Chapter 4

Privacy

Chapter 4 - Privacy 1
 Chapter 4 - Objectives
1. Define the right of privacy.
2. Describe two fundamental forms of data
encryption and discuss their
advantages/disadvantages.
3. Identify several strategies of customer profiling
and identify the associated privacy issues.
4. Outline the key elements for treating consumer
data responsibly.
5. Discuss why and how employers are increasingly
implementing workplace monitoring.
6. Describe the capabilities of the Carnivore system
and other advanced surveillance technologies.
Chapter 4 - Privacy 2
Privacy Protection & The Law
• The use of information
technology in business requires
the balancing of the needs of
those who use information about
individuals against the rights
and desires of those individuals
whose information may be used.

Chapter 4 - Privacy 3
Constitution Amendment IV
• The right of people to be secure in their
persons, houses, papers, and effects,
against unreasonable searches and
seizures, shall not be violated, and no
Warrants shall issue, but upon probable
cause, supported by Oath or affirmation,
and particularly describing the place to be
searched, and the persons or things to be
seized.

Chapter 4 - Privacy 4
 The Right of Privacy
• Defined: “The right to be left
alone – the most comprehensive
of rights, and the right most
valued by a free people.”
• Another definition: “The right of
individuals to control the
collection and use of information
about themselves.”
Chapter 4 - Privacy 5
 Aspects of Privacy
• Protection from unreasonable
intrusion upon one’s isolation.
• Protection from appropriation of
one’s name or likeness.
• Protection from unreasonable
publicity given to one’s private life.
• Protection from publicity which
unreasonably places one in a false
light before the public.
Chapter 4 - Privacy 6
 Legal Overview
• Freedom of Information Act
(Canada)
– Passed in 1966
– Amended in 1974
• Gives the public access to certain
government records.
• Two parts
– Outlines the info that government agencies
are required to publish.
– Outlines the process to review the records.
Chapter 4 - Privacy 7
 Philippine FOI

• President Rodrigo Duterte has signed an

Executive Order mandating full public
disclosure of all offices under the executive
branch, Communications Secretary Martin
Andanar announced Sunday, July 24.
• Speaking in a press conference in Davao City,
Andanar said Duterte signed his second EO on
Saturday, July 23, at 7 pm – two days ahead of
his first State of the Nation Address (SONA).

Chapter 4 - Privacy 8
 Freedom of Information Act

 On December 14, 2009, the Senate of the

Philippines approved a Freedom of Information
Act designed to allow access to key public
documents, including those related to projects
where corruption has been an issue. The Act,
found in Senate Bill No. 3308, requires
government agencies to allow public review and
copying of all official information; officials who
block public access are subject to a term of
imprisonment of from one to six months. 

