Harvard Engineering

Looks like a fabulous talk today at Harvard to be presented by our Advisory Board member Professor Annie Anton. Harvard CRCS » 2009 » March.  Hope someone will be live blogging/twittering!

CRCS Privacy and Security Lunch Seminar

Date: Wednesday, May 6, 2009

Time: 12:00pm-1:30 pm

Place: Maxwell Dworkin 119

Speaker: Annie Anton

Title: Designing Software Systems that Comply with Privacy Laws

Abstract: Properly protecting information is in all our best interests, but it is a complex undertaking. The fact that regulation is often written by non-technologists, introduces additional challenges and obstacles. Moreover, those who design systems that collect, store, and maintain sensitive information have an obligation to design systems holistically within this broader context of regulatory and legal compliance.

There are questions that should be asked when developing new requirements for information systems. For example ….. How do we build systems to handle data that must be kept secure and private when relevant regulations tie your hands? When building a system that maintains health or financial records for a large number of people, what do we need to do to protect the information against theft and abuse, keep the information private, AND at the same time, satisfy all governing privacy laws and restrictions? Moreover, how do we know that we’ve satisfied those laws? How do we monitor for compliance while ensuring that we’re monitoring the right things? And, how do you accomplish all this in a way that can be expressed clearly to end-users and legislators (or auditors) so they can be confident you are doing the right things?

We’ve been working on technologies to make these tasks simpler, and in some senses, automatic. In this talk, I will describe some of the research that we have been conducting to address these problems. I will also discuss the results of a survey involving 975 Internet users in which we compared various ways to represent privacy management information to online healthcare consumers. The results of this work and our other studies pose interesting ethical questions for industry and society at large, and help illustrate the complexity of the problems.

Opt-Out Cookie Best Practices

Some very thoughtful guidance on opt-out cookie practices just released by our friend at privacy choice.  Check them out!

More on Scalia

Scalia: Free Speech Trumps Privacy Online
by Wendy Davishttp://web.archive.org/web/20090508122947/http://www.mediapost.com:80/publications/?fa=Articles.printFriendly&art_aid=105258
Some lawmakers are talking about enacting new online privacy laws, but at least one U.S. Supreme Court Judge has indicated that such laws might not be constitutional.Earlier this year, conservative judge Antonin Scalia said new privacy laws would conflict with the First Amendment. The remarks, made at an event held by the Institute of American and Talmudic Law, were in response to comments made by Jules Polonetsky, co-chair and director of the think tank Future of Privacy Forum.Polonetsky outlined the various ways that data is collected across different Web platforms and proposed that people need some assurances that the information won’t be used against them. Scalia responded that the First Amendment would prevent much of the privacy protection that Polonetsky seemed to favor.

In a follow-up question, Polonetsky asked Scalia what he thought about a federal law banning video rental stores from disclosing the names of movies customers borrow. That law has particular resonance for Supreme Court judges because it was passed after a newspaper obtained and printed video rental records of nominee Robert Bork. Scalia then softened his position somewhat, to concede that “sensitive” information might warrant privacy protection…more at http://web.archive.org/web/20090508122947/http://www.mediapost.com:80/publications/?fa=Articles.printFriendly&art_aid=105258

IAPP Audio Conference – Identity, Identifiers and Personal Data

IAPP Audio Conference – Identity, Identifiers and Personal Data

Date: May 7, 2009

Time: 1 – 2:30 p.m. EDT

Two of the most important concepts of data protection law and its application are identifiable data and (in many jurisdictions) the relationship of this data to an identifiable person. For privacy laws to apply effectively this relationship must be clear. Yet, what is less clear is the critical dividing line between personal data and de-identified data. Join us to explore both established and emerging definitions of “PII” and “personal data” within the framework of existing technical capabilities, case law and regulatory views.

Speakers:

David Hoffman, CIPP, Director of Security Policy and Global Privacy Officer, Intel Corporation

Renzo Marchini, Counsel, Dechert LLP

Jules Polonetsky, CIPP, Co-Chairman and Director, Future of Privacy Forum

Price:

IAPP Members: $159

Nonmembers: $179

Justice Scalia’s Remarks About Privacy

Justice Scalia’s remarks about privacy, which came in response to Jules’ call for privacy advances at the IAT Law Conference, have been causing some controversy!

Check it out here at the blog of FPF advisory board member professor Dan Solove and at Above the Law.

CTO and CIO set. Next please, a CPO!

We now have respected and savvy technologists in place in government as CTO and CIO. Jules will be speaking at RSA this week to CIOs and CSOs about the key relationship between them and their CPO, an issue that has become an increasing corporate focus. With the many federal privacy issues in play right now, we now need a Chief Privacy Officer at the most senior government level to help ensure trust about user data. Consider the skepticism over putting NSA in charge of federal government cyber-security – even though NSA may have the best technical security expertise, critics have expressed concerns about NSA playing this role due to past government privacy controversies. An empowered CPO with clout (or a Chief Counselor for Privacy, as a version of this role was called when Peter Swire held it during the Clinton years) could bolster the level of faith in government needed to ensure that every agency is aware that the President wants the oversight, checks and balances, and legal processes in place that ensure both security and respect for privacy and civil liberties.

There are great agency CPOs in the intelligence agencies and elsewhere in government and the recent appointment of Mary Ellen Callahan at Homeland Security was a great move. But the Obama Administration could continue its record of innovation by the appointment of a CPO to partner with our new CTO and CIO.

European Commission and Privacy

The European Commission is organising a personal data use and protection conference to look at new challenges for privacy. Get details here:

Justice and Home Affairs – Newsroom – Events.

Who are the Fiercest Privacy Advocates?

Increasingly, leading advertisers and marketers who want to see digital marketing succeed are the leading advocates for responsible practices. See this from former Internet Advertising Bureau head Greg Stuart:

“Fight to the death those who want to use/abuse the medium for short-term gain but long-term loss, even if a marketer. Attack any entity trying to participate in mobile who disrespects the consumer or outright annoys them. Aggressively protect consumer trust, whether it be around issues of privacy or other issues of transparency to consumer.”

http://mansavesdog.wordpress.com/2009/04/10/mobile-advertising-maybe-next-year-or-the-year-after-that/

April 9, 2009 – Facebook at 200 Million, InternetNews

 

 

FPF Welcomes New Sponsors

We are thrilled to formally welcome today several additional sponsors. AOL, eBay, Facebook, Intel, The Nielsen Company, Verizon and Yahoo have joined AT&T as supporters of the Future of Privacy Forum and will be working with us on an exciting research project. Stay tuned for more details to come very soon about this project, as well as news about several additional supporters.