Chapter 4Chapter 4

PRIVACYPRIVACY

PRIVACY PROTECTION & PRIVACY PROTECTION & THE LAWTHE LAW

Information about people is gathered, Information about people is gathered, stored, analyzed and reported because stored, analyzed and reported because organizations can use it to make better organizations can use it to make better decisions.decisions.- Job hiring, approve a loan, offer a scholarshipJob hiring, approve a loan, offer a scholarship

Knowing consumers purchasing habits and Knowing consumers purchasing habits and financial condition.financial condition.- Know who will buy their products and servicesKnow who will buy their products and services

Adoption of the United States Constitution – Adoption of the United States Constitution – 17891789

Several amendments where made, 10 of this Several amendments where made, 10 of this where known as the Bill of Rightwhere known as the Bill of Right 44thth amendment states: The right of the people amendment states: The right of the people

to be secure in their persons, houses, papers, to be secure in their persons, houses, papers, and effects, against unreasonable searches and effects, against unreasonable searches and seizures, shall not be violated, and no and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and supported by Oath or affirmation, and particularly describing the place to be particularly describing the place to be searched, and the persons or things to be searched, and the persons or things to be seized. seized.

The US supreme court has ruled that the The US supreme court has ruled that the concept of privacy is protected by the Bill of concept of privacy is protected by the Bill of RightsRights

Privacy Protection Study Privacy Protection Study Commission noted in 1977Commission noted in 1977 ““The real danger is the gradual The real danger is the gradual

erosion of individual liberties erosion of individual liberties through the automation, through the automation, integration, and interconnection of integration, and interconnection of many small, separate record-many small, separate record-keeping systems, each of which keeping systems, each of which alone may seen innocuous, even alone may seen innocuous, even benevolent, and wholly justifiable.benevolent, and wholly justifiable.

INFORMATION PRIVACYINFORMATION PRIVACY

Information privacy is the combination Information privacy is the combination of communications privacy ( the ability of communications privacy ( the ability to communicate with others without to communicate with others without those communications being monitors those communications being monitors by other persons or organizations) and by other persons or organizations) and data privacy (the ability to limit access data privacy (the ability to limit access to one’s personal data by other to one’s personal data by other individuals and organizations in order individuals and organizations in order to exercise a substantial degree of to exercise a substantial degree of control over that data and its use).control over that data and its use).

PRIVACY LAWS, PRIVACY LAWS, APPLICATION AND COURT APPLICATION AND COURT

RULINGSRULINGS Financial dataFinancial data Health InformationHealth Information Children’s personal dataChildren’s personal data Electronic surveillanceElectronic surveillance Export of Personal dataExport of Personal data Access to government recordsAccess to government records

FINANCIAL DATAFINANCIAL DATA Financial products and services, including Financial products and services, including

credit cards, savings and checking accounts, credit cards, savings and checking accounts, loans, payroll direct deposit and brokerage loans, payroll direct deposit and brokerage accountsaccounts To access this financial products – logon name, To access this financial products – logon name,

password, account number or PINpassword, account number or PIN- high risk of loss of privacy and potential financial - high risk of loss of privacy and potential financial lossloss

• Fair Credit Reporting Act of 1970 regulates the Fair Credit Reporting Act of 1970 regulates the operations of credit-reporting bureaus, including how operations of credit-reporting bureaus, including how to collect, store and use credit information.to collect, store and use credit information.

- an act designed to promote accuracy, - an act designed to promote accuracy, fairness, and privacy of information in the files of fairness, and privacy of information in the files of credit-reporting companies.credit-reporting companies.

HEALTH INFORMATIONHEALTH INFORMATION

The use of electronic medical records The use of electronic medical records and the subsequent interlinking and and the subsequent interlinking and transferring of this electronic transferring of this electronic informationinformation* Health Insurance Portability and * Health Insurance Portability and

Accountability Act of 1996 was designed to Accountability Act of 1996 was designed to improve the portability and continuity of improve the portability and continuity of health insurance coverage; to reduce fraud, health insurance coverage; to reduce fraud, waste, and abuse in health insurance and waste, and abuse in health insurance and healthcare delivery; and to simplify the healthcare delivery; and to simplify the administration of health insurance.administration of health insurance.

