Rina Steenkamp - Privacy and technology
[WikiLeaks and the PROTECT-IP Act - A new public-private threat to the internet commons | Facial recognition technology - A survey of policy and implementation issues | Information security - Weakness continue amid new federal efforts to implement requirements | Security pros & "cons" - IT professionals on confidence, confidential data, and today's cyber-cons | PIAF - A privacy impact assessment framework for data protection and privacy rights, Deliverable D1 | Securing personal information - a self-assessment tool for organizations | Orientierungshilfe - Cloud computing | Mobile application privacy policy framework | [O]n net neutrality, traffic management and the protection of privacy and personal data | Many failures - a brief history of privacy self-regulation in the United States | To track or 'do not track' - advancing transparency and individual control in online behavioral advertising | Cooperative models for effective public private partnerschips - good practice guide | Best practices for reporting badware URLs | Data mining - DHS needs to improve executive oversight of systems supporting counterterrorism | Guide for conducting risk assessments | Microsoft Security Intelligence Report, volume 10 | Six provocations for big data | User perspectives on mobile privacy - Summary of research findings | The limits of tort privacy | Verizon 2011 Payment Card Industry compliance report | Account deactivation and content removal - guiding principles and practices for companies and users | The risk of social engineering on information security - a survey of IT professionals | A call to courage - reclaiming our liberties ten years after 9/11 | Cyber security and the UK's national infrastructure | Small business virtualization poll - Global results | The USA PATRIOT Act and the use of cloud services - Q&A | Discussion document - privacy design guidelines for mobile application development | Fostering digital citizenship]
An article by Yochai Benkler.
Abstract:
"The WikiLeaks affair and proposed copyright bills introduced in the Senate are evidence of a new, extralegal path of attack aimed at preventing access and disrupting the payment systems and advertising of targeted sites. In this model, the attacker may be a government agency seeking to circumvent constitutional constraints on its power or a private company trying to enforce its interests beyond those afforded by procedural or substantive safeguards in the law. The vector of attack runs through the targeted site’s critical service providers, disrupting technical services, such as Domain Name System service, cloud storage, or search capabilities; and business-related services, such as payment systems or advertising. The characteristics that make this type of attack new are that it targets an entire site, rather than aiming for removal or exclusion of specific offending materials; operates through denial of business and financial systems, in addition to targeting technical systems; and systematically harnesses extralegal pressure to achieve results beyond what law would provide or even permit."
Yochai Benkler: WikiLeaks and the PROTECT-IP Act - A new public-private threat to the internet commons (PDF)
[Open link in this window | Open link in new window]
The Guardian: WikiLeaks suspends publishing to fight financial blockade
[Open link in this window | Open link in new window]
Techdirt: The connection between Wikileaks censorship and PROTECT IP - censorship through cutting off service providers
[Open link in this window | Open link in new window]
A report (from 2009) by Lucas D. Introna and Helen Nissenbaum.
From the Executive Summary:
"Facial recognition technology (FRT) has emerged as an attractive solution to address many contemporary needs for identification and the verification of identity claims. It brings together the promise of other biometric systems, which attempt to tie identity to individually distinctive features of the body, and the more familiar functionality of visual surveillance systems. This report develops a socio-political analysis that bridges the technical and social-scientific literatures on FRT and addresses the unique challenges and concerns that attend its development, evaluation, and specific operational uses, contexts, and goals. It highlights the potential and limitations of the technology, noting those tasks for which it seems ready for deployment, those areas where performance obstacles may be overcome by future technological developments or sound operating procedures, and still other issues which appear intractable. Its concern with efficacy extends to ethical considerations."
Lucas D. Introna and Helen Nissenbaum: Facial recognition technology - A survey of policy and implementation issues (PDF)
[Open link in this window | Open link in new window]
New York University: NYU's Nissenbaum releases study on use of facial recognition technology
[Open link in this window | Open link in new window]
EFF: FBI ramps up next generation ID roll-out - will you end up in the database?
[Open link in this window | Open link in new window]
A report by the GAO.
