4. 01/29/154
Informational Privacy
"The claim of individuals, groups, or institutions to
determine for themselves when, how, and to what
extent information about them is communicated to
others".
– Normally only applied to “individuals”
– Implemented through "fair information practices"
Allan Westin in Privacy
And Freedom (1967)
5. 01/29/155
Who invades privacy?
The government (Central, state, local)
Companies you do business with
– Online, catalogs, retail stores, airlines, NFL (Super
bowl)
Companies you don’t do business with
Employers
Anyone else who wants to
– know about you
6. 01/29/156
Why is privacy important?
– Legal liability if not protected - examples
– Competitive advantage
Trade secrets
Customer lists and preferences
Databases
– Embarrassment
– Protects job, insurance, safety, and identity
– Some things are just private
7. 01/29/157
Types of privacy invasions
Medical (hospitals, doctors, insurance, drug
companies)
Financial (banks, credit cards)
Political (law enforcement, profiling)
Online (Web sites, spammers, software companies)
Children’s privacy (Web sites, entertainment media,
game makers, candy companies)
10. 01/29/1510
Comparison of privacy policies
Site1 Site2 Site3 Site4
Detail description about how user data will be used X Y Y Y
Data Retention X X Y Y
Showing explicitly whether it is following Safe
Harbor Program
X X Y Y
Provide users choice X X Y Y
Third Party Data sharing X X Y Y
How much data is secured X X Y Y
11. 01/29/1511
Privacy Policy of Amazon
Web link- http://www.amazon.com/gp/help/customer/display.html/105-3430781602013?
ie=UTF8&nodeId=468496
12. 01/29/1512
Privacy Policy of Amazon
Web link- http://www.amazon.com/gp/help/customer/display.html/105-3430781602013?
ie=UTF8&nodeId=468496
13. 01/29/1513
Privacy Policy of Amazon
Web link- http://www.amazon.com/gp/help/customer/display.html/105-3430781602013?
ie=UTF8&nodeId=468496
14. 01/29/1514
Privacy Policy of Amazon
Web link- http://www.amazon.com/gp/help/customer/display.html/105-3430781602013?
ie=UTF8&nodeId=468496
15. 01/29/1515
Privacy Policy of Amazon
Web link- http://www.amazon.com/gp/help/customer/display.html/105-3430781602013?
ie=UTF8&nodeId=468496
16. 01/29/1516
Privacy Policy of Amazon
Web link- http://www.amazon.com/gp/help/customer/display.html/105-3430781602013?
ie=UTF8&nodeId=468496
19. 01/29/1519
Privacy
Maintaining ownership of data.
( Contain risk and may lead to violate IT/non IT security issue)
Security
Degradation of Service or Functionality
Security vs. Privacy in IT
21. 01/29/1521
Privacy Act of 1974
Applies to federal agencies
“No agency shall disclose any record … to any person, or to
another agency, except … with the prior written consent of, the
individual to whom the record pertains, unless disclosure of the
record would be --
– … used solely as a statistical research or reporting record, and
the record is to be transferred in a form that is not individually
identifiable” (not a defined term)
Restriction on “matching programs”
– any computerized comparison of -- (i) two or more automated
systems of records … [certain exceptions]
22. 01/29/1522
Gramm-Leach-Bliley
Except as … authorized …, you may not, directly or through any affiliate,
disclose any nonpublic personal information about a consumer to a
nonaffiliated third party unless:
(i) You have provided to the consumer an initial notice as required;
(ii) You have provided to the consumer an opt out notice
(iii) You have given the consumer a reasonable opportunity, before you
disclose the information to the nonaffiliated third party, to opt out of the
disclosure; and (iv) The consumer does not opt out.
Applies to “financial institutions,” a very broad category
23. 01/29/1523
What Gramm-Leach-Bliley Protects
“Nonpublic personal information” means:
(i) Personally identifiable financial information; and
(ii) Any list, description, or other grouping of consumers (and publicly
available information pertaining to them) that is derived using any
personally identifiable financial information that is not publicly available.
“Personally identifiable financial information” means any information:
(i) A consumer provides to you to obtain a financial product or service;
(ii) About a consumer resulting from any transaction involving a financial
product or service between you and a consumer; or
(iii) You otherwise obtain about a consumer in connection with providing a
financial product or service to that consumer.
