UR5 :

Foundations of Digital Technology

Privacy

Dr Rashad Ragab
Math. Dept., Helwan University
rragab@science.helwan.edu.eg
Outline

 Privacy and confidentially

 Framework of Data Privacy
 Examples of comprehensive laws and
regulation
 FIPPS
 Example of data breaches and Fines

COE526: Lecture 2 2
Privacy

 Privacy - The desire of a person to control the

disclosure of personal information
 Privacy – What are the threats to personal
privacy and how can we protect
ourselves?
 Privacy – concerns the collection and use
of data about individuals
Confidentiality

 The ability of a person to control release of

personal information to an information system
under an agreement that limits further release
of that information
Why do they matter?

 Ethically, privacy and confidentiality are

considered to be rights (in our culture)
 Information revealed may result in harm to
interests of the individual
 The provision of those rights tends to ensure
that the information is accurate and complete
 Accurate and complete information from
individuals benefits society in different areas
such as limiting spread of diseases to society
(i.e. HIV)
Legal Views on Privacy
 Privacy is a fundamental human right that
has become one of the most important rights
of the modern age
 Each country has a provision for rights of
inviolability of the home and secrecy of
communications

COE526: Lecture 2 6
Data Privacy and Protection Laws
 Data Privacy and Protection laws refer to legislation that is
intended to:
 protect the right to privacy of individuals
 ensure that Personal Data is used appropriately by organisations
that may have

 Personal data is any information that can be used to

identify a natural person
 Name; Phone Number; Email address; etc

 Special Categories of Personal Data require more stringent

measures of protection
 Religion; Ethnicity; Medical information; Criminal Data; Children’s
Data

COE526: Lecture 2 7
 Privacy
 Three primary privacy issues:
 Accuracy
relates to the responsibility of those who collect
data to ensure that the data is correct.
 Property
relates to who owns data.
 Access
relates to the responsibility of those who have
data to control who is able to use that data.

8
Large Databases (Page 1 of 2)
 Large organizations compile
information about us.

 Federal government has over

2,000 databases

 Telephone companies
 Reverse directory lists of calls
we make

 Supermarkets
 What we buy and when

9
Large Databases (Page 2 of 2)
 Information resellers or information brokers
 Collect and sell personal data
 Electronic profiles easily created
 Personal information is a marketable
commodity, which raises many issues:
 Collecting public, but personally identifying
information (e.g., Google’s Street View)
 Spreading information without personal consent,
leading to identity theft
 Spreading inaccurate information
 Mistaken identity
 Freedom of Information Act

10
Private Networks
 Employers can monitor e-mail legally
 75 percent of all businesses search employees’
electronic mail and computer files using
snoopware
 A proposed law could
prohibit this type of
electronic monitoring
or at least require the
employer to notify
the employee first

11
 Viewing and Blocking Cookies
 Cookies
 Small pieces of information that are deposited on
your hard disk from web sites you have visited
 First-party cookies
 is one that is generated (and then read) only by the
website you are currently visiting
 Third-party cookies
 is usually generated by an advertising company that is
affiliated with the website you are currently visiting.
(tracking cookies.)

12
Online Identity

 The information that people voluntarily post

about themselves online
 Archiving and search features of the Web
make it available indefinitely
 Major Laws on Privacy
 Gramm-Leach-Bliley Act
 Health Insurance Portability and Accountability Act
(HIPAA)
 Family Educational Rights and Privacy Act
(FERPA)

13
Fair Information Practice Principles (1)

 FIPPS are a set of internationally recognized principles that

inform information privacy policies both within government
and the private sector

1. Collection Limitation
 There should be limits to the collection of personal data and any
such data should be obtained by lawful and fair means and,
where appropriate, with the knowledge or consent of the data
subject.

2. Data quality principle

 Personal data should be relevant to the purposes for which they
are to be used, and, to the extent necessary for those purposes,
should be accurate, complete and kept up-to-date.

14
Fair Information Principles (2)

3. Purpose specification
 The purposes for which personal data are collected should
be specified not later than at the time of data collection
and the subsequent use limited to the fulfilment of those
purposes or such others as are not incompatible with
those purposes and as are specified on each occasion of
change of purpose.

4. Use limitation principle

 Personal data should not be disclosed, made available or
otherwise used for purposes other than those specified in
accordance with Paragraph 9 except: (a) with the consent
of the data subject; or (b) by the authority of law.

15
Fair Information Principles (3)

5. Security safeguards principle

 Personal data should be protected by reasonable security
safeguards against such risks as loss or unauthorized
access, destruction, use, modification or disclosure of
data.

6. Openness principle
 There should be a general policy of openness about
developments, practices and policies with respect to
personal data. Means should be readily available of
establishing the existence and nature of personal data,
and the main purposes of their use, as well as the identity
about usual residence of the data controller.

16
Fair Information Principles (4)

7. Individual participation principle: An individual

should have the right:
 to obtain from a data controller, or otherwise, confirmation
of whether or not the data controller has data relating to
him;
 to have communicated to him, data relating to him within a
reasonable time; at a charge, if any, that is not excessive;
in a reasonable manner; and in a form that is readily
intelligible to him;
 to be given reasons if a request made under
subparagraphs (a) and (b) is denied, and to be able to
challenge such denial
 to challenge data relating to him and, if the challenge is
successful, to have the data erased; rectified, completed or
amended.

17
Fair Information Principles (5)

8. Accountability principle
 A data controller should be accountable for
complying with measures which give effect to the
principles stated above.

18
Information Life Cycle

Capture 1. Capture – Obtain and

record information
2. Store – Save the
information electronically
Destroy Store or in paper format
3. Use – Use or reuse
information
4. Destroy – Delete, erase
Use or shred information

19
Examples of Data Laws Breaches
 Marriot International Inc.
 ~339 million guest records leaked including payment details
 ~30 million are EU
 fined £99,200,396 for the violation
 British Airways
 ~500K customers information leakes
 Resulted in a fine of £183.39 million.
 Google
 failing to get valid consent from the users for personalized ads.
 Google was fined €50 million
 Facebook
 Related to Cambridge
 Fined £500,000

20
Open-Ended Questions
 Define privacy and discuss the impact of
large databases, private networks, the
Internet, and the Web.

 Define and discuss online identity and the

major privacy laws.

21