CS CS 671 Privacy in a Networked World
CS 671 Privacy in a Networked World
Questions we will ask for case studies
- Was this a privacy violation? If so, why and in what way? If
not, why not?
- What could the affected individual(s) or other entities have
done to protect themselves?
- What else could have been done (e.g. by the community, the
authorities, or other entities) to avoid the violation?
- Why did this happen? Were there reasons the privacy
violation(s) might have been justified? If so, do you think it was
justified in this case?
- If there was such a "tradeoff", are there technological or
other solutions that could break the apparent tradeoff, by
accomplishing the desired goals without compromising privacy?
- Are there any applicable laws or other regulations? How does
this adhere to or violate the Fair Information Practices?
Fair Information Practices
For reference, here are the 1973 U.S. Department of Health, Education
and Welfare (HEW) Code Fair Information Practices:
- There must be no personal data record-keeping systems whose very
existence is secret;
- There must be a way for an individual to find out what
information is in his or her file and how the information is being
used;
- There must be a way for an individual to correct information in
his or her records;
- Any organization creating, maintaining, using, or disseminating
records of personally identifiable information must assure the
reliability of the data for its intended use and must take precautions
to prevent misuse; and
- There must be a way for an individual to prevent personal
information obtained for one purpose from being used for another
purpose without his or her consent.
Source: U.S. Department of Health, Education and Welfare,
Secretary's Advisory Committee on Automated Personal Data Systems,
Records, Computers, and the Rights of Citizens viii (1973).