Each year, FPF awards the Privacy Papers for Policymakers Award to the authors of leading privacy research and analytical work that is relevant to policymakers in the United States Congress, at U.S. federal agencies, and for data protection authorities abroad. The Award showcases work that analyzes current and emerging privacy issues and proposes achievable short-term solutions or new means of analysis that could lead to real-world policy impact.
Winning Authors are invited to join FPF in Washington, DC to discuss their work at the United States Senate with policymakers, academics, and privacy professionals. This year, Privacy Papers for Policymakers will be held at 5:30 PM on January 11, 2017 (the day before FTC’s PrivacyCon), in Room SDG-50 (Senate Auditorium), Dirksen Senate Office Building, First Street and C Street, NEWashington, DC 20002. For more information and to register, click here.
FPF would like to extend a special Thank You to our 2016 Advisory Board Reviewers, including:
Projjol Banerjea, zeotap
Eduard Bartholme, Call For Action
Allison Cohen, Toyota
Heather Federman, Macy’s
Olga Garcia-Kaplan, Novitex Enterprise Solutions
Lauren Gelman, BlurryEdge Strategies
Rita Heimes, International Association of Privacy Professionals (IAPP)
Mike Hintze, Hintze Law
Sarah Holland, Google
Susan Israel, Loeb & Loeb LLP
Manoj Lamba, ClassDojo
David Medine, Consultative Group to Assist the Poor
Catherine Tucker, MIT Sloan School of Management
Susannah Wesley, Edelman
Heather West, Mozilla
Michael Zimmer, UW-Milwaukee School of Information Studies
Thank you for all your hard work!
Spotlight on PPPM Judges
This week, the Future of Privacy Forum (FPF) will announce the winners of the 2016 Privacy Papers for Policymakers Award. Each year, FPF awards the Privacy Papers for Policymakers Award to the authors of leading privacy research and analytical work that is relevant to policymakers in the United States Congress, at U.S. federal agencies, and for data protection authorities abroad.
The goal of the Award is to advance academic-industry collaboration in support of the National Privacy Research Strategyby showcasing work that analyzes current and emerging privacy issues and proposes achievable short-term solutions or new means of analysis that could lead to real-world policy impact.
How are PPPM papers chosen?
Papers are identified via our annual Call for Nominations, as well as from leading privacy research centers and submissions to the Privacy Law Scholars Conference (with authors’ permission).
Submissions receive an initial ranking from a diverse team of academics, consumer advocates, and industry privacy professionals from the FPF Advisory Board, with each submission being evaluated in the categories of: (1) Originality; (2) Applicability to policymaking; and (3) Overall quality of writing.
Finally, winners are selected by a panel of Finalist Judges who select the scholarship they feel should receive the Privacy Papers for Policymakers Award. Winning scholarship represents the “must-read” privacy papers of the year for policymakers. Leading Authors are invited to join FPF in Washington, DC to discuss their work at the United States Senate with policymakers, academics, and privacy professionals.
This year, Privacy Papers for Policymakers will be held at 5:30 PM on January 11, 2017 (the day before FTC’s PrivacyCon), in Room SDG-50 (Senate Auditorium), Dirksen Senate Office Building, First Street and C Street, NEWashington, DC 20002. For more information and to register, click here.
Finalist Judges:
Our Finalist Judges for 2016 include representatives from FPF, as well as one representative from each of our three audiences: Academia, Industry Privacy Professionals, and Consumer Advocates.
Judges include Jules Polonetsky, CEO, Future of Privacy Forum; Christopher Wolf, Founder and Board Chair, Future of Privacy Forum; Mary Culnan, Professor Emeritus, Bentley University, and Board Vice President, Future of Privacy Forum; Virginia Lee, Director – Global Privacy, Starbucks; and John Breyault, Vice President of Public Policy, Telecommunications and Fraud, National Consumers League.
