1 Privacy and Personal Information The Impact of Computer Technology “ Big Brother is Watching You ” Consumer Information More Privacy Risks Protecting

1

Privacy and Personal Privacy and Personal InformationInformation

The Impact of Computer TechnologyThe Impact of Computer Technology

““Big Brother is Watching You”Big Brother is Watching You”

Consumer InformationConsumer Information

More Privacy RisksMore Privacy Risks

Protecting Privacy: Education, Technology, and MarketsProtecting Privacy: Education, Technology, and Markets

Protecting Privacy: Law and RegulationProtecting Privacy: Law and Regulation

2

The Impact of Computer The Impact of Computer TechnologyTechnology

• Computers are not needed for the Computers are not needed for the invasion of privacy.invasion of privacy.

• Computers simply make new threats Computers simply make new threats possible and old threats more potent.possible and old threats more potent.

• Privacy can mean:Privacy can mean:•Freedom from intrusion.Freedom from intrusion.

•Control of information about oneself.Control of information about oneself.

•Freedom from surveillance.Freedom from surveillance.

3


• Invisible Information GatheringInvisible Information Gathering– Examples:Examples:

•Satellite surveillance.Satellite surveillance.

•Caller ID.Caller ID.

•800- or 900-number calls.800- or 900-number calls.

•Loyalty cards.Loyalty cards.

•Web-tracking data; cookies.Web-tracking data; cookies.

•Peer-to-peer monitoring.Peer-to-peer monitoring.

•Others…Others…Q: Recall an example of invisible information gathering about you.

4


• Secondary UseSecondary Use– Using information for a purpose other Using information for a purpose other

than the one for which it was obtained. than the one for which it was obtained. A few examples:A few examples:•Sale (or trade) of consumer information to Sale (or trade) of consumer information to

other businesses.other businesses.

•Credit check by a prospective employer.Credit check by a prospective employer.

•Government agency use of consumer Government agency use of consumer database.database.

Q: Recall an occasion when a secondary use of your personal information was made.

5


• Computer MatchingComputer Matching– Combining and comparing information Combining and comparing information

from more than one database. Some from more than one database. Some examples:examples:•Sharing of government agencies’ databases Sharing of government agencies’ databases

to detect fraud by recipients of government to detect fraud by recipients of government programs.programs.

•Creating consumer dossiers from various Creating consumer dossiers from various business databases.business databases.Q: Recall an example of computer matching that has appeared in the news.

6


• ProfilingProfiling– Using data in computer files to predict Using data in computer files to predict

likely behaviors of people. Some likely behaviors of people. Some examples:examples:•Businesses engage in profiling to determine Businesses engage in profiling to determine

consumer propensity toward a product or consumer propensity toward a product or service.service.

•Government agencies use profiling to create Government agencies use profiling to create descriptions of possible terrorists.descriptions of possible terrorists.Q: How might profiling be used with your personal information?

7


• Monitoring and TrackingMonitoring and Tracking– Examples:Examples:

•GPS (global positioning system).GPS (global positioning system).

•Cell-phones.Cell-phones.

•Blackboxes in automobiles.Blackboxes in automobiles.

•Other wireless appliances.Other wireless appliances.

Q: What is the impact of GPS-equipped childrens’ wrist watches.

8


• Federal Government DatabasesFederal Government Databases– Purpose:Purpose:

• Determine eligibility for jobs and programs.Determine eligibility for jobs and programs.

• Reduce waste.Reduce waste.

• Detect fraud.Detect fraud.

• Law enforcement.Law enforcement.– Regulations:Regulations:

• Privacy Act of 1974.Privacy Act of 1974.

• Computer Matching and Privacy Protection Act of Computer Matching and Privacy Protection Act of 1988.1988.

Q: Which government databases contains your personal information?

9


• 44thth Amendment Amendment– Expectation of Privacy:Expectation of Privacy:

• Government’s rights are limited.Government’s rights are limited.• Government must have probable cause to search private Government must have probable cause to search private

premises or seize documents.premises or seize documents.– Privacy Challenges:Privacy Challenges:

• New sensing and surveillance technologies enable the New sensing and surveillance technologies enable the government access to private premises without physical government access to private premises without physical entry.entry.

• New technologies provide the government with access to New technologies provide the government with access to huge amounts of personal data in business databases.huge amounts of personal data in business databases.

• Courts allow some searches and seizures of computers Courts allow some searches and seizures of computers without search warrants.without search warrants.

Q: Has technology strengthened or weakened the spirit of the 4th Amendment?