CHILDREN’S PERSONAL CHILDREN’S PERSONAL DATADATA

Teenagers spend an average of 31 hrs per week Teenagers spend an average of 31 hrs per week online – UKonline – UK Exposed to inappropriate material and online predatorsExposed to inappropriate material and online predators Becoming the target of harassmentBecoming the target of harassment Divulging personal dataDivulging personal data Becoming involved in gambling or other inappropriate behaviorBecoming involved in gambling or other inappropriate behavior

Children’s Online Privacy Protection Act 1998 – any Children’s Online Privacy Protection Act 1998 – any Web site that caters to children must offer Web site that caters to children must offer comprehensive privacy policies, notify parents or comprehensive privacy policies, notify parents or guardians about its data collection policies, and guardians about its data collection policies, and receive parental consent before collecting any receive parental consent before collecting any personal information from children under 13 years personal information from children under 13 years old. old.

ELECTRONIC ELECTRONIC SURVEILLANCESURVEILLANCE

Government surveillance, including other forms Government surveillance, including other forms of electronic surveillance.of electronic surveillance. Reaction of worldwide terrorist activities and the Reaction of worldwide terrorist activities and the

development of new communication technologiesdevelopment of new communication technologies• Communications Act of 1934 – regulating all non-Communications Act of 1934 – regulating all non-

federal government use of radio and television federal government use of radio and television broadcasting and all international communications broadcasting and all international communications that originate or terminate in the United States. The that originate or terminate in the United States. The act also restricted the government’s ability to act also restricted the government’s ability to secretly intercept communications.secretly intercept communications.

• Title III of the Omnibus Crime Control and Safe Title III of the Omnibus Crime Control and Safe Streets Act – Wiretap Act, regulates the interception Streets Act – Wiretap Act, regulates the interception of wire (telephone) and oral communications. It of wire (telephone) and oral communications. It allows state and federal law enforcement officials to allows state and federal law enforcement officials to use wiretapping and electronic eavesdropping, but use wiretapping and electronic eavesdropping, but only under strict limitaitons.only under strict limitaitons.

* Foreign intelligence Surveillance Act * Foreign intelligence Surveillance Act 1978 – describes procedures for the 1978 – describes procedures for the electronic surveillance and collection of electronic surveillance and collection of foreign intelligence information in foreign intelligence information in communications between foreign powers communications between foreign powers and the agents of foreign powers.and the agents of foreign powers.

Foreign intelligenceForeign intelligence is information relating is information relating to the capabilities, intentions, or activities to the capabilities, intentions, or activities of foreign governments or agents of of foreign governments or agents of foreign governments or foreign foreign governments or foreign organizations.organizations.

* The Electronic Communications Privacy Act of * The Electronic Communications Privacy Act of 1986 1986

- The protection of communications while in The protection of communications while in transfer from sender to receivertransfer from sender to receiver

- The protection of communications held in The protection of communications held in electronic storage electronic storage

- The prohibition of devices to record dialing, The prohibition of devices to record dialing, routing, addressing, and signaling information routing, addressing, and signaling information without a search warrantwithout a search warrant

Pen registryPen registry – a device that records electronic – a device that records electronic impulses to identify the numbers dialed for impulses to identify the numbers dialed for outgoing caloutgoing callsls

Trap and traceTrap and trace – a device that records the – a device that records the originating number of incoming calls for originating number of incoming calls for particular phone numberparticular phone number

The USA Patriot Act (Uniting And Strengthening The USA Patriot Act (Uniting And Strengthening America by Providing Appropriate Tools America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism) Required to Intercept and Obstruct Terrorism) 0f 2001 0f 2001

- it was passed after the September 11, 2001 - it was passed after the September 11, 2001 terrorist attacks. terrorist attacks.

- It gave sweeping new powers both to domestic It gave sweeping new powers both to domestic law enforcement and international intelligence law enforcement and international intelligence agencies, including increasing the ability of agencies, including increasing the ability of law enforcement agencies to search telephone, law enforcement agencies to search telephone, e-mail, medical, financial, and other records.e-mail, medical, financial, and other records.

