Ethics in IT - Chapter 4 - Privacy

Questions and Answers

What is the right of privacy?

The right to be left alone.

What is the basis for protecting personal privacy under the law?

The Fourth Amendment of the U.S. Constitution.

What is e-discovery, and how is it being used?

E-discovery is the collection, preparation, review, and production of electronically stored information for use in criminal and civil actions.

Why are employers increasingly using workplace monitoring?

To ensure employee productivity, prevent data breaches, and protect company assets.

What are the capabilities of advanced surveillance technologies?

Advanced surveillance technologies can track location, record conversations, monitor internet activity, and analyze biometric data.

What is the Fair Credit Reporting Act, and what does it regulate?

The Fair Credit Reporting Act regulates the operations of credit reporting bureaus.

What is the Right to Financial Privacy Act, and what does it protect?

The Right to Financial Privacy Act protects the records of financial institution customers from unauthorized scrutiny by the federal government.

What is the Gramm-Leach-Bliley Act (GLBA), and what are its three personal privacy rules?

The Gramm-Leach-Bliley Act is a bank deregulation law that includes three personal privacy rules: the financial privacy rule, the opt-out rule, and the safeguards rule.

The GLBA's opt-out rule gives customers the power to do what?

Customers can refuse to give institutions the right to share personal data with third parties.

What is the Fair and Accurate Credit Transactions Act, and what does it allow consumers to do?

The Fair and Accurate Credit Transactions Act allows consumers to obtain a free credit report once each year from each of the three primary consumer credit reporting companies: Equifax, Experian, and TransUnion.

What does the Health Insurance Portability and Accountability Act (HIPAA) aim to achieve?

HIPAA aims to improve the portability and continuity of health insurance coverage, reduce fraud, waste, and abuse in health insurance and healthcare delivery, and simplify the administration of health insurance.

What does the American Recovery and Reinvestment Act include provisions related to?

The American Recovery and Reinvestment Act includes provisions related to electronic health records (EHRs).

What does the Family Educational Rights and Privacy Act (FERPA) assign parents rights to?

FERPA assigns parents rights regarding their children's educational records, including the right to access them, demand that they be disclosed only with student consent, amend them, and file complaints against a school for disclosing them.

What does the Children's Online Privacy Protection Act (COPPA) give parents control over?

COPPA gives parents control over the collection, use, and disclosure of their children's personal information over the internet.

What is Title III of the Omnibus Crime Control and Safe Streets Act, and what does it regulate?

Title III of the Omnibus Crime Control and Safe Streets Act regulates the interception of wire and oral communications. It is also known as the Wiretap Act.

What does the Foreign Intelligence Surveillance Act (FISA) do?

FISA describes procedures for electronic surveillance and collection of foreign intelligence information in communications between foreign powers and their agents.

What is the FISA Court?

The FISA Court is established by FISA to hear applications for orders approving electronic surveillance anywhere within the U.S. It meets in secret.

What does an executive order do?

An executive order is an official document used by the U.S. president to manage the operations of the federal government. It is subject to judicial review and can be struck down if determined to be unsupported by statute or the Constitution.

What does Executive Order 12333 identify?

Executive Order 12333 identifies the various U.S. governmental intelligence-gathering agencies and defines what information these agencies can collect, retain, and disseminate.

What is the Electronic Communications Privacy Act (ECPA), and what does it deal with?

The Electronic Communications Privacy Act is a law passed as an amendment to Title III of the Omnibus Crime Control and Safe Streets Act. It deals with three main issues: protection of communications while in transfer from sender to receiver, protection of communications held in electronic storage, and prohibition of devices from recording dialing, routing, addressing, and signaling information without a search warrant.

What is a National Security Letter (NSL) and what does it require?

A National Security Letter is issued by the FBI director to an ISP, and it requires the ISP to provide various data and records about a service subscriber.

What does the NSL gag provision do?

The NSL gag provision prohibits NSL recipients from revealing that the government has requested an individual's records.

What is the Communications Assistance for Law Enforcement Act (CALEA) and what did it require?

The Communications Assistance for Law Enforcement Act required the telecommunications industry to build tools into its products for use by federal investigators, after obtaining a court order, to intercept communications.

What is the USA PATRIOT Act and what power did it give to law enforcement agencies?

The USA PATRIOT Act gave sweeping new powers to both domestic law enforcement and U.S. international intelligence agencies, increasing their ability to search telephone, email, medical, financial, and other records.

What is the PATRIOT Sunsets Extension Act of 2011, and what did it do?

The PATRIOT Sunsets Extension Act of 2011 granted a four-year extension of roving wiretaps and searches of business records, and also extended authorized intelligence gathering on 'lone wolves'.

What is the USA Freedom Act, and what did it accomplish?

The USA Freedom Act was passed following revelations by Edward Snowden of secret NSA surveillance programs. It terminated NSA's bulk collection of telephone metadata, and requires telecommunications providers to hold that data and respond to NSA queries.

What is the difference between cookies and tracking software?