From 'Information security control deficiencies place federal operations and assets at risk' and 'Weaknesses noted in all major categories of controls':
"Our audits have identified information security deficiencies in both financial and nonfinancial systems, including vulnerabilities in federal systems. We have made hundreds of recommendations to agencies in fiscal years 2010 and 2011 to address these security control deficiencies. However, most of these recommendations have not yet been fully implemented. [...] In addition, reviews at the 24 major federal agencies continue to highlight deficiencies in their implementation of information security policies and procedures. [...] All 24 agencies had vulnerabilities in access control, configuration management, and security management. Deficiencies in segregation of duties and contingency planning, while not reported for all of these agencies, were prevalent [...]"
GAO: Information security - Weakness continue amid new federal efforts to implement requirements (PDF)
[Open link in this window | Open link in new window]
DarkReading: Despite stiffer reporting requirements, many agencies still slow to implement continuous monitoring
[Open link in this window | Open link in new window]
A report by Websense.
From In Brief:
"Websense commissioned independent research firm Dynamic Markets to survey 1,000 IT managers and 1,000 non-IT employees in the UK, USA, Canada, and Australia about the latest threats to corporate and personal security, including APTs and modern malware. In the first of this three-part survey, we discuss IT managers’ attitudes towards corporate information and their Data Loss Prevention (DLP) strategies (plus a handful of more light-hearted but equally revealing aspects to security)."
Websense: Security pros & "cons" - IT professionals on confidence, confidential data, and today's cyber-cons (PDF)
[Open link in this window | Open link in new window]
Websense: Websense security survey - IT stresses as data breaches put jobs on the line
[Open link in this window | Open link in new window]
Security.nl: Manager vindt scheiden minder stressvol dan IT-security
[Open link in this window | Open link in new window]
More at... [11/10/30 (NL/01)]
More at... [11/10/30 (NL/02)]
More at... [11/10/30 (NL/03)]
More at... [11/10/30 (NL/04)]
A report by David Wright, Kush Wadhwa, Paul de Hert and Dariusz Kloza (editors).
From the executive summary:
"This report reviews the privacy impact assessment (PIA) methodologies of seven countries and 10 PIA case studies. No other published report, to our knowledge, has done this. Thus, it represents the most complete compendium and analysis of PIA policies and practices yet compiled and published (on the PIAF website www.piafproject.eu)."
David Wright, Kush Wadhwa, Paul de Hert and Dariusz Kloza (editors): PIAF - A privacy impact assessment framework for data protection and privacy rights, Deliverable D1 (PDF)
[Open link in this window | Open link in new window]
The Privacy Impact Assessment Framework (PIAF)
[Open link in this window | Open link in new window]
A self-assessment tool by the Federal, Alberta and British Columbia Privacy Commissioners.
From the first page:
"How well is your organization protecting personal information? The personal information security requirements under the Personal Information Protection Act (British Columbia), Personal Information Protection Act (Alberta) and the Personal Information Protection and Electronic Documents Act [PIPEDA] (Canada) require organizations to take reasonable steps to safeguard the personal information in their custody or control from such risks as unauthorized access, collection, use, disclosure, copying, modification, disposal or destruction."
Federal, Alberta and British Columbia Privacy Commissioners: Securing personal information - a self-assessment tool for organizations
[Open link in this window | Open link in new window]
Office of the Privacy Commissioner of Canada: Small business tool to strengthen personal data security
[Open link in this window | Open link in new window]
Guidance for cloud computing use, from the German data protecion authorities - Arbeitskreise Technik und Medien der Konferenz der Datenschutzbeauftragten des Bundes und der Länder.
Arbeitskreise Technik und Medien der Konferenz der Datenschutzbeauftragten des Bundes und der Länder: Orientierungshilfe - Cloud computing (German-language PDF)
[Open link in this window | Open link in new window]
HL: German DPAs issue rules for cloud computing use
[Open link in this window | Open link in new window]
A publication by the Mobile Marketing Association.
