CS CS 671 Privacy in a Networked World

CS 671 Privacy in a Networked World
Prof. Rebecca Wright
Rutgers University
Fall 2008

Questions we will ask for case studies

  1. Was this a privacy violation? If so, why and in what way? If not, why not?
  2. What could the affected individual(s) or other entities have done to protect themselves?
  3. What else could have been done (e.g. by the community, the authorities, or other entities) to avoid the violation?
  4. Why did this happen? Were there reasons the privacy violation(s) might have been justified? If so, do you think it was justified in this case?
  5. If there was such a "tradeoff", are there technological or other solutions that could break the apparent tradeoff, by accomplishing the desired goals without compromising privacy?
  6. Are there any applicable laws or other regulations? How does this adhere to or violate the Fair Information Practices?

Fair Information Practices

For reference, here are the 1973 U.S. Department of Health, Education and Welfare (HEW) Code Fair Information Practices:
  1. There must be no personal data record-keeping systems whose very existence is secret;
  2. There must be a way for an individual to find out what information is in his or her file and how the information is being used;
  3. There must be a way for an individual to correct information in his or her records;
  4. Any organization creating, maintaining, using, or disseminating records of personally identifiable information must assure the reliability of the data for its intended use and must take precautions to prevent misuse; and
  5. There must be a way for an individual to prevent personal information obtained for one purpose from being used for another purpose without his or her consent.
Source: U.S. Department of Health, Education and Welfare, Secretary's Advisory Committee on Automated Personal Data Systems, Records, Computers, and the Rights of Citizens viii (1973).