Company

LOGO

Internet Technologies

Privacy – October 25, 2005

Who do you share your personal information with?

Question:

A Lot of People

Friends & Family

Utilities

Public Postings

Insurance

Professional Medical

Church & Affiliations

Retail

Education

Credit & Banking

Government

You

Who has access to your personal information?

Question:

A Lot of People

What is privacy?

pri·va·cy

n. The quality or condition of being secluded from the presence or view of others.

The state of being free from unsanctioned intrusion: a person's right to privacy.

The state of being concealed; secrecy.

Evolution of the Right of Privacy

1791 – Bill of Rights

3rd AmendmentNo Soldier shall, in time of peace be quartered in any house, without the consent of the Owner, nor in time of war, but in a manner to be prescribed by law.

4th AmendmentThe right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated . . .

5th AmendmentNo person shall be . . . deprived of life, liberty, or property, without due process of law . . .

9th AmendmentThe enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people."

1890 - The Right To Privacy by Samuel Warren and Louis D. Brandeis - Harvard Law Review (1890)

1948 – Universal Declaration of Human Rights No one shall be subjected to arbitrary interference with his privacy . . .

Everyone has the right to the protection of the law against such interference.

1965 – Griswold v. Connecticut Doctor charged for issuing birth control. The court held that: specific guarantees in the Bill of Rights have

penumbras, formed by emanations from those guarantees that help give them life and substance . . . [which includes] zones of privacy.

1972 – California Constitutional Amendment "All people are by nature free and independent and have inalienable rights.

Among these are enjoying and defending life and liberty, acquiring, possessing, and protecting property, and pursuing and obtaining safety, happiness, and privacy.”

Right of Privacy (con’t)

Privacy After Watergate

Early Privacy Legislation

1970Fair Credit Reporting Act Accuracy, fairness, and the privacy of personal

information assembled by Credit Reporting Agencies

1972 Freedom of Information Act Permits access to government records

1974 Privacy Act Established rules for the collection, use and

disclosure of personal information held by federal agencies and specifically prohibited data matching of those government files

Family Education Rights Privacy Act Educational Record Privacy

1978 Right to Financial Privacy Act Consumers Must Get Notice & opportunity to object

before government obtains financial records.

1986Electronic Communications Privacy Act

Addresses access, use, disclosure, interception and privacy protections of electronic communications.

Mail communications already protected

Computer Fraud & Abuse Act Protect against intruders

1988

Computer Matching and Privacy Protection Act Regulates government computer matching

Video Privacy Protection Act Video rentals are private

The Internet Age

A Typical Website

IP Address

IP A

dd

res

s

Registration Info

Globe

VC

LK

Registration Info

What Cookies Do

Identity Verification Personalization

E.g., remember user name

Preference Management

Shopping Baskets Site Traffic Analysis Load Management

across servers

Advertising Controls Rotation Frequency Profile targeting Customer Targeting

Advertising Management Identify Referral Source Track Referrals for

compensation

Cookies and Choice

Allows Userto Delete Cookies

Allows User to Block Cookies

Anatomy of a Privacy Policy

TYPES OF INFORMATION COLLECTED

Information You Provide Us  Site Usage Information

Email Communications   Information from Other Sources

HOW INFORMATION MAY BE COLLECTED  Registration

. Newsletters and Site Emails  Contests or Sweepstakes  Surveys or Voting  Cookies  IP Addresses and Click-stream Data  Transaction Information 

HOW WE USE THE COLLECTED INFORMATION  Personally identifiable information will not be sold or

otherwise transferred on an individual basis to unaffiliated third parties without the approval of the user at the time of collection. . . ..

WITH WHOM THE INFORMATION MAY BE SHARED  Agents: Promotional Offers:. Aggregate Information Opt-in and Opt-out Programs Partners Subsidiaries and Affiliates: Business Transfers: Legal Process:

SECURITY  This Site incorporates reasonable safeguards to

protect the security, integrity, completeness, accuracy and privacy of the personal information that we may collect . . .

Privacy Policies

No requirement to have privacy policies

Privacy Policy Requirements

When you register with Toysmart.com, you can rest assured that your information will never be shared with a third party

Self Regulatory Initiatives

Privacy Seals TRUSTe

Platform for Privacy Preferences Project (P3P)

Industry Best Practices Network Advertising

Initiative

EU Privacy Directive

EU Privacy DirectiveData subjects have

a right of access to that data

a right to know where the data originated (if such information is available)

a right to have inaccurate data rectified

a right of recourse in the event of unlawful processing

a right to withhold permission to use their data in certain circumstances

EU Data Transfer

May not transfer to non-EU countries that do not meet EU standards

Exceptions where affirmative consent or necessary to serve data subject

EU Safe Harbor

NoticeOrganizations must notify individuals about the purposes for which they collect and use information about them.

ChoiceOrganizations must give individuals the opportunity to choose (opt out) whether their personal information will be disclosed to a third party

Transfers to Third PartiesSubject to Notice and Choice.

AccessIndividuals must have access to personal information and be able to correct, amend, or delete that information where it is inaccurate,

Security: Organizations must take reasonable precautions to protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction.

Data integrity

Personal information must be relevant for the purposes for which it is to be used. An organization should take reasonable steps to ensure that data is reliable for its intended use, accurate, complete, and current.

Enforcement Mechanism

How a bill becomes law

Recent Legislation

FEDERALCOPPA Websites directed at children OR if know

under 13 Must post notice on Website Must obtain parental consent before using

PII

Gramm-Leach-Bliley (GLB)Financial institutions must securely store personal financial information advise you of their policies on sharing of

personal financial information give consumers the option to opt-out of

some sharing of personal financial information.

Health Insurance Portability and Accountability Act (HIPAA ) Same concept as GLB Notice, consent, security

CALIFORNIA

Shine the Light Law

Either disclose a list of the categories of PII disclosed to other companies for their marketing purposes (with the names and addresses of those companies); OR

Allow opt-out option via privacy policy

Online Privacy Protection Act If collect PII from California residents Must conspicuously post a privacy policy

and identify the categories of PII collected and how it is shared.

Security Breach Notification California Resident Unencrypted Social Security number, driver's license or

state ID card number, or financial account numbers

This law requires a business or a State

ChoicePoint

145,000 records accessed

Discovered because of California law

In first eight months after ChoicePoint Over 70 incidents Involving over 50 Million Records

Hall of Shame

Government & Health Care

Other Companies

Financial Companies

PCS Rankings

Ranked

Non-Ranked

The Wares

Adware Software bundled with ad

service software Notice & consent?

Spyware Gathers information on

user without knowledge Email addresses Passwords Credit Card Information Keystroke Logging Alters default settings

Malware Software designed

specifically to damage or disrupt a system, such as a virus or a Trojan horse.

Scareware “Faux Spyware”, i.e.,

benign applications falsely labeled as Spyware

Spyware Legislation

California Spyware Act

Prohibits deceptive downloading and/or collection of information

Prohibits taking over third party computer or altering default settings

Federal Legislation Questions

Do you regulate conduct or technology?

Is spyware already illegal?

Status House passed bill in

2004 and 2005 Action stalled in the

Senate

OnGuardOnline.Gov

Protect your personal information. It's valuable.

Know who you're dealing with.

Use anti-virus software and a firewall, and update both regularly.

Make sure your operating system and Web browser are set up properly and update them regularly.

Protect your passwords.

Back up important files.

Learn who to contact if something goes wrong online.