Fair Information Practice Principles and Privacy Laws

1
Fair Information Practice Principles and Privacy
Laws

• Week 3 - September 12, 14

2
More homework 1 review

• Web cams
• Privacy in the news
• Issues privacy groups are working on
• Any questions about plagiarism?

3
Using Library Resources
4
CMU Libraries (http//www.library.cmu.edu)
Research and Communication Skills

• Engineering and Science (a.k.a. ES)
• Location Wean Hall, 4th floor
• Subjects Computer Science, Engineering,
  Mathematics, Physics, Science, Technology
• Hunt (CMUs main library)
• Location Its own building (possibly 2nd ugliest
  on campus behind Wean), between Tepper and Baker
• Subjects Arts, Business, Humanities, Social
  Sciences
• Software Engineering Institute (a.k.a. SEI)
• Location SEI Building (4500 Fifth Avenue), 3rd
  floor
• Subjects Security, Software, Technology

5
START HERE Cameo
Research and Communication Skills

• Cameo is CMUs online library catalog
• http//cameo.library.cmu.edu/
• Catalogs everything CMU has books, journals,
  periodicals, multimedia, etc.
• Search by key words, author, title, periodical
  title, etc.

6
CAMEO Search Result for Cranor
Number of copies and status
Library
7
CAMEO Search Result for Solove
Due date
8
If its not in Cameo, but you need it today
Local Libraries
Research and Communication Skills

• Carnegie Library of Pittsburgh
• Two closest locations
• Oakland Practically on campus (4400 Forbes Ave.)
• Squirrel Hill Forbes Murray (5801 Forbes Ave.)
• http//www.carnegielibrary.org/index.html
• University of Pittsburgh Libraries
• 16 libraries! Information science, Engineering,
  Law, Business, etc.
• http//pittcat.pitt.edu/

9
If its not in Cameo, and you can wait ILLiad
and E-ZBorrow
Research and Communication Skills

• ILLiad and E-ZBorrow are catalogs of resources
  available for Interlibrary Loan from other
  libraries nationwide (ILLiad) and in Pennsylvania
  (E-ZBorrow)
• Order items online (almost always free)
• Wait for delivery average 10 business days
• Find links to ILLiad and E-ZBorrow online
  catalogs at http//www.library.cmu.edu/Services/IL
  L/

10
Other Useful Databases
Research and Communication Skills

• Links to many more databases, journal collections
• Must be accessed on campus or through VPN
• http//www.library.cmu.edu/Search/AZ.html
• Lexis-Nexis
• Massive catalog of legal sources law journals,
  case law, news stories, etc.
• IEEE and ACM journal databases
• IEEE Xplore and ACM Digital Library
• INSPEC database
• Huge database of scientific and technical papers
• JSTOR
• Arts Sciences, Business, Mathematics, Statistics

11
And of course
Research and Communication Skills

• Reference librarians are available at all CMU
  libraries, and love to help people find what they
  need just ask!

12
OECD fair information principles

• http//www.datenschutz-berlin.de/gesetze/internat/
  ben.htm
• Collection limitation
• Data quality
• Purpose specification
• Use limitation
• Security safeguards
• Openness
• Individual participation
• Accountability

13
US FTC simplified principles

• Notice and disclosure
• Choice and consent
• Data security
• Data quality and access
• Recourse and remedies
• US Federal Trade Commission, Privacy Online A
  Report to Congress (June 1998),
  http//www.ftc.gov/reports/privacy3/

14
Privacy laws around the world

• Privacy laws and regulations vary widely
  throughout the world
• US has mostly sector-specific laws, with
  relatively minimal protections - often referred
  to as patchwork quilt
• Federal Trade Commission has jurisdiction over
  fraud and deceptive practices
• Federal Communications Commission regulates
  telecommunications
• European Data Protection Directive requires all
  European Union countries to adopt similar
  comprehensive privacy laws that recognize privacy
  as fundamental human right
• Privacy commissions in each country (some
  countries have national and state commissions)
• Many European companies non-compliant with
  privacy laws (2002 study found majority of UK web
  sites non-compliant)

15
US law basics

• Constitutional law governs the rights of
  individuals with respect to the government
• Tort law governs disputes between private
  individuals or other private entities
• Congress and state legislatures adopt statutes
• Federal agencies can adopt regulations which are
  equivalent to statutes, as long as they dont
  conflict with statute

16
US Constitution

• No explicit privacy right, but a zone of privacy
  recognized in its penumbras, including
• 1st amendment (right of association)
• 3rd amendment (prohibits quartering of soldiers
  in homes)
• 4th amendment (prohibits unreasonable search and
  seizure)
• 5th amendment (no self-incrimination)
• 9th amendment (all other rights retained by the
  people)
• Penumbra fringe at the edge of a deep shadow
  created by an object standing in the light
• (Smith 2000, p. 258, citing Justice William O.
  Douglas in Griswold v. Connecticut)

