Usage Stats Lange

Category: Entertainment

Presentation Description

No description available.


Presentation Transcript

Online Usage Statistics: Current Trends and Future Directions in Meeting User Needs: 

Online Usage Statistics: Current Trends and Future Directions in Meeting User Needs David M. Lange

Where Are We Headed: The Legal Issues : 

Where Are We Headed: The Legal Issues Part I Current legal and regulatory framework Federal and state consumer protection statutes Sector-specific privacy laws International legal approaches to privacy Part II Implications of privacy principles within the specific context of the collection, dissemination, and retention of usage statistics Important steps in designing a privacy regime Part III Privacy and the First Amendment Building and maintaining databases that track personally identifiable information regarding speech issues

Government Regulation of the Collection and Use of Personally Identifiable Information: 

Government Regulation of the Collection and Use of Personally Identifiable Information Privacy Principles Notice Choice/Consent Integrity/Accuracy Security/Confidentiality Access/Correction Onward Transfer Enforcement/Redress

Laws of General Application: 

Laws of General Application The Federal Trade Commission Act and Related State Laws FTC Act State UDAP Laws Enforced by state attorneys general Private rights of action

Sector-Specific Laws: 

Sector-Specific Laws Children’s Online Privacy Protection Act ('COPPA') Gramm-Leach-Bliley Act (a.k.a. Financial Services Modernization Act) Health Insurance Portability and Accountability Act ('HIPPA') California Internet Privacy Law

Children’s Online Privacy Protection Act: 

Children’s Online Privacy Protection Act COPPA Governs the activities of web site operators regarding collection of personal information from children under the age of 13 Two standards: directed at children vs. knowingly collect from children Requires disclosure of information collection practices Verifiable Parental Consent

Title V, Subtitle A ofthe Gramm-Leach-Bliley Act: 

Title V, Subtitle A of the Gramm-Leach-Bliley Act Privacy regime with respect to individuals transacting business with 'financial institutions' 'Non-public personal information' Prohibits, with certain exceptions, disclosure of nonpublic personal information to unaffiliated third parties unless: (a) a prescribed notice is given to the consumer; and (b) the consumer is given a reasonable opportunity to 'opt out' before the information is disclosed

Other Applicable Privacy Laws: 

Other Applicable Privacy Laws Other federal laws relating to the privacy of specific types of information Electronic Communications Privacy Act of 1986 Computer Fraud and Abuse Act Fair Credit Reporting Act of 1970 Telephone Consumer Protection Act of 1991 (Telemarketing Sales Rule/Do-Not-Call List) Cable Communications Policy Act of 1984 Video Privacy Protection Act of 1988 Right to Financial Privacy Act of 1980 Privacy Act of 1974

International Laws: 

International Laws European Union Directive on data privacy Personal data may only be collected for specified purposes and may not be processed 'in a way incompatible with those purposes'; Data may only be processed after the user has given consent; Data collectors may not collect certain types of sensitive data, including information on racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, or health or sex life; The data collector must disclose certain information to users, including the collector’s identity and the purposes for collection; Users have the right to obtain from the data collector certain information, such as the identity of any recipients of the data; Data collectors must guarantee the confidentiality and security of the data; Data collectors must notify their respective national supervisory authority before processing any data; and Perhaps most important for U.S. businesses, transfers of personal data to a country outside the European Union are only allowed if that third country 'ensures an adequate level of protection' to the data

Usage Statistics and Privacy Principles: 

Usage Statistics and Privacy Principles What are you collecting? Information that is not uniquely identifiable Individually/Personally identifiable Even collection of 'anonymous' information can give rise to concern from consumer advocates/government In re Pharmatrak Privacy Litigation 329 F.3d 9 (1st Cir. 2003) Class action suit Agreement between defendant and pharm. companies provided no personal information would be collected

Illustrative Enforcement Actions: 

Illustrative Enforcement Actions DoubleClick, Inc. Multistate AG settlement (2002) Anonymous but unique identifiers Required to Increase significantly the visibility of its tracking practices Netscape Communications NYAG settlement (2003) 'Spyware' case 'SmartDownload' feature Required to delete collected data

Minimizing the Problems Associated with Collecting Usage Statistics: 

Minimizing the Problems Associated with Collecting Usage Statistics Eliminate Unnecessary Collection of Personally Identifiable Information The more robust the usage statistics are, the greater their usefulness to publishers and librarians The more robust the information collected, the greater the intrusion on personal privacy If both usage information and registration information are collected, implement written policy and procedure to maintain them separately and not to correlate them

Minimizing the Problems Associated with Collecting Usage Statistics (cont’d): 

Minimizing the Problems Associated with Collecting Usage Statistics (cont’d) Adequate and Accurate Disclosure of Information Practices Identification of the entity collecting the data; The nature of the data collected and the means by which it is collected Identification of the types of uses to which the data will be put Identification of any third-party disclosure of the data Whether providing the requested data is voluntary or required The consequences of refusing to provide such data The steps taken to ensure the confidentiality and integrity of the data

Minimizing the Problems Associated with Collecting Usage Statistics (cont’d): 

Minimizing the Problems Associated with Collecting Usage Statistics (cont’d) Developing an information policy and a disclosure statement should be a detailed comprehensive process Comprehensive process DO NOT just call your lawyer and ask him/her to write something for you or review a draft Seek inputs from technology, marketing/strategy, human resources, security, legal Draft with flexibility in mind

Minimizing the Problems Associated with Collecting Usage Statistics (cont’d): 

Minimizing the Problems Associated with Collecting Usage Statistics (cont’d) Establish checks and balances Establish adequate employee training Write policies in simple straightforward language Violations of the policy should result in serious consequences Take advantage of developments in technology related to data storage and protection Process should be viewed as iterative; regular review and improvement

The Right to Read Anonymously: 

The Right to Read Anonymously The First Amendment: 'Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.' U.S. Const. amend. I

The Right to Read Anonymously (cont’d): 

The Right to Read Anonymously (cont’d) Once the government can demand of a publisher the names of purchasers of his publications, the free press as we know it disappears. Then the spectre of a government agent will look over the shoulder of everyone who reads. The purchase of a book or pamphlet today may result in a subpoena tomorrow. Fear of criticism goes with every person into the bookstall. The subtle, imponderable pressures of the orthodox lay hold. Some will fear to read what is unpopular what the powers-that-be dislike. When the light of publicity may reach any student, any teacher, inquiry will be discouraged. The books and pamphlets that are critical of the administration, that preach an unpopular policy in domestic or foreign affairs, that are in disrepute in the orthodox school of thought will be suspect and subject to investigation. The press and its readers will pay a heavy price in harassment. But that will be minor in comparison with the menace of the shadow which the government will cast over literature that does not follow the dominant party line. If the lady from Toledo can be required to disclose what she read yesterday and what she will read tomorrow, fear will take the place of freedom in the libraries, bookstores, and homes of the land. United States v. Rumely 345 U.S. 41 (1953) (Frankfurter, J.)

The Right to Read Anonymously (cont’d): 

The Right to Read Anonymously (cont’d) Be mindful of possible downstream consequences No entity can ensure absolute control over the databases of information it collects Subpoenas/Litigation Government Investigations Private Investigations Sales of Assets Prudently drafted privacy policy would expressly reserve for the data collector the right to divulge personally identifiable information in response to a law enforcement inquiry

The Right to Read Anonymously (cont’d): 

The Right to Read Anonymously (cont’d)

authorStream Live Help