fair information practices: overview and application to the omnibus approach
DESCRIPTION
This presentation provides a high level overview of the Fair Information Practices and the creation of an Omnibus Privacy Law. The presentation is designed to inform lawmakers on the background and benefits of creating and Omnibus Privacy Law in the United States, as such laws already exist in other parts of the world such as the European Union. This is the first of three presentations on this topic.TRANSCRIPT
Fair Information Practices
Overview and Application to the Omnibus Approach
Thank you for checking out this presentation on SlideShare.
This presentation provides a high level overview of the Fair Information Practices and the creation of
an Omnibus Privacy Law. The presentation is designed to inform lawmakers on the background and benefits of creating and Omnibus Privacy Law in the United States, as such laws already exist in
other parts of the world such as the European Union.
This is the first of three presentations on this topic.
Presentation Overview
For more information please visit http://www.ericgoldman.name - Copyright 2009 Eric Goldman
2
Agenda
I. IntroductionII. BackgroundIII. Value of the Omnibus ApproachIV. Practices in DepthV. ConclusionVI. Questions
For more information please visit http://www.ericgoldman.name - Copyright 2009 Eric Goldman
3
Introduction In order to increase privacy protections for our
citizens, it becomes necessary to create a uniform set of privacy laws that apply broadly across multiple sectors
The current sectoral approach is limited to specific situations and does not provide general protections of citizen personal and private information
In order to combat cyber crime, such as identity theft and misuse of private records for discrimination, privacy laws based upon the Fair Information Practices developed by the United States in the 1970s are presently required
For more information please visit http://www.ericgoldman.name - Copyright 2009 Eric Goldman
4
Background:What are the Fair Information Practices? Originally developed in 1973 by the U.S. Dep't. of
Health, Education and Welfare, Secretary's Advisory Committee on Automated Personal Data Systems
These practices outlined in the early1970s have been enacted into law in countries throughout the world
It is important to remember that the practices themselves are not laws, but serve as a framework to build legislation and regulations
At times, the practices outlined in this report may seem to overlap, however, it is important to consider each perspective on the complete problem
For more information please visit http://www.ericgoldman.name - Copyright 2009 Eric Goldman
5
Value of the Omnibus Approach Allows for standardization across sectors
Current approaches are administered with sectoral bias Uniform enforcement and authority across sectors Reduces loopholes in sectors with weak administration
Increases individual privacy protection Reduces unsolicited and unknown usage of private
information Allows for monitoring and correction of private information
Uniformity with global standards Facilitates globalized and multinational business
operations Can help with protect citizen data outside of United States
For more information please visit http://www.ericgoldman.name - Copyright 2009 Eric Goldman
6
In Depth: Collection limitation Overview
Information collected should be of a limited scope Should be obtained with knowledge and/or consent Collection should be obtained in a fair and legal
manner How this protects an individual’s privacy
Individuals are aware that their information is being collected
Individuals understand by whom this information is being obtained and for what purpose it will be used
No extraneous information is collected, which limits possible misuse or vulnerability if other safeguards are defeated
For more information please visit http://www.ericgoldman.name - Copyright 2009 Eric Goldman
7
In Depth: Data quality Overview
Information obtained should only be relevant to the purpose for which is it being collected
Information should be current and accurate in relation to the purpose of the collection activities
How this protects an individual’s privacy Information which is not relevant is not vulnerable
to attack Once information is outdated or is no longer
relevant it will need to be removed or updated which reduces exposure
Accurate and current information ensures that fair decisions will be made over time
For more information please visit http://www.ericgoldman.name - Copyright 2009 Eric Goldman
8
In Depth: Purpose Specification Overview
Purpose of collection should be disclosed prior to collection
Any changes to the original purpose should also be disclosed
Usage is limited to the purposes specified How this protects an individual’s privacy
Information collected cannot later be used in some manner of which the individual does not approve or in a manner that would result in discrimination or unexpected consequences
Collection purposes and usage modifications are communicated to individuals, increasing their awareness of who has their information and for what purposes
For more information please visit http://www.ericgoldman.name - Copyright 2009 Eric Goldman
9
In Depth: Use Limitation Overview
Personal information is only used for the initial purpose
Information is only reused by consent or legal authority
How this protects an individual’s privacy Information cannot unknowingly be transferred to
a third party Ensures that information is not used for new
purposes that arise from information collector’s new needs or motivations
For more information please visit http://www.ericgoldman.name - Copyright 2009 Eric Goldman
10
In Depth: Security Safeguards Overview
Reasonable protections exist against loss, unauthorized access or disclosure, usage, and modification
How this protects an individual’s privacy Users information should be protected against
known attacks and methods that would breach privacy and confidentiality
Safeguards, such as access control systems also help limit accidental internal exposure that was not intended
Information is stored and transferred using secure methods to limit possible exposure or attack
For more information please visit http://www.ericgoldman.name - Copyright 2009 Eric Goldman
11
In Depth: Openness Overview
Privacy practices should be public knowledge Individuals should have easy access to practices
and how their information will be used once collected
How this protects an individual’s privacy Collectors of information cannot hide their practices Privacy practices can be scrutinized by regulators Individuals are enabled to make more informed
decisions about who they should allow access to their private information and how those collectors will then use the information
For more information please visit http://www.ericgoldman.name - Copyright 2009 Eric Goldman
12
In Depth: Individual Participation Overview
Individuals have the right to know what information is being collected about them and by whom
Collectors must provide easy access to information, with the ability to request corrections to the information collected
Procedures exist to challenge the denial of the above rights
How this protects an individual’s privacy Ensures that records are accurate and are not misleading Individuals have the power to stop unfair information
usage Individuals are always aware of who has what information
and why they have this information
For more information please visit http://www.ericgoldman.name - Copyright 2009 Eric Goldman
13
In Depth: Accountability Overview
Collectors and users of collected information are accountable to ensure the other practices are enforced
Collectors must develop practices that are in compliance
How this protects an individual’s privacy Collectors are consciously aware of the
requirements, they cannot claim ignorance of violating privacy rights
Collectors have a vested interest in meeting the other practices because they are ultimately responsible for any breaches of these practices
For more information please visit http://www.ericgoldman.name - Copyright 2009 Eric Goldman
14
Conclusion The main ideas embodied in the above practices are:
Awareness: Individuals should know who is collecting their information, for what purpose it will be used, and how the data will be handled and protected from misuse
Consent: Information is only collected, maintained, and transferred as long as the individual provides explicit consent
Access: Individuals have the right to see what data is stored about them and to ensure that this information is accurate
Security: Personal information must be protected from unauthorized access or manipulation
Enforcement: Laws, penalties, and action must be taken to ensure holders of private information are accountable
For more information please visit http://www.ericgoldman.name - Copyright 2009 Eric Goldman
15
Questions
Floor is open to questions
For more information please visit http://www.ericgoldman.name - Copyright 2009 Eric Goldman
16
The reference list for this presentation is shared among multiple presentations, please see the full article for this presentation available at
http://www.ericgoldman.name
References
For more information please visit http://www.ericgoldman.name - Copyright 2009 Eric Goldman
17