Week 4 SPI Privacy PDF

ETHICS in Information Technology Chapter 4 – Privacy CTPRFISS- SOCIAL AND PROFESSIONAL ISSUES BS in Information Technology At the end of the session, the students shall be able to: PART1 1. What is the right of privacy, and what is the basis for protecting personal privacy under the law? 2. What are some of the laws that provide protection for the privacy of personal data, and what are some of the associated ethical issues? 3. What are the various strategies for consumer profiling, and what are the associated ethical issues? At the end of the session, the students shall be able to: PART2 1. What is e-discovery, and how is it being used? 2. Why and how are employers increasingly using workplace monitoring? 3. What are the capabilities of advanced surveillance technologies, and what ethical issues do they raise? Organizations Gather Personal Data to Make Better Decisions Privacy Protection and the Law Bill of Rights: The first ten amendments to the Constitution, which were added to provide more specific guarantees of personal freedoms and rights Fourth Amendment: “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.” Americans are protected by the Fourth Amendment when there is a “reasonable expectation of privacy.” Information Privacy Right of privacy: The right to be left alone Information privacy: The combination of communications privacy (the ability to communicate with others without those communications being monitored) and data privacy (the ability to limit access to one’s personal data by others). Privacy Laws, Applications, and Court Rulings: Financial Data, Part 1 Fair Credit Reporting Act: Regulates the operations of credit- reporting bureaus Right to Financial Privacy Act: Protects the records of financial institution customers from unauthorized scrutiny by the federal government Does not cover disclosures to private businesses or state and local governments Privacy Laws, Applications, and Court Rulings: Financial Data, Part 2 Gramm-Leach-Bliley Act (GLBA): Bank deregulation law that includes three personal privacy rules: Financial privacy rule: Established mandatory guidelines for the collection and disclosure of personal financial data Opt out: Customers can refuse to give institutions the right to share personal data with third parties Opt in: Customers who do not take action to opt out automatically opt in Safeguards rule: Requires financial institutions to document a data security plan to protect personal data Pretexting rule: Addresses attempts by people to access personal information without proper authority Privacy Laws, Applications, and Court Rulings: Financial Data, Part 2 Privacy Laws, Applications, and Court Rulings: Financial Data, Part 3 Fair and Accurate Credit Transactions Act: Allows consumers to obtain a free credit report once each year from each of the three primary consumer credit reporting companies (Equifax, Experian, and TransUnion) Consumers who suspect that they have been or may become a victim of identity theft can place an alert on their credit files Privacy Laws, Applications, and Court Rulings: Health Information Health Insurance Portability and Accountability Act (HIPAA): Includes provisions designed to: Improve the portability and continuity of health insurance coverage Reduce fraud, waste, and abuse in health insurance and healthcare delivery Simplify the administration of health insurance American Recovery and Reinvestment Act: Includes provisions related to electronic health records (EHRs): Bans the sale of health information Promotes the use of audit trails and encryption Provides rights of access for patients Privacy Laws, Applications, and Court Rulings: Children’s Personal Data Family Educational Rights and Privacy Act (FERPA): Assigns parents rights regarding their children’s educational records, including rights to: Access educational records maintained by a school Demand that educational records be disclosed only with student consent Amend educational records File complaints against a school for disclosing student records Children’s Online Privacy Protection Act (COPPA): Gives parents control over the collection, use, and disclosure of their children’s personal information over the Internet Privacy Laws, Applications, and Court Rulings: Electronic Surveillance—Timeline Privacy Laws, Applications, and Court Rulings: Electronic Surveillance, Part 1 Title III of the Omnibus Crime Control and Safe Streets Act: Regulates the interception of wire and oral communications Also known as the Wiretap Act Allows state and federal law enforcement officials to use wiretapping and electronic eavesdropping if a warrant is issued Privacy Laws, Applications, and Court Rulings: Electronic Surveillance, Part 2 Foreign Intelligence Surveillance Act (FISA): Describes procedures for electronic