Blog

Census 2010 and Privacy

Jolynn Dellinger – March 20, 2010

Over the past month or two, you may have seen advertisements on television about the 2010 Census.  Census forms for Census 2010 are being mailed this month.  To complete your census form, you will be asked to provide some personal information about yourself and the other people living in your household, including the number of people in your household, and the name, sex, age, date of birth, and race of each person.  The Census 2010 is also interested to know whether you own the home you are living in (with or without a mortgage) or whether you rent or occupy a dwelling rent-free.  The whole form takes very little time to fill out, but it does request personally identifiable information, and for some people, that is a concern.

In addition to the questionnaire from the Census Bureau, you will likely receive a message from the Director of the U.S. Census Bureau describing the importance of participation in the census, and letting you know that both the number of representatives each state has in Congress and the amount of government money each neighborhood receives for services for children and the elderly, roads and other local uses, depends on the census results.   The results are so important, in fact, that participation in the census is required by law.

People who are concerned about their privacy but who are also required by law to share their personal information with the Census Bureau may have questions about the use and handling of their personal information.  In the Director’s message, you will find the following important information about the confidentiality of the personal information shared with the Census Bureau:

Your answers are confidential.  This means that the Census Bureau cannot give out information that identifies you or your household. Your answers will only be used for statistical purposes, and no other purpose.  The back of this letter contains more information about protecting your data.

Your Answers Are Confidential

Federal law protects your privacy and keeps your answers confidential (Title 13, United States Code, Sections 9 and 214).  The answers you give on the census form cannot be obtained by law enforcement or tax collection agencies.  Your answers cannot be used in court.  They cannot be obtained with a Freedom of Information Act (FOIA) request.

As allowed by law, census data becomes public after 72 years (Title 44, United States Code, Section 2108).  This information can be used for family history and other types of historical research.

Please visit our Web site at www.census.gov/2010census and click on “Protecting Your Answers” to learn more about our privacy policy and data protection.

Both the standard form questionnaire and, to a greater extent, the 14-page questionnaire called The American Community Survey that will be sent to a subset of citizens, raise legitimate privacy concerns.  This heightened awareness about privacy issues is a good thing, and asking questions about the Census process will lead people to become more informed about sharing personal information in a number of contexts.  Fortunately, the U.S. Census Bureau is attempting to acknowledge and address privacy concerns.  If you have questions about the Census 2010, check out the Bureau’s webpage for more information.

What’s Up at the Federal Trade Commission?

March 6, 2010

Guest blog by Nicole Vincent, Consumer Education Specialist with the Federal Trade Commission

As an FTC employee, I can safely say that folks here at the nation’s consumer protection agency certainly are busy. Next week is National Consumer Protection Week, and the FTC has been working with a coalition of public and private sector organizations to develop the NCPW website and host consumer information fairs and other community events across the country.

This year’s NCPW theme – Dollars & Sense: Rated “A” for All Ages – highlights the importance of using good consumer sense at every stage of life – from grade school to retirement. Here are some highlights:

• The NCPW website features resources in English and Spanish that you can use to protect your privacy, manage money and debt, avoid identity theft, understand credit and mortgages, and steer clear of frauds and scams.

• The site features a page for kids and parents with websites, games and videos that teach practical lessons about the role of business and government in everyday life.

• The NCPW blog lets people share consumer resources and tips. It features posts and videos related to current economic issues and frauds, including: job scams, business opportunity fraud, online safety for kids and parents, debt collection, and kids’ privacy.

The FTC has also been active in developing new resources to help consumers better protect their privacy.

For example, Net Cetera: Chatting with Kids about Being Online is a guide that provides practical tips to help adults help kids navigate the online world – whether they’re dealing with social networking and cyberbullying or sexting and file-sharing. Kids share information through email, chat, and social networking sites all the time, so it’s important that adults are able to help them do this in a way that’s safe.

The FTC also recently launched a new site where kids can learn how (and why) they should protect their information. The FTC’s online mall uses engaging dialogue and fun, interactive games to teach kids important lessons like what identity theft is and how to help their families avoid it.