17
Federal statutes and state laws

• Federal statutes
• Tend to be narrowly focused
• State law
• State constitutions may recognize explicit right
  to privacy (Georgia, Hawaii)
• State statutes and common (tort) law
• Local laws and regulations (for example
  ordinances on soliciting anonymously)

18
Four aspects of privacy tort

• You can sue for damages for the following torts
  (Smith 2000, p. 232-233)
• Disclosure of truly intimate facts
• May be truthful
• Disclosure must be widespread, and offensive or
  objectionable to a person of ordinary
  sensibilities
• Must not be newsworthy or legitimate public
  interest
• False light
• Personal information or picture published out of
  context
• Misappropriation (or right of publicity)
• Commercial use of name or face without permission
• Intrusion into a persons solitude

19
How does the law regulate privacy?

• Law may require waiving privacy interests
• Law may enforce privacy interests
• Typically, the law identifies relevant privacy
  interests to protect, identifies relevant
  interests supporting disclosure, and tries to
  balance both sets of issues in a single
  resolution

20
Difficult legal problems

• Can an individual own (and therefore sell) his
  or her own privacy rights?
• Should the default assumption be protect the
  privacy interest or compel waiver of the
  privacy interest?
• When should the law defer to informal or social
  norms, or to technological barriers or solutions?

21
Some US privacy laws

• Bank Secrecy Act, 1970
• Fair Credit Reporting Act, 1971
• Privacy Act, 1974
• Right to Financial Privacy Act, 1978
• Cable TV Privacy Act, 1984
• Video Privacy Protection Act, 1988
• Family Educational Right to Privacy Act, 1993
• Electronic Communications Privacy Act, 1994
• Freedom of Information Act, 1966, 1991, 1996

22
US law recent additions

• HIPAA (Health Insurance Portability and
  Accountability Act, 1996)
• When implemented, will protect medical records
  and other individually identifiable health
  information
• COPPA (Childrens Online Privacy Protection Act,
  1998)
• Web sites that target children must obtain
  parental consent before collecting personal
  information from children under the age of 13
• GLB (Gramm-Leach-Bliley-Act, 1999)
• Requires privacy policy disclosure and opt-out
  mechanisms from financial service institutions

23
Safe harbor

• Membership
• US companies self-certify adherence to
  requirements
• Dept. of Commerce maintains signatory list
  http//www.export.gov/safeharbor/
• Signatories must provide
• notice of data collected, purposes, and
  recipients
• choice of opt-out of 3rd-party transfers, opt-in
  for sensitive data
• access rights to delete or edit inaccurate
  information
• security for storage of collected data
• enforcement mechanisms for individual complaints
• Approved July 26, 2000 by EU
• reserves right to renegotiate if remedies for EU
  citizens prove to be inadequate

24
Data protection agencies

• Australia http//www.privacy.gov.au/
• Canada http//www.privcom.gc.ca/
• France http//www.cnil.fr/
• Germany http//www.bfd.bund.de/
• Hong Kong http//www.pco.org.hk/
• Italy http//www.privacy.it/
• Spain http//www.ag-protecciondatos.es/
• Switzerland http//www.edsb.ch/
• UK http//www.dataprotection.gov.uk/
• And many more

25
Writing a Literature Review
26
Writing a literature review
Research and Communication Skills

• What is a literature review?
• A critical summary of what has been published on
  a topic
• What is already known about the topic
• Strengths and weaknesses of previous studies
• Often part of the introduction or a section of a
  research paper, proposal, or thesis
• A literature review should
• be organized around and related directly to the
  thesis or research question you are developing
• synthesize results into a summary of what is and
  is not known
• identify areas of controversy in the literature
• formulate questions that need further research
• Dena Taylor and Margaret Procter. 2004. The
  literature review A few tips on conducting it.
  http//www.utoronto.ca/writing/litrev.html

27
Literature review dos and donts
Research and Communication Skills

• Dont create a list of article summaries or
  quotes
• Do point out what is most relevant about each
  article to your paper
• Do compare and contrast the articles you review
• Do highlight controversies raised or questions
  left unanswered by the articles you review
• Do take a look at some examples of literature
  reviews or related work sections before you try
  to create one yourself
• For an example, of a literature review in a CS
  conference paper see section 2 of
  http//cs1.cs.nyu.edu/waldman/publius/paper.html

28
Homework 2

• http//lorrie.cranor.org/courses/fa05/hw2.html
• Privacy laws
• Technologies that raise privacy concerns

29
Homework 3

• http//lorrie.cranor.org/courses/fa05/hw3.html

30
Announcements

• Dont forget that project brainstorming is due by
  Monday