Privacy

From BC$ MobileTV Wiki
Jump to: navigation, search

Privacy is a measure of the level of secrecy and anonymity .vs. public knowledge of information, whether sensitive or otherwise. Privacy is important for humanity for example, to protect intellectual property via copyright, trademark and patents allows businesses to flourish without the risk of someone stealing information and duplicating the products or services of a company or person. Privacy also allows the advancement and evolution of a species, as it keeps its genetic code and the exact factors which contribute to its adaptation known to only itself.

Personal privacy, especially, is, and should always be, regarded as a right and thus protected.


Specifications

IAB Data Transparency

IAB/W3C Standardized Identifier

[1]

Customer Experience Digital Data Layer

W3C -- Customer Experience Digital Data Layer 1.0: https://www.w3.org/2013/12/ceddl-201312.pdf


SOLID


EU

GDPR

General Data Protection Regulation (GDPR) harmozines the legal protections for individuals across the 28 member states of the EU (including UK despite Brexit). It covers any information that could identify an individual (userIDs, memberships, interests, transactions, usage histories, etc). It is being called the most important change in data privacy regulation in over 20 years, and offers the rights to:

  1. be informed (about all data collections, storage, duration, etc)
  2. access (view a complete list of all information that has been collected, at any time)
  3. rectify (incorrect or hurtful data)
  4. erasure (aka. "right to be forgotten")
  5. restrict processing (who can analyze or how it can be used)
  6. data portability (move data between services/providers without hinderance)
  7. object (prevent collection in the first place)
  8. automated decision-making/profiling prevention ("opt-out" of any automated use of data at any time)

[3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17] [18] [19] [20]

North America

Canada

Digital Charter

[21] [22]

PIPEDA


USA

[23]

CCPA

California Consumer Privacy Act (CCPA).

Asia

???


P3P

The Platform for Privacy Preferences (P3P) Project is a W3C recommended protocol allowing websites to declare their intended use of information they collect about browsing users, and is designed primarily to give users more control of their personal information while browsing.

The P3P spec defines the following abbreviated policy settings:

  1. NOI - Web Site does not collect identified data.
  2. ADM - Information may be used for the technical support of the Web site and its computer system. Users cannot opt-in or opt-out of this usage (same as tag ADMa).
  3. DEV - Information may be used to enhance, evaluate, or otherwise review the site, service, product, or market. Users cannot opt-in or opt-out of this usage (same as tag DEVa).
  4. PSAi - Information may be used to create or build a record of a particular individual or computer that is tied to a pseudonymous identifier, without tying identified data (such as name, address, phone number, or email address) to the record. This profile will be used to determine the habits, interests, or other characteristics of individuals for purpose of research, analysis and reporting, but it will not be used to attempt to identify specific individuals. Opt-in means prior consent must be provided by users.
  5. NAV - Data passively generated by browsing the Web site -- such as which pages are visited, and how long users stay on each page.
  6. OUR - Ourselves and/or entities acting as our agents or entities for whom we are acting as an agent.
  7. STP - Information is retained to meet the stated purpose. This requires information to be discarded at the earliest time possible. Sites MUST have a retention policy that establishes a destruction time table. The retention policy MUST be included in or linked from the site's human-readable privacy policy.
  8. IND - Information is retained for an indeterminate period of time. The absence of a retention policy would be reflected under this option. Where the recipient is a public fora, this is the appropriate retention policy.
  9. DEM - Data about an individual's characteristics -- such as gender, age, and income.

[25] [26] [27] [28] [29] [30] [31] [32] [33] [34] [35] [36]

Do Not Track

Do Not Track (commonly abbreviated DNT) is a security hearer that client web browsers can send to businesses that own specific websites & web services in their requests' headers to "opt-out" of any tracking or data collection of their session or any of their information (whether such is legally deemed personal/private in the region from which they are accessing the website/services, or where that website/service primarily based out of). The header indicates that the business owning the website(s) or web service(s) being accessed should not perform any such data collection, anonymization/harvesting, analysis, storage, etc.

[37] [38] [39] [40] [41] [42] [43]


Data Classification

[44] [45]

PCI

Payment Card Industry (PCI).