For businesses, we’ve developed a new guide to help explain the security risks associated with Peer 2 Peer (P2P) file sharing programs. P2P programs allow computers to download files and make them available to other users on a P2P network; unfortunately, on business networks, that can lead to the accidental disclosure of sensitive information. Our new guide describes steps that businesses can take to implement effective P2P policies and includes tips for educating employees about the use of P2P software.

Finally, because the notion of privacy is changing for everyone, the FTC is hosting a series of privacy roundtables to explore the privacy challenges posed by 21st century technology and business practices that call for the collection and use of consumer data. The goal of the roundtables is to determine how best to protect privacy while supporting the beneficial uses of these new technologies.

We hope you will share our FTC privacy resources with your friends, family, and coworkers. You can grab videos from our video library and post them on your blog or website; or order any of our publications for free at our bulk order site: www.ftc.gov/bulkorder. Be sure to get extra copies for your school, library, church or community center!

Data Privacy Day’s Take on “The Top 5 Mistakes of Privacy Awareness Programs”

Jolynn Dellinger, February 15, 2010

According to Jay Cline, President of Minnesota Privacy Consultants, companies frequently make five mistakes when educating employees about privacy:  providing separate training for privacy, security, records management and ethics; equating a campaign with a program; equating awareness with training; using only one or two communication channels instead of the panoply at their disposal; and failing to measure the effectiveness of their training programs.

With the Data Privacy Day celebration, we encourage small and large businesses to make Data Privacy Day an opportunity to raise awareness about privacy among their employees.  Data Privacy Day may also be an occasion for an awareness campaign.  But Mr. Cline’s comments are well stated and merit particular attention.  An awareness effort or a privacy campaign must be a supplement to an effective, thorough, integrated, and multi-faceted privacy training program for employees.  On Data Privacy Day for the past several years, we have urged companies to participate in the privacy education needed by their communities.  We have promoted privacy awareness campaigns on large corporate campuses.  We have also encouraged companies to provide additional educational opportunities for their employees around Data Privacy Day – information that will increase their awareness about protecting their personal information as well as training on how to protect privacy as employees.  For companies that have participated for several years, Data Privacy Day has provided an opportunity to refresh the message and the focus of established employee programs.

In response to Mr. Cline’s article, we issue two challenges for Data Privacy Day 2011:  if you work for a company without an established privacy training program, make it your goal to establish such a program over the coming year in honor of Data Privacy Day 2011 and to maintain that training program permanently.  In creating such a program, keep an eye out for Mr. Cline’s top five mistakes.

If you are a company with an established privacy training program, examine that program for the five common mistakes noted by Mr. Cline, and see what changes you can make to remedy those problems. In particular, consider creating an integrated approach to privacy training incorporating privacy, security, records management and ethics, and establishing a means to measure your program’s effectiveness.

If your company accepts either of these challenges, we would like to hear about your efforts over the coming year.  Contact us at info@dataprivacyday.org if you want to share your successes or provide helpful materials for smaller companies.

Reader Privacy: Should Library Privacy Standards Apply in the Digital World?

26 January 2010

Guest Blog by Woodrow Hartzog

Last Friday, attorneys, librarians, academics, technology industry representatives and members of non-profit organizations assembled at the University of North Carolina at Chapel Hill School of Law for the event “Reader Privacy: Should Library Privacy Standards Apply in the Digital World?”  I left the event optimistic that reader privacy need not be sacrificed online.  It was both an introduction to reader privacy, including the benefits and costs of protecting reader information, as well as an advanced discussion regarding the shift to a “hybrid” age of reading where a significant amount of information is consumed digitally.

Held in honor of Data Privacy Day 2010, the event was hosted by the UNC School of Law, UNC’s Center for Media Law & Policy, the UNC Katherine R. Everett Law Library and University Libraries, the UNC School of Information and Library Science and The Privacy Projects with support from Intel, Microsoft, Google, AT&T and LexisNexis.