24. 01/29/1524
What HIPAA Provides
A covered entity may not use or disclose protected
health information, except as permitted or required …
– pursuant to … a consent … to carry out treatment, payment, or
health care operations
– pursuant to … an authorization
– pursuant to … an agreement (opt-in)
– [other provisions]
Health information that meets … specifications for de-
identification … is considered not to be individually
identifiable health information
25. 01/29/1525
What HIPAA Protects
“Individually identifiable health information” is information
that is a subset of health information, including
demographic information collected from an individual,
and: …
– relates to … physical or mental health or condition of an
individual;
… provision of health care to an individual; or
… payment for … health care to an individual; and
– identifies the individual; or
– with respect to which there is a reasonable basis to believe the
information can be used to identify the individual
26. 01/29/1526
Hippocratic Database
a database that includes privacy as a
central concern
inspired by Hippocratic Oath that serves as
basis of doctor-patient relationship
27. 01/29/1527
Key Concept : Purpose
data is collected for a specific purpose
the purpose should be stored with the data
the purpose limits how the data can be used
28. 01/29/1528
Online Bookseller Example
Collects and stores personal information:
To complete transaction and track order
To make book recommendations based on
purchase history
To maintain profiles for frequent users
To publish book sales by region of the
country
29. 01/29/1529
Purpose Specification
The purpose for which the personal
information was collected shall be stored with
that information.
Example:
online bookseller needs personal information
for purchases, book recommendations, etc.
30. 01/29/1530
Consent
The purpose for which the personal
information was collected shall have the
consent of the donor.
Example:
individual must consent for purchase, but can
opt-in or opt-out of recommendations
31. 01/29/1531
Limited Collection
The personal information collected shall be
limited to the minimum necessary to
accomplish the specified purpose.
Example:
don’t need credit card number if purpose is
registration
32. 01/29/1532
Limited Use
The database shall allow only those queries
that are consistent with the specified purpose.
Example:
a query for book recommendations cannot
reference shipping address
33. 01/29/1533
Limited Closure
The personal information shall not be
distributed for purposes other than those for
which there is donor consent.
Example:
the delivery company does not need to know
the credit card number
34. 01/29/1534
Accuracy
The personal information stored in the
database should be accurate and up-to-date.
Example:
need to verify that shipping address is valid
and current prior to commit
35. 01/29/1535
Limited Retention
The personal information shall be retained
only as long as necessary to fulfill the purpose
for which it was collected.
Example
once the purchase is complete/confirmed,
credit card numbers are no longer needed
36. 01/29/1536
Safety
The personal information shall be protected
by security safeguards against theft and other
misappropriations.
Example:
individuals will be authenticated; sensitive
information will be encrypted
37. 01/29/1537
Openness
The donor shall be able to access all
information about him/her stored in the
database.
Example:
individual can look at their purchase history
and/or user profile
38. 01/29/1538
Compliance
The donor shall be able to verify compliance
with the stated policy and the database shall
be able to address any challenges.
Example:
log all accesses to show who had access to
what and when
39. Strawman Design
map privacy policy to privacy-
policies table
map access control policy to
privacy-authorizations table
compare privacy policy to user’s privacy preferences
users can opt-in or opt-out of each purpose
keep audit trail as proof of user’s consent
check data for accuracy before or after insertion
Before Query:
check to make sure that attributes in query are
listed for that purpose
During Query:
access to individual tuples of table is restricted by
purpose
queries have purpose and tuples have purpose
do not return tuples where
query purpose ≠ tuple purpose
After Query:
look for unusual patterns of access that are not
typical for that purpose and that user
add query to audit trail in order to show who had
access to what and when
delete data that has outlived it’s purpose
if same data collected for more than one purpose
use maximum retention period
One of the earliest definitions of privacy, as defined by Warren and Brandeis, has been the right of an individual to be left alone and to be able to control the flow of information about him or herself. Concern about privacy is not a recent development as businesses have collected customer information for years.
Privacy can be defined in multiple ways. Privacy is the ability of a person to control the availability of information about her as well as its exposure to malicious entities. It relates to being able to function in society anonymously. However, a more complete definition could be stated as - An individual's or organization's right to determine whether, when and to whom personal or organizational information is to be released. An alternative characterization defines privacy as the claim of individuals to determine for themselves, when, how and to what extent information about them is communicated to others.
The fast progress in networking and storage technologies has led to an enormous amount of digital information getting stored in a centralized manner. This process has been accompanied by an increase in specialized tools that are able to collect this data, efficiently store it in databases, and efficiently retrieve information that could not otherwise have been located in an obvious way. This explosive growth in digital data storage has brought about an increased concern about the privacy of personal information.
Security and privacy have often been used interchangeably in literature due to their apparently similar characteristics. However, security and privacy are two completely different requirements. Privacy is concerned about an individual’s Personal Identifiable Information (PII) whereas security pertains to the organization information access and focuses on organizations’ systems. Security deals with the prevention and detection of unauthorized actions by users.
Security and privacy have often been used interchangeably in literature due to their apparently similar characteristics. However, security and privacy are two completely different requirements. Privacy is concerned about an individual’s Personal Identifiable Information (PII) whereas security pertains to the organization information access and focuses on organizations’ systems. Security deals with the prevention and detection of unauthorized actions by users.