Looks like a fabulous talk today at Harvard to be presented by our Advisory Board member Professor Annie Anton. Harvard CRCS » 2009 » March. Hope someone will be live blogging/twittering!
CRCS Privacy and Security Lunch Seminar
Date: Wednesday, May 6, 2009
Time: 12:00pm-1:30 pm
Place: Maxwell Dworkin 119
Speaker: Annie Anton
Title: Designing Software Systems that Comply with Privacy Laws
Abstract: Properly protecting information is in all our best interests, but it is a complex undertaking. The fact that regulation is often written by non-technologists, introduces additional challenges and obstacles. Moreover, those who design systems that collect, store, and maintain sensitive information have an obligation to design systems holistically within this broader context of regulatory and legal compliance.
There are questions that should be asked when developing new requirements for information systems. For example ….. How do we build systems to handle data that must be kept secure and private when relevant regulations tie your hands? When building a system that maintains health or financial records for a large number of people, what do we need to do to protect the information against theft and abuse, keep the information private, AND at the same time, satisfy all governing privacy laws and restrictions? Moreover, how do we know that we’ve satisfied those laws? How do we monitor for compliance while ensuring that we’re monitoring the right things? And, how do you accomplish all this in a way that can be expressed clearly to end-users and legislators (or auditors) so they can be confident you are doing the right things?
We’ve been working on technologies to make these tasks simpler, and in some senses, automatic. In this talk, I will describe some of the research that we have been conducting to address these problems. I will also discuss the results of a survey involving 975 Internet users in which we compared various ways to represent privacy management information to online healthcare consumers. The results of this work and our other studies pose interesting ethical questions for industry and society at large, and help illustrate the complexity of the problems.
Opt-Out Cookie Best Practices
Some very thoughtful guidance on opt-out cookie practices just released by our friend at privacy choice. Check them out!
More on Scalia
Scalia: Free Speech Trumps Privacy Online
by Wendy Davishttp://web.archive.org/web/20090508122947/http://www.mediapost.com:80/publications/?fa=Articles.printFriendly&art_aid=105258
Some lawmakers are talking about enacting new online privacy laws, but at least one U.S. Supreme Court Judge has indicated that such laws might not be constitutional.Earlier this year, conservative judge Antonin Scalia said new privacy laws would conflict with the First Amendment. The remarks, made at an event held by the Institute of American and Talmudic Law, were in response to comments made by Jules Polonetsky, co-chair and director of the think tank Future of Privacy Forum.Polonetsky outlined the various ways that data is collected across different Web platforms and proposed that people need some assurances that the information won’t be used against them. Scalia responded that the First Amendment would prevent much of the privacy protection that Polonetsky seemed to favor.
In a follow-up question, Polonetsky asked Scalia what he thought about a federal law banning video rental stores from disclosing the names of movies customers borrow. That law has particular resonance for Supreme Court judges because it was passed after a newspaper obtained and printed video rental records of nominee Robert Bork. Scalia then softened his position somewhat, to concede that “sensitive” information might warrant privacy protection…more at http://web.archive.org/web/20090508122947/http://www.mediapost.com:80/publications/?fa=Articles.printFriendly&art_aid=105258
IAPP Audio Conference – Identity, Identifiers and Personal Data
Two of the most important concepts of data protection law and its application are identifiable data and (in many jurisdictions) the relationship of this data to an identifiable person. For privacy laws to apply effectively this relationship must be clear. Yet, what is less clear is the critical dividing line between personal data and de-identified data. Join us to explore both established and emerging definitions of “PII” and “personal data” within the framework of existing technical capabilities, case law and regulatory views.
Speakers:
David Hoffman, CIPP, Director of Security Policy and Global Privacy Officer, Intel Corporation
Renzo Marchini, Counsel, Dechert LLP
Jules Polonetsky, CIPP, Co-Chairman and Director, Future of Privacy Forum
Price:
IAPP Members: $159
Nonmembers: $179
Justice Scalia’s Remarks About Privacy
Justice Scalia’s remarks about privacy, which came in response to Jules’ call for privacy advances at the IAT Law Conference, have been causing some controversy!
We now have respected and savvy technologists in place in government as CTO and CIO. Jules will be speaking at RSA this week to CIOs and CSOs about the key relationship between them and their CPO, an issue that has become an increasing corporate focus. With the many federal privacy issues in play right now, we now need a Chief Privacy Officer at the most senior government level to help ensure trust about user data. Consider the skepticism over putting NSA in charge of federal government cyber-security – even though NSA may have the best technical security expertise, critics have expressed concerns about NSA playing this role due to past government privacy controversies. An empowered CPO with clout (or a Chief Counselor for Privacy, as a version of this role was called when Peter Swire held it during the Clinton years) could bolster the level of faith in government needed to ensure that every agency is aware that the President wants the oversight, checks and balances, and legal processes in place that ensure both security and respect for privacy and civil liberties.
There are great agency CPOs in the intelligence agencies and elsewhere in government and the recent appointment of Mary Ellen Callahan at Homeland Security was a great move. But the Obama Administration could continue its record of innovation by the appointment of a CPO to partner with our new CTO and CIO.
European Commission and Privacy
The European Commission is organising a personal data use and protection conference to look at new challenges for privacy. Get details here:
Increasingly, leading advertisers and marketers who want to see digital marketing succeed are the leading advocates for responsible practices. See this from former Internet Advertising Bureau head Greg Stuart:
“Fight to the death those who want to use/abuse the medium for short-term gain but long-term loss, even if a marketer. Attack any entity trying to participate in mobile who disrespects the consumer or outright annoys them. Aggressively protect consumer trust, whether it be around issues of privacy or other issues of transparency to consumer.”
April 9, 2009 – Facebook at 200 Million, InternetNews
FPF Welcomes New Sponsors
We are thrilled to formally welcome today several additional sponsors. AOL, eBay, Facebook, Intel, The Nielsen Company, Verizon and Yahoo have joined AT&T as supporters of the Future of Privacy Forum and will be working with us on an exciting research project. Stay tuned for more details to come very soon about this project, as well as news about several additional supporters.