1 / 26

“Privacy and the Internet”

This article discusses the importance of privacy in the digital age, including the loss of control over personal information and the need for legal protections in sensitive categories such as medical and financial data. It also explores self-regulation, enforcement measures, and the role of government and industry in setting an example. The article covers various sectors of the internet, including individual reference services, network advertising, and children's online privacy. It examines the Children's Online Privacy Protection Act of 1998, HIPAA legislation for medical records privacy, and financial privacy under the Gramm-Leach-Bliley Act. The government's role as a model for privacy protection, computer security, and coordination and oversight mechanisms are also discussed. The article addresses issues such as notice, choice, access, security, and enforcement. Other internet privacy issues, including preemption and law enforcement access to internet records, are mentioned as well. The conclusion emphasizes the need for continued attention to privacy in the Information Age.

gloriab
Download Presentation

“Privacy and the Internet”

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. “Privacy and the Internet” Professor Peter P. Swire Ohio State University National Press Foundation February 14, 2001

  2. Do People Care About Privacy? • 90 percent of Americans say they have “lost all control” over their personal information • WSJ poll 9/99

  3. Overview • The Clinton Administration and privacy • This year

  4. The Clinton Administration • Supported self-regulation generally • Sensitive categories deserve legal protection • Medical & Genetic • Financial • Children’s Online • Government should lead by example • Chief Counselor for Privacy

  5. Internet Privacy • Quantity of policies • 15% to 66% to 88% from 1998 to 2000 • Quality of policies • Seek continued improvement on choice, access & security • Enforcement if company breaks its privacy promise • Unfair and deceptive trade practice

  6. Internet Sectors • Individual Reference Services Group (1998) • Look up services code of conduct • Limits on distribution of SSNs • Network Advertising Initiative (2000) • Special sensitivity when a 3d party, unknown to user, compiles information • Safe Harbor for transfers with E.U. (2000) • Self-regulation as a core achievement

  7. Children’s Online Privacy Protection Act of 1998 • FTC rules took effect 4/00 • Web sites targeted at under 13s • Key is “verifiable parental consent”

  8. Medical Records Privacy • HIPAA 1996 called for legislation by 8/99 • President announced proposed regs 10/99 • Over 52,000 submissions of comments • Final rules 12/00 • Administration decision by February 26

  9. Medical Records (cont.) • Fair information practices • Notice • Patient choice • Access • Security • Enforcement

  10. Medical -- Who is Covered? • “Covered entities” • Providers • Plans • Clearninghouses • Business associates • Online/offline neutrality

  11. Financial Privacy • Title V of Gramm-Leach-Bliley • Notice • Opt-out 3d parties • Enforcement • Online/offline neutrality • President Clinton called for greater protections last year

  12. Government as a Model • Government web sites • Privacy policies at major sites • Presumption against cookies • Computer security • Coordination & oversight mechanisms

  13. Government computer security • Good security is necessary for privacy • Weak security allows access to tax records, criminal investigative files, etc. • Good security helps stop hackers and other unauthorized users • Good security is not sufficient for privacy • What can an authorized user do with the data? • Post it to the Internet? • Privacy policies govern authorized users

  14. Coordination & oversight • Coordination -- Chief Counselor position 3/99 • Must become aware of issues before you can affect them-- “clearance” • Alert decisionmakers before problems become public • No announcement on Bush approach

  15. II. This Year • Fair information practices and Internet Privacy • Notice • Some favor notice only • Can do with technology, such as P3P • Less strict -- no other requirements • More strict -- a new law more likely later

  16. Choice • The biggest debate so far • Opt out • Customer gets choice • But opt out may be hard to find on web page • Maybe “spyware” and no one to give notice

  17. Choice (cont.) • Opt in • Strong privacy protection • Forces web site to explain why sharing is good • But, how do small sites find customers? • Robust opt out • Possible compromise

  18. Access • Like FOIA -- check on abuse • “Reasonable” access • Cost matters • Some exceptions • Information about other persons • Trade secrets and proprietary

  19. Access (cont.) • Access only to decisional information • Credit reports • Medical records • Access to all information • Psychographic information • Every memo in the company • Target marketing • Decisional? • Proprietary?

  20. Security • Good security in layers • Hardware • Software • Personnel policies • Hard to measure • Law focuses on notice of security? • Detailed regs on security? • Must update anti-virus at least once a week?

  21. Enforcement • FTC new powers • State AGs to help • Private right of action?

  22. Enforcement (cont.) • What role for TRUSTe, BBBOnline? • Safe harbor in COPPA • Multiplies enforcement resources • Teams enforcement with consulting • Privatizes enforcement • Target for EU pressure

  23. Other Internet Privacy Issues • Preemption • In favor: • Same web site sells to all 50 states • Possibly inconsistent state laws • Opposed: • The big reason for industry to accept legislation • Financial and engine for continued change • Don’t place ceiling on “human rights”

  24. Other Issues (cont.) • Customer lists in bankruptcy • Toysmart case • Law enforcement access to Internet records • Extend to offline, too? • Leary -- consistency requires it • But, ready to regulate each corner store?

  25. Concluding thoughts • Many flows are good in Information Age, but not all flows are good • Self-regulation has been central to date • Treat sensitive data more carefully, subject to legal protections where appropriate • Will political system insist on Internet legislation? • In closing, a common sense test:

  26. President Clinton, at Aspen Institute:“Do you have privacy policies you can be proud of? Do you have privacy policies you would be glad to have reported in the media?”If so, your policies are far more likely to survive, and help your organization prosper, in the information age.

More Related