Privacy Policy
Issues & Pages
Amy Reese
INF385E Information Architecture and Design 1
UT iSchool
21 September 2004
Overview
pri·va·cy (prī′ və sē; Brit. also prīv′ ə sē), n., pl –cies.


The state of being private; retirement or seclusion.
The state of being free from intrusion or disturbance
in one’s private life or affairs: the right to privacy.

Secrecy.

Archaic. A private place. [1400-50; late ME privace.
See private, -acy]
Source: Webster’s New Universal Unabridged Dictionary © 1996 Barnes
& Noble, Inc. by arrangement with Random House Value Publishing.
A Little Bit of History







Federal Trade Commission Act (1914)
Privacy Act (1974)
Electronic Communications Privacy Act
(1986)
Children’s Online Privacy Protection Act
(1988)
Gramm-Leach-Bliley Act (2000)
Report to Congress: Privacy Online (2000)
Fair Credit Reporting Act (2002)
A Little Bit of History

Federal Trade Commission Act (1914)
(15 U.S.C. §§ 41-58, as amended)






prevent unfair methods of competition, and unfair or deceptive
acts or practices in or affecting commerce
seek monetary redress and other relief for conduct injurious to
consumers
prescribe trade regulation rules defining with specificity acts or
practices that are unfair or deceptive, and establishing
requirements designed to prevent such acts or practices
conduct investigations relating to the organization, business,
practices, and management of entities engaged in commerce
make reports and legislative recommendations to Congress
http://www.ftc.gov/ogc/stat1.htm
A Little Bit of History

Privacy Act (1974)


developed with the intent to regulate the collection and use of
personal information by federal executive branch agencies
problems with the dispute of outdated regulatory guidelines and
misinterpretation

unresolved issues defy attempts at clarification

http://www.personal.umd.umich.edu/%7Edrafalsk/Legislation.htm
A Little Bit of History

Electronic Communications Privacy Act (1986)




sets out provisions for disclosure and privacy protections of
electronic communications
this refers to is any signals, data or intelligence transmitted via
wire, radio waves, photo electronic, etc. that affects interstate
commerce
the EPCA prohibits any unlawful access of electronic
communication and prevents government entities from requiring
disclosure of this communication from a provider without proper
procedure
http://www.personal.umd.umich.edu/%7Edrafalsk/Legislation.htm
A Little Bit of History

Children's Online Privacy Protection Act (1988)




gives parents control over what information is collected from children under
age 13 online and how that information is used
applies to operators of web sites directed to children or that collect personal
information from children
The Rule requires operators to:
 Post a privacy policy on the page and provide a link to the policy
everywhere personal information is collected
 Provide notice to parents about collection practices and obtain verifiable
parental consent before collecting personal information
 Give parents a choice as to whether their child’s personal information will
be disclosed to third parties
 Provide parents to access or delete their child’s personal information, or
opt-out of future information collection or use
 Allow activity access without disclosing more personal information than is
reasonably necessary
 Maintain the confidentiality, security and integrity of personal information
collected from children
http://www.ftc.gov/privacy/privacyinitiatives/childrens.html
A Little Bit of History

Gramm-Leach-Bliley Act (2000)




requires companies to provide their consumers with
privacy notices, explaining the institutions’
information-sharing process
consumers are given the right to limit some sharing
of their information
companies have the right to share the consumers’
information within the organization, but not with
outside sources, such as telemarketers.
http://www.personal.umd.umich.edu/%7Edrafalsk/
Legislation.htm
A Little Bit of History

Report to Congress: Privacy Online (2000)


commercial Web sites that collect personal identifying
information (Pii) from or about consumers online would be
required to comply with the four widely-accepted fair information
practices:
 Notice
 Choice
 Access
 Security
http://www.ftc.gov/reports/privacy2000/privacy2000.pdf
A Little Bit of History

Fair Credit Reporting Act (2002)



Accuracy and fairness of credit reporting
 the banking system is dependent upon fair and accurate credit
reporting
 investigate and evaluate the credit worthiness, standing, capacity,
character, and reputation
 consumer reporting agencies are vital in assembling and evaluating
consumer credit and other information
 insure that consumer reporting agencies exercise their
responsibilities with fairness, impartiality, and respect for the right
to privacy
Reasonable procedures
 adopt reasonable procedures for meeting the needs of information
in a fair and equitable manner, with regard to the confidentiality,
accuracy, relevancy, and proper utilization
http://www.techlawjournal.com/cong107/privacy/hollings/20020
418summary.asp
What Information is Out There?

Information Mining


Government & Private Sectors differ vastly
What information do businesses collect?




Corporate liability?
What do they do with it?
How secure is the information out there?
What can I do to control my information?
Do We Really Have Privacy?

Legislative Measures


Is enough being done to insure our privacy?
Is all privacy legislation in our best interests?



California’s Spyware Bill
How can I help?
Personal Privacy & Freedom of Information




“Mommy, can I have a cookie?”
“Mommy, where does spam come from?”
Identity Theft
Corporations vs. the Individual
Legislative Measures
http://www.ftc.gov/
Legislative Measures
Do We Really Have Privacy?

Legislative Measures


Is enough being done to insure our privacy?
Is all privacy legislation in our best interests?



California’s Spyware Bill
How can I help?
Personal Privacy & Freedom of Information




“Mommy, can I have a cookie?”
“Mommy, where does spam come from?”
Identity Theft
Corporations vs. the Individual
Personal Privacy &
Freedom of Information
“Essentially,
cookies make use of user-specific information
transmitted by the Web server onto the user's computer so
that the information might be available for later access by
itself or other servers. In most cases, not only does the
storage of personal information into a cookie go unnoticed,
so does access to it. Web
servers automatically gain
access to relevant cookies
whenever the user
establishes a connection to
them, usually in the form
of Web requests.”
Personal Privacy &
Freedom of Information
“Cookies are based on a two-stage process.
First the cookie is stored in the user's computer
without their consent or knowledge. During the
second stage, the cookie is clandestinely and
automatically transferred from the user's
machine to a Web server.”
Personal Privacy &
Freedom of Information
Personal Privacy &
Freedom of Information
How savvy are you?
Take the Privacy Rights Clearinghouse Identity Theft Quiz!
http://www.privacyrights.org/itrc-quiz1.htm
Personal Privacy &
Freedom of Information

Identity Theft

If you live in California, you have the right to put a
"security freeze" on your credit file. A security freeze
means that your file cannot be shared with potential
creditors. A security freeze can help prevent identity theft.
Most businesses will not open credit accounts without
checking a consumer's credit history first. If your credit file
is frozen, even someone who has your name and Social
Security number would probably not be able to get credit
in your name. For more information on security freezes,
http://www.privacy.ca.gov/financial/cfreeze.htm.
Do We Really Have Privacy?

Legislative Measures


Is enough being done to insure our privacy?
Is all privacy legislation in our best interests?



California’s Spyware Bill
How can I help?
Personal Privacy & Freedom of Information




“Mommy, can I have a cookie?”
“Mommy, where does spam come from?”
Identity Theft
Corporations vs. the Individual
Do We Really Have Privacy?

Controlling Required Information



Sites must provide opt-out measures
Once given, can information be controlled?
Background Checks & Employment



Are they really necessary?
Can we opt out?
Can I move beyond my past?
Do We Really Have Privacy?

Privacy Policies




What do these policies cover?
Do I have recourse when they fail?
What do they really do for you?
Software



How secure are the programs I’m using?
Accidental security leaks
Mixing software is like mixing medicine
Do We Really Have Privacy?
Be afraid, be very afraid….
Feeling Secure?
Questions? Fears?