CSC410 - Professional

Practices in IT
Instructor Name : Sidra Nasir
Email : sidranasir@cuilahore.edu.pk
Privacy Risks and Principles
Topics Covered in this Lecture
• What is Privacy , Definition and concept
• Privacy Threats Categories
• New Technology, New Risks
Learning outcomes of this Lecture
• To understand the concept of Privacy
• Learning Privacy Concept in Islam and daily life.
• To know different types of threats for Privacy under new era.
• How to manage personal data management keeping Privacy.
What does privacy mean to you?
What is privacy?
There are three key aspects of privacy:
⮚ Freedom from intrusion (Entry to another's property
without right or permission)
⮚ Control of information about oneself
⮚ Freedom from surveillance (being tracked, followed,
watched, under observation, investigation)

“Being alone.”
Westin “Privacy and Freedom”
1967
• “Privacy is the claim of individuals, groups or
institutions to determine for themselves when, how,
and to what extent information about them is
communicated to others”
• Privacy is not an absolute

• Alan F. Westin, Privacy And Freedom, 25 Wash. &

Lee L. Rev. 166 (1968),
https://scholarlycommons.law.wlu.edu/wlulr/vol25/is
s1/20
Privacy Threats Categories
Privacy Threats come in several categories:
⮚ Intentional/institutional uses of personal information (Primarily for law enforcement and
tax collection in the government sector and for marketing and decision making in the
private sector by both government and organizations).
⮚ Unauthorized use of release by “insiders”, the people who maintain the information
⮚ Theft of information
⮚ Inadvertent / Unintentional leakage of information through negligence or carelessness
⮚ Our own actions (sometimes intentional trade-offs and sometimes when we are unaware
of risks)

12
 New Technology, New Risks

⮚ Government and private databases (searching data re-

identification is easy)
⮚ Sophisticated tools for surveillance and data analysis (smart
phones send location)
⮚ Location data should be Anonymous but it stores phone ID, age
and gender info and sent to 3rd parties.
⮚ Hidden data in mobile phones
⮚ Vulnerability (Susceptible to attack) of data to loss, hacking, and
misuse

13
 New risks
⮚ Anything we do in cyberspace is recorded, at least briefly, and linked
to our computer or phone, and possibly our name.
⮚ With the huge amount of storage space available, companies,
organizations, and governments save huge amounts of data that no one
would have imagined saving in the recent past.
⮚ People often are not aware of the collection of information about them
and their activities.
⮚ Software is extremely complex. Sometimes businesses, organizations,
and website managers do not even know what the software they use
collects and stores.
⮚ Leaks happen. The existence of the data presents a risk.

14
 New risks
⮚ A collection of many small items of information can give a fairly detailed
picture of a person’s life.
⮚ Direct association with a person’s name is not essential for compromising
privacy. Re-identification has become much easier due to the quantity of
personal information stored and the power of data search and analysis
tools.
⮚ If information is on a public website, people other than those for whom it
was intended will find it. It is available to everyone. Once information
goes on the Internet or into a database, it seems to last forever. People
(and automated software) quickly make and distribute copies. It is almost
impossible to remove released information from circulation.
⮚ It is extremely likely that data collected for one purpose (such as making
a phone call or responding to a search query) will find other uses (such as
business planning, tracking, marketing, or criminal investigations).

15
Terminology and principle for managing personal
Information
1. Informed consent and Invisible information
gathering – collection of personal information about
someone without the person’s knowledge (spyware, event
data recorders in cars, customer ID number in software of
cursor, finger printing)
Example:
• A company offered a free program that changed a Web browser’s
cursor into a cartoon character. Millions of people installed the
program but then later discovered that the program sent to the
company a report of the websites its users visited, along with a
customer identification number in the software

16
Terminology and principle for managing personal
Information

2.Secondary use – use of personal information for a

purpose other than the one it was provided for.

 Data mining - searching and analyzing masses of data to find

patterns and develop new information or knowledge
 Computer matching - combining and comparing information
from different databases (using social security number, for
example, to match records)
 Computer profiling - analyzing data in computer files to
determine characteristics of people most likely to engage in
certain behavior

17
 Control of Secondary use of personal
information (SUPI)
⮚ The degree of control one should have over its
SUPI.
⮚ After informing people what info is collected and what it
does with it.
⮚ Then give control over SUPI through Informed consent (IS)
⮚ Two forms of IS are Opt-in & Opt-out policies
⮚ Opt-out by default information will be used.(opt for not use)
⮚ Opt-in by default info will not be used.(opt for use)
⮚ Data retention (Allow to remain in a place or position
or maintain a property or features)

18
Fair Information Principles or practices for managing
personal data

1. Inform people when you collect information about them, what you collect, and
how you use it.
2. Collect only the data needed.
3. Offer a way for people to opt out from mailing lists, advertising, and other
secondary uses. Offer a way for people to opt out from features and services that
expose personal
information.
4. Keep data only as long as needed.
19
Fair Information Principles or practices for managing
personal data

• 5. Maintain accuracy of data. Where appropriate and

reasonable, provide a way for people to access and
correct data stored about them.

• 6. Protect security of data (from theft and from

accidental leaks). Provide stronger protection for
sensitive data.

• 7. Develop policies for responding to law enforcement

requests for data.
Fair Information Principles or practices for managing
personal data

⮚ Laws in US, Canada, and Europe using them as

ethical practices in many situations but gives custody
when court order comes.
⮚ There is a wide variation and in interpretation among
business and privacy advocates (what info business
need and for how long)
⮚ Difficult to determine the purpose of supplying info:
the increase of cameras used by police or google
street view, sent on tweets.

21
End of Lecture