surveillance and collection of foreign intelligence information in communications between foreign powers and their agents Allows surveillance, without court order, within the U.S. for up to a year unless the surveillance will acquire the contents of any communication to which a U.S. citizen, permanent resident, or company is a party Requires the government to obtain an individualized court order before it can intentionally target a U.S. person anywhere in the world Privacy Laws, Applications, and Court Rulings: Electronic Surveillance, Part 3 FISA Court: A court established by FISA that meets in secret to hear applications for orders approving electronic surveillance anywhere within the U.S. Between 2001 and 2015: More than 25,000 applications were submitted to the FISA court Only 12 of those were rejected Privacy Laws, Applications, and Court Rulings: Electronic Surveillance, Part 4 Executive order: An official document used by the U.S. president to manage the operations of the federal government Subject to judicial review, and may be struck down if determined to be unsupported by statute or the Constitution Executive Order 12333: Identifies the various U.S. governmental intelligence-gathering agencies, and defines what information can be collected, retained, and disseminated by these agencies Privacy Laws, Applications, and Court Rulings: Electronic Surveillance, Part 5 Electronic Communications Privacy Act (ECPA): Law passed as an amendment to Title III of the Omnibus Crime Control and Safe Streets Act; deals with three main issues: Protection of communications while in transfer from sender to receiver Protection of communications held in electronic storage Prohibition of devices from recording dialing, routing, addressing, and signaling information without a search warrant Privacy Laws, Applications, and Court Rulings: Electronic Surveillance, Part 6 National Security Letter (NSL): Issued by the FBI director to an ISP; requires the ISP to provide various data and records about a service subscriber. Compels holders of your personal records to turn them over to the government Not subject to judicial review or oversight NSL gag provision: Prohibits NSL recipients from revealing that the government has requested an individual’s records Pen register: A device that records electronic impulses to identify the numbers dialed for outgoing calls Trap and trace: A device that records the originating number of incoming calls for a particular phone number Privacy Laws, Applications, and Court Rulings: Electronic Surveillance, Part 7 Communications Assistance for Law Enforcement Act (CALEA): Required the telecommunications industry to build tools into its products for use by federal investigators, after obtaining a court order, to intercept communications USA PATRIOT Act: Gave sweeping new powers to both domestic law enforcement and U.S. international intelligence agencies Increased their ability to search telephone, email, medical, financial, and other records Passed five weeks after the terrorist attacks of September 11, 2001 Privacy Laws, Applications, and Court Rulings: Electronic Surveillance, Part 8 Foreign Intelligence Surveillance Act Amendments Act (2004) Authorized intelligence gathering on individuals not affiliated with any known terrorist organization (so-called lone wolves) Foreign Intelligence Surveillance Act of 1978 Amendments Act of 2008 Granted NSA expanded authority to collect (without court- approved warrants) international communications as they flow through U.S. telecom network equipment and facilities Privacy Laws, Applications, and Court Rulings: Electronic Surveillance, Part 9 PATRIOT Sunsets Extension Act of 2011: Law that granted a four-year extension of roving wiretaps and searches of business records; also extended authorized intelligence gathering on “lone wolves” USA Freedom Act: Law passed following revelations by Edward Snowden (a former government contractor who leaked classified information) of secret NSA surveillance programs Terminated NSA’s bulk collection of telephone metadata Telecommunications providers are now required to hold that data and respond to NSA queries Privacy Laws, Applications, and Court Rulings: Fair Information Practices, Part 1 Fair information practices: A set of guidelines that govern the collection and use of personal data Transborder data flow: The flow of personal data across national boundaries Fair information practices form the underlying basis for many national laws addressing data privacy and data protection issues Privacy Laws, Applications, and Court Rulings: Fair Information Practices, Part 2 Organisation for Economic Co-operation and Development (OECD): International organization that sets policies and produces agreements on topics for which multilateral consensus is required