Privacy:
Privacy is the right of individual to hold back certain information about self without disclosure and allow it to be collected with the consent (agreement) with the assurance that it would remain protected from unauthorized access.
Key elements of effective privacy
• Understand your company’s compliance (obedience to rule) and culture
• Align and train management and staff on security practices
• Know your data, where it is, and what must be protected
• Ensure third parties comply (obey rule) with your privacy policies
• Understand your threats and controls
• Test and update controls regularly
• Be prepared to respond to incidents
PRIVACY RISKS
Privacy risk is defined as the “potential loss of control over personal information”. Although an individual may consent (agree) to the use of his or her personal information, the “loss of control” occurs when the organization fails to provide adequate safeguards.
A privacy risk includes any potential problems involving the collection, use, or disclosure of personal data.
There are several types of privacy risk:
• Legal Compliance—Failure to comply with privacy laws and regulations can result in significant legal sanctions, liability (financial law), fines, and other unpleasant consequences.
• Reputational—Having a privacy mishap can severely damage the reputation.
• Financial—Privacy violations can lead to costly litigation (process of bringing before a law court), large damage awards, and expensive and burdensome legal requirements (data security breach (failure to do what is required by law)notification).
• Employee Well-Being—Privacy mishaps can affect and harm employees
• Soured Relationships—Privacy mishaps or even poor privacy practices that have not involved an actual mishap can sour relationships between schools and parents, applicants, donors, alumni (former students), and others.
• Time and Resources—One of the largest often under-appreciated privacy risks involves the extensive amount of time and resources needed to respond to a privacy mishap.
Government Information:
The benefits of data sharing do not solely accrue (to increase) to the governments or organizations that collect, use and disclose the information. There are definitely benefits to the citizenry. Anyone who has ever changed provinces with children in school and elderly parents in need of healthcare would fight for one-stop shopping, and single source address change. Other potential benefits include: convenience for the citizen; better program delivery through a comprehensive or clustered approach; automatic entitlement to programs; better risk management and cost control; efficiency through more effective use of data; and better information dissemination and training.
Risks of Data Centralization, Distributed Shared Access, and Data Mining
• use of data for purposes unrelated to the purpose for which the data was collected;
• loss of control of data by agencies;
• inability to correct errors as data travels;
• outdated/incomplete records (e.g., criminal history records without dispositions);
• conflicting time periods resulting in incorrect linkages and inferences (conclusion);
• decisions made using unrelated, inaccurate data without the knowledge of the citizen;
• hostile users (i.e., the citizen may not know which organization ultimately holds and uses the data, and there may be no trust relationship);
• profiling and the possibility of discrimination (e.g., potential Canadian Charter of Rights and Freedoms issues);
• lack of accountability;
• absence of enforceable rights (e.g., due process);
• legal complexity because of sharing among federal/provincial/territorial (FPT) agencies; and
• the consequences of greater transparency.
Consumer privacy (customer privacy)
Consumer privacy, also known as customer privacy, involves the handling and protection of sensitive personal information that individuals provide in the course of everyday transactions. This involves the exchange or use of data electronically or by any other means, including telephone, fax, written correspondence, and even direct word of mouth.
Databases and Personal Records:
• When information is stored in a computer, there is little incentive (a thing that encourages sb to do sth) to get rid of it; hence, information may stay with an individual permanently. Information stored in a computer takes up very little space and is easy to maintain and transfer.
• When he was ten years old may easily follow him through life because the information has been recorded once and there is little motivation to delete it. Because it is so easy to keep information, some fear that individuals will become categorized at early stages in their lives.
• One way to see this is to imagine what it would be like elementary and secondary school records were put into a national database where prospective employers, government agencies, or insurance companies could get access. We might find decision being made about us on the basis of testing done when we were in elementary school or on the basis of disciplinary incidents in our teenage years.
• While record-keeping is by no means a new activity, it appears that computers have changed record-keeping activities in the following ways:
1. They have made possible a new scale of information gathering,
2. They have made possible new kinds of information,
3. They have made possible a new scale of information distribution,
4. The effect of erroneous information can be magnified, and
5. Information about events in one’s life may stay in one’s records for life.
Email privacy
Email privacy is the broad topic dealing with issues of unauthorized access and inspection of electronic mail. This unauthorized access can happen while an email is in transit, as well as when it is stored on email servers or on a user computer.