More on our PPPM Judges:
Jules Polonetsky
CEO, Future of Privacy Forum
Jules serves as CEO of the Future of Privacy Forum. Jules previous roles have included serving as Chief Privacy Officer at AOL and before that at DoubleClick, as Consumer Affairs Commissioner for New York City, as an elected New York State Legislator and as a congressional staffer, and as an attorney. Jules serves on the Advisory Board of the Center for Copyright Information. He has served on the boards of a number of privacy and consumer protection organizations including TRUSTe, the International Association of Privacy Professionals, and the Network Advertising Initiative. From 2011-2012, Jules served on the Department of Homeland Security Data Privacy and Integrity Advisory Committee. In 2001, Crain’s NY Business magazine named Jules one of the top technology leaders in New York City. Jules is a regular speaker at privacy and technology events and has testified or presented before Congressional committees and the Federal Trade Commission.
Mary Culnan
Professor Emeritus, Bentley University
Vice President, Future of Privacy Forum Board of Directors
Dr. Mary J. Culnan is Professor Emeritus at Bentley University. She also serves as a Senior Research Fellow in the Center for IT and the Global Economy (CITGE) at the Kogod School of Business, American University. Mary has testified before Congress, the Massachusetts Senate, and other government agencies on a range of privacy issues. Mary’s primary research interest is governance of privacy and security. She has also conducted research on how organizations can gain value from social media. Mary’s work has been published in a range of academic journals as well as the New York Times, the Washington Post and the Wall Street Journal. Mary was employed for seven years as a systems analyst by the Burroughs Corporation prior to earning her Ph.D. in management from UCLA. Before joining the faculty at Bentley in fall 2000, she held faculty positions at the University of Virginia, University of California, Berkeley, the American University and Georgetown University.
Christopher Wolf
Founder and Board Chair, Future of Privacy Forum
Christopher Wolf is the founder and Board Chair of the Future of Privacy Forum. Chris is also a senior partner in the Washington, DC office of Hogan Lovells LLP, where he is a leader of that firm’s Privacy and Information Management practice. He has been in private law practice in Washington, DC since 1982. Chris has served as an adjunct law professor on Internet and privacy law, and is a frequent lecturer in continuing legal education programs on the subject.
MSNBC called Chris Wolf a “pioneer in Internet law”, reflecting his involvement in some of the earliest and precedent setting cases involving technology agreements, copyright, domain names, jurisdiction — and privacy. As the ability to collect, store, share and transfer personal information over the Internet increased, privacy became the main focus of Chris’ law practice. And Chris became known as a pioneer in privacy law too. It was for that reason that the prestigious Practising Law Institute (PLI) tapped Chris to be Editor and Lead Author of its first-ever treatise on privacy law. He also is co-editor of the PLI book, “A Practical Guide to the Red Flag Rules”, the identity theft prevention regulations issued by the FTC and financial regulators.
John Breyault
Vice President of Public Policy, Telecommunications and Fraud, National Consumers League
John joined the National Consumers League — America’s oldest consumer organization — in September 2008. His focus at NCL is advocating for stronger consumer and worker protections before Congress and federal agencies on a range of issues including telecommunications and technology policy, fraud, and consumer financial protections. In addition, John directs NCL’s Fraud Center an online hub for consumer education and advocacy related to fraud.
Prior to coming to NCL, John was Research Director at the Telecommunications Research and Action Center (TRAC), a non-profit consumer organization dedicated to promoting the interests of telecommunications consumers. Concurrent with his work at TRAC, John was Director of Research at Amplify Public Affairs (APA) where he helped launch the firm’s Web 2.0-based public affairs practice.
Prior to joining APA, John worked at Sprint in its International Carrier Services Division, at BellSouth in its Government Affairs office and at the American Center for Polish Culture. John has served on numerous Boards and advisory committees including the Federal Communications Commission’s Consumer Advisory Committee, the Commodity Futures Trading Commission’s Technology Advisory Committee and the Board of the Arlington-Alexandria Coalition for the Homeless.