Chapter 4 - Privacy 9
 Republic Act 10173

AN ACT PROTECTING
INDIVIDUAL PERSONAL INFORMATION
IN INFORMATION AND
COMMUNICATIONS SYSTEMS IN THE
GOVERNMENT AND THE PRIVATE
SECTOR, CREATING FOR THIS
PURPOSE A NATIONAL PRIVACY
COMMISSION, AND FOR OTHER
PURPOSES
Chapter 4 - Privacy 10
 Freedom of Information
• Fair Credit Reporting Act – 1970
– Regulates credit reporting
bureaus.
• Privacy Act of 1974
– Limits how the U.S. government
collects, maintains, uses, and
disseminates personal
information.
Chapter 4 - Privacy 11
 Freedom of Information
• Organization for Economic
Cooperation and Development
– 30 member countries to set policies
and make agreements in areas where
multilateral agreement is necessary.
• Electronic Communication Privacy
Act – 1986
– Extends the prohibitions against the
unauthorized interception of
electronic communication.
Chapter 4 - Privacy 12
 Freedom of Information
• Communications Assistance for Law
Enforcement Act - 1994
– Required telephone companies to provide
a certain level of government access to
data.
• Better Business Bureau Online &
TRUSTe are non-profit privacy initiatives
that favor an industry-regulated
approach to data privacy over a
government regulated approach.
Chapter 4 - Privacy 13
 Key Policy Issues
• Opt-out assumes that the
consumers approve of having
companies collect and store their
personal information.
• Opt-in requires the data collector
to get specific permission from
consumers before collecting any
of their data.
Chapter 4 - Privacy 14
 Privacy & Anonymity Issues
• Data Encryption (Cryptography) is
the science of encoding messages
so that only the sender and
receiver can understand them.
• Public key system uses two keys
to encode and decode messages.
• Private key system uses a single
key to both encode and decode
messages.
Chapter 4 - Privacy 15
 Consumer Profiling
• Cookies – text files that a Web site
puts on your hard drive so that it
can remember something about you
at a later time.
• Three types of data collected
1. GET data is the trail that you take when you
browse the web.
2. POST data is info you typed into blank fields.
3. Click stream data is the history of the
information of what the user sought and
viewed.
Chapter 4 - Privacy 16
 Personalization Software
• Software used by marketers to optimize the
number, frequency, and mixture of their ad
placement.
– Rules-based: ties business rules to customer-
provided preferences.
– Collaborative filtering: offers
recommendations based on the types of
products purchased.
– Demographic filtering: collects click-stream
data with personal demographical data.
– Contextual commerce: associates product
promotions with specific content a user may
be receiving.
Chapter 4 - Privacy 17
 Platform for Privacy
Preferences (P3P)
• Screening technology being
proposed to shield users from sites
that don’t provide the level of
security they desire.
• Browser will download the privacy
policy from each site visited and
check it against your personal policy
settings.
Chapter 4 - Privacy 18
 Consumer Data
• Guidelines for treating consumer
data responsibly
– Code of Fair Information Practices
– Organization for Economic
Cooperation and Development
privacy guidelines
• Chief Privacy Officers
– Establish corporate data privacy
policies and initiatives
Chapter 4 - Privacy 19
 Workplace Monitoring
• Many organizations have set policies on
the use of information technology.
• 78% of major U.S. firms record and review
employee communications and activities.
– Phone calls
– E-mails
– Internet connections
– Computer files
– Videotaping

Chapter 4 - Privacy 20
 Spamming
• Spamming is the sending of
many copies of the same
messages in an attempt to
force a large number of people
to read a message they would
otherwise choose not to
receive.

Chapter 4 - Privacy 21
 Carnivore
• Highly controversial system used
by the FBI to monitor selected e-
mail messages and other
computer traffic.
• Opponents insist that law officials
should be required to get the same
type of court order to intercept e-
mail as they do with a wire-tap.

Chapter 4 - Privacy 22
 Advanced Surveillance
Technology
• Thermal imaging
• Security cameras
• Global Positioning Systems in cell
phones

Chapter 4 - Privacy 23
 Summary
• The right to privacy has four aspects:
– Protection from unreasonable intrusion
upon one’s isolation.
– Protection from appropriation of one’s
name or likeness.
– Protection from unreasonable publicity
given to one’s private life.
– Protection from publicity which
unreasonably places one in a false light
before the public.
Chapter 4 - Privacy 24
 Summary
• Data encryption is a tool for
ensuring confidentiality,
integrity, and authenticity of
messages and transactions.
• Marketing firms capture data
from numerous sources to build
databases detailing a large
amount of consumer behavior.

Chapter 4 - Privacy 25
 Summary
• Marketing firms capture data
from numerous sources to build
detailed databases.
• The Code of Fair Information
Practices and the OECD privacy
guidelines provides approaches
to handling consumer data
responsibly.
Chapter 4 - Privacy 26
 Summary
• Employers are increasingly
recording and reviewing
employee communication and
activities on the job.
• Carnivore is a controversial
system used by the FBI to
monitor e-mail messages.

Chapter 4 - Privacy 27
 Case 1 - HIPPA
• The Health Insurance Portability
and Accountability Act of 1996 is
to require health care
organizations to implement cost-
effective procedures for
exchanging medical data.
Compliance deadline is April,
2003.
Chapter 4 - Privacy 28
 Case 2 - Echelon
• Echelon is a top-secret electronic
eavesdropping system managed
by the National Security Agency
of the U.S. and is capable of
intercepting and decrypting
almost any electronic message
sent anywhere in the world via
satellite, microwave, cellular, and
fiber optic.
Chapter 4 - Privacy 29