* Credit Card (number, expiry, CVC)
* Financial Account (Bank account # or balance, Debit Card #, Interac e-Transfer Email, EFT, etc)
* PayPal and/or PaySafe (email, account #, payment method chosen, etc)
* Wallet balance
* Crytocurrency Wallet (public/private keys, type, etc)
* Transaction history
* Asset/Equity holdings (Stocks, Funds, etc)
* Income
* Tax filling information (CRA, IRS, Business #, federal/state/provincial/municipal tax paid, etc)
* Personal Bills (Electricity, CableTV/Internet/Phone/Mobile, etc)

For more info, see PCI

PHI

Patient Health Information (PHI).

* Patient Identification Number (Health-linkable IDs/info)
* Biometrics (fingerprint, facial image recognition identifier, iris scan, walking gait/stride, etc)
* Lab Results (Blood work, Urine/Feces/Saliva/Tissue analysis, etc)
* Diseases (Virus & Bacteria exposure, Antibodies confirmed, etc)
* Conditions (whether chronic or temporary)
* Treatments (Surgeries, Vaccinations, etc)
* Medications (Prescriptions, etc)
* Hospitalizations (Hospital & Clinic visits, etc)
* Life Expectancy (personalized/actuarial)
* Health Insurance Claims (provider usage, claim amounts, etc)
* General Health info (Vital Signs, Blood type, height/weight/BMI/BMR, Doctor/Nurse notes, etc)

PHI metadata

* Hospital in Region/Zone
* Home Clinic
* Family Doctor
* Nearest Clinic(s)
* Local Emergency Phone Numbers (Ambulatory, Fire, and Police #s)
* Emergency Contact Info (whom to contact on your behalf in the event of an emergency)
* Accident rates in region
* Sickness rates (by types) in region
* Hospitalization rates in region
* Death rates in region
* Life Expectancy in region
* Endemic/Pandemic outbreaks in region
* Contact Tracing

For more info, see HealthIT

PII

Personally Identifiable Information (PII) differs between jurisdictions but GDPR defines PII as any "physical, physiological, genetic, mental, economic, cultural or social identity of a natural person".

* PCI data
* PHI data
* Full (first/middle/last) name
* Street address (Billing/Home)
* Date of Birth (Age# or precise DOB)
* Telephone Number
* Login credentials (Username/Password)
* Email Address
* Social Security Number
* Passport Number
* Driver’s License Number
* Owned properties (VIN-Vehicle Identification Number, License Plate/Registration #, City/Township Land Plot#, etc)

PII metadata

* Internet Protocol (IP) address
* GeoIP (reverse-geocoded location)
* Geolocation (latitude/longitude)
* Triangulated Location (Satellite GPS / cell towers)
* Cookies~~
* Device Serial Number (including Processor #)~~
* Media Access Control (MAC)~~
* Other Device IDs~~

~~ - these types are not considered PII in many jurisdictions

PI

Personal Information (PI).

* First name only (so long as other names are not present anywhere in co-related datasets)
* Middle name only
* Last name only
* Abbreviated/redacted names (as in "Aaron Smith" being labelled as "A.Sm"; however special care/redaction necessary for very short names)
* Postal Code
* Age range
* Income bracket
* Gender
* Occupation (job title/position, department, team, etc)
* Workplace (company name, work address, work phone number, etc)

PI metadata

* Login time
* Login frequency/history
* Session time
* Session refreshes/history
* Session entry point
* Session exit point
* Pages/Screens visited
* Features interacted with (clickpaths, heatmaps, etc)
* Referer
* Social Media accounts
* Crashes/Bugs encountered
* Browser (User Agent)
* Operating System (Device OS)

NPI

Non-Personal Information (NPI) must not be tied back directly to an account or other PI/PII; the act of tying the below information together typically moves it into PI or PII and beyond categories.

* Anonymized identifiers
* Segment/Group Membership
* Cookies~~
* Device Serial Number (including Processor #)~~
* Media Access Control (MAC)~~
* Other Device IDs~~

NPI metadata

* Software used
* Hardware used
* Search Terms used
* Categories selected/filtered upon
* Feature requests
* Bug/Crash reports
* Support Calls

~~ - these types are considered PII in certain jurisdictions

Tools

P3P Writer

"Do Not Call" Registry

Unhosted

Unhosted is a project which promises freedom from web 2.0's monopoly platforms Unhosted is a project for strengthening free software against hosted software. With our protocol, a website is only source code. Dynamic data is encrypted and decentralised, to per-user storage nodes. This benefits free software, as well as scalability, robustness, and online privacy.

