fair information practices: overview and application to the omnibus approach

Fair Information Practices

Overview and Application to the Omnibus Approach

Thank you for checking out this presentation on SlideShare.

This presentation provides a high level overview of the Fair Information Practices and the creation of

an Omnibus Privacy Law. The presentation is designed to inform lawmakers on the background and benefits of creating and Omnibus Privacy Law in the United States, as such laws already exist in

other parts of the world such as the European Union.

This is the first of three presentations on this topic.

Presentation Overview

For more information please visit http://www.ericgoldman.name - Copyright 2009 Eric Goldman

2

Agenda

I. IntroductionII. BackgroundIII. Value of the Omnibus ApproachIV. Practices in DepthV. ConclusionVI. Questions


3

Introduction In order to increase privacy protections for our

citizens, it becomes necessary to create a uniform set of privacy laws that apply broadly across multiple sectors

The current sectoral approach is limited to specific situations and does not provide general protections of citizen personal and private information

In order to combat cyber crime, such as identity theft and misuse of private records for discrimination, privacy laws based upon the Fair Information Practices developed by the United States in the 1970s are presently required


4

Background:What are the Fair Information Practices? Originally developed in 1973 by the U.S. Dep't. of

Health, Education and Welfare, Secretary's Advisory Committee on Automated Personal Data Systems

These practices outlined in the early1970s have been enacted into law in countries throughout the world

It is important to remember that the practices themselves are not laws, but serve as a framework to build legislation and regulations

At times, the practices outlined in this report may seem to overlap, however, it is important to consider each perspective on the complete problem


5

Value of the Omnibus Approach Allows for standardization across sectors

Current approaches are administered with sectoral bias Uniform enforcement and authority across sectors Reduces loopholes in sectors with weak administration

Increases individual privacy protection Reduces unsolicited and unknown usage of private

information Allows for monitoring and correction of private information

Uniformity with global standards Facilitates globalized and multinational business

operations Can help with protect citizen data outside of United States


6

In Depth: Collection limitation Overview

Information collected should be of a limited scope Should be obtained with knowledge and/or consent Collection should be obtained in a fair and legal

manner How this protects an individual’s privacy

Individuals are aware that their information is being collected

Individuals understand by whom this information is being obtained and for what purpose it will be used

No extraneous information is collected, which limits possible misuse or vulnerability if other safeguards are defeated


7

In Depth: Data quality Overview

Information obtained should only be relevant to the purpose for which is it being collected

Information should be current and accurate in relation to the purpose of the collection activities

How this protects an individual’s privacy Information which is not relevant is not vulnerable

to attack Once information is outdated or is no longer

relevant it will need to be removed or updated which reduces exposure

Accurate and current information ensures that fair decisions will be made over time


8

In Depth: Purpose Specification Overview

Purpose of collection should be disclosed prior to collection

Any changes to the original purpose should also be disclosed

Usage is limited to the purposes specified How this protects an individual’s privacy

Information collected cannot later be used in some manner of which the individual does not approve or in a manner that would result in discrimination or unexpected consequences

Collection purposes and usage modifications are communicated to individuals, increasing their awareness of who has their information and for what purposes


9

In Depth: Use Limitation Overview

Personal information is only used for the initial purpose

Information is only reused by consent or legal authority

How this protects an individual’s privacy Information cannot unknowingly be transferred to

a third party Ensures that information is not used for new

purposes that arise from information collector’s new needs or motivations


10

In Depth: Security Safeguards Overview

Reasonable protections exist against loss, unauthorized access or disclosure, usage, and modification

How this protects an individual’s privacy Users information should be protected against

known attacks and methods that would breach privacy and confidentiality

Safeguards, such as access control systems also help limit accidental internal exposure that was not intended

Information is stored and transferred using secure methods to limit possible exposure or attack


11

In Depth: Openness Overview

Privacy practices should be public knowledge Individuals should have easy access to practices

and how their information will be used once collected

How this protects an individual’s privacy Collectors of information cannot hide their practices Privacy practices can be scrutinized by regulators Individuals are enabled to make more informed

decisions about who they should allow access to their private information and how those collectors will then use the information


12

In Depth: Individual Participation Overview

Individuals have the right to know what information is being collected about them and by whom

Collectors must provide easy access to information, with the ability to request corrections to the information collected

Procedures exist to challenge the denial of the above rights

How this protects an individual’s privacy Ensures that records are accurate and are not misleading Individuals have the power to stop unfair information

usage Individuals are always aware of who has what information

and why they have this information


13

In Depth: Accountability Overview

Collectors and users of collected information are accountable to ensure the other practices are enforced

Collectors must develop practices that are in compliance

How this protects an individual’s privacy Collectors are consciously aware of the

requirements, they cannot claim ignorance of violating privacy rights

Collectors have a vested interest in meeting the other practices because they are ultimately responsible for any breaches of these practices


14

Conclusion The main ideas embodied in the above practices are:

Awareness: Individuals should know who is collecting their information, for what purpose it will be used, and how the data will be handled and protected from misuse

Consent: Information is only collected, maintained, and transferred as long as the individual provides explicit consent

Access: Individuals have the right to see what data is stored about them and to ensure that this information is accurate

Security: Personal information must be protected from unauthorized access or manipulation

Enforcement: Laws, penalties, and action must be taken to ensure holders of private information are accountable


15

Questions

Floor is open to questions


16

The reference list for this presentation is shared among multiple presentations, please see the full article for this presentation available at

http://www.ericgoldman.name

References


17

fair information practices: overview and application to the omnibus approach

Technology

current information

information plea

extraneous information

initial purpose information

eric goldman

omnibus privacy law

privacy protections

omnibus approach practices