Privacy ECT 582 Robin Burke. Outline Homework #6 Privacy basics relationship to security privacy...
-
Upload
alban-lawrence -
Category
Documents
-
view
220 -
download
1
Transcript of Privacy ECT 582 Robin Burke. Outline Homework #6 Privacy basics relationship to security privacy...
![Page 1: Privacy ECT 582 Robin Burke. Outline Homework #6 Privacy basics relationship to security privacy policies and requirements.](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649efa5503460f94c0d0f8/html5/thumbnails/1.jpg)
Privacy
ECT 582
Robin Burke
![Page 2: Privacy ECT 582 Robin Burke. Outline Homework #6 Privacy basics relationship to security privacy policies and requirements.](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649efa5503460f94c0d0f8/html5/thumbnails/2.jpg)
Outline
Homework #6 Privacy
basicsrelationship to securityprivacy policies and requirements
![Page 3: Privacy ECT 582 Robin Burke. Outline Homework #6 Privacy basics relationship to security privacy policies and requirements.](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649efa5503460f94c0d0f8/html5/thumbnails/3.jpg)
Homework #6
![Page 4: Privacy ECT 582 Robin Burke. Outline Homework #6 Privacy basics relationship to security privacy policies and requirements.](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649efa5503460f94c0d0f8/html5/thumbnails/4.jpg)
Privacy
Privacy is the interest that individuals have in sustaining a 'personal space', free from interference by other people and organizations.
– Roger Clarke
![Page 5: Privacy ECT 582 Robin Burke. Outline Homework #6 Privacy basics relationship to security privacy policies and requirements.](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649efa5503460f94c0d0f8/html5/thumbnails/5.jpg)
Forms of privacy
privacy of the person privacy of personal behavior privacy of personal
communications privacy of personal data
![Page 6: Privacy ECT 582 Robin Burke. Outline Homework #6 Privacy basics relationship to security privacy policies and requirements.](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649efa5503460f94c0d0f8/html5/thumbnails/6.jpg)
Person
Bodily privacy Issues
compulsory immunizationcompulsory drug testingcompulsory sterilisationabortion
![Page 7: Privacy ECT 582 Robin Burke. Outline Homework #6 Privacy basics relationship to security privacy policies and requirements.](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649efa5503460f94c0d0f8/html5/thumbnails/7.jpg)
Behavior
Issuessexual orientationpolitical activismreligionI-Pass
Relatedmedia privacy
![Page 8: Privacy ECT 582 Robin Burke. Outline Homework #6 Privacy basics relationship to security privacy policies and requirements.](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649efa5503460f94c0d0f8/html5/thumbnails/8.jpg)
Communication
Issueswiretappingencryption
![Page 9: Privacy ECT 582 Robin Burke. Outline Homework #6 Privacy basics relationship to security privacy policies and requirements.](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649efa5503460f94c0d0f8/html5/thumbnails/9.jpg)
Data
Information privacy Issues
availability of personal datacontrol over collected information
![Page 10: Privacy ECT 582 Robin Burke. Outline Homework #6 Privacy basics relationship to security privacy policies and requirements.](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649efa5503460f94c0d0f8/html5/thumbnails/10.jpg)
Competing interests
intra-personalinformation privacy vs access to credit
inter-personalbehavior privacy vs health risk
organizationalbody privacy vs insurance risk
![Page 11: Privacy ECT 582 Robin Burke. Outline Homework #6 Privacy basics relationship to security privacy policies and requirements.](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649efa5503460f94c0d0f8/html5/thumbnails/11.jpg)
Privacy protection
Balancingprivacy interestother interests
Contextpartiesinterestsissues
![Page 12: Privacy ECT 582 Robin Burke. Outline Homework #6 Privacy basics relationship to security privacy policies and requirements.](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649efa5503460f94c0d0f8/html5/thumbnails/12.jpg)
Privacy in E-Commerce
Means data privacy Questions
what information is collected about visitors to a site?
what is done with that information?how are users informed of possible
uses of their data?
