Privacy Policies and Rights
Email this Mix
Tags: Software Engineering
Slide 1 - Privacy Policies and Rights
- Emerson Murphy-Hill
Slide 2 - Privacy and Privacy Policies
- The right to be let alone
- Control over what information about you is revealed, and to whom
- A comprehensive description of a system’s privacy practices (typically located in the system itself and is easily accessed by users)
Slide 4 - Consumer Privacy Bill of Rights
- Released February 2012
- Built by consortium of industry stakeholders and Executive branch of federal government
- Voluntary compliance, enforced by Federal Trade Commission
- Explains principles of privacy; mechanisms to come soon
- Legislation written, not yet law
Slide 5 - Consumer Privacy Bill of Rights
- Individual Control: Consumers have a right to exercise control over what personal data organizations collect from them and how they use it.
- Transparency: Consumers have a right to easily understandable information about privacy and security practices.
- Respect for Context: Consumers have a right to expect that organizations will collect, use, and disclose personal data in ways that are consistent with the context in which consumers provide the data.
- Security: Consumers have a right to secure and responsible handling of personal data.
- Access and Accuracy: Consumers have a right to access and correct personal data in usable formats, in a manner that is appropriate to the sensitivity of the data and the risk of adverse consequences to consumers if the data are inaccurate.
- Focused Collection: Consumers have a right to reasonable limits on the personal data that companies collect and retain.
- Accountability: Consumers have a right to have personal data handled by companies with appropriate measures in place to assure they adhere to the Consumer Privacy Bill of Rights.
Slide 6 - Policies/Standards vs. Requirements
- express desire or worth, rather than fact
- primarily statements in the optative mood, they specify what must or ought to be done
- scope of policies is broader than requirements and standards often have legal implications
- privacy policies and standards are more charged with societal values
- policies and standards are more open-ended than requirements
- requirements cover one system; policies often cover several and standards cover many
- Need to bring policy, stakeholder values, requirements, and standards into agreement