- It was passed into law in just 5 weeks after it It was passed into law in just 5 weeks after it was introduced.was introduced.

EXPORT OF PERSONAL EXPORT OF PERSONAL DATADATA

• Organization for Economic Co-Organization for Economic Co-operation and Development Fair operation and Development Fair Information Practices 1980 – its goal is Information Practices 1980 – its goal is to set policy and come to agreement on to set policy and come to agreement on topics for which multilateral topics for which multilateral consensus, and peer pressure are consensus, and peer pressure are essential to make these policies and essential to make these policies and agreements stick. agreements stick. • The 1980 privacy guidelines is also know The 1980 privacy guidelines is also know

as Fair Information Practicesas Fair Information Practices

ACCESS TO GOVERNMENT ACCESS TO GOVERNMENT RECORDSRECORDS

The Freedom of Information Act The Freedom of Information Act (FOIA) 1966, amended 1974 – (FOIA) 1966, amended 1974 – enables the public to gain access to enables the public to gain access to certain government recordscertain government records

The Privacy Act – prohibits the The Privacy Act – prohibits the government from concealing the government from concealing the existence of any personal data existence of any personal data record-keeping systems.record-keeping systems.

CURRENT AND CURRENT AND IMPORATNT PRIVACY IMPORATNT PRIVACY

ISSUESISSUESIdentity theft occurs when someone Identity theft occurs when someone

steals key pieces of personal steals key pieces of personal information to impersonate a person. information to impersonate a person. (name, address, date of birth, social (name, address, date of birth, social security number, mother’s maiden security number, mother’s maiden name)name)

- apply for a new credit card, rent an - apply for a new credit card, rent an apartment, set up utility or phone apartment, set up utility or phone service, and register for college course service, and register for college course – all in someone else’s name.– all in someone else’s name.

DATA BREACHESDATA BREACHES Identity theft involves breaches of large Identity theft involves breaches of large

databases to gain personal information.databases to gain personal information. It may be caused by hackers breaking It may be caused by hackers breaking

into the database or more often than into the database or more often than one would suspect, by carelessness or one would suspect, by carelessness or failure to follow proper security failure to follow proper security procedures.procedures.

Ex. A laptop computer containing the Ex. A laptop computer containing the encrypted SSS number of 26.5 million encrypted SSS number of 26.5 million U.S. veterans was stolen from home of a U.S. veterans was stolen from home of a Veterans Affairs analyst.Veterans Affairs analyst.

PURCHASE OF PERSONAL PURCHASE OF PERSONAL DATADATA

Phishing is the attempt to steal personal Phishing is the attempt to steal personal identity data by tricking users into entering identity data by tricking users into entering information on a counterfeit Web site.information on a counterfeit Web site.

Spyware is keystroke-logging software Spyware is keystroke-logging software downloaded to user’s computer without the downloaded to user’s computer without the knowledge or consent of the user. knowledge or consent of the user.

- Also called spouse monitor, child monitor or surveillance Also called spouse monitor, child monitor or surveillance tooltool

- It creates a record of the keystrokes entered on the It creates a record of the keystrokes entered on the computer, enabling the capture of account usernames, computer, enabling the capture of account usernames, password and credit card numbers and other sensitive password and credit card numbers and other sensitive informationinformation

- It can view the Web sites visited as well as transcript of It can view the Web sites visited as well as transcript of chat logschat logs

CONSUMER PROFILINGCONSUMER PROFILING

Companies openly collect personal information Companies openly collect personal information about internet users through: registering at about internet users through: registering at Web sites, complete surveys, fill out forms, Web sites, complete surveys, fill out forms, enter contest onlineenter contest online

Companies obtain information through the use Companies obtain information through the use of of cookiescookies, text files that a Web sit can , text files that a Web sit can download to visitor’s hard drives so that it download to visitor’s hard drives so that it can identify visitors on subsequent visits. can identify visitors on subsequent visits.

Companies also use tracking software to allow Companies also use tracking software to allow their Web site to analyze browsing habits and their Web site to analyze browsing habits and deduce personal interest and preferences.deduce personal interest and preferences.

- Personal information about the consumer may - Personal information about the consumer may be sold or shared with third parties. be sold or shared with third parties.