OECD Privacy Statement Generator


Resources


Tutorials


External Links


References

  1. IAB Tech Lab Presents Solution To Universal ID Privacy Tracking: https://www.mediapost.com/publications/article/340251/iab-tech-lab-presents-solution-to-universal-id-pri.html
  2. GDPR Handbook hard copy (with extra chapter): https://gdpr-handbook.eu/
  3. Information Commissioner’s Office (ICO) for GDPR: https://ico-gdpr.com/
  4. GDPR overview: http://www.youtube.com/watch?v=KA_2-OYZJiA
  5. Five Final Checks To Ensure GDPR Compliance: https://www.forbes.com/sites/kateoflahertyuk/2018/05/17/five-final-checks-to-ensure-gdpr-compliance/
  6. Personal Data Breach reporting: https://ico.org.uk/for-organisations/resources-and-support/pdb/
  7. Understanding Data Privacy and the GDPR: https://www.inversoft.com/blog/2018/04/11/understanding-data-privacy-gdpr/
  8. Data Partners and the GDPR: https://dzone.com/articles/data-partners-and-the-gdpr
  9. Seven GDPR complaints filed against Google over user location tracking: https://www.zdnet.com/article/seven-gdpr-complaints-filed-against-google-over-user-location-tracking/
  10. The Ultimate Guide to WordPress and GDPR Compliance – Everything You Need to Know: https://www.wpbeginner.com/beginners-guide/the-ultimate-guide-to-wordpress-and-gdpr-compliance-everything-you-need-to-know/
  11. Complete guide to GDPR compliance: https://news.ycombinator.com/item?id=18855675
  12. GDPR one year on - IAB offers new privacy guidelines for advertisers: www.netimperative.com/2019/04/gdpr-one-year-on-iab-offers-new-privacy-guidelines-for-advertisers/
  13. EU GDPR terms to know: https://searchcompliance.techtarget.com/feature/Words-to-go-EU-GDPR
  14. Data Breaches A Global Problem Under GDPR (STUDY): https://www.mediapost.com/publications/article/340887/data-breaches-a-global-problem-under-gdpr-study.html (good stats on reasons for breaches)
  15. COMMENTARY Marketers Can Relax -- IT Teams Are Behind Most Privacy Fines: https://www.mediapost.com/publications/article/341782/marketers-can-relax-it-teams-are-behind-most-pr.html
  16. Why Not Comply? Most Firms Lag In GDPR Data Access, Study Shows: https://www.mediapost.com/publications/article/344246/why-not-comply-most-firms-lag-in-gdpr-data-access.html
  17. Talend Report Showcases Low GDPR Compliance Rates for Data Subject Access Requests: https://www.cpomagazine.com/data-protection/talend-report-showcases-low-gdpr-compliance-rates-for-data-subject-access-requests/
  18. Five Reasons Why Organizations Fail in Their GDPR and CCPA Compliance: https://www.cisomag.com/five-reasons-why-organizations-fail-in-their-gdpr-and-ccpa-compliance/
  19. From California to Brazil -- Europe’s privacy laws have created a recipe for the world: https://www.cnbc.com/2021/04/08/from-california-to-brazil-gdpr-has-created-recipe-for-the-world.html
  20. The GDPR Is Full Of Holes, Canadian Report Says: https://www.mediapost.com/publications/article/371323/the-gdpr-is-full-of-holes-canadian-report-says.html
  21. New ‘digital charter’ to emphasize Canadians’ control over personal data | The Star: https://www.thestar.com/politics/federal/2019/05/21/new-digital-charter-to-emphasize-canadians-control-over-personal-data.html
  22. Trudeau takes aim at big tech, announces ‘Digital Charter’: https://www.thestar.com/news/canada/2019/05/16/trudeau-takes-aim-at-big-tech-announces-digital-charter.html
  23. The "Clarifying Lawful Overseas Use of Data" (CLOUD) Act and What It Means for You, or More Importantly, Me!: https://www.astroarch.com/tvp_strategy/the-cloud-act-and-what-it-means-for-you-or-more-importantly-me-44005/
  24. Privacy in Internet Explorer 6: http://msdn.microsoft.com/en-us/library/ms537343.aspx
  25. Make Your Web Site P3P Compliant: https://www.w3.org/P3P/details.html
  26. Creating a P3P Compliant Privacy Policy: http://www.awardsites.com/tutorials/w3c/p3p_privacy-01.htm
