90 likes | 217 Views
Predicate for Privacy : Overview of Privacy considerations in Linked Data Environment. W3C Government Linked Data Working Group Michael Aisenberg, Esq. 29 June 2011. Privacy Primer 1: What is Privacy ?.
E N D
Predicate for Privacy: Overview of Privacy considerations in Linked Data Environment W3C Government Linked Data Working Group Michael Aisenberg, Esq. 29 June 2011
Privacy Primer 1: What is Privacy ? • Definition of Privacy: The ability of an individual to exercise control over the collection, use, and dissemination of his or her personally identifiable information (PII). • Definition of PII: • Information that directly or indirectly identifies an individual • Information which can be used to distinguish or trace an individual’s identity, • name, social security number, biometric records, etc. alone, or when combined with other personal or identifying information which is “linked or linkable” to a specific individual, such as date and place of birth, mother’s maiden name.
Privacy Primer 2: Policy Framework • OECD: “Fair Information Practice Principles” • EU: Data Protection Directive: citizens “own” their PII • Data Protection Authority • U.S.: Distinguish Obligations by Identity of Collector of Data • Government: Privacy Act of 1974, 1976, 2002 Amendments • Privacy and Security: FISMA • All data collections “Systems of Records” • Special treatment of individuals’ data in sectors • Children: COPPA • Health Information: HIPAA • Banking/Financial Service Information: Sarbanes/Oxley • Global presence of U.S. collectors: EU Safe Harbor Agreement • Duty of custodial control by collector • “Data Breech” legislation
Privacy Primer 3: When do Privacy Act obligations apply ? • In U.S., Privacy Act obligations apply whenever an agency of government establishes a “System of Records” in which it maintains data collected from individuals • “System of Records” • a group of any records under the control of any agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual Privacy Act of 1974, 5 U.S.C. § 552a(a)(5). • “No” Exceptions: • The requirement to protect privacy by protecting PII in its custody applies to all Federal agencies, including the intelligence community, law enforcement and defense agencies • Except: • For “national security” systems • Previously assessed systems under evaluation similar to PIA • Internal government operations • For government-run websites that do not collect identifiable information about the public • System collecting non-identifiable information • .
Privacy Primer 4:Core Privacy Principles*(Based on Fair Information Practices, foundation for the Privacy Act of 1974) *Based on information at http://www.ftc.gov/reports/privacy3/fairinfo.shtm
Privacy Issues (1): Policy • Scope of consent • Consistency between avowed purpose as disclosed to subject and actual use • Use beyond scope as disclosed • Problem areas: • Law enforcement • Intelligence/counter-terrorism • Minimization: least data necessary to accomplish agency’s purpose • “Routine uses” • Recognized, permissible “exceptions” to disclosed intended use • Share with congress, OMB: program oversight, often anonymized • Law enforcement/intelligence: by law, need NOT be disclosed if for specific investigation of an individual • Grey area: routine sharing with LE/Intel for analytical, statistical purposes • The “exception” which threatens to consume the Rule….
Privacy Issues (2): Architecture • Data format, storage, retention method/venue ? • Retention period, archive purging, loss of control for 3rd-party stored data • From Privacy Policy: • How are subjects notified of collection ? • How is consent obtained ? • Is there meaningful consent ? Or can you be thrown off the plane and detained by law enforcement if you do not provide data ? • Are subjects’ rights to “redress” for improper use explained/disclosed ? • What provisions exist for modifying permissible uses, retention period or other consented issues ? • KEY QUESTION: Do agency (or other collector of PII)data collection mechanisms accommodate the Privacy Requirements of notice and consent?
Emerging approaches to Controlling Data ”collection abuse” • Technical capacity to identify subjects of collection; e.g. • Meta tagging of ALL PII data fields ? • “Record locator” identifier for each collected record ? • Other options ? • System Design: Precursor: Common lexicon/uniform structure for data fields, critical PII data elements: • E.g. Name, D-O-B, Country of Birth/Citizenship/Origin • Cheat-sheet/template for foreign passports, other credential systems (ICAO badges) • How to enforce multi-laterally ? • Rely on multi-jurisdictional vendors (e.g.—IBM, Siemens, Barclays) • Deployment Candor: What are the intended uses of data: what does agencyREALLY intend to do with the data ? • Data matching systems; TTIC • Why ? Accurate “scope” information in required disclosures and informed consent to be obtained from subjects ?