Lesson 9 - What Does Data Privacy Mean to You

7/31/2019 Lesson 9 - What Does Data Privacy Mean to You

1/15

Content by LOOKBOTHWAYS 2011 iKeepSafe. All rights reserved.

LESSON 9:What does data privacy mean to you?

Based on: IKeepSafe article Jan 22 2012 Data Privacy Roadmap IKeepSafe article Jan 22 Its Data Privacy Day on Sat. 28th; But What Does Data Privacy Mean to

You?

Appropriate for : Grades 6-9

Time Required : 30-45 minutes

Equipment needed: None. (Printing the Infographic as a poster, optional) (In-class demonstration,water, plastic bag, sharp objects, large bowl and a towel, see Optional Activities section for moreinformation)

Lesson Overview Key Stats

Learning objectives Teen Voice

Key concepts Professional Development for EducatorsVocabulary Parent TipsLesson Full News ArticleOptional Activities Additional ResourcesOptional Lesson Presentation (PDF) Map to Learning Standards

Lesson Overview More than 40 countries around the world will be celebratingData Privacy Day this week to promote awareness about themany ways personal information is collected, stored, used, andshared, and education about privacy practices that will enableindividuals to protect their personal information.

This lesson is based on two articles published January 22 nd byiKeepSafe, 2012 Data Privacy Roadmap , and Its Data Privacy Dayon Sat. 28th; But What Does Data Privacy Mean to You?, and

new research by Microsoft titled Less than Half Surveyed Think About How Their Online Activities ImpactTheir Online Reputations. It is designed to help students develop a deeper understanding of the value oftheir information and their privacy.

Learning ObjectivesStudents should walk away with a tangible understanding of key concepts on personal privacy andinformation exposure as well as the vocabulary related to personal data privacy.

CONTENT


2/15


Key concepts1. Every person needs to set their own privacy standard.2. Reading sites privacy policies matters. Avoid sites that require you to share more information

than youre comfortable with, or that share information with others.3. Online data and location tracking tools continue to expand new features like Facebooks

Timeline and Facebook and Google+s facial recognition, take data exposure to new levels.4. Privacy laws have not kept pace with technologys ability to collect and package your

information or with companies drive to profit from your information, but they are workingtowards solutions along with responsible companies and non-profit organizations.

VocabularyThe first instance of vocabulary words are highlighted in yellow in the lesson.

Infographic refers to displaying information through graphics, generally to make theinformation easier to understand

Privacy Policy - a statement or a legal document that that declares a partys policy on how itcollects, stores, and releases personal information it collects. It informs users about some or allof the ways they collect information and whether it is kept confidential, shared with partners, orsold to other firms or enterprises.

Personal information - anything that can identify an individual including: name, address, date ofbirth, marital status, contact info, ID issue and expiration date, financial records, creditinformation, medical history, where you travel, and intent to purchase items and services.

Facial recognition - a computer application thatidentifies or verifies a person from a digital image. Oneway to do this is by comparing selected facial featuresfrom the image and comparing it to a facial database.

LessonThis week, more than 40 countries will celebrate Data Privacy

Day. It is a day designed to promote awareness about the manyways personal information is collected, stored, used, andshared, and education about privacy practices that will enableindividuals to protect their personal information.

By marking the day, we have the opportunity to stop and reflecton our privacy over the past year, decide what aspects of ourlife we want to keep private, and identify changes so we canincrease our privacy this year.

A quick look at this infographic titled 2011 Data Privacy inReview; the Good, the Bad, and the breached shows it was abumpy ride for personal data privacy last year.

(Show infographic by clicking on the infographic image to bringup a full screen view, and then read or have a student read anentry from each month. Thank the student if you used a student to read.)

As you can see, tens of millions of consumers had personal information exposed by corporate andmedical data breaches; you may have been one of them. Last year also saw the highest volumes ofmalware and cybercrime in history, and you may have fallen for one of those exploits.


3/15


Last year also saw some privacy gains. Global spam volumesdropped, several companies enhanced and simplified their dataprivacy policies, and there was an increase in regulatoryagencies monitoring companies and setting privacy guidelines.Perhaps even more importantly, data privacy is now beingdiscussed broadly by governments, companies, in publicconversations and in homes as families realize that a childs

profile now has two meanings, and both meanings may clearlyidentify them.

(Ask students if they took steps last year to better protect their privacy, or if they had conversations at home or with friendsabout data privacy? If so, what were the outcomes? Allowdiscussion based on time constraints)

One key step in managing privacy is determining whichinformation you want to keep private. Youve heard lots of privacy recommendations like dont shareyour passwords, dont put embarrassing information or photos online and so on, but what pieces of

information do YOU actually care about keeping private?

