformationControlling Required Information Sites must provide opt-out measuresSites must provide opt-out measures Once given, can information be controlled?Once given, can information be controlled?

Background Checks & EmploymentBackground Checks & Employment Are they really necessary?Are they really necessary? Can we opt out?Can we opt out? Can I move beyond my past?Can I move beyond my past?

Do We Really Have Do We Really Have Privacy?Privacy?

Privacy PoliciesPrivacy Policies What do these policies cover?What do these policies cover? Do I have recourse when they fail?Do I have recourse when they fail? What do they really do for you?What do they really do for you?

SoftwareSoftware How secure are the programs I’m using?How secure are the programs I’m using? Accidental security leaksAccidental security leaks Mixing software is like mixing medicineMixing software is like mixing medicine

Do We Really Have Do We Really Have Privacy?Privacy?

Be afraid, be very afraid….Be afraid, be very afraid….

Feeling Feeling Secure?Secure?

Questions? Fears?Questions? Fears?