Fair Information Practice Principles and Privacy Laws by PaulBrodie

VIEWS: 12 PAGES: 30

									Fair Information Practice Principles and Privacy Laws
Week 3 - September 12, 14

Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/

1

More homework 1 review
Web cams Privacy in the news

Issues privacy groups are working on
Any questions about plagiarism?

Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/

2

Using Library Resources

Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/

3

Research and Communication Skills

CMU Libraries (http://www.library.cmu.edu)
 Engineering and Science (a.k.a. E&S)
• Location: Wean Hall, 4th floor • Subjects: Computer Science, Engineering, Mathematics, Physics, Science, Technology

 Hunt (CMU‟s main library)
• Location: Its own building (possibly 2nd ugliest on campus behind Wean), between Tepper and Baker • Subjects: Arts, Business, Humanities, Social Sciences

 Software Engineering Institute (a.k.a. SEI)
• Location: SEI Building (4500 Fifth Avenue), 3rd floor • Subjects: Security, Software, Technology

Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/

4

Research and Communication Skills

START HERE: Cameo
Cameo is CMU‟s online library catalog
• http://cameo.library.cmu.edu/

Catalogs everything CMU has: books, journals, periodicals, multimedia, etc.
Search by key words, author, title, periodical title, etc.

Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/

5

CAMEO: Search Result for “Cranor”

Number of copies and status Library

Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/

6

CAMEO: Search Result for “Solove”

Due date
Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/

7

Research and Communication Skills

If it’s not in Cameo, but you need it today: Local Libraries
 Carnegie Library of Pittsburgh
• Two closest locations
 Oakland: Practically on campus (4400 Forbes Ave.)  Squirrel Hill: Forbes & Murray (5801 Forbes Ave.)

• http://www.carnegielibrary.org/index.html

 University of Pittsburgh Libraries
• 16 libraries! Information science, Engineering, Law, Business, etc. • http://pittcat.pitt.edu/

Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/

8

Research and Communication Skills

If it’s not in Cameo, and you can wait: ILLiad and E-ZBorrow
 ILLiad and E-ZBorrow are catalogs of resources available for Interlibrary Loan from other libraries nationwide (ILLiad) and in Pennsylvania (E-ZBorrow)  Order items online (almost always free)  Wait for delivery – average 10 business days

 Find links to ILLiad and E-ZBorrow online catalogs at http://www.library.cmu.edu/Services/ILL/

Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/

9

Research and Communication Skills

Other Useful Databases
 Links to many more databases, journal collections
• Must be accessed on campus or through VPN • http://www.library.cmu.edu/Search/AZ.html

 Lexis-Nexis
• Massive catalog of legal sources – law journals, case law, news stories, etc.

 IEEE and ACM journal databases
• IEEE Xplore and ACM Digital Library

 INSPEC database
• Huge database of scientific and technical papers

 JSTOR
• Arts & Sciences, Business, Mathematics, Statistics

Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/

10

Research and Communication Skills

And of course…
Reference librarians are available at all CMU libraries, and love to help people find what they need – just ask!

Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/

11

OECD fair information principles
http://www.datenschutzberlin.de/gesetze/internat/ben.htm  Collection limitation

 Data quality
 Purpose specification  Use limitation

 Security safeguards
 Openness  Individual participation

 Accountability

Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/

12

US FTC simplified principles
 Notice and disclosure  Choice and consent  Data security  Data quality and access  Recourse and remedies

US Federal Trade Commission, Privacy Online: A Report to Congress (June 1998), http://www.ftc.gov/reports/privacy3/

Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/

13

Privacy laws around the world
 Privacy laws and regulations vary widely throughout the world  US has mostly sector-specific laws, with relatively minimal protections - often referred to as “patchwork quilt”
• Federal Trade Commission has jurisdiction over fraud and deceptive practices • Federal Communications Commission regulates telecommunications

 European Data Protection Directive requires all European Union countries to adopt similar comprehensive privacy laws that recognize privacy as fundamental human right
• Privacy commissions in each country (some countries have national and state commissions) • Many European companies non-compliant with privacy laws (2002 study found majority of UK web sites non-compliant)
Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/

14

US law basics
Constitutional law governs the rights of individuals with respect to the government

Tort law governs disputes between private individuals or other private entities
Congress and state legislatures adopt statutes Federal agencies can adopt regulations which are equivalent to statutes, as long as they don‟t conflict with statute
Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/

15

US Constitution
 No explicit privacy right, but a zone of privacy recognized in its penumbras, including
• • • • • 1st amendment (right of association) 3rd amendment (prohibits quartering of soldiers in homes) 4th amendment (prohibits unreasonable search and seizure) 5th amendment (no self-incrimination) 9th amendment (all other rights retained by the people)

 Penumbra: “fringe at the edge of a deep shadow created by an object standing in the light”