OECD fair information practices guidelines are composed of eight principles: Collection limitation Data quality Purpose specification Use limitation Security safeguards Openness principle Individual participation Accountability Privacy Laws, Applications, and Court Rulings: Fair Information Practices, Part 3) European Union Data Protection Directive: Ensures that data transferred to non-European Union countries is protected Only U.S. companies certified as meeting certain “safe harbor” principles were allowed to process and store data of European consumers and companies. European–United States Privacy Shield Data Transfer Program Guidelines Replaced the Safe Harbor agreement between the U.S. and EU, which was declared invalid by the European Court of Justice Places stronger obligations on U.S. companies to protect the personal data of EU citizens and requires stronger enforcement by U.S. agencies Privacy Laws, Applications, and Court Rulings: Fair Information Practices, Part 4 General Data Protection Regulation (GDPR): An EU regulation passed in 2016; designed to strengthen data protection for individuals within the EU Organizations anywhere in the world that collect, store, or transfer personal data of EU citizens must ensure their systems and procedures are compliant Privacy Laws, Applications, and Court Rulings: Access to Government Records Freedom of Information Act (FOIA): Grants citizens the right to access certain information and records of federal, state, and local governments upon request Two basic requirements for a FOIA request: -The request must not require wide-ranging, unreasonable, or burdensome searches for records -The request must be made according to procedural regulations published in the Federal Register Privacy Act: Sets rules for the collection, use, and dissemination of personal data kept by federal agencies Prohibits U.S. government agencies from concealing the existence of any personal data record-keeping system Key Privacy and Anonymity Issues: Consumer Profiling, Part 1 Information about web surfers can be obtained through the use of: Voluntary methods: Website registrations, survey, contests, and social media Cookies: Text files that can be downloaded to the hard drives of users who visit a website, so that the website is able to identify visitors on subsequent visits Tracking software: Allows a website to analyze browsing habits and deduce personal interests and preferences Key Privacy and Anonymity Issues: Consumer Profiling, Part 2 Criticisms of consumer profiling: Personal data may be gathered and sold to other companies without the permission of consumers who provide the data Risk of a data breach: The unintended release of sensitive data or the access of sensitive data (e.g., credit card numbers or Social Security numbers) by unauthorized individuals Risk of identity theft: The theft of personal information, which is then used without the owner’s permission—often to commit fraud or other crimes Key Privacy and Anonymity Issues: Electronic Discovery Electronic discovery (e-discovery): The collection, preparation, review, and production of electronically stored information for use in criminal and civil actions Electronically stored information (ESI): Any form of digital information stored on any form of electronic storage device Predictive coding: A process that couples human guidance with computer-driven concept searching in order to “train” document review software to recognize relevant documents Key Privacy and Anonymity Issues: Workplace Monitoring Cyberloafing: Using the Internet for purposes unrelated to work, such as posting to Facebook, sending personal emails or texts, or shopping online Private employers may legally monitor employees’ use of any employer-provided mobile phone or computing device The Fourth Amendment does not limit how a private employer treats its employees State privacy statutes tend to favor employers over employees Key Privacy and Anonymity Issues: Advanced Surveillance Technology, Part 2 Vehicle event data recorder (EDR): A device that records vehicle and occupant data for a few seconds before, during, and after any vehicle crash severe enough to deploy the vehicle’s air bags Purposes: -To capture and record data to make changes to improve vehicle performance -For use in a court of law to determine what happened during a vehicle accident Key Privacy and Anonymity Issues: Advanced Surveillance Technology, Part 3 Stalking app: Software that can be loaded onto a cell phone or smartphone Performs location tracking, records calls, views text messages sent or received, and records the URLs of any website visited on the phone Illegal to install the software on a phone without the permission of the phone owner

Week 4 SPI Privacy PDF

Document Details

Tags

Related

Summary

Full Transcript