logging in or signing up Usage Stats Lange Gabir Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 234 Category: Entertainment License: All Rights Reserved Like it (0) Dislike it (0) Added: June 17, 2007 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript Online Usage Statistics: Current Trends and Future Directions in Meeting User Needs: Online Usage Statistics: Current Trends and Future Directions in Meeting User Needs David M. Lange Where Are We Headed: The Legal Issues : Where Are We Headed: The Legal Issues Part I Current legal and regulatory framework Federal and state consumer protection statutes Sector-specific privacy laws International legal approaches to privacy Part II Implications of privacy principles within the specific context of the collection, dissemination, and retention of usage statistics Important steps in designing a privacy regime Part III Privacy and the First Amendment Building and maintaining databases that track personally identifiable information regarding speech issues Government Regulation of the Collection and Use of Personally Identifiable Information: Government Regulation of the Collection and Use of Personally Identifiable Information Privacy Principles Notice Choice/Consent Integrity/Accuracy Security/Confidentiality Access/Correction Onward Transfer Enforcement/Redress Laws of General Application: Laws of General Application The Federal Trade Commission Act and Related State Laws FTC Act State UDAP Laws Enforced by state attorneys general Private rights of action Sector-Specific Laws: Sector-Specific Laws Children’s Online Privacy Protection Act ('COPPA') Gramm-Leach-Bliley Act (a.k.a. Financial Services Modernization Act) Health Insurance Portability and Accountability Act ('HIPPA') California Internet Privacy Law Children’s Online Privacy Protection Act: Children’s Online Privacy Protection Act COPPA Governs the activities of web site operators regarding collection of personal information from children under the age of 13 Two standards: directed at children vs. knowingly collect from children Requires disclosure of information collection practices Verifiable Parental Consent Title V, Subtitle A ofthe Gramm-Leach-Bliley Act: Title V, Subtitle A of the Gramm-Leach-Bliley Act Privacy regime with respect to individuals transacting business with 'financial institutions' 'Non-public personal information' Prohibits, with certain exceptions, disclosure of nonpublic personal information to unaffiliated third parties unless: (a) a prescribed notice is given to the consumer; and (b) the consumer is given a reasonable opportunity to 'opt out' before the information is disclosed Other Applicable Privacy Laws: Other Applicable Privacy Laws Other federal laws relating to the privacy of specific types of information Electronic Communications Privacy Act of 1986 Computer Fraud and Abuse Act Fair Credit Reporting Act of 1970 Telephone Consumer Protection Act of 1991 (Telemarketing Sales Rule/Do-Not-Call List) Cable Communications Policy Act of 1984 Video Privacy Protection Act of 1988 Right to Financial Privacy Act of 1980 Privacy Act of 1974 International Laws: International Laws European Union Directive on data privacy Personal data may only be collected for specified purposes and may not be processed 'in a way incompatible with those purposes'; Data may only be processed after the user has given consent; Data collectors may not collect certain types of sensitive data, including information on racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, or health or sex life; The data collector must disclose certain information to users, including the collector’s identity and the purposes for collection; Users have the right to obtain from the data collector certain information, such as the identity of any recipients of the data; Data collectors must guarantee the confidentiality and security of the data; Data collectors must notify their respective national supervisory authority before processing any data; and Perhaps most important for U.S. businesses, transfers of personal data to a country outside the European Union are only allowed if that third country 'ensures an adequate level of protection' to the data Usage Statistics and Privacy Principles: Usage Statistics and Privacy Principles What are you collecting? Information that is not uniquely identifiable Individually/Personally identifiable Even collection of 'anonymous' information can give rise to concern from consumer advocates/government In re Pharmatrak Privacy Litigation 329 F.3d 9 (1st Cir. 2003) Class action suit Agreement between defendant and pharm. companies provided no personal information would be collected Illustrative Enforcement Actions: Illustrative Enforcement Actions DoubleClick, Inc. Multistate AG settlement (2002) Anonymous but unique identifiers Required to Increase significantly the visibility of its tracking practices Netscape Communications NYAG settlement (2003) 'Spyware' case 'SmartDownload' feature Required to delete collected data Minimizing the Problems Associated with Collecting Usage Statistics: Minimizing the Problems Associated with Collecting Usage Statistics Eliminate Unnecessary Collection of Personally Identifiable Information The more robust the usage statistics are, the greater their usefulness to publishers and librarians The more robust the information collected, the greater the intrusion on personal privacy If both usage information and registration information are collected, implement written policy and procedure to maintain them separately and not to correlate them Minimizing the Problems Associated with Collecting Usage Statistics (cont’d): Minimizing the Problems Associated with Collecting Usage Statistics (cont’d) Adequate and Accurate Disclosure of Information Practices Identification of the entity collecting the data; The nature of the data collected and the means by which it is collected Identification of the types of uses to which the data will be put Identification of any third-party disclosure of the data Whether providing the requested data is voluntary or required The consequences of refusing to provide such data The steps taken to ensure the confidentiality