  27. PrivacyBot: http://privacybot.com/ (quick and fast generation of privacy policies and practices using proprietary technology and systems)
  28. IBM's P3P Editor tool: https://www.softpedia.com/get/Security/Security-Related/P3P-Policy-Editor.shtml
  29. Set P3P code in HTML: https://stackoverflow.com/questions/24410195/set-p3p-code-in-html/30746110#30746110
  30. P3P and PHP session problem with iframes in Internet Explorer 9: https://stackoverflow.com/questions/6283720/p3p-and-php-session-problem-with-iframes-in-internet-explorer-9
  31. facebook getUser() in fan page tab iframe shows internal server error only on IE: https://stackoverflow.com/questions/22507047/facebook-getuser-in-fan-page-tab-iframe-shows-internal-server-error-only-on-ie#answer-22514147
  32. P3P Policy Usage Statistics: https://trends.builtwith.com/docinfo/P3P-Policy
  33. P3P is no longer supported (in Windows 10 + IE11/Edge): https://docs.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/mt146424(v%3dvs.85)
  34. P3P P3P is dead, long live P3P!: http://lorrie.cranor.org/blog/2012/12/03/p3p-is-dead-long-live-p3p/
  35. What does header('P3P: CP=“CAO PSA OUR”'); do?: https://stackoverflow.com/questions/5257983/what-does-headerp3p-cp-cao-psa-our-do
  36. Deprecate P3P: https://github.com/MicrosoftEdge/Status/commit/35ba7030ec43c642418390d55197207b7fab61ab
  37. 'Do Not Track,' the Privacy Tool Used by Millions of People, Doesn't Do Anything: https://gizmodo.com/do-not-track-the-privacy-tool-used-by-millions-of-peop-1828868324
  38. Companies that have implemented Do Not Track: https://allaboutdnt.com/companies/
  39. FTC Staff Issues Privacy Report, Offers Framework for Consumers, Businesses, and Policymakers: https://www.ftc.gov/news-events/press-releases/2010/12/ftc-staff-issues-privacy-report-offers-framework-consumers
  40. Medium’s Do Not Track Policy: https://medium.com/policy/how-we-handle-do-not-track-requests-on-medium-f2b4b4fb7c5e
  41. Key to Opting Out of Personalized Ads, Hidden in Plain View: https://www.nytimes.com/2015/12/21/business/media/key-to-opting-out-of-personalized-ads-hidden-in-plain-view.html
  42. DAA WEBCHOICES BROWSER CHECK: http://optout.aboutads.info/?c=2&lang=EN
  43. The Do-Not-Track Act of 2019: https://spreadprivacy.com/do-not-track-act-2019/
  44. What is PII, non-PII, and personal data?: https://piwik.pro/blog/what-is-pii-personal-data/
  45. What Constitutes Personally Identifiable Information or PII?: https://anonyome.com/2020/05/what-constitutes-personally-identifiable-information-or-pii/
  46. FTC: http://www.ftc.gov/donotcall
  47. wikipedia: Data Privacy Day
  48. How To Remove Yourself from People Search Websites: http://www.zdnet.com/blog/violetblue/how-to-remove-yourself-from-people-search-websites/612
  49. Merit badges for online privacy? Mozilla soon might give you one: http://www.cbc.ca/news/technology/story/2013/07/22/f-vp-misener-mozilla-online-privacy.html
  50. Facebook Introduces Data Transfer Tool For Photos With Strict Privacy Standards: https://www.mediapost.com/publications/article/343990/facebook-introduces-data-transfer-tool-for-photos.html
  51. Guideline for Employees of the Government of Canada: Information Management (IM) Basics: https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=16557
  52. Google COVID-19 Community Mobility Reports: https://www.google.com/covid19/mobility/
  53. We're watching you: COVID-19 surveillance raises privacy fears: https://www.aljazeera.com/news/2020/04/watching-covid-19-surveillance-raises-privacy-fears-200403015854114.html
  54. COVID-19, surveillance and the threat to your rights: https://www.amnesty.org/en/latest/news/2020/04/covid-19-surveillance-threat-to-your-rights/
  55. Tracking the Global Response to COVID-19: https://privacyinternational.org/examples/tracking-global-response-covid-19

See Also

Security | Trust | Surveillance | BT | LBS | VPN | BigData | E-Payments | Cryptocurrency | Analytics