Keynote speaker John Palfrey kicked off the morning after an introduction by UNC School of Law Dean Jack Boger.  Palfrey, a Havard law professor and Vice Dean for Library and Information Resources, began by dispelling the notion that young people don’t care about their privacy and asserting that it’s not an inherent evil that companies collect so much personal information because A) that information can benefit readers (i.e., lower cost of reading through advertising, helpful suggestions) and B) companies sometimes make good choices with respect to privacy.  He stressed the importance of teachers and librarians in helping educate youth about the privacy risks of accessing information online.

Librarians, you see, have always been the great bastions for privacy.  It was a theme that would permeate the event and a fact upon which all could agree – if any group would fight for the privacy of those they serve, it would be the librarians.  Palfrey stated that the challenge was to figure out a way to make sure that the ethos and baseline protection offered by librarians and their codes transferred to digital reading.

The first panel of the day addressed whether readers of books through Google Books should have the same privacy protections as readers using libraries and whether library standards for privacy should extend to e-book readers or other digital environments.  This session was moderated by UNC professor of law Bill Marshall.  Law professor and Director of the UNC Law Library Anne Klinefelter emphasized that the protection offered by librarians in protecting reader privacy is not binding, and the laws of library user privacy do not apply to all libraries. Rather, librarians follow an ethical code which must be incorporated into digital reading along with relevant laws if a reader’s privacy is to be fully protected even in the relatively privacy friendly context of the library.  She also made clear, however, that many libraries are very supportive of the Google Books project, as evidenced by the use of their collections for the project content and since access to information is at the core of a librarian’s mission. Her recommendation was that in contexts external to libraries, if library standards for privacy are to be the model, the combined effect of librarian ethics and library law must be achieved.

Jane Horvath, the Global Privacy Counsel for Google, then took a moment to discuss Google’s position on reader privacy in Google Books.  She was careful to note that Google Books would receive the same level of privacy protection as other Google products, if not more.  I thought the two very interesting ways Google proposed to protect reader privacy were private reading terminals in public libraries and an abstention (at least at this time) from behavioral advertising in connection with Google Books.  Thus, users seeking a high degree of privacy would be able to obtain it through the traditional venue of the public library.

Horvath also took a moment to comment on the need to update the Electronic Communications Privacy Act (ECPA) – an outdated piece of legislation aimed at curbing electronic surveillance abuse.  While privacy in electronic communications is the purview of ECPA, Horvath asserted that when readers use the internet or e-readers, their activities are not protected by the statute.  Thus, Google is pushing for ECPA reform.

Andrew McDiarmid, Policy Analyst for the Center for Democracy and Technology, emphasized that the CDT supports the Google Book settlement, but it would like to see Google incorporate additional privacy protections into the final agreement.  He then spelled out CDT’s proposed library standards for reader privacy in Google Books:

1. Transparency – Google should let everyone know what they are collecting
2. Individual participation – users should have the right to access and review their data
3. Purpose specification – Google should let users know what they plan to do with their information
4. Minimization – Google shouldn’t collect what it doesn’t need
5. Use limitations – Google shouldn’t do anything with user information they don’t need or say they aren’t doing
6. Data quality and integrity – User information should be kept up to date & accurate
7. Security – Google should prevent unauthorized access to user information
8. Accountability & auditing – Some structure should be implemented to audit and ensure these standards.

The second panel of the day discussed whether reader privacy was an interest that merited special protection from commercial and governmental entities, or whether a broader approach to privacy was needed.  David Hoffman, the Director of Security Policy and Global Privacy Officer for Intel served as the moderator.  Mr. Hoffman introduced the panel discussion by raising the issue of proportionality for balancing privacy and interests served by the use of personal data.

North Carolina State Professor of Computer Science Annie Antón summarized the types of technologies, such as cookies and web bugs, that challenge the privacy of Internet use and described several scenarios under which businesses, law enforcement and other third parties would be interested in what books we are searching for, what books we are downloading or even what parts of books we are reading. She also emphasized the transformation of print library to electronic library and by implication the need for reader privacy protections in this changing environment, both through and external to libraries.