From the Goal for the Privacy Policy:
"The 10A Privacy & Advocacy Committee intends for this mobile application privacy policy to be used as a starting point for most mobile applications. The policy is designed to address the core privacy issues and data processes of many mobile applications, but should not be considered sufficient by itself to cover all types of applications. There are many areas where many in the mobile marketplace are experimenting with privacy enhancing technologies, and we applaud those efforts. The core goal for this privacy policy framework is to encourage the mobile application developer community to continue to move consumer privacy interests forward."
Mobile Marketing Association: Mobile application privacy policy framework (PDF)
[Open link in this window | Open link in new window]
MarketWatch: Policy guidelines for mobile apps for public comment
[Open link in this window | Open link in new window]
Future of Privacy: Mobile Marketing Association releases privacy policy guidelines for mobile apps
[Open link in this window | Open link in new window]
More at... [11/10/23 (NL/01)]
An opinion of the EDPS.
From Focus and structure of the Opinion:
"The EDPS considers that a serious policy debate on net neutrality must address the confidentiality of communications as well as other privacy and data protection implications. This Opinion contributes to this ongoing EU debate. Its goal is threefold:
- It flags the relevance of privacy and data protection in the current discussions on net neutrality. More particularly, it highlights the need to respect the existing rules on confidentiality of communications. Only practices that respect such rules should be allowed.
- Net neutrality relates to relatively new - technological - possibilities and there is little experience on how the legal framework applies. This Opinion therefore provides guidance on how ISPs must apply and respect the data protection legal framework if they engage in filtering, blocking and inspecting network traffic. This should be helpful for ISPs and also for authorities in charge of enforcing the framework.
- Within the scope of data protection and privacy, this Opinion identifies areas which call for special attention and which may require action at EU level. This is particularly important in the light of the ongoing debate at EU level and the policy measures that may be launched by the Commission in this context."
EDPS: [O]n net neutrality, traffic management and the protection of privacy and personal data (PDF)
[Open link in this window | Open link in new window]
La Quadrature du Net: No privacy without net neutrality
[Open link in this window | Open link in new window]
The Register: Busting net neutrality may amout to spying, says EU
[Open link in this window | Open link in new window]
Tweakers.net: Privacy-autoriteit - traffic shaping wellicht in strijd met EU-regels
[Open link in this window | Open link in new window]
Out-law.com: ISPs' traffic management may breach data protection and privacy laws, EU watchdog says
[Open link in this window | Open link in new window]
A paper by Robert Gellman and Pam Dixon.
From the Brief Summary:
"Major efforts to create self-regulatory, or voluntary, guidelines in the area of privacy began in 1997. Industry promoted privacy self-regulation at the time as a solution to consumer privacy challenges. This report reviews the leading efforts of the first self-regulatory wave from 1997 to 2007[...] A key finding of this report is that the majority of the industry self-regulatory programs that were initiated failed in one or more substantive ways, and, many disappeared entirely. The report concludes with a discussion of possible reforms for the process, including a defined and permanent role for consumers, independence, setting benchmarks, and other safeguards."
Robert Gellman and Pam Dixon: Many failures - a brief history of privacy self-regulation in the United States (PDF)
[Open link in this window | Open link in new window]
Privacy Lives: World Privacy Forum - Many failures - a brief history of privacy self-regulation in the United States
[Open link in this window | Open link in new window]
An article by Omer Tene and Jules Polonetsky.
Abstract:
"The past decade has seen a proliferation of online data collection, processing, analysis and storage capacities leading businesses to employ increasingly sophisticated technologies to track and profile individual users. The use of online behavioral tracking for advertising purposes has drawn criticism from journalists, privacy advocates and regulators. Indeed, the behavioral tracking industry is currently the focus of the online privacy debate. At the center of the discussion is the Federal Trade Commission’s Do Not Track (DNT) proposal. The debate raging around DNT and the specific details of its implementation disguises a more fundamental disagreement among stakeholders about deeper societal values and norms. Unless policymakers address this underlying normative question – is online behavioral tracking a social good or an unnecessary evil – they may not be able to find a solution for implementing user choice in the context of online privacy. Practical progress advancing user privacy will be best served if policymakers and industry focus their debate on the desirable balance between efficiency and individual rights and if businesses implement tracking mechanisms fairly and responsibly. Policymakers must engage with these underlying normative questions; they cannot continue to sidestep these issues in the hope that 'users will decide' for themselves."
