Chapter 9
Self-regulation
attempt by industry leaders to avoid government regulations by suggesting (rather than requiring) that companies have privacy policies, for example with privacy seals and privacy policies.
PAPA framework
framework that identifies four major categories of concerns about the use of information: privacy, accuracy, property, and accessibility.
Federal Trade Commission (FTC)
government agency responsible for (among other things) ensuring that privacy policies are respected.
Fair Information Practices principles (FIP)
guidelines for how to deal with personal information, which include notice/awareness; choice/consent; access/participation; integrity/security; and enforcement/redress.
Children's Online Privacy Protection Act of 1998 (COPPA)
law that prevents websites from collecting personally identifiable information from children without parental consent.
Family Education Rights and Privacy Act (FERPA)
law that protects the privacy of student education records.
Health Insurance Portability and Accountability Act (HIPPA)
law that provides regulations to protect personal health information held by covered entities and gives patients an array of rights with respect to that information.
Children's Internet Protection Act of 2001 (CIPA)
law that regulates access to offensive content over the Internet on school and public library computers.
Electronic Communication Privacy Act of 1986 (ECPA)
law that regulates access, use, disclosure, interception, and privacy protections of electronic communication.
Data Protection Directive
law that regulates how personal data is processed and protected in the European Union.
Gramm-Leach-Bliley Financial Services Modernization Act of 1999 (GLBA)
A law that provides regulations to protect consumers' personal financial information held by financial institutions.
Opt-out
A privacy option where individuals must state that they do not want their data to be shared with others or used for other purposes.
Opt-in
A privacy option where individuals state they agree that their data can be shared with others or used for other purposes, often to receive special deals or information from partner companies.
Improper access to data
A privacy threat where unauthorized individuals have access to one's private information.
Accuracy
When data are what they are supposed to be and do not include errors.
Privacy
one's ability to control information about oneself.
Data collection threat
privacy threat resulting from the fact that data can be collected, aggregated and analyzed at a faster pace and in larger volume than ever, and without the individual's awareness.
Unauthorized secondary use of information
privacy threat resulting from the use of data for purposes other than those for which they were originally collected.
Errors in data
privacy threat where there are inaccuracies in data.
Seal program
program offered by an organization, which post a set of rules that companies must follow to be a part of the seal program.
Accessibility
refers to who has access to the information systems and the data that they hold.
Property
refers to who has ownership of the data.
Privacy seal
seal that businesses can post on their website to show their commitment to privacy,.
Security seal
seal that businesses can post on their website to show their commitment to security.
Reputation seal
seal that businesses can post on their website to show their commitment to trustworthiness.
Cookies
small text files located on your computer, to store information about you, your accounts and your computer.
Cookie manager
software application that allows you to view which cookies are stored on your computer, what's in them, and gives you the ability to delete them.
Privacy policy
statement that describes what the organization's practices are with respect to the privacy of its customers.
Clickstream data
tracking of online browsing behaviors.
Identity theft
using another person's personal information for fraudulent activities.
