Scribd
Upload
24 views19 pages

Privacy Concepts, Privacy Principles and Policies

Uploaded by

onlyforuse0709
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
24 views19 pages

Privacy Concepts, Privacy Principles and Policies

Uploaded by

onlyforuse0709
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 19

PRIVACY

 Privacy Concepts
• Aspects of Information Privacy
1. Controlled Disclosure
2. Sensitive Data
3. Affected Subject
Controlled Disclosure
• Privacy is the right to control who knows certain things about you.
• People may ask you for your telephone number: your auto mechanic,
a shop clerk, your tax authority, a new business contact, or a new
friend.
• In each case, you consider why the person wants the number and
then decide whether to give it out.
• But the key point is that you decide.
Sensitive Data
• Identity
• Finances
• Legal
• Health
• Opinions, preferences, and membership
• Biometrics
• Documentary evidence
• Privileged communications
• Academic and employment information
• Location data
• Digital footprint
Affected Subject
• Companies may have data they consider private or sensitive: product
plans, key customers, profit margins, and newly discovered
technologies, as examples.
• For private enterprise, privacy usually relates to gaining and
maintaining an edge over the competition.
• Other organizations, such as schools, hospitals, or charities, may need
to protect personal data about their students, patients, or donors.
Computer-Related Privacy
Problems
1. Information collection
2. Information usage
3. Information retention
4. Information disclosure
5. Information security
6. Access control
7. Monitoring
8. Policy changes
Data Collection
• Capacities of computer storage devices continue to grow, driving the
cost per byte down.
• Availability of massive, inexpensive storage encourages collecting and
saving data.

Google had 17 data centers in 2014, accounting for 0.01 percent of the
world’s total energy usage. It is increased to 49 data centres in 2024.
Microsoft has over a billion users and over 100,000 servers.
Notice and Consent
• Notice of collection and consent to allow collection of data are
foundations of privacy.
Telephone companies record the date, time, duration, source, and
destination of each telephone call.
ISPs track sites visited.
Some sites keep the IP address of each visitor to the site.
The user is not necessarily aware of this third category of data collection and
thus cannot be said to have given informed consent to the collection.
Control and Ownership of Data
• Disseminated data are almost impossible to get back.

• In many instances, you are asked to provide data (with proper notice)
and you consent to do so, explicitly or implicitly. But what happens
when the data are transferred to the requesting person or system?
• Having collected data with your permission, others may keep the data
you give them; you have ceded control (and sometimes ownership,
depending on the law in your region) of that copy of the data to
them.
 Privacy Principles and Policies
• Fair Information Practices
• U.S. Privacy Laws
• Controls on U.S. Government Websites
• Controls on Commercial Websites
• Non-U.S. Privacy Principles
• Individual Actions to Protect Privacy
• Governments and Privacy
• Identity Theft
Fair Information Practices
• Collection limitation.
• Data quality.
• Purpose specification.
• Use limitation.
• Security safeguards.
• Openness.
• Individual participation.
• Accountability.

Ways to protect stored data?


U.S. Privacy Laws
• 1974 Privacy Act: It is the strongest U.S. privacy law because of its
breadth: It applies to all personal data held anywhere in the federal
government.
• Privacy laws in the United States vary by municipality and state; few
national laws exist.

consumer credit is addressed in the Fair Credit Reporting Act,


healthcare information in the Health Insurance Portability and Accountability Act
(HIPAA),
financial service organizations in the Gramm–Leach–Bliley Act (GLBA),
children’s web access in the Children’s Online Privacy Protection Act (COPPA),
student records in the Federal Educational Rights and Privacy Act
India's Privacy Law
• It is the Digital Personal Data Protection Act (DPDP Act), which was passed in
August 2023 and came into effect on September 1, 2023.
• The DPDP Act applies to all organizations that process personal data of
individuals in India, as well as foreign entities that offer goods and services to
individuals in India.
• It states that data collection should be lawful and fair, and should not result in
discrimination or harm to individuals
• It provides for significant penalties, including fines of up to INR 250 crores for
breaches.
Controls on U.S. Government
Websites
• The Federal Trade Commission (FTC) has jurisdiction over websites,
including those of the U.S. government, that solicit potentially private
data.
• The FTC determined that, in order to obey the Privacy Act,
government websites would have to address five privacy factors:
Notice. Choice. Access. Security. Enforcement.

• What need to be disclosed by privacy policies of federal government


agencies as per e-Government Act of 2002 by U.S. Congress ?
Controls on Commercial Websites
No Deceptive Practices
• Privacy notices are enforceable: A site that says it will not release data
must abide by that rule, but a site that says nothing is not
constrained.
• This approach can lead to bizarre results, however. A company is
allowed to collect personal information and pass it in any form to
anyone, as long as the company’s privacy policy said it would do so, or
at least if the policy does not say it would not do so. Vowing to
maintain privacy and intentionally not doing so is an illegal deceptive
practice.
Non-U.S. Privacy Principles
• European Privacy Directive
provides strong protection for privacy rights, binding on governments,
businesses, and other organizations.

• Privacy in Other Countries


http://www.informationshield.com/intprivacylaws.html

• Conflicting Laws
Different laws in different jurisdictions will inevitably clash.
Individual Actions to Protect
Privacy
• Anonymity
For example, a rock star buying a beach house might want to avoid
unwanted attention from neighbors.
• Multiple Identities—Linked or Not
To your bank, you are your account number. To your motor vehicles
bureau, you are your driver’s license number. And to your credit card
company, you are your credit card number.
• Pseudonymity
Multiple identities can also be convenient; Similarly, disposable identities
(that you use for a while and then stop using) can be convenient.
Governments and Privacy
• Authentication
• Data Access Risks
• Steps to Protect Against Privacy Loss
Data minimization. Data anonymization. Auditing. Security and controlled
access. Training. Quality. Restricted usage. Data left in place. Policy.

State laws require notification of loss of personal data as a result of a


computer incident.
Identity Theft
• Taking or assuming another person’s identity.
• Example, using another person’s credit card without permission is
fraud.
• It occurs in many ways:
1. unauthorized opening of an account in someone else’s name,
2. changing account information to enable the thief to take over and
use someone else’s account or service,
3. perpetration of fraud by obtaining identity documents in the stolen
name.

You might also like