Virginia “Ginny” Lee
Director – Global Privacy, Starbucks
Ginny Lee has worked in the high tech industry for over twenty years. Currently, she is Director – Global Privacy at Starbucks. Prior to this, she was Sr. Attorney – Privacy/Security at Intel Corporation and responsible for providing legal guidance on privacy and security matters, especially as they relate to “Privacy By Design”. Prior to Intel, Ginny was the Director of Platform and Product Privacy at Yahoo! where she was responsible for the policy direction of Yahoo!’s varied products and platforms. Ginny also ran a boutique law practice focused on privacy and intellectual property law. She has worked on policy, regulatory and compliance issues for the Network Advertising Initiative, a self-regulatory association for the third-party advertising industry. In addition to her legal experience, Ginny has held positions in engineering and product management and technical support.
Ginny holds a BA in Applied Mathematics from the University of Maine, a MBA from the University of New Hampshire, and a JD from the University Of Maine School Of Law. Ginny is also a Fellow of Information Privacy (FIP), Certified Information Privacy Professional (CIPP/US, /G) and Manager (CIPM). She is admitted to practice in Maine, Washington and Oregon and is a registered patent attorney.
Thank you to our 2016-17 PPPM Finalist Judges!
Georgetown – FPF: Valuable Partnership and Talent Channel
This August, Stacey Gray was promoted to the position of Policy Counsel at the Future of Privacy Forum (FPF). In this role, she covers Location & Ad Tracking, Big Data, and the Internet of Things. Stacey stays on top of developments in the space, like the new iOS Limit Ad Tracking Feature, and facilitates monthly working group meetings. She has also taken the lead on the highly anticipated Privacy Papers for Policymakers (PPPM) event, and has lent her extensive expertise to events like the 2016 Place Conference.
Stacey first came to FPF as a fellow from Georgetown University Law Center in August 2015, continuing a tradition of Georgetown graduates working fellowships at FPF. Each of the last three years, FPF has taken a top Georgetown student and immersed them in the world of privacy. FPF fellows collaborate with advocates, academics, and companies and handle projects that lead to best practices, white papers, codes of conduct, and the like.
Other FPF fellows to come from Georgetown include Sarah Gordon (September 2013-August 2014), who has worked for Zillow as a Corporate Counsel since her fellowship ended, and Stephany Fan (September 2014-May 2015), who went on to work at Morgan Lewis & Bockius LLP as an Associate.
When Stacey was a fellow, she worked on consumer privacy issues, work that she has continued as a Policy Counsel. “My background is in civil rights,” Stacey said. “As a result, I became interested in privacy through my academic focus on the Fourth Amendment.”
Stacey feels that FPF presents an unusual opportunity. “What strikes me as different about working here is the extent to which our work relies on nuance and technical expertise,” she said. “FPF is not as concerned with ‘taking a position’ as we are with getting to the right answers to important questions. This often means considering all sides of crucial debates, even when they are not necessarily about privacy at all, but about ethics, fairness or discrimination. It also means that among our policy staff we are constantly pushing each other to better understand the issues and engage intellectually with the underlying ideas.”
Stacey says that this has made her experience at FPF “tremendously challenging and rewarding.” Now, Stacey serves as a mentor for our newest fellow from Georgetown, Carolina Alonso. Carolina joined us in September, and has been working on the Student Privacy Pledge, as well as several projects related to kids and the connected home. This includes a joint paper with the Family Online Safety Institute (FOSI), set to be released in December. Carolina also works closely with Stacey on Ad Tech.
Carolina, who grew up in Silicon Valley, and has interned with organizations like Facebook and Yahoo, says FPF is a unique place. “When you join FPF, they expect that you are going to be the expert,” Carolina said. “This is different from school. Everything we do here has a real purpose and a real audience.”
Like Stacey, Carolina feels that her fellowship at FPF has been a valuable experience. “People here are very approachable and friendly. That makes Georgetown-FPF a great partnership.”
We agree. FPF has been fortunate to have a stream of high-level young talent, and we enjoy helping recent graduates build a solid foundation in the privacy field.