Omer Tene and Jules Polonetsky: To track or 'do not track' - advancing transparency and individual control in online behavioral advertising (SSRN)
[Open link in this window | Open link in new window]
Future of Privacy: To track or 'do not track' - that is the question
[Open link in this window | Open link in new window]
A report by ENISA.
From the Introduction:
"Reliable communications networks and services are critical to both public welfare and economic stability in Europe. Today's society relies increasingly on these networks and related services. With infrastructures operated by the private sector and governments remaining responsible for the overall policy setting, a high level of network and information security can only be attained if public and private sector co-operate closely to address the ever growing number and complexity of threats. The importance of Public Private Partnerships in this field has been widely recognised by both policy-makers and industry alike. Recent European Commission (EC) Communications have highlighted the importance of network and information security (NIS), and resilience for the creation of a single European Information Space. They stress the importance of dialogue, partnership, and empowerment of all stakeholders to properly address these threats."
ENISA: Cooperative models for effective public private partnerschips - good practice guide (PDF, to be downloaded from linked page)
[Open link in this window | Open link in new window]
ENISA: National PPPs
[Open link in this window | Open link in new window]
ENISA: New guide launched re building effective IT security public private partnerships (PPPs)
[Open link in this window | Open link in new window]
A report by Stop Badware.
From Purpose and Scope:
"This document establishes best practices for reporting badware URLs at each stage in the reporting process: targeting reports, identifying contact information, assembling report contents, and delivering reports. It also specifies procedures for escalating those reports when needed. The Practices are designed to promote reporting useful to report targets and to offer both guidance and flexibility to reporters who have voluntarily committed to reporting badware URLs."
Stop Badware: Best practices for reporting badware URLs (PDF)
[Open link in this window | Open link in new window]
Stop Badware: Best practices for reporting badware URLs
[Open link in this window | Open link in new window]
Naked Security: Best practices for reporting malicious URLs
[Open link in this window | Open link in new window]
A report by the U.S. Government Accountability Office.
From the Conclusions:
"With a few exceptions, DHS and three component agency policies largely address the key elements and attributes needed to ensure that their datamining systems are effective and provide necessary privacy protections. However, in practice, none of the systems we reviewed received the full set of effectiveness and privacy evaluations that are both desired and required for data-mining systems supporting counterterrorism. For example, as required by law and DHS policy, the ICEPIC system obtained an approved privacy impact assessment before it was deployed. However, program officials subsequently deployed an information-sharing component (called the Law Enforcement Information Sharing Service), which provides functionality that is explicitly excluded in the approved privacy impact assessment. Program officials noted several reasons for the disconnect we noted between policies and practices, including system components that were initiated before the latest DHS and component agency policies were in place. Until sound evaluation policies are implemented, DHS and its component agencies risk developing and acquiring systems that do not effectively support their mission and do not adequately ensure the protection of privacy-related information."
U.S. Government Accountability Office: Data mining - DHS needs to improve executive oversight of systems supporting counterterrorism (PDF)
[Open link in this window | Open link in new window]
Epic.org: Congressional watchdog - DHS data mining programs pose risk to privacy
[Open link in this window | Open link in new window]
More at... [11/10/16 (NL/01)]
More at... [11/10/16 (NL/02)]
An initial public draft by NIST.
From the Introduction:
"[I]t is imperative that leaders and managers at all levels understand their responsibilities and are held accountable for managing information security risk—that is, the risk associated with the operation and use of information systems that support the missions and business functions of their organizations."
NIST: Guide for conducting risk assessments (PDF)
[Open link in this window | Open link in new window]
Informationweek: NIST releases federal risk assessment guide
[Open link in this window | Open link in new window]
Digital Forensics: NIST releases federal risk assessment guide
[Open link in this window | Open link in new window]
A report by Microsoft.