![Page 13: Privacy ECT 582 Robin Burke. Outline Homework #6 Privacy basics relationship to security privacy policies and requirements.](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649efa5503460f94c0d0f8/html5/thumbnails/13.jpg)
Surveillance
Personal surveillancetracking an individual
Mass surveillancetracking a large group
When using personal datadataveillance
![Page 14: Privacy ECT 582 Robin Burke. Outline Homework #6 Privacy basics relationship to security privacy policies and requirements.](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649efa5503460f94c0d0f8/html5/thumbnails/14.jpg)
E-commerce data
Transactions Site registration info
often included email address Site visitations Browsing history Platform info
from browser headers
![Page 15: Privacy ECT 582 Robin Burke. Outline Homework #6 Privacy basics relationship to security privacy policies and requirements.](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649efa5503460f94c0d0f8/html5/thumbnails/15.jpg)
Dataveillance techniques
Front-end verification linking data in an application form against
data in other systems Computer matching
merging of data from separate information systems creating a merged profile
Profiling identifying characteristics of "interesting"
individuals in advance searching databases for matches
![Page 16: Privacy ECT 582 Robin Burke. Outline Homework #6 Privacy basics relationship to security privacy policies and requirements.](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649efa5503460f94c0d0f8/html5/thumbnails/16.jpg)
Identification
weaker than authentication relationship between a system and an
individual to be recognized An entity may have many identities
same business multiple contacts same business multiple brandnames same individual multiple email addresses same individual different user ids
![Page 17: Privacy ECT 582 Robin Burke. Outline Homework #6 Privacy basics relationship to security privacy policies and requirements.](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649efa5503460f94c0d0f8/html5/thumbnails/17.jpg)
Identity
Anonymousdata is not associated with any
individual Personally-identified
data is associated with identifying user information
![Page 18: Privacy ECT 582 Robin Burke. Outline Homework #6 Privacy basics relationship to security privacy policies and requirements.](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649efa5503460f94c0d0f8/html5/thumbnails/18.jpg)
Spectrum
Totally private site accepts only e-cash delivers goods to pre-arranged dropoff points
Totally invasive site installs trojan horse which downloads
sensitive data data correlated with user's activites online
and offline data sold to anybody and everybody
![Page 19: Privacy ECT 582 Robin Burke. Outline Homework #6 Privacy basics relationship to security privacy policies and requirements.](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649efa5503460f94c0d0f8/html5/thumbnails/19.jpg)
Issues
Need to knowthe system shouldn't collect more
information than is necessary for a transaction
Third partiesdisclosure to one organization should
not mean disclosure to the world Technical disclosure
interaction leaks technical information
![Page 20: Privacy ECT 582 Robin Burke. Outline Homework #6 Privacy basics relationship to security privacy policies and requirements.](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649efa5503460f94c0d0f8/html5/thumbnails/20.jpg)
Anonymization
Services exist to "anonymize" web interactionsssl connection to proxy serverproxy server emits web requestsproxy server gets responses and
encrypts back to userproxy server may alter content
• handling cookies & web bugs• modifying request headers
![Page 21: Privacy ECT 582 Robin Burke. Outline Homework #6 Privacy basics relationship to security privacy policies and requirements.](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649efa5503460f94c0d0f8/html5/thumbnails/21.jpg)
The data trail
Personal data transaction records are essential to business
relationships especially to next-generation e-commerce
services like personalization also evaluating web site quality and features
Problem these records have to most potential for
privacy problem
![Page 22: Privacy ECT 582 Robin Burke. Outline Homework #6 Privacy basics relationship to security privacy policies and requirements.](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649efa5503460f94c0d0f8/html5/thumbnails/22.jpg)
Psuedonymity
Pseudonomousdata is associated with a consistent
persona• not directly linked to an individual
Exampleschat-room personaeBay user name
![Page 23: Privacy ECT 582 Robin Burke. Outline Homework #6 Privacy basics relationship to security privacy policies and requirements.](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649efa5503460f94c0d0f8/html5/thumbnails/23.jpg)
Benefits
Provide stable identityremoved by anonymizers
Allow for personalized services Good fit for "multi-role" lives Lower privacy risk But
idea not widely supported in e-commerce
![Page 24: Privacy ECT 582 Robin Burke. Outline Homework #6 Privacy basics relationship to security privacy policies and requirements.](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649efa5503460f94c0d0f8/html5/thumbnails/24.jpg)
Legal framework for privacy
Children's privacyCOPPA
Self-regulationprivacy seal
![Page 25: Privacy ECT 582 Robin Burke. Outline Homework #6 Privacy basics relationship to security privacy policies and requirements.](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649efa5503460f94c0d0f8/html5/thumbnails/25.jpg)
Fair information practices
Guidelines from the FTC Notice Choice Access Security
![Page 26: Privacy ECT 582 Robin Burke. Outline Homework #6 Privacy basics relationship to security privacy policies and requirements.](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649efa5503460f94c0d0f8/html5/thumbnails/26.jpg)
Notice
Consumers should be given clear and conspicuous notice of an entity's information practices before any personal information is collected from them
Should consist of what data will be collected who is collecting data who will get the data how the data will be collected how the data will be used how the data will be protected whether data is mandatory or optional
![Page 27: Privacy ECT 582 Robin Burke. Outline Homework #6 Privacy basics relationship to security privacy policies and requirements.](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649efa5503460f94c0d0f8/html5/thumbnails/27.jpg)
Choice
Consumers should be given options as to how any personal information collected from them may be used for purposes beyond those necessary to complete a contemplated transaction.