She explained that the colloquial term “always on” is often not an effective way to describe the range of technologies that use audio and video recording hardware. Instead, three general categories of microphone-enabled devices are proposed: (1) manually activated (requiring a press of a button, a flip of a switch, or other intentional physical action); (2) speech activated (requiring a spoken “wake phrase”); and (3) always on devices (devices, such as home security cameras, that are designed to constantly transmit data, including devices that “buffer” to allow the user to capture only the most recent period of time).
Seven Basic Security Checks for Evaluating Educational Platforms
FPF has produced a checklist to assist parents and schools in considering the “basics” of security standards on new ed tech products and services they may be considering or using. In on-line security, there is unfortunately no “one size fits all” solution, but with so many products and services available, this checklist is designed to provide some initial key triggers of areas that either meet a basic threshold, or might serve as discussion points for further review with the company involved.
Evaluating security standards on any particular product, site, or service can be challenging, and unlike privacy policies, there’s often no “security policy” in one location to review. People who are not security specialists may have a hard time knowing where to start. This checklist is designed for those who have some familiarity with computers, but are not security or technical specialists, to be able to do some simple tests to see what protections are in place, and help guide their discussion with the company for a more in-depth understanding.
The Seven Steps include:
Look for an Encrypted Connection
Ensure That Applications Use TLS Between Email Servers
Ensure That URLs Do Not Contain Sensitive Information
Ensure Sensitive Information Is Not Stored in the Cache or Browser History
Ensure That Passwords Are Protected
Ensure That the Login and Password Recovery Mechanisms Do Not Reveal Unnecessary Information (e.g. the Existence of an Account)
Be Watchful for “Information Leakage”
For each step, we’ve provided a step-by-step process to evaluate the topic area, and additional security resources are also identified for those looking for more detailed guidance. As the checklist says, it does not answer all questions for all situations. A company who complied with all these steps might still have security concerns; a company that does not do every step may still have quite sufficient security in place. We hope this checklist – which can be used as a companion to our Quick Security Tips for Ed Tech Vendors – will simply prove to be a useful resource for schools and parents who want to make an initial review of a product or service and it’s security protections.
FPF Guide to Student Data Protections Under SOPIPA: For K-12 School Administrators and Ed Tech Vendors
Co-written with education privacy experts Linnette Attai of PlayWell LLC, Amelia Vance of the National Association of State Boards of Education, and David B. Rubin, Esq., this document provides an in-depth analysis for ed tech companies. In particular, we examine the definitions and unique requirements of the California Student Online Personal Information Protection Act (SOPIPA). Topics include:
Who Must Comply?
What is “Actual Knowledge”?7
What are “K-12 School Purposes”?
What Information Is Protected Under SOPIPA (“Covered Information”)
Specific Requirements of SOPIPA for Ed Tech Vendors
What is Targeted Advertising?
When Can an Operator Disclose Covered Information?
How Can Operators Use Student Information?
SOPIPA Rights for Students
SOPIPA was the first state law to comprehensively address student privacy. It became effective January 1, 2016 and applies to websites, applications, and online services that provide programs or services for K-12 students. SOPIPA applies to operators (as defined in the statute) that collect covered information from students in the state of California. This guide provides general information, not legal advice, and following the recommendations or tips within does not guarantee compliance with any particular law.
SOPIPA is important because most education technology companies do business with California schools, and because it became a template for similar statutes around the country. Our goal is to clearly explain what companies and information is covered, and what the law does (or doesn’t) require. This may be useful for companies and schools operating in California now, and also may prove helpful to policymakers in those states who may still be considering updates to their student privacy laws, and are considering whether to follow the California model.
On November 4, 2016, the California AG’s Director of Privacy Education and Policy released their document: Ready for School: Recommendations for the Ed Tech Industry to Protect the Privacy of Student Data. This is valuable information for vendor’s use on the state’s view of the requirements of the law. However, these are non-binding recommendations, and do not definitively address all the areas of the law that will have to be addressed by vendors operating in California schools. Our detailed guide provides a useful companion tool for vendors to make informed decisions about their privacy policies and practices when operating in California schools.