and integrity of the data Minimizing the Problems Associated with Collecting Usage Statistics (cont’d): Minimizing the Problems Associated with Collecting Usage Statistics (cont’d) Developing an information policy and a disclosure statement should be a detailed comprehensive process Comprehensive process DO NOT just call your lawyer and ask him/her to write something for you or review a draft Seek inputs from technology, marketing/strategy, human resources, security, legal Draft with flexibility in mind Minimizing the Problems Associated with Collecting Usage Statistics (cont’d): Minimizing the Problems Associated with Collecting Usage Statistics (cont’d) Establish checks and balances Establish adequate employee training Write policies in simple straightforward language Violations of the policy should result in serious consequences Take advantage of developments in technology related to data storage and protection Process should be viewed as iterative; regular review and improvement The Right to Read Anonymously: The Right to Read Anonymously The First Amendment: 'Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.' U.S. Const. amend. I The Right to Read Anonymously (cont’d): The Right to Read Anonymously (cont’d) Once the government can demand of a publisher the names of purchasers of his publications, the free press as we know it disappears. Then the spectre of a government agent will look over the shoulder of everyone who reads. The purchase of a book or pamphlet today may result in a subpoena tomorrow. Fear of criticism goes with every person into the bookstall. The subtle, imponderable pressures of the orthodox lay hold. Some will fear to read what is unpopular what the powers-that-be dislike. When the light of publicity may reach any student, any teacher, inquiry will be discouraged. The books and pamphlets that are critical of the administration, that preach an unpopular policy in domestic or foreign affairs, that are in disrepute in the orthodox school of thought will be suspect and subject to investigation. The press and its readers will pay a heavy price in harassment. But that will be minor in comparison with the menace of the shadow which the government will cast over literature that does not follow the dominant party line. If the lady from Toledo can be required to disclose what she read yesterday and what she will read tomorrow, fear will take the place of freedom in the libraries, bookstores, and homes of the land. United States v. Rumely 345 U.S. 41 (1953) (Frankfurter, J.) The Right to Read Anonymously (cont’d): The Right to Read Anonymously (cont’d) Be mindful of possible downstream consequences No entity can ensure absolute control over the databases of information it collects Subpoenas/Litigation Government Investigations Private Investigations Sales of Assets Prudently drafted privacy policy would expressly reserve for the data collector the right to divulge personally identifiable information in response to a law enforcement inquiry The Right to Read Anonymously (cont’d): The Right to Read Anonymously (cont’d) You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
Usage Stats Lange Gabir Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 234 Category: Entertainment License: All Rights Reserved Like it (0) Dislike it (0) Added: June 17, 2007 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript Online Usage Statistics: Current Trends and Future Directions in Meeting User Needs: Online Usage Statistics: Current Trends and Future Directions in Meeting User Needs David M. Lange Where Are We Headed: The Legal Issues : Where Are We Headed: The Legal Issues Part I Current legal and regulatory framework Federal and state consumer protection statutes Sector-specific privacy laws International legal approaches to privacy Part II Implications of privacy principles within the specific context of the collection, dissemination, and retention of usage statistics Important steps in designing a privacy regime Part III Privacy and the First Amendment Building and maintaining databases that track personally identifiable information regarding speech issues Government Regulation of the Collection and Use of Personally Identifiable Information: Government Regulation of the Collection and Use of Personally Identifiable Information Privacy Principles Notice Choice/Consent Integrity/Accuracy Security/Confidentiality Access/Correction Onward Transfer Enforcement/Redress Laws of General Application: Laws of General Application The Federal Trade Commission Act and Related State Laws FTC Act State UDAP Laws Enforced by state attorneys general Private rights of action Sector-Specific Laws: Sector-Specific Laws Children’s Online Privacy Protection Act ('COPPA') Gramm-Leach-Bliley Act (a.k.a. Financial Services Modernization Act) Health Insurance Portability and Accountability Act ('HIPPA') California Internet Privacy Law Children’s Online Privacy Protection Act: Children’s Online Privacy Protection Act COPPA Governs the activities of web site operators regarding collection of personal information from children under the age of 13 Two standards: directed at children vs. knowingly collect from children Requires disclosure of information collection practices Verifiable Parental Consent Title V, Subtitle A ofthe Gramm-Leach-Bliley Act: Title V, Subtitle A of the Gramm-Leach-Bliley Act Privacy regime with respect to individuals transacting business with 'financial institutions' 'Non-public personal information' Prohibits, with certain exceptions, disclosure of nonpublic personal information to unaffiliated third parties unless: (a) a prescribed notice is given to the consumer; and (b) the consumer is given a reasonable opportunity to 'opt out' before the information is disclosed Other Applicable Privacy Laws: Other Applicable Privacy Laws Other federal laws relating to the privacy of specific types of information Electronic Communications Privacy Act of 1986 Computer Fraud and Abuse Act Fair Credit Reporting Act of 1970 Telephone Consumer Protection Act of 1991 (Telemarketing Sales Rule/Do-Not-Call List) Cable Communications Policy Act of 1984 Video Privacy Protection Act of 1988 Right to Financial