Cookies are text files downloaded to users' hard drives when they visit a website, enabling the website to identify the user on subsequent visits. Tracking software, on the other hand, allows a website to analyze browsing habits and deduce personal interests and preferences.

What is a data breach?

A data breach is the unintended release of sensitive data or the access of sensitive data by unauthorized individuals.

What is cyberloafing?

Cyberloafing is using the internet for purposes unrelated to work, such as posting to Facebook, sending personal emails or texts, or shopping online.

What is the Vehicle Event Data Recorder (EDR), and what does it do?

The EDR is a device that records vehicle and occupant data for a few seconds before, during, and after any vehicle crash severe enough to deploy the vehicle's air bags.

What is a stalking app, and what can it do?

A stalking app is software that can be loaded onto a cell phone or smartphone and can perform location tracking, record calls, view text messages sent or received, and record the URLs of any website visited on the phone.

What is the difference between fair information practices and transborder data flow?

Fair information practices are a set of guidelines that governs the collection and use of personal data. Transborder data flow is the flow of personal data across national boundaries.

What are some of the eight principles of the OECD fair information practices guidelines?

The OECD principles include: collection limitation, data quality, purpose specification, use limitation, security safeguards, openness principle, individual participation, and accountability.

What is the European Union Data Protection Directive, and what does it ensure?

The European Union Data Protection Directive ensures that data transferred to non-European Union countries is protected.

What is the European-United States Privacy Shield Data Transfer Program Guidelines, and what did it replace?

The European-United States Privacy Shield Data Transfer Program Guidelines replaced the Safe Harbor agreement between the U.S. and EU, which was declared invalid by the European Court of Justice.

What is the General Data Protection Regulation (GDPR), and what does it aim to do?

The General Data Protection Regulation is an EU regulation passed in 2016, and it aims to strengthen data protection for individuals within the EU.

What is the Freedom of Information Act (FOIA), and what right does it grant to citizens?

The Freedom of Information Act grants citizens the right to access certain information and records of federal, state, and local governments upon request.

What does the Privacy Act set rules for?

The Privacy Act sets rules for the collection, use, and dissemination of personal data kept by federal agencies.

Study Notes

Ethics in Information Technology - Chapter 4 - Privacy

• This chapter focuses on privacy issues in information technology.
• Students will be able to define the right to privacy, identify laws protecting personal data, and analyze ethical issues associated with consumer profiling. Also, they'll discuss e-discovery, workplace monitoring, and advanced surveillance technologies.

Learning Objectives - Part 1

• Understand the concept of privacy rights and their legal basis.
• Identify laws safeguarding personal data and associated ethical dilemmas.
• Analyze various consumer profiling strategies and their ethical implications.

Learning Objectives - Part 2

• Define and discuss the use of e-discovery.
• Examine reasons and methods behind increased workplace monitoring.
• Evaluate the capabilities of advanced surveillance technologies and their ethical considerations.

Organizations Gathering Personal Data

• Organizations gather extensive personal data for decision-making.
• This includes web browsing behavior, sexual orientations, work history, police records, medical history, location data, educational records, financial data, and affiliations.

Privacy Protection and the Law - Fourth Amendment

• The Bill of Rights includes amendments guaranteeing specific personal freedoms and rights.
• The Fourth Amendment protects individuals from unreasonable searches and seizures. Searches need warrants based on probable cause. Warrants must explicitly describe the place to be searched and the persons or things to be seized.
• Individuals are protected by this amendment in situations where they have a reasonable expectation of privacy.

Parts of the Constitution

• The document outlines various parts of the constitution including the National Territory, Declaration of Principles and State Policies, Bill of Rights, Citizenship, Suffrage, Legislative Department, and Executive Department

Information Privacy

• Right of privacy: The right to be left alone.
• Information privacy: The protection of communications and data from intrusion by others. This includes the ability to avoid monitoring of communications and limit access to personal data.

Privacy Laws, Applications, and Court Rulings - Financial Data

• Fair Credit Reporting Act: Regulates credit bureaus.
• Right to Financial Privacy Act: Protects financial records from unauthorized federal government scrutiny. Exemptions exist for private and state/local governments.

Gramm-Leach-Bliley Act (GLBA)

• GLBA includes three personal privacy rules.
• The financial privacy rule establishes mandatory guidelines for collecting and disclosing personal financial data.
• Individuals can opt-out of sharing their data with third parties.
• Safeguards rule requires financial institutions to have data security plans.
• The pretexting rule addresses attempts to access personal information without proper authority.

10 Steps to Develop GLBA-Compliant Information Security Policies

• Review, revise, and improve regulations to align with business practices.
• Maintain board oversight and awareness.
• Prepare and maintain a written information security plan.
• Conduct a thorough risk assessment.
• Secure strong control frameworks for risk mitigation.
• Protect against potential insider threats.
• Update and test disaster recovery and business continuity plans.
• Keep suppliers compliant with GLBA guidelines.
• Notify customers of any updates to privacy policies.

Privacy Laws, Applications, and Court Rulings - Financial Data - Part 2

• Fair and Accurate Credit Transactions Act: Allows consumers one free credit report annually from the three primary consumer reporting companies (Equifax, Experian, TransUnion).
• Consumers with suspected identity theft can place alerts on their credit files.