Lili Levi, a law professor at the University of Miami, assessed how regulatory solutions might protect reader privacy.  Levi wasn’t convinced complete self-regulation on the part of industry would be effective, and opined that some sort of specter of Damocles as a “co-regulation” must exist for acceptable responsible behavior.  She also emphasized that behavioral targeting in a satisfactorily co-regulated system could serve as a booster to serious journalism on the web and encouraged recognition of this important value that competes with reader privacy.

Paula Bruening, the Executive Director of the Centre for Information Policy at Hunton & Williams, stressed the need for industry accountability to protect user privacy.  An accountability approach that followed many of the CDT’s proposed library standards for electronic reading would allow the data custodian the flexibility to make smart decisions based on what she knows of her business model, relationships with vendors, particular security risks and ways she’s using third parties to store data.  (See their paper “Data Protection Accountability: The Essential Elements.”).  Bruening stressed that as information moves into the cloud, an accountability approach could help ensure that the privacy protections desired by readers also apply to the various third-parties accessing information.  In other words, the privacy protections should follow the information.

In wrapping up the second panel, Palfrey made reference to “The Cathedral and the Bazaar.”  He felt that the old model (the cathedral) was like the traditional reading model, where people came to a central location and knowledge was doled out.  The cathedral did an excellent job of protecting privacy.  Yet in the digital model for reading (the bazaar) librarians were more like guides, not priests and priestesses.  He felt the challenge for librarians in the modern age is that sometimes they are a in cathedral, and sometimes they are guides, and the challenge lies in how to make sure the appropriate rules and the ethics apply in this hybrid environment.

It was a well executed and informative event on an exceptionally important topic.  So, as the Google Book settlement progresses, I encourage everyone to be mindful of the reader privacy implications and opportunities.  To echo Professor Palfrey, it’s not too late. Indeed, we’re only just beginning.

Keep an eye on the Data Privacy Day events page to watch the event online.

Or, you can also read John Palfrey’s excellent blog post about the event.

Woodrow Hartzog is a Roy H. Park Fellow and Ph.D. Student at the University of North Carolina at Chapel Hill School of Journalism & Mass Communication.  His research focuses on privacy and information law.  He can be contacted at whartzog@email.unc.edu.

Data Privacy Day 2010 is around the corner!

Jolynn Dellinger, January 7, 2010

21 days to go until the big day!  After many months of organization and coordination, January 28, 2010 and the many events planned for Data Privacy Day in the United States and Canada are around the corner.   While we focus our celebration around a particular day, the success of Data Privacy Day is firmly grounded in the fact that people and companies are recognizing privacy as a 24/7, every-day-of-the-year issue.

The response from all quarters for Data Privacy Day 2010 has been tremendous.

Once again, a resolution is pending in the United States House of Representatives, and we have requested Senate support, for the recognition of January 28, 2010 as National Data Privacy Day.  The Federal Trade Commission will be holding the second of three roundtables dedicated to privacy issues at UC Berkeley on Data Privacy Day.  Governors in North Carolina, Arkansas, and West Virginia have declared January 28, 2010, Data Privacy Day in their states, and proclamation requests are pending in many other states.  At its winter conference in Arizona, the National Association for Attorneys General passed a resolution supporting National Data Privacy Day and encouraging the development and promotion of privacy standards.  Every state privacy office in the United States has taken steps to become involved in this international celebration.  Provincial and Federal Information and Privacy Commissioners in Canada are hosting privacy events for businesses, encouraging privacy by design, calling on social networks to provide improved privacy protections, and promoting teen privacy education.  And all this represents only the government activity promoting the goals of the international Data Privacy Day initiative.

Intel, Microsoft, Google, AT&T, LexisNexis and The Privacy Projects are sponsoring Data Privacy Day efforts, with assistance from Intuit and Oracle.  These companies and organizations, in addition to over 45 other businesses, privacy professionals, and academic institutions, are hosting Data Privacy Day events and taking steps to promote privacy awareness internally and in their communities.  The many educational materials and resources provided by the participating companies and organizations dedicated to privacy are available on the Education & Resources pages of our website.