(Smith 2000, p. 258, citing Justice William O. Douglas in Griswold v. Connecticut)

Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/

16

Federal statutes and state laws
Federal statutes
• Tend to be narrowly focused

State law
• State constitutions may recognize explicit right to privacy (Georgia, Hawaii) • State statutes and common (tort) law • Local laws and regulations (for example: ordinances on soliciting anonymously)

Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/

17

Four aspects of privacy tort
You can sue for damages for the following torts (Smith 2000, p. 232-233)
• Disclosure of truly intimate facts
 May be truthful  Disclosure must be widespread, and offensive or objectionable to a person of ordinary sensibilities  Must not be newsworthy or legitimate public interest

• False light
 Personal information or picture published out of context

• Misappropriation (or right of publicity)
 Commercial use of name or face without permission

• Intrusion into a person‟s solitude
Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/

18

How does the law regulate privacy?
Law may require waiving privacy interests Law may enforce privacy interests

Typically, the law identifies relevant privacy interests to protect, identifies relevant interests supporting disclosure, and tries to balance both sets of issues in a single resolution

Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/

19

Difficult legal problems
Can an individual “own” (and therefore sell) his or her own privacy rights?

Should the default assumption be “protect the privacy interest” or “compel waiver of the privacy interest”? When should the law defer to informal or social norms, or to technological barriers or solutions?

Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/

20

Some US privacy laws
 Bank Secrecy Act, 1970  Fair Credit Reporting Act, 1971  Privacy Act, 1974  Right to Financial Privacy Act, 1978  Cable TV Privacy Act, 1984  Video Privacy Protection Act, 1988  Family Educational Right to Privacy Act, 1993  Electronic Communications Privacy Act, 1994  Freedom of Information Act, 1966, 1991, 1996

Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/

21

US law – recent additions
 HIPAA (Health Insurance Portability and Accountability Act, 1996)
• When implemented, will protect medical records and other individually identifiable health information

 COPPA (Children„s Online Privacy Protection Act, 1998)
• Web sites that target children must obtain parental consent before collecting personal information from children under the age of 13

 GLB (Gramm-Leach-Bliley-Act, 1999)
• Requires privacy policy disclosure and opt-out mechanisms from financial service institutions

Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/

22

Safe harbor
 Membership
• US companies self-certify adherence to requirements • Dept. of Commerce maintains signatory list http://www.export.gov/safeharbor/ • Signatories must provide
     notice of data collected, purposes, and recipients choice of opt-out of 3rd-party transfers, opt-in for sensitive data access rights to delete or edit inaccurate information security for storage of collected data enforcement mechanisms for individual complaints

 Approved July 26, 2000 by EU
• reserves right to renegotiate if remedies for EU citizens prove to be inadequate

Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/

23

Data protection agencies
 Australia: http://www.privacy.gov.au/  Canada: http://www.privcom.gc.ca/  France: http://www.cnil.fr/  Germany: http://www.bfd.bund.de/  Hong Kong: http://www.pco.org.hk/  Italy: http://www.privacy.it/  Spain: http://www.ag-protecciondatos.es/

 Switzerland: http://www.edsb.ch/
 UK: http://www.dataprotection.gov.uk/ … And many more

Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/

24

Writing a Literature Review

Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/

25

Research and Communication Skills

Writing a literature review
 What is a literature review?
• A critical summary of what has been published on a topic
 What is already known about the topic  Strengths and weaknesses of previous studies

• Often part of the introduction or a section of a research paper, proposal, or thesis

 A literature review should
• be organized around and related directly to the thesis or research question you are developing • synthesize results into a summary of what is and is not known • identify areas of controversy in the literature • formulate questions that need further research

Dena Taylor and Margaret Procter. 2004. The literature review: A few tips on conducting it. http://www.utoronto.ca/writing/litrev.html
Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/

26

Research and Communication Skills

Literature review do’s and don’ts
 Don‟t create a list of article summaries or quotes  Do point out what is most relevant about each article to your paper  Do compare and contrast the articles you review  Do highlight controversies raised or questions left unanswered by the articles you review  Do take a look at some examples of literature reviews or related work sections before you try to create one yourself
• For an example, of a literature review in a CS conference paper see section 2 of http://cs1.cs.nyu.edu/~waldman/publius/paper.html
Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/

27

Homework 2
 http://lorrie.cranor.org/courses/fa05/hw2.html  Privacy laws

 Technologies that raise privacy concerns

Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/

28

Homework 3
 http://lorrie.cranor.org/courses/fa05/hw3.html

Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/

29

Announcements
Don‟t forget that project brainstorming is due by Monday

Privacy Policy, Law and Technology • Carnegie Mellon University • Fall 2005 • Lorrie Cranor • http://lorrie.cranor.org/courses/fa05/

30


								
To top