Consumer Privacy Overview For Developers (Sprint)

2010 Sprint
Developer Conference
Maureen Cooney
Deputy Chief Privacy Officer and Senior Counsel
Sprint Office of Privacy
Oct. 26 – 28, 2010
Oct. 26 - 28
Consumer Privacy Issues
for Application Developers
Gaining Consumer Trust for Mobile Applications
Topics
• Baking Privacy into Application Development Lifecycle
• Privacy 101
• Washington Regulatory and Hill Update
• Privacy Hot Button Issues
• Current International Considerations
© 2010 Sprint. This information is subject to Sprint policies regarding use and is the property of Sprint and/or its relevant affiliates and may contain restricted,
2 confidential or privileged materials intended for the sole use of the intended recipient. Any review, use, distribution or disclosure is prohibited without authorization.
Privacy Protection
As part of the design planning process
Why is it important?
Baking Privacy into product and service
development builds consumer trust and protects
against key business risks:
• Reputational risks – Brand (yours and your partner’s)
• Consumer distrust or reticence to use services
• Corporate reticence to innovate and invest
• Legal risks
• Economic Harm
Baking Privacy Into
Application Lifecycle Development
Build Trust and Confidence with Stakeholders
Privacy as a Lifecycle Development Element

• Identifying privacy risks
• Developing risk mitigation strategies
• Keeping in mind consumer expectations
> Innovative products and services
> Keeping data ‘under control’
> Accountability for information practices
> Consumer-friendly disclosures
> Means for consumer choice and redress
Privacy 101
Consumer Privacy as protection of identity, information,
from unwanted surveillance and unfair or deceptive
information practices
Information Privacy
Protected Information
• Personally identifiable
• Sensitive
• Data about an individual (behavioral, interest-based)
• Customer Propriety Network Information (CPNI)
Privacy 101 - continued
Privacy is cultural, although shared global principles
Consumer surveys show that U.S. Internet users’ top

three privacy concerns are 1) information sharing;
2) notice about practices; and 3) information storage.
Fair Information Practice Principles

• Notice/Awareness for consumers
• Choice/Consent
• Access to information/Participation by individuals
• Data Integrity/Security
• Enforcement/Effective Redress
Who Regulates Privacy in the United States?
Privacy Regulators in the Commercial Space

• Federal Trade Commission (FTC)
• Federal Communications Commission (FCC)
• Health and Human Services (HHS)
• Food and Drug Administration (FDA)
• Department of Justice (ID Theft) (DOJ)
• Department of Homeland Security (DHS)
• Banking Regulators (Treasury, FDIC, FRB)
• State Attorney Generals
• Self Regulatory Voluntary Models - BBB, DMA, TRUSTe
Sampling of Laws in the US
• General: Section 5 of the Federal Trade Commission Act

> unfair or deceptive acts or practices in or
affecting commerce….
• Family: Children’s Online Privacy Protection Act
• Financial: Gramm Leach Bliley Act
• Medical: HIPAA, HITECH, Food and Drug Act
• Intrusions: CAN-SPAM Act, Do Not Call Implementation
Act, ECPA/CFTA
• Mobile/Telecom: Telephone Consumers Protection Act
• States: FTC-like Acts, California state law… requiring
privacy notices, Data Security laws, Massachusetts…
policies and practices
Washington Regulatory Update
Emerging Privacy Regulation – centers on technology
and new business models
• FCC – FTC Task Force on Privacy
• Dec.1 – Generation Mobile Forum (FCC)
• FTC
• Roundtables (2009-2010) (report pending)
• Behavioral Advertising Guidance
• Review of the COPPA Rule (children’s privacy)
• HHS - HITECH/HIPAA Privacy Rules
• FDA considering downloadable software
as a ‘medical device’
• Draft Privacy and Security Legislation
• Chairmen Rush and Boucher
Privacy Hot Button Issues
• Behavioral Tracking
> Targeted Advertising
> Sensitive Information (Health and Other)
> Location Data
> Consumer Privacy Disclosures and Choice
• Privacy Controls, Preference Management and
Data Portability
• Data Security
• Children’s Privacy
• Accountability
Behavioral Tracking
Behavioral Tracking
Overview: Privacy concerns about behavioral tracking
relate to the ubiquitous technological collection of data
about an individual, their interests, activities, movements,
associations, and sensitive data
• Need for transparency (Consumer Notice)
• What information is being collected,
used, and with whom it is shared
• Data Retention (what limits)
• Robustness of Security
• Fairness of a Profile developed
• Potential Harm / Opportunity for Redress
Targeted Advertising
FTC, Hill and Industry Hot Button Issue 2009-2010
• Congressional Hearings and Draft Bills
• FTC Issued Guidance in February 2010
> Notice outside of a Privacy Policy
> Consumer Choice
> Sensitive Data (opt-in)
> Enforcement
> Redress
• Industry Association Principles and Icon Developed
(IAB, ANA, AAA, DMA, Better Business Bureau)
> http://www.aboutads.info/resource/download/seven-
principles-07-01-09.pdf
> Power i symbol –
Sensitive Information
Collection and Sharing Requires Care – Consumer Opt-in
Still being defined, but generally includes:

• Health information
• Social security number and other unique identifiers
• CPNI
• Precise location data
• Children’s Information
• May include political or trade/labor union affiliations,
sexual preference data (applicable in Europe)
Location Data
Applicable Guidance
• CTIA Wireless Guidelines
• FTC Guidance
• User Safety
• Appropriate Notice and Choice
> Does consumer permission to grant access to
location data suffice as notice and choice?
> Transparency about use, data sharing, retention
> Best practices are evolving to demonstrate when
tracking is taking place, who is requesting access to
the data, which applications are “on” and offering
consumer controls
> Precise location and call location data require
affirmative opt-in consent of a consumer
Consumer Privacy Disclosures & Choice
• FTC Guidance – better communications with consumers
> Just-in-time notices
> Pop-ups with consent function or information
> Icons
> Understandable privacy policies – new formats
• Challenges in the mobile environment

> Space limitations
> Achieving clarity in short notices, pop-ups
> Icons and symbols to demonstrate privacy practices
> Third Party Certifications
Privacy Controls, Preference Management
and Data Portability
• “Privacy by Design” in development of software, hardware,
products and services anticipates building in ways to
empower a consumer to make effective choices about how
they want their information used and to provide mechanisms
to accomplish those choices
• Preference controls – privacy settings
• Preference management – assists in profile and data
use management
• Data portability – acknowledges the value of an
individual’s data shared with a platform or application
and allows the individual to retain information and
move it to other platforms and apps
Data Security
• Who is accountable when downloading applications

• Notice of 3rd party activity & policies that apply
• Security in data collection, transfer, storage, destruction
and understanding of where data flows
• Authentication of users
• Data leakage (flows) and data retention
• Risks and controls using cloud architectures
• Continuing spotlight on Identity Theft
Children’s Privacy
FTC Online Privacy Protection Review
Children under 13 years of age …

• Review is focusing on:
> Implications raised by mobile communications and

interactive gaming, television and other i-media
> Concerns around behavioral tracking and profiling
> Whether it is necessary to expand definition of
personal information
> Parental rights to review and delete information
collected from children
> Verifiable consent / authentication
International Considerations
All of the above and …
• Application certifications
• Data sharing limitations (cross-border)
• Third party accountability

Consumer Privacy Overview For Developers (Sprint)

Cargado por

Información del documento

Título original

Derechos de autor

Formatos disponibles

Compartir este documento

Compartir o incrustar documentos

Opciones para compartir

¿Le pareció útil este documento?

¿Este contenido es inapropiado?

Copyright:

Formatos disponibles

Consumer Privacy Overview For Developers (Sprint)

Cargado por

Copyright:

Formatos disponibles

2010 Sprint

Privacy as a Lifecycle Development Element

Consumer surveys show that U.S. Internet users’ top

Fair Information Practice Principles

Privacy Regulators in the Commercial Space

• General: Section 5 of the Federal Trade Commission Act

Still being defined, but generally includes:

• Challenges in the mobile environment

• Who is accountable when downloading applications

Children under 13 years of age …

> Implications raised by mobile communications and

También podría gustarte