Module 4. Privacy

Fair Information Practices
OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data

EU Directive on Data Protection

CSA Model Code for the Protection of Personal Information(PIPEDA is part of this)

CanadaPersonal Information Protection and Electronic

Documents Act (PIPEDA)

Summary of Fair Information Practices

 * Accountability- for personal information designate an individual(s) accountable for compliance
 * Identifying Purposes- purpose of collection must be clear at or before at time of collection
 * Consent- individual has to give consent to collection, use, disclosure of personal information
 * Limiting Collection- collect only information required for the identified purpose; Info. shall be collected by fair& lawful means
 * Limiting Use, Disclosure, Retention- consent of individual required for all other purposes
 * Accuracy- keep information as accurate and up-to-date as necessary for identified purpose
 * Safeguards- protection and security required, appropriate to the sensitivity of the info.
 * Openness-Policies and other information about the management of personal Info. should be readily available
 * Individual Access-upon request, an individual shall be informed of the existence, use& disclosure of his or her personal information and be given access to that information, be able to challenge its accuracy and completeness and have it amended as appropriate
 * Challenging Compliance-ability to challenge all practices in accord with the above principles to the accountable body in the organization.

PIPEDA: The Personal Information Protection and Electronic Documents Act
A Canadian law relating to data privacy. It governs how private-sector organizations collect, use and disclose personal information in the course of commercial business. In addition, the Act contains various provisions to facilitate the use of electronic documents. PIPEDA became law on 13 April 2000 to promote consumer trust in electronic commerce. The act was also intended to reassure the European Union that the Canadian privacy law was adequate to protect the personal information of European citizens.

Major Components Provincial Private-Sector
 * Legal basis for electronic service delivery
 * Recognizes secure electronic signatures
 * Clarifies status of electronic records
 * Recognizes the status of electronic statutes andregulations
 * Amends related legislation, e.g. evidence act

Privacy Laws

Québec: Act respecting the protection of personal information in the private sector

B.C.: Personal Information Protection Act

Alberta: Personal Information Protection Act

Ontario: draft Privacy of Personal Information Act, 2002– not introduced…so PIPEDA applies

Other forms of intellectual property
 * People occasionally confuse trade-marks with copyright, industrial designs, patents and integrated circuit topographies. These are rights granted for intellectual creativity and are also forms of intellectual property.
 * Patents cover new inventions (process, machine, manufacture,composition of matter), or any new and useful improvement of an existing invention.
 * Copyrights provide protection for literary, artistic, dramatic or musical works (including computer progams), and three other subject-matter known as: performance, sound recording and communication signal.
 * Industrial designs are the visual features of shape, configuration, pattern or ornament (or any combination of these features) applied to a finished article of manufacture.

Google/Gmail/Buzz
An integrated social networking tool that allows user to post and customize who see’s their posts-and has other sites integrated in with it like Blogger, Twitter, YouTube and several others. There have been several privacy concerns with Buzz including the fact that if a user doesn’t change pre-set privacy setting anyone who reads their posts etc. can see the email address of whom that user speaks with most frequently. Also, the mobile application for Buzz automatically posts where the user is via Google Maps when they post from their mobile phone. Buzz also integrates with Google Maps so that you can see exactly where other users are.

ECHELON
ECHELON is a name used in global media and in popular culture to describe a signals intelligence (SIGINT) collection and analysis network operated on behalf of the five signatory states to the UK-USA Security Agreement (Australia, Canada, New Zealand, the United Kingdom, and the United States, known as AUSCANZUKUS). It has also been described as the only software system which controls the download and dissemination of the intercept of commercial satellite trunk communications. Can potentially be used to listen in on all phone calls, emails, faxes and any other info. That is shared globally. This collation was originally created during the Cold War and now is used to monitor political and diplomatic intelligence, and criminal activity like drug deals and terrorist actions. Most interception is now being done via satellites as they are much more efficient then having to station an interception station at each individual country. Industrial espionage has been one of the primary privacy concerns of the collation.

Carnivore:
A program put in place by the FBI that could monitor e-mails, or other specified info. with permission of a court order. No longer in use as of 2001.

TIA (Total Information Awareness) & IAO (Information Awareness Office)
TIA – Total, Information, Awareness The Information Awareness Office (IAO) was established by the Defense Advanced Research Projects Agency (DARPA) in January 2002 to bring together several DARPA projects focused on applying information technology to counter asymmetric threats to national security. The IAO mission was to "imagine, develop, apply, integrate, demonstrate and transition information technologies, components and prototype, closed-loop, information systems that will counter asymmetric threats by achieving total information awareness."

Fair Information Practices
For personal info

Designate an individual’s accountability for compliance

Individual has to give consent to collection, use, disclosure of personal info Purpose must be clear @ or before collection time*Consent Collection info only for purpose stated, collected fairly and lawfully*Limiting Use, Disclosure, Retention Consent required for all other purposes*Accuracy Keeps info accurate and up-to-date as necessary for identified purposes*Safeguards Protection and security required, appropriate to sensitivity of information*Openness Policies and other info about management. Of personal info should be readily available*Individual Access Upon request, individual shall be informed of the existence, use, and disclosure of personal info and be given access to that info, ability to challenge accuracy, and completeness, have it amended as appropriate*Challenging Compliance Ability to challenge all practices in accord with aforementioned principles to the accountable body of the organization
 * Accountability
 * Identifying purposes
 * Limiting Collection