Why all the excitement about privacy?  Because we have entered the world of electronic and personal health records and Smartgrid technologies; a world with instantaneous and wide-spread communications that present new and varied privacy challenges; an online world of behavioral tracking and data collection that permits the compilation of personal information about individuals to a degree not previously imagined; a world full of mobile devices that allow us to connect to the Internet anywhere and anytime; and a world on the verge of cloud computing that will test all of our notions of adequate privacy and security.  In this environment of rapidly changing technologies, it is incumbent on all of us to understand the need for data privacy and to become informed consumers willing and able to protect our own privacy, participate in policy debates, and develop new ways to maintain control over our own personal data.  It is equally important for corporations to take steps to design privacy into their products and services at the most fundamental levels.  And for government bodies and industry to continue to consider and debate the effectiveness and propriety of guidance, regulation, and legislation in different contexts. Government officials, companies, academics, and individuals are stepping up to that challenge in the context of Data Privacy Day.  Take a look at the Events pages to see the many discussions of privacy issues that will be taking place on and around January 28.

Keep an eye on the Data Privacy Day webpage to discover events near you.  Also, keep the Data Privacy Day webpage in mind as a year-round resource for privacy materials and resources.  If you are an educator, a teen, a business, a citizen interested in privacy, a consumer, a parent, a government official or employee, a nonprofit organization focused on privacy issues or a University Center, you will find useful information at the Data Privacy Day webpage.  In honor of Data Privacy Day, this page compiles information created by businesses for consumers and for other businesses, privacy information offered by many agencies of the federal government, links to privacy laws, international privacy information, and numerous educational privacy materials and presentations for teens, parents and educators.

We are living digital lives in a networked world, and The Privacy Projects hopes to facilitate the exploration of the many dimensions of privacy in this challenging environment by supporting the Data Privacy Day 2010 celebration.  Join us — on January 28, 2010, and all year long!

Privacy: Talk About it Early and Often

By: Jolynn Dellinger

20 Nov 09

Many commentators in the privacy world suggest that the social network – premised on and designed to promote and enable social interaction online – is a concept fundamentally at odds with privacy.  In her article “You Have Zero Privacy Anyway. Get Over It.” – That Goes Double on Social Networks, Kara Swisher aptly and humorously explains – once you share, you have shared.

So, what is the message we should be giving teens about privacy online and in mobile contexts?

Make good decisions.  When you share personal information in a social networking context, you are putting that information (or those compromising photos or at-the-time-hilarious-but-not-the-most-appropriate wall-posts) into the hands and control of your “friends”, however you have chosen to define that term for purposes of social networking.  Hopefully, they’ll still be your “friends” next month, when you are applying for a summer job or submitting applications to college.  But why count on it?  If you have potentially sensitive information to share – consider telling it to an actual friend over dinner.

How should parents communicate this message about privacy to their kids?  You will often hear people in the business of child internet safety and privacy suggesting that personal computers should be placed in family areas of the home.  Parents debate this issue – isn’t requiring a teenager to send email or instant messages where they can be read by nearby family members an invasion of the kid’s privacy?

Two thoughts on that.  First, perhaps having a child use a computer in a family area actually reinforces the concept that what you do on a computer is not particularly private.  It isn’t that the parents are invading the kid’s privacy – it is more the issue that privacy is not afforded by that particular medium of communication.  Kids should think twice before they put something in an email or an instant message – just like the rest of us do.  On the other hand, however, there is a big difference between a child and a teenager, and the fact and necessity of teen independence and the, perhaps ironic, increasing need for privacy makes the idea of communicating with friends in the family room a bit unrealistic.  Moreover, the prevalence of laptops, netbooks, and texting options may make stationing computers in family areas seem quaint – even naive.

What’s the bottom line?  Parents need to talk to their kids, and start talking early, so the kids can develop a concept of privacy, an understanding of who sees their postings, a sense of the value of their own personal information and how it can be used.  Kids need to understand how they can protect their information, and to understand that, in the end, wherever they happen to be using a computer or a phone, they themselves are the best protectors of the privacy of their own personal information.