10


• Consumer DatabasesConsumer Databases– Gathering Information:Gathering Information:

•Warranty cards.Warranty cards.•Purchasing records.Purchasing records.•Membership lists.Membership lists.•Web activity.Web activity.•Change-of-address forms.Change-of-address forms.•Much more…Much more…

Q: Recall ways in which you have contributed to consumer databases.

11


• Consumer Databases Consumer Databases (cont’d)(cont’d)

– Limiting Collection, Use, Sharing, and Sale Limiting Collection, Use, Sharing, and Sale of Personal Data:of Personal Data:•Consumers can take measures to restrict the Consumers can take measures to restrict the

use of their personal information.use of their personal information.•Some information sharing is prohibited by law.Some information sharing is prohibited by law.•Some information sharing is prohibited by Some information sharing is prohibited by

published, privacy policies.published, privacy policies.

Q: What measures do you take to limit consumer information gathered about you?

12


• Marketing: Using Consumer Marketing: Using Consumer InformationInformation

•Trading/buying customer lists.Trading/buying customer lists.

•Telemarketing.Telemarketing.

•Data Mining.Data Mining.

•Mass-marketing.Mass-marketing.

•Web ads.Web ads.

•Spam (unsolicited e-mail).Spam (unsolicited e-mail).

Q: How are children affected by marketers using consumer information?

13


• Credit BureausCredit Bureaus– Uses of consumer information:Uses of consumer information:

•Evaluate credit risk of applicant.Evaluate credit risk of applicant.

•Marketing.Marketing.

– Regulation:Regulation:•FCRA (Fair Credit Reporting Act)FCRA (Fair Credit Reporting Act)

•Self-regulated by privacy principles.Self-regulated by privacy principles.

Q: If you are denied credit, what are your rights based on the FCRA?

14


• Social Security Numbers (SSNs)Social Security Numbers (SSNs)– Appear in:Appear in:

•Employer records.Employer records.

•Government databases.Government databases.

•School records.School records.

•Credit reports.Credit reports.

•Consumer applications.Consumer applications.

•Many other databases.Many other databases.

Q: What are the risks of using SSNs as identifiers?

15


• National ID Card SystemNational ID Card System– If implemented, the card could If implemented, the card could

contain your:contain your:•Name.Name.

•Address.Address.

•Telephone number(s).Telephone number(s).

•Photo.Photo.

•SSN.SSN.

Q: What other personal information should a national ID card contain?

16


• National ID Card SystemNational ID Card System– If implemented, the system could If implemented, the system could

allow access to your:allow access to your:•Medical information.Medical information.

•Tax records.Tax records.

•Citizenship.Citizenship.

•Credit history.Credit history.

•Much more…Much more…

Q: Are the benefits of a national ID system greater than the risks?

17


• Personal Health and Medical Personal Health and Medical InformationInformation– Data can include:Data can include:

• History of substance abuse.History of substance abuse.

• Treatment for sexually transmitted disease.Treatment for sexually transmitted disease.

• Extent of psychiatric help received.Extent of psychiatric help received.

• Any suicide attempt(s).Any suicide attempt(s).

• Diagnosis of diseases (diabetes, angina, cancer, etc.).Diagnosis of diseases (diabetes, angina, cancer, etc.).

• Use of prescribed medicines.Use of prescribed medicines.

• Much more…Much more…Q: Why would marketers want access to your medical information?

18


• Public RecordsPublic Records– Available in paper form and/or online:Available in paper form and/or online:

• Bankruptcy.Bankruptcy.• Arrest.Arrest.• Marriage-license application.Marriage-license application.• Divorce proceedings.Divorce proceedings.• Property ownership.Property ownership.• Salary (if employed by state or federal government).Salary (if employed by state or federal government).• Wills and Trusts.Wills and Trusts.• Much more…Much more…

Q: How should access to public records be controlled?

19

Protecting Privacy: Education, Protecting Privacy: Education, Technology, and MarketsTechnology, and Markets

• EducationEducation– Must include awareness of:Must include awareness of:

•How the technology works.How the technology works.

•How the technology is being used.How the technology is being used.

•The risks brought on by the technology.The risks brought on by the technology.

•How to limit unwanted use of personal How to limit unwanted use of personal information.information.

•Applicable state and federal laws and Applicable state and federal laws and regulations.regulations.

Q: How do you limit unwanted use of your personal information?

20


• TechnologyTechnology– Enhance privacy using:Enhance privacy using:

•Cookie disablers.Cookie disablers.