(Ask students about what they care about keeping private, allow discussion based on time constraints)

Once youve decided what information you want kept private, the next step is taking action to protectthat information. This means securing your devices so they dont get malware i, personalizing the privacysettings on your accounts, using strong passwords, and monitoring your identity ii.

Protecting your information also means knowing the rights websites and services claim over anycontent you place on their sites and that means reading the privacy policies you typically ignore.

You should read each websites privacy policy but theyre often long and complicated in fact, theaverage privacy policy is 2,462 words long. With the average person reading 244 words a minute it takesabout 10 minutes to read the average privacy policy iii.

If you think that sounds long, Facebooksprivacy policy is 6,748 words iv requiring theaverage person to spend about 28 minutes toread it!

Who wants to spend the time? Besides, ifeveryone else is using the site, the privacypolicy must be ok, right?

Wrong. Take a quick look at thePrivacy Policy infographic v. Out of the top 1,000 websites, 38 dont evenhave a privacy policy, and only 124 explicitly say they share information with other companies. Manymore companies share your information without explicitly telling you that theyre doing so.

This failure to notify consumers of how they share information went to the Federal Trade Commission(FTC) for a ruling last year. The FTCs settlement with Facebook vilast December requires Facebook togive consumers clear and prominent notice about sharing their information with other companies and


4/15


now requires Facebook to get express permission from users before sharing information beyond what isincluded in the privacy settings users have established.

Without actively using privacy settings and reading privacy policies, the information you care aboutprotecting may not be protected at all. Avoid sites that require you to share more information thanyoure comfortable with, or that share your information with others.

Protecting your privacy also meansunderstanding the impact of rapidlychanging new technologies. This newtechnology is manifest in public datamapping like Facebooks Timeline, locationtracking, and facial recognition tools nowavailable in both Facebook and Google+.Without proactive measures these tools canquickly expose information you may wantprivate.

Use 5 simple steps vii to increase yourFacebook and Google+ privacy:

1. Understand public fan pages.Anything you post on these pages ispublic by default, so look for andset the privacy option to makethese posts private.

2. Edit your Timeline. The default in Timeline in the U.S. is that all your information is public. InEurope Facebook had to change the default to private. Either way, look at all your posts fromthe time you first set up your profile, and delete anything that you dont want seen to safeguardyour privacy and your reputation.

3. Stop tracking potential. Facebook can track your online activities even when youre logged out.To prevent this, delete Facebook cookies in your browser.

4. Consider using the security level functionality available in Facebook before posting. Look for asmall icon under items in your news feed to see who has access to view your posts before youdecide what to post.

5. Disable photo recognition in both Facebook and Google+. Researchers at Carnegie MellonUniversity could successfully identify about 1/3 of the people found in snapshots using Googlesfacial recognition technology viii - and that about 27% of the time, using data gleaned fromFacebook profiles of the subjects he identified, he could correctly predict the first five digits oftheir Social Security numbers. It is becoming increasingly simple to identify people from bits ofsupposedly anonymous information.

Lesson Wrap-Up:

Privacy laws are struggling to keep pace with technologys ability to collect and package yourinformation. Governments are taking clear steps in the right direction. For example, in the U.S. the FTC isnow asking for public comments as it considers the privacy implications of facial recognitiontechnologies. In Europe, countries are set to release findings about both Facebook and Googles privacysettings, whether they have breached European law, and what changes may need to be made by thecompanies in order to do business in Europe.

As internet users, it is important to applaud the dedication government bodies, responsible companies,and organizations have shown towards improving our data privacy. And we need to continue to


5/15


encourage these groups to defend consumers privacy as they work through existing and new aspects ofprivacy online.

Youve got a lot of power in your fingers to thank companies for responsible privacy policies, and torespectfully request changes to policies when needed to increase your privacy.

The bottom line?

1. Every person needs to set their own privacy standard.2. Reading sites privacy policies, matters. Avoid sites that require you to share more information

than youre comfortable with, or that share information with others.3. Online data, location tracking tools and facial recognition technologies require that you

continually check to ensure your data privacy settings are in place and meet your needs.4. You have a voice online and a civic duty to use it to benefit the safety and privacy of all. Let your

voice be heard. Thank companies that provide responsible privacy policies, and respectfullyrequest changes to policies when needed to increase your privacy.