Collecting Data from Web Site VisitsCollecting Data from Web Site Visits- Marketers use cookies to recognize Marketers use cookies to recognize

return visitors tot heir sites and return visitors tot heir sites and store useful information about them.store useful information about them.

- Cookies allow marketers to collect Cookies allow marketers to collect click-stream data – information click-stream data – information gathered by monitoring a gathered by monitoring a consumer’s online activity.consumer’s online activity.

Personalization Software Personalization Software

- use to optimize the number, frequency, and - use to optimize the number, frequency, and mixture of their ad placements, and to mixture of their ad placements, and to evaluate how visitors react to new ads. evaluate how visitors react to new ads.

Types of personalization softwareTypes of personalization software

a.a. Rules-based personalization softwareRules-based personalization software- Uses business rules tied to customer-supplied Uses business rules tied to customer-supplied

preferences or on-line behavior to determine preferences or on-line behavior to determine the most appropriate page views and product the most appropriate page views and product information to display when a user visit a web information to display when a user visit a web site.site.

Ex. If you use a Web site to book airline tickets to a popular vacation Ex. If you use a Web site to book airline tickets to a popular vacation spots, might ensure that you are shown ads for rental cars.spots, might ensure that you are shown ads for rental cars.

b. Collaborative filteringb. Collaborative filtering- Offers consumer recommendations based on Offers consumer recommendations based on

the types of products purchased by other the types of products purchased by other people with similar buying habits.people with similar buying habits.

Ex. If you bought a book by Dean Koontz, a company may recommend Ex. If you bought a book by Dean Koontz, a company may recommend Stephen King books to you, based on the fact that a significant Stephen King books to you, based on the fact that a significant percentage of other customers bought books by both authors.percentage of other customers bought books by both authors.

c. Demographic filteringc. Demographic filtering- It augments click-stream data and user-It augments click-stream data and user-

supplied data with demographic information supplied data with demographic information associated with user zip codes to make product associated with user zip codes to make product suggestions.suggestions.

Ex. you read a story about white-water rafting, you may be offered a Ex. you read a story about white-water rafting, you may be offered a deal on rafting gear or promotion for a white-rafting vacationdeal on rafting gear or promotion for a white-rafting vacation

Consumer Data Privacy Consumer Data Privacy - Personal data is being gathered and sold Personal data is being gathered and sold

to other companies without the permission to other companies without the permission of consumers who provide the data. of consumers who provide the data.

Platform for Privacy Preferences (P3P) is a Platform for Privacy Preferences (P3P) is a screening technology which helps shield screening technology which helps shield the users from sites that do not provide the users from sites that do not provide the level of privacy protection they desire.the level of privacy protection they desire.

* The World Wide Web Consortium – an international * The World Wide Web Consortium – an international industry group whose member include Apple, Ericson industry group whose member include Apple, Ericson and Microsoft – created P3P and is supporting its and Microsoft – created P3P and is supporting its development.development.

WORKPLACE WORKPLACE MONITORINGMONITORING

Companies have developed a policy on Companies have developed a policy on the use of IT in the workplace in the use of IT in the workplace in order to protect against employee order to protect against employee abuses that reduce worker abuses that reduce worker productivity or expose the employer productivity or expose the employer to harassment lawsuits.to harassment lawsuits.

Subject of workplace monitoring

Percent of employers that monitor workers

% of companies that have fired employees for abuse or violation of company policy

E-mail 43% 28%

Web surfing 66% 30%

Time spent on phone as well as phone numbers called

45% 6%

ADVANCED ADVANCED SURVEILLANCE SURVEILLANCE TECHNOLOGYTECHNOLOGY

Surveillance cameraSurveillance camera

- Smart Surveillance system – singles out - Smart Surveillance system – singles out people who are acting suspiciously is people who are acting suspiciously is under development in Australiaunder development in Australia

Facial recognition softwareFacial recognition software

- to help identify criminal suspects, with - to help identify criminal suspects, with mixed resultsmixed results

Global Positioning System (GPS) ChipsGlobal Positioning System (GPS) Chips- Are being placed in many devices to precisely - Are being placed in many devices to precisely

locate users. locate users.