Email has to go through potentially entrusted intermediate computers (email servers, ISPs) before reaching its destination, and there is no way to tell if it was accessed by an unauthorized entity. This is different from a letter sealed in an envelope, where by close inspection of the envelope, it might be possible to tell if someone opened it. In that sense, an email is much like a postcard whose contents are visible to everyone who handles it.
Emails are stored at multiple locations: on the sender's computer, your Internet Service Provider's (ISP) server, and on the receiver's computer. Deleting an email from your inbox doesn't mean there aren't multiple other copies still out there. Emails are also vastly easier for employers and law enforcement to access than phone records. Finally, due to their digital nature, they can be stored for very long periods of time, so think twice before writing something down in an email you don't want others to see.
How to Keep Your Email Private
First, to maintain your expectation to privacy in the first place, always use password-protected computers and email clients. After that, there's really only one way to ensure that your emails are kept confidential -- encrypt them.
The two most popular forms of email encryption are OpenPGP and S/MIME. Encryption scrambles your email into something unintelligible that only someone who has the correct digital "key" can read. Due to speed and convenience issues, however, few people use encryption and most email remains unencrypted and unsecure.
The best advice is to treat every email as though it were open to the public to read. Don't say things you don't want others to read, and remember that even after you've deleted your emails, they will be available for years from other sources.
Web Privacy:
• A privacy policy is a document telling visitors to your site what information you collect and what you do with that information. Very simply: it is a short explanation of what you are doing to observe visitors to your website.
Two good reasons to develop a privacy policy
1. Create a better electronic environment on the internet
2. Laws / legislation may pertain (to be relevant to sth) to your business
By letting people know what info is collected and what is done with that information, you can create a transparent environment in which people / consumers are more confident. You can eliminate stress and concerns about abuse (to make bad use of sth) of personal info.
Various legislations and legal guidelines, for example in the US and in the UK, are being developed and may affect your website, depending on what information you collect, how you do it, and what you do with it. The European Union has developed similar guidelines that contain a bit too much legal rhetoric (the art of using language in an impressive way) to be completely useful.
• Your policy should be written in plain readable language. Consider the policy to be a part of your site. Design the policy and publish it like the rest of your site. Design it as if you actually want people to read it. Make it short, friendly & intuitive. It should be easily accessible throughout your site.
• When you visit our site, the pages that you look at, and a short text file called a cookie, are downloaded to your computer. A cookie is used to store small amounts of information. This information is collected for traffic analysis only. The cookie does not contain personal details. Depending on the browser that you use, you can set your preferences to block/ refuse cookies, and/ or notify you before they are placed.
• There is an important distinction to be made here between cookies and spyware. Spyware collects information about your surfing habits across the internet and sends this information out from your computer. Cookies collect information about your surfing habits only on the site of the provider of the cookie, in other words just on one site.
Protecting privacy
Your privacy on the Internet depends on your ability to control both the amount of personal information that you provide and who has access to that information. To read about how your information gets on the Internet and how it is used, see Your information on the Internet: What you need to know.
Follow the practical advice below to help increase your privacy online.
Think before you share personal information
First, read the website's privacy policy
Privacy policies should clearly explain what data the website gathers about you, how it is used, shared, and secured, and how you can edit or delete it. (For example, look at the bottom of this and every page on Microsoft.com.) No privacy statement? Take your business elsewhere.
Do not share more than you need to
• Do not post anything online that you would not want made public.
• Minimize details that identify you or your whereabouts.
• Keep your account numbers, user names, and passwords secret.
• Only share your primary email address or Instant Message (IM) name with people who you know or with reputable organizations. Avoid listing your address or name on Internet directories and job-posting sites.
• Enter only required information—often marked with an asterisk (*)—on registration and other forms.
Choose how private you want your profile or blog to be
Modify Internet Explorer or website settings or options to manage who can see your online profile or photos, how people can search for you, who can make comments on what you post, and how to block unwanted access by others.
Offensive Speech and Censorship in Cyberspace
What is there? What is illegal?
• What is offensive (very unpleasant) speech? What should be prohibited or restricted by law in cyberspace?
