1. WELCOME
TO
“THE WORLD STATISTICS DAY”
@
“CONVERGENCE 2010”

2. Privacy Policy
Prof. S. K. Gupta
IIT Delhi

3. 01/29/153
What’s Privacy?
The right “to be let alone”
----
Samuel Warren and Louis Brandeis
Harvard Law Review
1890

4. 01/29/154
Informational Privacy
"The claim of individuals, groups, or institutions to
determine for themselves when, how, and to what
extent information about them is communicated to
others".
– Normally only applied to “individuals”
– Implemented through "fair information practices"
Allan Westin in Privacy
And Freedom (1967)

5. 01/29/155
Who invades privacy?
 The government (Central, state, local)
 Companies you do business with
– Online, catalogs, retail stores, airlines, NFL (Super
bowl)
 Companies you don’t do business with
 Employers
 Anyone else who wants to
– know about you

6. 01/29/156
Why is privacy important?
– Legal liability if not protected - examples
– Competitive advantage
 Trade secrets
 Customer lists and preferences
 Databases
– Embarrassment
– Protects job, insurance, safety, and identity
– Some things are just private

7. 01/29/157
Types of privacy invasions
 Medical (hospitals, doctors, insurance, drug
companies)
 Financial (banks, credit cards)
 Political (law enforcement, profiling)
 Online (Web sites, spammers, software companies)
 Children’s privacy (Web sites, entertainment media,
game makers, candy companies)

8. 01/29/158
Web link- http://www.indianairlines.in/index.asp

9. 01/29/159
Web link- http://www.indianairlines.in/scripts/privacy.aspx

10. 01/29/1510
Comparison of privacy policies
Site1 Site2 Site3 Site4
Detail description about how user data will be used X Y Y Y
Data Retention X X Y Y
Showing explicitly whether it is following Safe
Harbor Program
X X Y Y
Provide users choice X X Y Y
Third Party Data sharing X X Y Y
How much data is secured X X Y Y

11. 01/29/1511
Privacy Policy of Amazon
Web link- http://www.amazon.com/gp/help/customer/display.html/105-3430781602013?
ie=UTF8&nodeId=468496

12. 01/29/1512
Privacy Policy of Amazon
Web link- http://www.amazon.com/gp/help/customer/display.html/105-3430781602013?
ie=UTF8&nodeId=468496

13. 01/29/1513
Privacy Policy of Amazon
Web link- http://www.amazon.com/gp/help/customer/display.html/105-3430781602013?
ie=UTF8&nodeId=468496

14. 01/29/1514
Privacy Policy of Amazon
Web link- http://www.amazon.com/gp/help/customer/display.html/105-3430781602013?
ie=UTF8&nodeId=468496

15. 01/29/1515
Privacy Policy of Amazon
Web link- http://www.amazon.com/gp/help/customer/display.html/105-3430781602013?
ie=UTF8&nodeId=468496

16. 01/29/1516
Privacy Policy of Amazon
Web link- http://www.amazon.com/gp/help/customer/display.html/105-3430781602013?
ie=UTF8&nodeId=468496

17. 01/29/1517
Web link- http://www.google.co.in/intl/en/privacypolicy.html

18. 01/29/1518
I.T. Understanding of Privacy
Is
Privacy = Confidentiality = Security
?
Not so.

19. 01/29/1519
Privacy
Maintaining ownership of data.
( Contain risk and may lead to violate IT/non IT security issue)
Security
Degradation of Service or Functionality
Security vs. Privacy in IT

20. 01/29/1520
SP
Authentication
information
like password
S
P
Reading
marks of
other student
Tempering
User data
To know the
Name of
Social
Institution
S- Security, P- Privacy
Security vs. Privacy in IT

21. 01/29/1521
Privacy Act of 1974
 Applies to federal agencies
 “No agency shall disclose any record … to any person, or to
another agency, except … with the prior written consent of, the
individual to whom the record pertains, unless disclosure of the
record would be --
– … used solely as a statistical research or reporting record, and
the record is to be transferred in a form that is not individually
identifiable” (not a defined term)
 Restriction on “matching programs”
– any computerized comparison of -- (i) two or more automated
systems of records … [certain exceptions]

22. 01/29/1522
Gramm-Leach-Bliley
 Except as … authorized …, you may not, directly or through any affiliate,
disclose any nonpublic personal information about a consumer to a
nonaffiliated third party unless:
(i) You have provided to the consumer an initial notice as required;
(ii) You have provided to the consumer an opt out notice
(iii) You have given the consumer a reasonable opportunity, before you
disclose the information to the nonaffiliated third party, to opt out of the
disclosure; and (iv) The consumer does not opt out.
 Applies to “financial institutions,” a very broad category

