1 / 32

Safeguarding Privacy in Information Technology Era

Learn privacy fundamentals, threats, personal info control, FIP principles, practices, cookies, cryptography, and data mining. Understand ownership, threats, and storage of personal data. Discover FIP principles and privacy practices in different regions.

oralee
Télécharger la présentation

Safeguarding Privacy in Information Technology Era

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PrivacyCSC385 Kutztown University Fall 2009 Oskars J. Rieksts

  2. Notes on Privacy • Based on Lawrence Snyder • Fluency in Information Technology • Augmented with my notes • See also: http://faculty.kutztown.edu/rieksts/385/topics/privacy/notes.html Kutztown University

  3. Outline • Privacy basics • Threats to privacy • Personal information control • FIP principles • Privacy practices • Cookies • Cryptography • Data mining Kutztown University

  4. Privacy Basics • Definition – “The right of people to choose freely under what circumstances and to what extent they will reveal themselves to others.” – p. 481 • Rieksts: Privacy is the cornerstone of selfhood • Modern devices & privacy • Chief Justice, Louis Brandeis Kutztown University

  5. Basis of Privacy Conflict • Modern life requires • Revelation of information • Financial transactions • Applications • Medical services • Etc. Kutztown University

  6. Basic Privacy Issue • Ownership of information • Related IT ownership issue • Your machine • Contents of your machine • Files • Software Kutztown University

  7. Threats to Privacy • Criminal element • Identity theft • Cyber-stalking • Organized crime • Business & industry • Marketing • Employment Kutztown University

  8. Threats to Privacy • Enemies of public safety • Governments • Totalitarian regimes • Overzealous public servants • Social engineers Kutztown University

  9. Spectrum of Personal Information Control • The lens • Transaction produces information • Basic categories • No uses • Opt-In or Approval • Opt-Out or Objection • Internal use only • No limits Kutztown University

  10. Storage & Usebeyond transactional necessity • No uses • Delete information • Upon completion of transaction • Opt-In • Permission must be requested • Explicit approval required Kutztown University

  11. Storage & Usebeyond transactional necessity • Opt-Out • S&U is OK • Unless specifically objected to • Internal use only • S&U OK • Only for business itself • No limits Kutztown University

  12. FIP Principles • FIP = fair information practices • Standard 8 point list • Developed in 1980 by OECD • OECD = Organization of Economic Cooperation and Development Kutztown University

  13. Eight FIP Principles • Limited Collection • Quality • Purpose • Use Limitation • Security • Openness • Participation • Accountability Kutztown University

  14. Limited Collection Principle • Limits to data collected • Collection by • Fair means • Lawful means • Knowledge & consent required • If possible • When appropriate Kutztown University

  15. Quality Principle • Relevance • Data must be relevant • to collection purpose • Data must be • Accurate • Complete • Up to date Kutztown University

  16. Purpose Principle • Purpose of collection stated • Use limitation • Use limited to . . • stated purpose Kutztown University

  17. Use Limitation Principle • Data not to be disclosed • No use for other purposes • Unless . . • Consent given by individual • Authority granted by law Kutztown University

  18. Security Principle • Data controller must . . • Exercise reasonable security measures Kutztown University

  19. Openness Principle • Data collection policies & practices . . • Open to the public • Public knowledge of . . • Existence of data • Kind of data • Purpose/use of data • Identity & contact information of • Data controller Kutztown University

  20. Participation Principle • Individual able to determine . . • Whether data controller has information • What the information is • Denial of access can be challenged • Information can be challenged Kutztown University

  21. Accountability Principle • Data controller accountable . . • for FIP Principles compliance Kutztown University

  22. Privacy Practices – EU • European Union • Accepts OECD FIP principles • Has European Data Protection Directive • EU citizen protection standard • Extends beyond EU borders Kutztown University

  23. Privacy Practices – U.S.A. • Sectoral approach • Freedom of Information Act – 1966 • Privacy Act of 1974 (wrt government) • Electronics Communication Privacy Act – 1986 • Video Privacy Protection Act – 1988 • Telephone Consumer Protection Act – 1991 • Drivers Privacy Protection Act – 1994 Kutztown University

  24. Freedom of Information Act – Links • One • Two • Three • Four Kutztown University

  25. Privacy Act of 1974 – Links • One • Two • Three Kutztown University

  26. Electronic Communications Privacy Act • One • Two • Three • Efforts to update Kutztown University

  27. Video Privacy Protection Act • One • Two • Three Kutztown University

  28. Telephone Consumer Protection Act • One • Two • Three Kutztown University

  29. Driver Privacy Protection Act • One • Two • Three • Four Kutztown University

  30. Privacy Advocacy • EPIC • Electronic Privacy Information Center • About • Home Page • Privacy Rights Clearinghouse • Electronic Frontier Foundation • About • Wikipedia Kutztown University

  31. Cookies • 7-field record • Uniquely identifies . . • customer session on website Kutztown University

  32. Cookies – 3rd Party Problem • Advertiser on contacted website • Client/server relationship with customer • Allows 3rd party cookies • Placed • Accessed • from various sites • Discussion Kutztown University

More Related