Secondary usesplacement on a (e)mailing listtransfer to third partyusability evaluation
![Page 28: Privacy ECT 582 Robin Burke. Outline Homework #6 Privacy basics relationship to security privacy policies and requirements.](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649efa5503460f94c0d0f8/html5/thumbnails/28.jpg)
Access
An individual's ability both to access data about him or herself and to contest that data's accuracy and completeness.
Difficult to implementesp. authentication
Least popular
![Page 29: Privacy ECT 582 Robin Burke. Outline Homework #6 Privacy basics relationship to security privacy policies and requirements.](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649efa5503460f94c0d0f8/html5/thumbnails/29.jpg)
Security
Protection of personal information against unauthorized access, use, or disclosure, and against loss or destruction.
![Page 30: Privacy ECT 582 Robin Burke. Outline Homework #6 Privacy basics relationship to security privacy policies and requirements.](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649efa5503460f94c0d0f8/html5/thumbnails/30.jpg)
COPPA
Guidelines become mandatory for children under 13
Required posted privacy policy parental consent
• except for email addresses in some conditions
re-verify consent when policy changes allow parental review of collected data allow parent opt-out
![Page 31: Privacy ECT 582 Robin Burke. Outline Homework #6 Privacy basics relationship to security privacy policies and requirements.](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649efa5503460f94c0d0f8/html5/thumbnails/31.jpg)
Privacy seals
TRUSTe BBBOnLine Privacy CPA WebTrust Entertainment Software Ratings
Board
![Page 32: Privacy ECT 582 Robin Burke. Outline Homework #6 Privacy basics relationship to security privacy policies and requirements.](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649efa5503460f94c0d0f8/html5/thumbnails/32.jpg)
TRUSTe
Non-profit consortium Process
privacy policyself-assessment
• http://www.truste.org/webpublishers/Self_Assessment_v8.html
remote audit of web siteannual review
![Page 33: Privacy ECT 582 Robin Burke. Outline Homework #6 Privacy basics relationship to security privacy policies and requirements.](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649efa5503460f94c0d0f8/html5/thumbnails/33.jpg)
BBBOnLine Privacy
Offered by Better Business BureauMust be a BBB member
Similar process to TRUSTe
![Page 34: Privacy ECT 582 Robin Burke. Outline Homework #6 Privacy basics relationship to security privacy policies and requirements.](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649efa5503460f94c0d0f8/html5/thumbnails/34.jpg)
CPA WebTrust
Franchise available to CPAs licensed by WebTrust
Differenceson-site auditsemi-annual review
(They also do Certification Authorities)
![Page 35: Privacy ECT 582 Robin Burke. Outline Homework #6 Privacy basics relationship to security privacy policies and requirements.](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649efa5503460f94c0d0f8/html5/thumbnails/35.jpg)
ESRB Privacy
For game sites Process similar to TRUSTe
on-site auditquarterly anonymous reviewquarterly anonymous spot-checks
![Page 36: Privacy ECT 582 Robin Burke. Outline Homework #6 Privacy basics relationship to security privacy policies and requirements.](https://reader030.fdocuments.in/reader030/viewer/2022032612/56649efa5503460f94c0d0f8/html5/thumbnails/36.jpg)
Final exam
Submit via COL 9 pm 11/20 No late exams!