Information Privacy Kathy S. Schwaig Kennesaw State University September 25, 2003.
-
Upload
suzan-watson -
Category
Documents
-
view
213 -
download
0
Transcript of Information Privacy Kathy S. Schwaig Kennesaw State University September 25, 2003.
Information Privacy
Kathy S. SchwaigKennesaw State University
September 25, 2003
Four Types of Privacy
Informational Privacy Anonymity, confidentiality
Physical Privacy Ambush journalism, peeping Toms
Decisional Privacy Abortion rights, assisted suicide
Proprietary Privacy Publicity rights
Definitions of Privacy
“Modes by which people, personal information, certain personal property and decision making can be made less accessible to others.” Anita L. Allen 2001
“The right to be left alone.” Warren and Brandeis, 1890 “Claim of individuals, groups or institutions to determine for
themselves when, how and to what extent information about them is communicated to others.” Turner and Dasgupta, 2003
“The desire of consumers to control the disclosure and subsequent use of personal information.”
The Tension: Benefits vs. Concerns
Benefits to consumers: access to credit and financial services shopping choices and educational resources.“The perception of privacy infringement is ultimately shaped
by the issues of value and control. The perception of a consumer that knowingly provides personal information in exchange for a free PC is very different from a consumer having personal information unwittingly gathered and sold to third parties.” (Dennis, 2000)
Privacy Good for Business: Chris Larsen, CEO of E-Loan: “It’s good business practice.
Advances in technology are great, powerful and scary. We need a knockout blow against privacy fears that will benefit the consumer and the economy.”
Business Perspective
“The Importance of knowing what people are doing online, what they are purchasing, and what they are likely to do in the future is of the utmost importance to organizations.” (Hinde, 1999)
Privacy concerns hold economic ramifications. Studies reveal that privacy issues are the single greatest concern of Internet users and that privacy concerns represent the single most prominent reason for not shopping online (Hoffman, et al., 1999; Udo, 2001)
Privacy Calculus
“From a business perspective, privacy is really about making the consumer comfortable disclosing his/her personal information needed for relationship marketing. This involves simultaneously communicating to the consumer the benefits of disclosure and providing assurances that disclosure of personal information is a low-risk proposition.” (Culnan, 2000)
Concerns
Loss of control Misuse of information Risk to physical privacy Risk of economic injury/identity theft Unwanted intrusions into daily life Smith (1996): access, collection, secondary
use, errors
Attitudes Toward Privacy (Turner and Dasgupta, 2003)
Privacy Fundamentalist: 17% Pragmatic: 56% Marginally concerned: 24%
Why Privacy is Important
Personhood, individuality, personal and social relationships, autonomy; information is relationship currency
Workable Societal Objective The “ presumption of privacy” is not
absolute….must often be weighed against other considerations such as public health and national security (9/11).
Post 9/11
British Airways Terrorist Information and Prevention System (TIPS) Trusted Traveler USA Patriot Act (Uniting and Strengthening America by
Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001)/data mining
Total Information Awareness (DOD): “Detect and Deter” Cost to Companies
Compliance: Bell South, privacy policies Non-compliance: Western Union
Post 9/11
“Almost every country that changed its laws to reflect the environment following 9/11 increased the ability of law enforcement and national security agencies to perform interception of communications and transformed power of search and seizure and increased the type of data that can be accessed” Waak, 2002
Legislation
Cable TV Privacy Act of 1984 Children's Online Privacy Protection Act of 1998 Consumer Credit Reporting Reform Act Driver's Privacy Protection Act Electronic Communications Privacy Act (ECPA), revised February 1994. Electronic Funds Transfer Act Electronic Signatures in Global Commerce Act, July 2000. Fair Credit Reporting Act, 1970 Amended 1999. Family Education Rights and Privacy Act Financial Services Modernization Act of 1999 (AKA Gramm-Leach-Bliley) Freedom of Information Act 1974 Privacy Act of 1974 Right to Financial Privacy Act (RFPA) 1978 Telecommunications Act Telemarketing and Consumer Fraud Act
Three Ways to Regulate
Government Industry (self)
Legislation: defining the appropriate rules Enforcement: initiation of enforcement when
rules are broken Adjudication: whether or not the company
has violated the rules. Consumer
Self-Regulation
“Governments of the industrial world, you wary giants of flesh and steel…on behalf of the future, I ask you of the past to leave us alone…you do not know our culture, our ethics or the unwritten codes that already provide our society more order than could be obtained by any of your impositions”
John Perry Barlow “Declaration of the Independence of Cyberspace”
Self-Regulation
Self-regulatory Regimes Network Advertising Initiative Privacy Leadership Initiative Online Privacy Alliance Platform for Privacy Preferences IBM Institute and Privacy Management Council Trustee, BBB Online Industries developing principles and practices that reflect
the consensus on the best approaches. “Letting the Fox Guard the Hen House”
FTC’s Agenda
Creating a National Do Not Call List Increasing Enforcement against SPAM Helping victims of identity theft Stopping Pretexting Encouraging accuracy in Credit Reporting Increasing enforcement on COPPA Enforcing the Telemarketing Sales Rule Restricting the Use of Pre-acquired information Enforcing GLBA Enforcing privacy policies Holding Workshops
Need for Online Privacy Leadership
Remarks of FTC Chairman Muris
“More legislation could increase consumer confidence” “Could ensure consistent regulation of collection
practices across 50 states” “We need more information about how legislation will
work , what it will cost, and benefits or “acres of trees” will die!”
“Challenges of new legislation are daunting…. Application of access and security is daunting”
“Should we limit to online practices” “More law enforcement rather than laws?”
Concept of Fair Information Practices
Notice/Awareness: consumers should have notice of an organization's online information practices
Choice/consent: consumers should have a choice about the use and dissemination of information they reveal, usually through an opt-in or opt-out mechanism
Access/Participation: consumers should have access to the information businesses collect about them to help ensure accuracy and completeness
Integrity/Security: consumers should have the personal information collected about them adequately secured from outside parties and from corruption of the data
Enforcement/redress: consumers should have a way to ensure that businesses and organizations comply with these core privacy principles either through external regulation (audits ) or certification programs
Our Study
Reviewed the Privacy Policies of the Fortune 500 to ascertain the extent to which these sites post privacy policies that reflect fair information practices.
Final Thoughts
Sites post privacy policies but they typically do not fully reflect FIP
Most policies have confusing and often ambiguous wording
FTC has promised greater accountability