FPF Hires New Policy Counsel – Amelia Vance
We are thrilled to welcome Amelia Vance to Future of Privacy Forum (FPF) as of November 7, 2016, as Policy Counsel. In this position, Amelia will lead FPF’s work to ensure the responsible use of student data and education technology in schools, helping educators with resources and information, and seeking inputs from all stakeholders to ensure students succeed.
Amelia came to us from her role as the Director of the Education Data & Technology Project at the National Association of State Boards of Education (NASBE). In that capacity, she tracked and provided comments on state and federal legislation, provided technical assistance to over 30 states, spoke at events with attendance ranging from 10 to 800 people, provided guidance on the nuances of student privacy law to most major education organizations, and wrote op-eds, short pieces, and longer reports, including “Policymaking on Education Data Privacy: Lessons Learned” and “School Surveillance: The Consequences for Equity and Privacy.”
Amelia is a member of the Virginia State Bar, the International Association of Privacy Professionals, the American Constitution Society, and is a board member of the Virginia Equality Bar Association. She is a graduate of McDaniel College and William & Mary Law School.
We are delighted to have Amelia on board as FPF continues to grow its impact within the public policy discussion on the responsible use of student data and education technology. For inputs or questions, please contact Amelia at [email protected].
Future of Privacy Forum Welcomes New Leader for Student Data Privacy Program
FOR IMMEDIATE RELEASE
November 7, 2016
Contact: Melanie Bates, Director of Communications, [email protected]
Future of Privacy Forum Welcomes New Leader for Student Data Privacy Program
Washington, DC – Today, the Future of Privacy Forum (FPF) announced that Amelia Vance has joined the organization as Policy Counsel. Her portfolio includes student privacy for K-12 and Higher Education environments, and education technology initiatives. Vance leads FPF’s work to ensure the responsible use of student data and education technology in schools, helping educators with resources and information, and seeking inputs from all stakeholders to ensure students succeed.
“I am thrilled to have the opportunity to continue working on this important issue,” Vance said. “FPF has already done amazing work in this arena, and I look forward to expanding FPF’s project to develop robust policies and practices that will transform the ed tech and student privacy space.”
Prior to FPF, Vance was the Director of the Education Data & Technology Project at the National Association of State Boards of Education (NASBE). In that capacity, she tracked and provided comments on state and federal legislation, provided technical assistance to over 30 states, spoke at events with attendance ranging from 10 to 800 people, provided guidance on the nuances of student privacy law to most major education organizations, and wrote op-eds, short pieces, and longer reports, including “Policymaking on Education Data Privacy: Lessons Learned” and “School Surveillance: The Consequences for Equity and Privacy.”
“Technology and data, if used with respect for students, teachers, and parents has great potential to advance learning,” said Jules Polonetsky, FPF’s CEO. “In her previous position, Amelia helped chart best practices for student data and we are excited to have her shape FPF’s activities going forward.”
“Having worked closely with Amelia on student data issues while she was at NASBE, I have complete confidence that she will build on FPF’s strong student privacy foundations, designing new initiatives and support for the growing use of technology and data to achieve educational objectives,” said Brenda Leong, FPF’s Senior Counsel and Director of Operations.
Vance is a member of the Virginia State Bar, the International Association of Privacy Professionals, the American Constitution Society, and is a board member of the Virginia Equality Bar Association. Vance is a graduate of McDaniel College and William & Mary Law School.
###
The Future of Privacy Forum is a non-profit organization that serves as a catalyst for privacy leadership and scholarship, advancing principled data practices in support of emerging technologies. To learn more, visit www.fpf.org.
7th Annual Privacy Papers for Policymakers
If this page does not automatically re-direct, please click here: https://fpf.org/7th-annual-privacy-papers-policymakers-january-11-2017-capitol-hill/.
FPF Talks Corporate Email Security with NPR
On November 1, 2016, Jules Polonetsky was featured on NPR‘s Marketplace to discuss corporate email security. In light of recent hacks, it is imperative for companies to educate employees about best practices. Jules discussed the importance of two-factor authentication for log ins and encouraged the use of strong passwords.