Privacy Act of 1980 Privacy Act of 1974 International Laws: International Laws European Union Directive on data privacy Personal data may only be collected for specified purposes and may not be processed 'in a way incompatible with those purposes'; Data may only be processed after the user has given consent; Data collectors may not collect certain types of sensitive data, including information on racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, or health or sex life; The data collector must disclose certain information to users, including the collector’s identity and the purposes for collection; Users have the right to obtain from the data collector certain information, such as the identity of any recipients of the data; Data collectors must guarantee the confidentiality and security of the data; Data collectors must notify their respective national supervisory authority before processing any data; and Perhaps most important for U.S. businesses, transfers of personal data to a country outside the European Union are only allowed if that third country 'ensures an adequate level of protection' to the data Usage Statistics and Privacy Principles: Usage Statistics and Privacy Principles What are you collecting? Information that is not uniquely identifiable Individually/Personally identifiable Even collection of 'anonymous' information can give rise to concern from consumer advocates/government In re Pharmatrak Privacy Litigation 329 F.3d 9 (1st Cir. 2003) Class action suit Agreement between defendant and pharm. companies provided no personal information would be collected Illustrative Enforcement Actions: Illustrative Enforcement Actions DoubleClick, Inc. Multistate AG settlement (2002) Anonymous but unique identifiers Required to Increase significantly the visibility of its tracking practices Netscape Communications NYAG settlement (2003) 'Spyware' case 'SmartDownload' feature Required to delete collected data Minimizing the Problems Associated with Collecting Usage Statistics: Minimizing the Problems Associated with Collecting Usage Statistics Eliminate Unnecessary Collection of Personally Identifiable Information The more robust the usage statistics are, the greater their usefulness to publishers and librarians The more robust the information collected, the greater the intrusion on personal privacy If both usage information and registration information are collected, implement written policy and procedure to maintain them separately and not to correlate them Minimizing the Problems Associated with Collecting Usage Statistics (cont’d): Minimizing the Problems Associated with Collecting Usage Statistics (cont’d) Adequate and Accurate Disclosure of Information Practices Identification of the entity collecting the data; The nature of the data collected and the means by which it is collected Identification of the types of uses to which the data will be put Identification of any third-party disclosure of the data Whether providing the requested data is voluntary or required The consequences of refusing to provide such data The steps taken to ensure the confidentiality and integrity of the data Minimizing the Problems Associated with Collecting Usage Statistics (cont’d): Minimizing the Problems Associated with Collecting Usage Statistics (cont’d) Developing an information policy and a disclosure statement should be a detailed comprehensive process Comprehensive process DO NOT just call your lawyer and ask him/her to write something for you or review a draft Seek inputs from technology, marketing/strategy, human resources, security, legal Draft with flexibility in mind Minimizing the Problems Associated with Collecting Usage Statistics (cont’d): Minimizing the Problems Associated with Collecting Usage Statistics (cont’d) Establish checks and balances Establish adequate employee training Write policies in simple straightforward language Violations of the policy should result in serious consequences Take advantage of developments in technology related to data storage and protection Process should be viewed as iterative; regular review and improvement The Right to Read Anonymously: The Right to Read Anonymously The First Amendment: 'Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.' U.S. Const. amend. I The Right to Read Anonymously (cont’d): The Right to Read Anonymously (cont’d) Once the government can demand of a publisher the names of purchasers of his publications, the free press as we know it disappears. Then the spectre of a government agent will look over the shoulder of everyone who reads. The purchase of a book or pamphlet today may result in a subpoena tomorrow. Fear of criticism goes with every person into the bookstall. The subtle, imponderable pressures of the orthodox lay hold. Some will fear to read what is unpopular what the powers-that-be dislike. When the light of publicity may reach any student, any teacher, inquiry will be discouraged. The books and pamphlets that are critical of the administration, that preach an unpopular policy in domestic or foreign affairs, that are in disrepute in the orthodox school of thought will be suspect and subject to investigation. The press and its readers will pay a heavy price in harassment. But that will be minor in comparison with the menace of the shadow which the government will cast over literature that does not follow the dominant party line. If the lady from Toledo can be required to disclose what she read yesterday and what she will read tomorrow, fear will take the place of freedom in the libraries, bookstores, and homes of the land. United States v. Rumely 345 U.S. 41 (1953) (Frankfurter, J.) The Right to Read Anonymously (cont’d): The Right to Read Anonymously (cont’d) Be mindful of possible downstream consequences No entity can ensure absolute control over the databases of information it collects Subpoenas/Litigation Government Investigations Private Investigations Sales of Assets Prudently drafted privacy policy would expressly reserve for the data collector the right to divulge personally identifiable information in response to a law enforcement inquiry The Right to Read Anonymously (cont’d): The Right to Read Anonymously (cont’d)