Optional Activities:

IN CLASS: Visualizing data leakages: Show how quickly information can be lost, and how difficult it canbe to stop the spread of information once it has been made public ix.

Items needed:a) 2 cups water ( liter) - to make the water more visible, you may want to add food coloringb) 1 clear plastic bag (or something similar, even a balloon as an option) ideally this will be sealable in

some way with its own sealing mechanism or with a rubber band, etc.c) Items to make holes in the bag - 1 or more sized pins, or other sharp objects to make small holesd) Large bowl (preferably transparent) to capture the watere) Items to stop the leak like tape, glue, a paper clip or clamp, etc.f) Towel to clean up any spilled water

1. Ask five students come to the front of the class to assist you in this visualization, and hand out itemsa-e.

2. Ask the person holding the colored water to pour it carefully into the plastic bag being held by thesecond student. If the bag can be sealed, ask the student to seal the bag.

3. Ask the student holding the bowl to move it under the bag full of water, and to hold it low enoughthat everyone can see both the bag and the bowl, but close enough to catch any spilling water.

4. Explain that the water in the bag represents each persons personal information and ask the classone-at-a-time to name some types of information that would be included there. (These may includethings like financial, medical, emotional, and other personal information, passwords, address, phonenumber, purchases, friends, family members, etc.)

5. When each new type of information is provided, ask the student holding the sharp pins or other

sharp objects to poke a hole in the bag of water. Have them use small pins for less riskyinformation, and larger pins for more sensitive information.

6. Explain that once the information is leaked, it is very difficult to control who sees their information,but that all hope isnt lost.

7. Ask the person holding the items to stop the leak to now try applying these to stop the flow; youmay want to ask the other student assistants whose hands are now free to help with stopping theleaks.


6/15


7/15


Explore the ins and outs of Facebooks Timeline feature to identify how to use it, manage privacysettings, and identify where new safety behaviors are needed to be successful so that you can inturn help your students with this knowledge. See Facebooks video Introducing Timeline , and theirblog post Tell Your Story with Timeline . Then read CNets Jan 24 th article Ready or not, Facebook'sTimeline is coming to a profile near you , and TechCrunchs Facebook Timeline Now Pushed ToEveryone, Users Get A Week To Clean Up Profiles , and Facebook Timeline Becomes Permanent: FiveThings to Do First . Then wind your way through any other sources you come across.

Full News Articles

Full News Articles

Data Privacy in 2012

Jan. 22, 2011

Data Privacy Day gives us an opportunity to reflect on the past year and trends and increase our focuson the New Year. A quick look back shows 2011 as a tumultuous year for personal data privacy. Tens ofmillions of consumers were impacted by corporate and medical data breaches. We saw the highestvolumes of malware and cybercrime in history. But we also saw some gains. Global spam volumes havedropped, and data privacy is now being discussed broadly within governments, companies, in public andhomes. Weve seen regulatory agencies monitor and mete out punishments against offendingcompanies.

We need to pause and applaud the dedication many organizations have shown towards improvingconsumers data privacy. These include security companies, large platform developers, many individualservice providers, non-profit groups, and others. And we need to encourage them to continue this workin even more collaborative ways to leverage the work that has been done, and push forward as wegrapple with existing and new aspects of privacy online.

Were at an historic crossroads in the history of technology and personal data privacy.

Heavy regulation that stifles the autonomy, speed and creativity of internet development will not serveus well; neither does an environment where a handful of companies can ignore established privacy,safety and security norms for their own profit and rush to deploy de facto standards before consumers or our representative bodies, our governments can review and set boundaries. Before creating atechnological solution, lets ask if there are ethical, privacy, safety, or security issues that should first be

defined.

Oversight helps us collectively grapple with the ethical questions of shoulds and should-nots so thatthe entire focus is not just with the can and cannots. There is humility in the reflective evaluationprocess that is largely lacking in our current market-driven, no holds barred, rush-forward internetworld.


8/15


9/15


are privacy and safety choices offered by the third party application, customizing yoursettings should also be a part of the transition.

Provide users advanced notice of any intended changes in the terms and conditions that will affecttheir safety, privacy, or alter the terms in any other substantial way. This notice may come in theform of an email, text, or during your next login experience.

Countries: Ensure that internet services are built with proper safety, security and privacy impact evaluations by

creating clear regulations. Tightly monitor products that impact consumers daily lives, making surethat these products are in compliance with baseline safety features.

Dissemination public service messages that provide useful, actionable information. Failure to do soresults in a high percentage of the population remaining unaware of the safeguards they need tohave in place to be safer online.

