160 likes | 164 Vues
The Broader Picture. Laws Governing Hacking and Other Computer Crimes Consumer Privacy Employee Workplace Monitoring Government Surveillance Cyberwar and Cyberterror Hardening the Internet Against Attack. Figure 12-2: Consumer Privacy. Introduction
E N D
The Broader Picture • Laws Governing Hacking and Other Computer Crimes • Consumer Privacy • Employee Workplace Monitoring • Government Surveillance • Cyberwar and Cyberterror • Hardening the Internet Against Attack
Figure 12-2: Consumer Privacy • Introduction • Scott McNealy of SUN Microsystems: “You have zero privacy now. Get over it!” • But privacy is strong in European Union countries and some other countries
Figure 12-2: Consumer Privacy • Credit Card Fraud and Identity Theft • Widespread Concern (Gartner) • One in 20 consumers had suffered credit card number theft in 2002 • One in 50 consumers had suffered identity theft in 2002 • Only about a fifth of this is online, but online theft is growing the most rapidly
Figure 12-2: Consumer Privacy • Credit Card Fraud and Identity Theft • Carders steal credit card numbers • Many merchants fail to protect credit card numbers • Carders test and sell credit card numbers • Merchants also suffer fraud from consumers and carders • Identity theft: Set up accounts in person’s name • Victim may not discover identity theft until long afterward
Figure 12-2: Consumer Privacy • Tracking Customer Behavior • Within a website and sometimes across websites • Some information is especially sensitive (health, political leanings, etc.) • Access to data and analysis tools are revolutionizing the ability to learn about people
Figure 12-2: Consumer Privacy • Tracking Customer Behavior • What consumers wish for • Disclosure of policies • What information will be collected? • How the information will be used by the firm collecting customer data? • Whether and with whom the information will be shared
Figure 12-2: Consumer Privacy • Tracking Customer Behavior • What consumers wish for • Ability of consumer to see and correct inaccurate personal information • Limiting collection and analysis to operational business needs • Limiting these needs • Opt in: No use unless customer explicitly agrees
Figure 12-2: Consumer Privacy • Corporate Responses • Privacy disclosure statements • TrustE certifies corporate privacy behavior • Platform for Privacy Preferences (P3P); Standard format for privacy questions • Federal Trade Commission • Enforces privacy statements • Imposes fines and required long-term auditing • Does not specify what should be in the privacy statement
Figure 12-2: Consumer Privacy • Corporate Responses • Opt out: Customer must take action to stop data collection and sharing • No opt: No way to stop data collection and sharing • Passport and Liberty Alliance • Identity management services • Register once, giving personal information • Give out to merchants selectively
Figure 12-2: Consumer Privacy • Consumer Reactions • Checking privacy disclosure statements (rare) • Not accepting cookies (rarer) • Anonymous websurfing services (extremely rare)
Figure 12-2: Consumer Privacy • U.S. Privacy Laws • No general law • Health Information Portability and Accountability Act (HIPPA) of 1996 • Protects privacy in hospitals and health organizations • Focuses on protected information that identifies a patient
Figure 12-2: Consumer Privacy • U.S. Privacy Laws • Gramm-Leach-Bliley Act (GLBA) of 1999 • Protects financial data • Allows considerable information sharing • Opt out can stop some information sharing
Figure 12-2: Consumer Privacy • U.S. Privacy Laws • Children’s Online Privacy Protection Act of 1998 • Protects the collection of personal data from children under 13 • Applies in child-oriented sites and any site that suspects a user is under 13 • No protection for older children • Registration for Kids.US domain is controlled • State privacy laws vary widely
Figure 12-2: Consumer Privacy • International Laws • European Union Charter of Fundamental Rights • Right to protection of personal information • Personal information must be processed for specific legitimate purposes • Right to see and correct data • Compliance overseen by independent authority
Figure 12-2: Consumer Privacy • International Laws • E.U. Data Protection Directive of 1995 • Opt out with opt in for sensitive information • Access for review and rectification • Independent oversight agency • Data can be sent out of an EU country only to countries with “adequate” protections
Figure 12-2: Consumer Privacy • International Laws • Safe harbor • Rules that U.S. firms must agree to follow to get personal data out of Europe • Are GLBA rules to be considered in financial industries? E.U. is resisting.