23. 01/29/1523
What Gramm-Leach-Bliley Protects
 “Nonpublic personal information” means:
(i) Personally identifiable financial information; and
(ii) Any list, description, or other grouping of consumers (and publicly
available information pertaining to them) that is derived using any
personally identifiable financial information that is not publicly available.
 “Personally identifiable financial information” means any information:
(i) A consumer provides to you to obtain a financial product or service;
(ii) About a consumer resulting from any transaction involving a financial
product or service between you and a consumer; or
(iii) You otherwise obtain about a consumer in connection with providing a
financial product or service to that consumer.

24. 01/29/1524
What HIPAA Provides
 A covered entity may not use or disclose protected
health information, except as permitted or required …
– pursuant to … a consent … to carry out treatment, payment, or
health care operations
– pursuant to … an authorization
– pursuant to … an agreement (opt-in)
– [other provisions]
 Health information that meets … specifications for de-
identification … is considered not to be individually
identifiable health information

25. 01/29/1525
What HIPAA Protects
 “Individually identifiable health information” is information
that is a subset of health information, including
demographic information collected from an individual,
and: …
– relates to … physical or mental health or condition of an
individual;
… provision of health care to an individual; or
… payment for … health care to an individual; and
– identifies the individual; or
– with respect to which there is a reasonable basis to believe the
information can be used to identify the individual

26. 01/29/1526
Hippocratic Database
 a database that includes privacy as a
central concern
 inspired by Hippocratic Oath that serves as
basis of doctor-patient relationship

27. 01/29/1527
Key Concept : Purpose
 data is collected for a specific purpose
 the purpose should be stored with the data
 the purpose limits how the data can be used

28. 01/29/1528
Online Bookseller Example
Collects and stores personal information:
 To complete transaction and track order
 To make book recommendations based on
purchase history
 To maintain profiles for frequent users
 To publish book sales by region of the
 country

29. 01/29/1529
Purpose Specification
The purpose for which the personal
information was collected shall be stored with
that information.
Example:
online bookseller needs personal information
for purchases, book recommendations, etc.

30. 01/29/1530
Consent
The purpose for which the personal
information was collected shall have the
consent of the donor.
Example:
individual must consent for purchase, but can
opt-in or opt-out of recommendations

31. 01/29/1531
Limited Collection
The personal information collected shall be
limited to the minimum necessary to
accomplish the specified purpose.
Example:
don’t need credit card number if purpose is
registration

32. 01/29/1532
Limited Use
The database shall allow only those queries
that are consistent with the specified purpose.
Example:
a query for book recommendations cannot
reference shipping address

33. 01/29/1533
Limited Closure
The personal information shall not be
distributed for purposes other than those for
which there is donor consent.
Example:
the delivery company does not need to know
the credit card number

34. 01/29/1534
Accuracy
The personal information stored in the
database should be accurate and up-to-date.
Example:
need to verify that shipping address is valid
and current prior to commit

35. 01/29/1535
Limited Retention
The personal information shall be retained
only as long as necessary to fulfill the purpose
for which it was collected.
Example
once the purchase is complete/confirmed,
credit card numbers are no longer needed

36. 01/29/1536
Safety
The personal information shall be protected
by security safeguards against theft and other
misappropriations.
Example:
individuals will be authenticated; sensitive
information will be encrypted

37. 01/29/1537
Openness
The donor shall be able to access all
information about him/her stored in the
database.
Example:
individual can look at their purchase history
and/or user profile

38. 01/29/1538
Compliance
The donor shall be able to verify compliance
with the stated policy and the database shall
be able to address any challenges.
Example:
log all accesses to show who had access to
what and when

39. Strawman Design
map privacy policy to privacy-
policies table
map access control policy to
privacy-authorizations table
compare privacy policy to user’s privacy preferences
users can opt-in or opt-out of each purpose
keep audit trail as proof of user’s consent
check data for accuracy before or after insertion
Before Query:
check to make sure that attributes in query are
listed for that purpose
During Query:
access to individual tuples of table is restricted by
purpose
queries have purpose and tuples have purpose
do not return tuples where
query purpose ≠ tuple purpose
After Query:
look for unusual patterns of access that are not
typical for that purpose and that user
add query to audit trail in order to show who had
access to what and when
delete data that has outlived it’s purpose
if same data collected for more than one purpose
use maximum retention period

40. 01/29/1540
Questions?
?