Privacy Education: Working on a Zeitgeist

By Jolynn Dellinger

12 November 09

The Data Privacy Day initiative began in the Fall of 2007 with a focus on teen education, when Facebook had been open to the public for about a year and teen education materials were scarce.  Today, Facebook has over 300 million active users.  Over 55% of online teens have social profiles on one social networking site or another.  And 93% of kids 12-17 are online.  Today, over twenty hours of video is uploaded to You Tube every minute, and 64% of online teens create content (blog, post photos and videos).  We know that as many as 78% of 12-17 year old Internet users play online games.  According to the Pew Internet & American Life Project, over 59% of kids aged 12-14, and 83% of teens aged 15-17 owned cell phones in 2008.  According to Common Sense Media, kids today spend more time online, texting, watching TV and movies, and playing video games than they do with their parents and in school.  These are only a few examples of the burgeoning use of diverse technologies among young people.

A major part of the Data Privacy Day activities remain focused on bringing attention to privacy resources and educational materials for kids from 12 to 17 years old.  Our review of the materials currently online and under development shows that the need for educational materials in this space is increasingly appreciated and that resources are being committed to the effort worldwide.  It is our hope to gather many of these materials into one location to facilitate their use by teens, young adults, parents and educators.

A rose by any other name . . . .  That Shakespearean insight is apt today in the context of privacy education.  The importance of good privacy practices, both mobile and online, is emphasized – not only in materials explicitly dedicated to privacy like those offered by the Media Awareness Network – but also in the context of resources addressing “Internet Safety” such as Parry Aftab’s WiredSafety program and materials offered by Linda Criddle’s ilookbothways.com, and in the new Digital Literacy and Citizenship concept offered by Common Sense Media’s latest white paper.

Just as privacy and security are inextricably intertwined, so are the concepts of safety and privacy.  Where you see safety mentioned, you should look for information about the importance of protecting the privacy of personal information.  Understanding privacy and implementing good privacy practices are key to both safety and digital literacy.  Stay tuned to Data Privacy Day’s webpage for all the best in current privacy resources.  If you have resources you want to share, please let us know at info@dataprivacyday.org.

02 September 2009

Bob Dylan famously sang ‘…he not busy being born is busy dying…’.  Woody Allen said ‘…relationships are like sharks– they have to keep moving forward in order to survive…”  And so it is with data privacy – continuous development is critical to ongoing protection.  Privacy is a journey, not a destination.

During the last two Januaries, we celebrated Data Privacy Day to maintain that critical requirement of momentum to advance the policies, practices, and technologies of personal information management.  The Privacy Projects has committed to continuing that effort for 2010 and beyond, promoting, coordinating, and supporting the efforts of hundreds of dedicated professionals, public officials, academics, and interested individuals to engage in the dialogue needed to keep privacy efforts moving forward.

The Federal Trade Commission is dedicated to advancing a robust information privacy agenda, encouraging original thinking and new approaches to the many challenges of providing products and services that require vast amounts of personal information.  Congress continues to develop new proposals and bills intended to regulate commercial information processing and protect individuals.  State Attorneys General have become increasingly active in facing the challenges of identity theft and poor information security practices.  Companies are dedicating people and resources to process-oriented data governance.  Privacy professionals are developing increasingly sophisticated subject expertise and skills to meet the increasing demand for privacy-aware leadership.

Over the next few months, these parties, along with many others, will come together at a number of different occasions to grapple with the thorny issues of information privacy and security.  We applaud all efforts to engage in dialogue and information sharing to expose the reality of complex technology management practices to the goals of transparency, choice, and participation.  We are all part of the solution – and if we do not participate, we are part of the problem.

Privacy thrives on continuous progress; frankly, we’ll never actually get there because we change our own world so rapidly that all our efforts will chase goals that continually morph due to new technologies, new services, and innovative creation.  That’s just fine.  Each year, we can gather together for Data Privacy Day and evaluate how far we’ve come – and how far we have yet to go.

Richard Purcell – Executive Director

___________________________________________________________________________________

Terms of Use and Disclaimer