• State of Georgia tried to ban pictures of marijuana (form of the drug, usu smoked for pleasure) from the internet
• Pornography, Playboy, read about sex or how to make bombs, make photo copies and send them by mail without return address.
What was really illegal?
Obscene (disgusting by accepted moral standards, esp in sexual matters) material is not protected by the First Amendment. The criteria are that:
(1) it depicts sexual (or excretory) acts whose depiction is specifically prohibited by state law,
(2) it depicts these acts in a patently (clearly) offensive manner, appealing to prurient (having or showing excessive interest in sexual matters) interest as judged by a reasonable person using community standards and
(3) it has no serious literary, artistic, social political, or scientific value.
- The second point – the application of community standards – was compromise intended to avoid the problem…
In 1996, Congress passed Child Pornography Prevention Act to extend ... to include “virtual” Children,
Material inappropriate for children
– pornography can be regulated and banned, but only for minors
– technology changes the context
» on the Web, children have access to the same ‘adult’ text, images, videos, etc. as adults.
» online proprietors don’t know the customer is not an adult.
– protecting children
» regardless of the medium:
it is illegal to create, possess or distribute child pornography.
it is illegal to lure (to attract a person) children into sexual activity.
Censorship Laws
– Communications Decency Act (CDA, 1996)
» publicity and public pressure lead Congress to pass this act.
» anyone who made available to anyone under 18 any communication that is obscene or indecent would be subject to a $250,000 fine and two years in prison.
» In 1997, the CDA was ruled unconstitutional because it was too vague and too broad in protecting children online and because less restrictive means are available [ACLU v. Reno (Feb 1996)]
– Child Online Protection Act (COPA, 1998)
» commercial Web sites that make available to minors materials “harmful to minors”, as judged by community standards would be subject to a $50,000 fine and six months in jail
» used Miller v. California (1973) definition of obscene
» In 2000 and 2003, COPA was ruled unconstitutional by a federal court (definition of obscene speech still to broad)
» In 2004, COPA was ruled unconstitutional by the Supreme Court
Censorship Laws (cont’d)
– Children’s Internet Protection Act (CHIPA, 2000)
» any school or library receiving federal Internet funds must install filtering software on all Internet terminals
» filters must block sites containing child pornography, obscene material, and any material deemed “harmful to minors”
» A federal appeals court ruled a major part of CHIPA unconstitutional in 2002 but the Supreme Court upheld the law in 2003
Limiting Internet Access in Libraries and Schools
– Filtering Software
» Benefits: prevent access to inappropriate material on the Internet by screening words or phrases, blocking sites according to rating system, or disallowing access to specific sites in a list.
» Problems: can be ineffective—kids get around the filters; the words, phrases, rating systems, etc. are subjective (based on personal taste); “banned” keywords can be overly restrictive for adult users and for legitimate (reasonable) use by minors, not transparent
Types of filtering
– URL filtering
– keyword filtering
– dynamic content filtering
Popular Filters
– ConnectProtect, CYBERsitter, CyberPatrol
Anonymity
Anonymity, adjective "anonymous", is derived from the Greek word ἀνωνυμία, anonymia, meaning "without a name" or "namelessness". In colloquial (used in normal conversation but not formal speech) use, "anonymous" is used to describe situations where the acting person's name is unknown.
The important idea here is that a person be non-identifiable, unreachable, or untraceable. Anonymity is seen as a technique, or a way of realizing, certain other values, such as privacy, or liberty.
The internet community is quickly changing and evolving as more of the world comes on-line. Free speech and anonymity have always been important real-world societal issues and have been the topics of numerous heated court cases. These issues are becoming increasingly important as more people discover the digital world and find the need for anonymity in this new society.
Individuals sometimes choose to remain anonymous to safeguard their privacy, for example, when browsing in a department store or purchasing an "adult" magazine. Browsing the Web has also, to date, usually been an anonymous activity. Moving beyond the Web to the Internet in general, one can send anonymous messages using an anonymous remailer program. It is fairly easy today for a technically sophisticated person to remain anonymous and avoid accountability on the Internet for actions which are questionable or illegal, e.g., sending advertising mail to numerous newsgroups (spamming), running a pornography server, or hacking the Web page of another person.