Privacy Laws, Applications, and Court Rulings - Health Information

• Health Insurance Portability and Accountability Act (HIPAA) improves the portability & continuity of health insurance coverage and reduces fraud, reducing waste, and abuse in healthcare delivery.
• Provides administration of health insurance. Includes provisions related to electronic health records (EHRs), ban on sale of health information, promotes audits trails and encryption, and provides patients' rights of access.

Privacy Laws, Applications, and Court Rulings - Children's Personal Data

• Family Educational Rights and Privacy Act (FERPA) establishes parental rights regarding children's educational records (access, amendment, and complaints about disclosure).
• Children's Online Privacy Protection Act (COPPA) gives parents control over children's personal information online.

Privacy Laws, Applications, and Court Rulings - Electronic Surveillance

• Title III of the Omnibus Crime Control and Safe Streets Act (Wiretap Act) regulates wire and oral communications interception, allowing state and federal officials to use wiretapping and electronic eavesdropping with warrants.

• Foreign Intelligence Surveillance Act (FISA): Presents procedures for electronic surveillance and collection of foreign intelligence. Surveillance is typically allowed within the U.S. without court orders, with specific restrictions.

• FISA Court: A court that handles FISA-related applications in secret. The court approves electronic surveillance requests in the United States.

• Executive Order 12333: Identifies U.S. intelligence agencies, defines the information they can collect, store, and disseminate.

• Electronic Communications Privacy Act (ECPA): This law is an amendment to the Omnibus Crime Control and Safe Streets Act, dealing with sender-receiver communications, electronic storage of communications, and prohibitions against recording dialing, routing and signaling information without a warrant.

• National Security Letter (NSL): FBI-issued letters instructing Internet service providers (ISPs) to provide data about a subscriber.

• Communications Assistance for Law Enforcement Act (CALEA): Requires telecommunication companies to build tools for investigators to use after a court order, to access and intercept communication.

• USA PATRIOT Act: Expanded law enforcement and intelligence agency powers, especially related to search of telephone, email, medical, financial records, etc.

• Foreign Intelligence Surveillance Act Amendments Act (2004): Authorized intelligence gathering on individuals not connected to known terrorist organizations.

• PATRIOT Sunsets Extension Act (2011): Expands business record protections regarding wiretaps and the collection of intelligence on "lone wolves."

• USA Freedom Act: This act follows revelations by Edward Snowden, limiting the NSA's bulk collection of telephone information and requiring that communication providers have that stored information available for NSA queries.

Privacy Laws, Applications, and Court Rulings - Fair Information Practices

• Fair information practices: Guidelines for the collection and use of personal data.
• Transborder data flow: Flow of personal data across borders. Fair information practices help support national laws about data privacy.
• Organisation for Economic Co-operation and Development (OECD): International organization that sets policies and produces agreements on topics needing multilateral consensus, including fair information practices guidelines.

Privacy Laws, Applications, and Court Rulings - European Union

• European Union Data Protection Directive: Protects data transferred to non-EU countries; regulations.
• European-United States Privacy Shield: Guidelines on data transfer between the U.S. and the EU (replacing the "safe harbor" framework).
• General Data Protection Regulation (GDPR): EU regulation to strengthen data protection for individuals.

Privacy and Anonymity Issues - Consumer Profiling

• Information about web users is collected through voluntary methods (website registrations, surveys, contests, social media) and through automated methods (cookies, tracking software).

Privacy and Anonymity Issues - Consumer Profiling - Criticisms

• Personal data may be gathered without consent and sold to other companies.
• Data breaches can expose sensitive information (credit card numbers, Social Security numbers) to unauthorized individuals. Identity theft can result via unauthorized access.

Privacy and Anonymity Issues - Electronic Discovery

• Electronic discovery (e-discovery): Collection, preparation, review, and production of electronically stored information for criminal or civil legal actions.
• Electronically stored information (ESI): Any digital information stored.
• Predictive coding: Software process uses human guidance with computer-based searching to aid in document review to recognize significant documents.

Privacy and Anonymity Issues - Workplace Monitoring

• Cyberloafing: Using the internet for non-work tasks.
• Employers can legally monitor employee use of company-provided devices.
• State privacy laws often favor employers over employees regarding workplace monitoring.

Privacy and Anonymity Issues - Advanced Surveillance Technology - Vehicle Event Data Recorders (EDRs)

• Device that records vehicle/occupant data before, during, and after accidents with the deploy of airbags.
• Used for accident investigation/analysis.

Privacy and Anonymity Issues - Advanced Surveillance Technology - Stalking Apps

• Software loaded on cell phones or smartphones to track location, phone calls, text messages, website visits.
• Illegal to install tracking software without permission.

Description

This quiz explores privacy issues in information technology, focusing on the right to privacy, laws protecting personal data, and the ethical implications of consumer profiling. It also discusses e-discovery, workplace monitoring, and advanced surveillance technologies. Students will gain insights into the legal frameworks and ethical challenges surrounding privacy in the digital age.