Protect consumer data. For most consumers, information posted and exposed by the federal, state,county and local government agencies represents their greatest risk of becoming a victim of identitytheft. Although some right-to-know laws are necessary, these need to focus on governmentactions and stop at the door of private individuals.

Conclusion:

Many good companies are working hard to improve consumer safety, security and privacy. Theseinclude security companies, large platform developers, many individual service providers, non-profitgroups, and others. We need to applaud the great work they have done, encourage them to continue,work more closely as invested parties to leverage the work that has been done, and push into new areasof safety.

By next year, iKeepSafe hopes well be able to look at an in-depth status report that will demonstratethat weve not only held ground, but strengthened our position.

Its Data Privacy Day on Sat. 28th; But WhatDoes Data Privacy Mean to You? Jan. 22, 2011

This week more than 40 countries around the world will be celebratingData Privacy Day on Jan. 28 th. Designed to promote awareness about themany ways personal information is collected, stored, used, and shared,and education about privacy practices that will enable individuals toprotect their personal information.

There will be weeklong events in various parts of the country, as well asnew research and educational materials.

But what does data privacy day mean to you? Instead of being just another designated day or monththat you hear about in passing, take a few moments to consider what privacy in the digital is like, whatyou want it to be like, and where privacy is headed.


10/15


In the U.S. there is no express right to privacy

It may come as a surprise that in the U.S. there is no express right to privacy. Specific aspects of privacyare protected the 1 st Amendment protects privacy of beliefs, the 3 rd protects privacy of the homeagainst demands that it be used to house soldiers, the 4 th protects the privacy of persons andpossessions against unreasonable searches, and the 5th Amendment protects the privilege against self-incrimination.

The rest is muddled into the Ninth Amendment which asserts that the "enumeration of certain rights" inthe Bill of Rights "shall not be construed to deny or disparage other rights retained by the people." Andthats the problem; the intent of this statement is elusive with noted justices interpreting this clause tobroadly protect privacy x, and by others to conclude that no general right to privacy exists xi.

Enter the internet era

Against a long held belief in an assumed privacy, technology advancements have created opportunitiesand collisions so the question becomes where your rights to privacy end do, and the commercial worldsright to your information begin?

For example, since data breach information began to be collected in 2005, more than 543 millionpersonal data records have been exposed. With a population of around 310 million xii, were fastapproaching an average of 2 data breaches for every man, woman and child. In fact, in 2011 more than30 million new personal data records were breached, affecting 10% of the population.

The information exposed about you may have included Social Security Numbers, email aliases,addresses, phone numbers, credit card information, passwords, accounts, medical records, or othersensitive information. Yet most breaches of consumer data should never have happened. Few, if any,were carried out by brilliant evil masterminds, and basic safety precautions would have been more thanenough to protect us.

A classic case in point is Sony xiii, who last year had more than 101 million customer data recordsbreached failed to take the simple step of encrypting user data. This meant that as soon as hackers gotinto Sonys systems, the information was completely unprotected.

Does it matter that companies, government bodies, educational organizations, medical facilities, andnon-profits have all too often cut corners and costs resulting in careless handling of your information?Should there be laws that require certain standards of security when handling consumer data?

Before Google Earth, anyone peeking into your backyard was a pervert. Now this level of voyeurism is just a click away. While a tremendous boon to some industries, who gave Google the right to share yourhome and yard with the world?

Another dent to your privacy was revealed in the FTC ruling xiv against Facebook last November, whenthe commission found that Facebook made explicit promises to consumers about their privacy that theydid not keep. Like exposing information consumers designated private to the public, repeatedlypromising consumers that they were not selling their information to advertisers while doing so, andclaiming that they deleted user accounts when asked, but in fact did not delete these.

These are just a few examples of the erosion of your control over your information and privacy. Wedlike to hear your opinions about the state of personal privacy and the internet.


11/15


12/15


13/15


Three key conversations to start with your child this week are:

1) Establishing information privacy boundaries. Without anunderstanding of the value and potential harm information of various types has, it can be particularlydifficult for youth to feel a need to protect the information.

As the image here illustrates, a childs profile today has twomeanings, both of which carry a great deal of identifyinginformation. Yet with the advancement of facial recognitiontechnologies, this graphic is becoming very literal technology can now associate all known information about aperson with their physical appearance.

To protect your child, what should they keep private -aboutthemselves, about your family, about locations and photosand friends?

As a family, you may want to fill in the table below to help visualize what information belongs inwhich list.

