CS578---Privacy in a Networked World          Instructor: Antonio R. Nicolosi
      Notes for blackboard presentation, Week 10 (31 March 2008)

* The Fair Information Practices (US HEW 1973)
  - Policy vs. law + contemporary background
  - How it related to credit reporting

* The OECD Guidelines
  - Subsequently adopted as EU Data Protection Directive
  - Reference to notion of "personal data"
  - "Omnibus" privacy protection vs. US "sectoral approach"
  - The opt-in vs. opt-out debate

* Comparison and correspondence of FIP and OECD

* Ombudsman and Chief Privacy Officers (CPOs)
  - Recognition of Privacy as a first-order issue in
    Politics/Economics  
  - Official offices:
    + Privacy Commissioner of Canada, Australia, New Zealand
    + EU Privacy
    + US Privacy Counselor to the White House
    + US Privacy Office at the Department of Homeland Security
  - Corporate CPOs
  - Responsibilities: Law, PR, Management, Educational, Leadership
    + Centralized point of reference (complaints, compliance) 
    + Policy drafting 
    + Employee education on relevant norms and codes of conduct
    + Monitoring evolution of privacy regulation
    + Develop initiative to "stay current"

* Self-Regulation
  - The "power of the market" assumption
  - The "off-line" world" and the Better Business Bureau (BBB)
  - Privacy seals: TRUSTe
  - Self-certification process
  - Type of seals: 
    + Web: Privacy policy, Notice & Disclosure on PII, Choice & consent
    + Email 
    + Others (safe harbor, children's online)	

* Enforcing self-regulation
  - The role of the Federal Trade Commission (FTC)
  - Deceptive business practices

* The FTC 4-point guideline: Notice, Choice, Access, Security

* Discrepancy of International privacy norms: The Safe Harbor program 
  - www.export.gov/safeharbor
  - Seven principles: 
    + Notice, Choice, Onward Access (secondary use), Access, Security,
      Data Integrity (relevance), Enforcement (challenge & audit)