•Opt-in/opt-out options.Opt-in/opt-out options.

•Anonymous Web services.Anonymous Web services.

•P3P (Platform for Privacy Preferences).P3P (Platform for Privacy Preferences).

•‘‘Good’ passwords.Good’ passwords.

•Audit trails.Audit trails.

Q: What privacy-enhancing technology do you use regularly?

21


• Market ResponseMarket Response– Markets can protect your privacy by:Markets can protect your privacy by:

•Using trusted third parties.Using trusted third parties.

•Adhering to established privacy policies.Adhering to established privacy policies.

•Purchasing consumer information directly Purchasing consumer information directly from the consumer.from the consumer.

•Developing and selling privacy-enhancing Developing and selling privacy-enhancing technologies and services.technologies and services.

Q: Have you read the privacy policies at Web sites you frequent?

22

Protecting Privacy: Law and Protecting Privacy: Law and RegulationRegulation

• Philosophical ViewsPhilosophical Views– Samuel Warren & Louis Brandeis:Samuel Warren & Louis Brandeis:

• Individuals have the right to prohibit Individuals have the right to prohibit publication of personal facts and photos.publication of personal facts and photos.

– Judith Jarvis Thompson:Judith Jarvis Thompson:• No distinct right to privacy.No distinct right to privacy.• Privacy rights result from rights to our property, Privacy rights result from rights to our property,

body, and contracts.body, and contracts.– Transactions:Transactions:

• Transactions have two parties, often with conflicting Transactions have two parties, often with conflicting preferences about privacy.preferences about privacy.

Q: How should rights to information about transactions between two parties be assigned?

23


• Contrasting ViewsContrasting Views– Free-market ViewFree-market View

• The parties of a transaction are viewed as equal.The parties of a transaction are viewed as equal.• Truth in information gathering.Truth in information gathering.• Strong reliance on contracts.Strong reliance on contracts.• Freedom of speech and commerce.Freedom of speech and commerce.

– Consumer-Protection ViewConsumer-Protection View• The parties of a transaction are viewed differently.The parties of a transaction are viewed differently.• More stringent consent requirements required by law.More stringent consent requirements required by law.• Strong limitations on secondary uses of information Strong limitations on secondary uses of information

required by law.required by law.• Legal restrictions on consumer profiling.Legal restrictions on consumer profiling.

Q: How should the privacy of consumer transactions be regulated?

24


• Contracts and RegulationsContracts and Regulations– Basic Legal Framework:Basic Legal Framework:

• Enforce agreements and contracts.Enforce agreements and contracts.• Publish privacy policies.Publish privacy policies.• Set defaults for situations not in contract.Set defaults for situations not in contract.

– Requiring Specific Consent policies:Requiring Specific Consent policies:• Adhere to informed consumer consent.Adhere to informed consumer consent.• Use opt-in policies.Use opt-in policies.

– Legal Regulations:Legal Regulations:• Determine effectiveness, direct and hidden costs, Determine effectiveness, direct and hidden costs,

and any loss of services or inconvenience.and any loss of services or inconvenience.

Q: Recall a situation where you exchanged personal information for some benefit.

25


• Contracts and Regulations Contracts and Regulations (cont’d)(cont’d)

– Ownership of personal data. Can an Ownership of personal data. Can an individual own:individual own:•Facts (e.g. marriage license in public records)?Facts (e.g. marriage license in public records)?

•Personal information (e.g. your date of birth)?Personal information (e.g. your date of birth)?

– Freedom of speechFreedom of speech•Prohibiting communication of information may Prohibiting communication of information may

violate the 1violate the 1stst Amendment. Amendment.

Q: When does protecting privacy conflict with freedom of speech?

26


• EU (European Union) Privacy RegulationEU (European Union) Privacy Regulation– Key points:Key points:

• Limited collection of personal data.Limited collection of personal data.

• Data must be up-to-date and destroyed when no longer Data must be up-to-date and destroyed when no longer needed.needed.

• Consent for sharing data is required.Consent for sharing data is required.

• Sensitive data (e.g. religion) can only be provided with Sensitive data (e.g. religion) can only be provided with consent.consent.

• Notify consumers about the collection and intended Notify consumers about the collection and intended purpose of data.purpose of data.

• Restricted access and sharing of criminal convictions.Restricted access and sharing of criminal convictions.

Q: Can the EU’s privacy regulations work in the US?

Documents

1 Privacy and Personal Information The Impact of Computer Technology “ Big Brother is Watching You ” Consumer Information More Privacy Risks Protecting