Who should be able to see my informationInformation thatanyone (parents,law enforcement,employers etc.)can know aboutme

Personal,financialand medicalidentityinformation

Information I wouldonly share with closefriends (it couldembarrass me or harmmy future, or is just noone else's business)

Information I wouldonly share with familymembers (it couldembarrass me or harmmy future, or is just noone else's business)

InformationI'm willing toshare withacquaintances but not thepublic

2) Cleaning content in advance of Facebooks Timeline role out. If you or your child uses Facebook,your accounts will automatically have the Timeline feature turned on in the coming days. Eachaccount will only have 7 days in which to clean up any content before their information is viewable.Before Timeline is live on your childs (and your) account is the time to apply the data privacyboundaries youve just discussed.

To learn more about Timeline and cleaning Facebook history, see Facebooks video IntroducingTimeline , and their blog post Tell Your Story with Timeline . Then read CNets Jan 24 th article Readyor not, Facebook's Timeline is coming to a profile near you , and TechCrunchs Facebook Timeline

Now Pushed To Everyone, Users Get A Week To Clean Up Profiles , and Facebook Timeline BecomesPermanent: Five Things to Do First .

3) Getting ahead of the privacy risks in facial recognition technologies. Facial recognition features arenow live in both Facebook and Google+. These tools provide wonderful opportunities - andsignificant risks. To understand the privacy risks consider this excerpt from a Wall Street JournalArticle Face-ID Tools Pose New Risk :


14/15


As Internet giants Facebook Inc. and Google Inc. race to expand their facial-recognition abilities, newresearch shows how powerful, and potentially detrimental to privacy, these tools have become.

Armed with nothing but a snapshot, researchers at Carnegie Mellon University in Pittsburghsuccessfully identified about one-third of the people they tested, using a powerful facial-recognitiontechnology recently acquired by Google.

Prof. Alessandro Acquisti, the study's author, also found that about 27% of the time, using datagleaned from Facebook profiles of the subjects he identified, he could correctly predict the first fivedigits of their Social Security numbers.

The research demonstrates the potentially intrusive power of a facial-recognition technology, whencombined with publicly available personal data

Paul Ohm, a law professor at University of Colorado Law School, said it shows how easy it isbecoming to "re-identify" people from bits of supposedly anonymous information.

Before your child becomes identifiable to anyone who chooses to take a picture of them on thestreet and then matches it against a database of known facial attributes, determine whether thistechnology is something you want your child or yourself to participate in. It means stores couldidentify and market directly to you or your child, that they could be identified in public places, orthat by taking a photo, someone could learn where your child lives, goes to school, their onlineprofile names, and more.

To learn more about facial recognition tools, you may also want to look at additional materialsincluding the webcast of the FTCs forum Face Facts , Why Facebook's Facial Recognition is Creepy ,How Facial Recognition Systems Work , The top 6 Facial Recognition FAQs and Face Recognition .

These three conversations and actions will go a long way towards retaining personal data privacythat is in focus this week.

i See the iKeepCurrent lesson 7 - Setting up devices for a happy, safe, secure and private New Year for moreii See the iKeepCurrent lesson 2 - Youth and Identity Theft; You Have What Crooks Want for more informationabout monitoring credit reports for identity theft iiiPrivacy Policies Jan 2011 ivWhat you need to know: Facebook, Privacy and Health June 2011 vPrivacy Policies Jan 2011 vihttp://ftc.gov/opa/2011/11/privacysettlement.shtm vii From ZoneAlarm - http://blog.zonealarm.com/2011/10/facebook-update-raises-red-flags.html?view=infographic viii Face-ID Tools Pose New Risk ix This example is taken from the concepts of a short video titled Your Personal Data is Leaking , but whereas thevideo ends with the notion you cant do anything once the information has been leaked, the in-class, or in-homeexample outlines what you can do to reduce the amount of information that is publicly available about you.


15/15


xhttp://www.law.cornell.edu/supct/html/historics/USSC_CR_0381_0479_ZC.html xiWE HAVE NO CONSTITUTIONALRIGHT TO PRIVACY - Democratic Underground xiiWorld Population Balance - - The U.S. Population Situation xiiiData Breaches: A Year in Review xivFacebook Settles FTC Charges That It Deceived Consumers By Failing to Keep Privacy Promises

Date post:	05-Apr-2018
Category:	Documents
Upload:	rahulpandu
View:	217 times
Download:	0 times

Lesson 9 - What Does Data Privacy Mean to You

Documents