From Security Breach Trends:
"The largest single category of security breach] incidents in each of the past six quarters involved stolen equipment, ranging from a high of 34.5 percent of the total in 3Q09 to a low of 18.6 percent of the total in 4Q10. Malicious incidents (those involving 'hacking' incidents, malware, and fraud) routinely account for less than half as many incidents as negligence (involving lost, stolen, or missing equipment; accidental disclosure; or improper disposal) [...]. Improper disposal of business records accounts for a significant portion of incidents and is relatively easy for organizations to address by developing and enforcing effective policies regarding the destruction of paper and electronic records that contain sensitive information."
Microsoft: Microsoft Security Intelligence Report, volume 10 (PDF, can be downloaded from the linked page)
[Open link in this window | Open link in new window]
Microsoft Privacy & Safety: The threat landscape in Africa & the Internet Governance Forum
[Open link in this window | Open link in new window]
An essay by danah boyd and Kate Crawford.
From the Abstract:
"The era of Big Data has begun. Computer scientists, physicists, economists, mathematicians, political scientists, bio-informaticists, sociologists, and many others are clamoring for access to the massive quantities of information produced by and about people, things, and their interactions. Diverse groups argue about the potential benefits and costs of analyzing information from Twitter, Google, Verizon, 23andMe, Facebook, Wikipedia, and every space where large groups of people leave digital traces and deposit data. Significant questions emerge. Will large-scale analysis of DNA help cure diseases? Or will it usher in a new wave of medical inequality? Will data analytics help make people’s access to information more efficient and effective? Or will it be used to track protesters in the streets of major cities? Will it transform how we study human communication and culture, or narrow the palette of research options and alter what ‘research’ means? Some or all of the above?"
danah boyd and Kate Crawford: Six provocations for big data (SSRN)
[Open link in this window | Open link in new window]
Schneier on Security: Three emerging cyber threats
[Open link in this window | Open link in new window]
A report by Futuresight.
From Privacy Concerns:
"Privacy is a significant concern for the majority of mobile users: One in two respondents expressed concerns over sharing their personal information while using the mobile internet or apps; 81% of all mobile users felt that safeguarding their personal information was very important; 76% said they were very selective about who they gave their information to because of their concerns; 92% expressed concern about applications collecting their personal information without their consent"
Futuresight: User perspectives on mobile privacy - Summary of research findings (PDF)
[Open link in this window | Open link in new window]
GSM World: Mobile privacy
[Open link in this window | Open link in new window]
GSM World: GSMA research shows mobile users rank privacy as an important concern when using applications and services
[Open link in this window | Open link in new window]
Data Protector: Privacy on mobile devices - not bad
[Open link in this window | Open link in new window]
An essay by Neil M. Richards.
From the Abstract:
"The conception of tort privacy developed by Warren, Brandeis and Prosser sits at the heart of American understandings of privacy law. Rooted in protection of private information against unwanted collection, use, and disclosure, tort privacy protects against emotional injury, and was directed by design against disclosures of true, embarrassing facts by the media. In this essay, I argue that as conceived by Warren and Brandeis and interpreted by Prosser, tort privacy is a poor vehicle for grappling with problems of privacy and reputation in the digital age."
Neil M. Richards: The limits of tort privacy (SSRN)
[Open link in this window | Open link in new window]
Washington University: Privacy legal fights should focus on intrusion, not hurt feelings
[Open link in this window | Open link in new window]
A report by Verizon.
From PCI DSS Assessments Results:
"Compliance, especially the [Payment Card Industry] [Data Security Standard] requirements mentioned above, aims at setting a baseline of security controls in the hope they’ll be sufficient to keep organizations secure enough to continue doing business. [...] Many organizations have a hard time sustaining the efforts required to be compliant year after year. Even the best organizations make mistakes, but all too many businesses simply put a band-aid over bullet holes in the hope that the effort will last until the assessor has left. This report discusses the level of compliance businesses had at the point of validation, and may allow us to make inferences about the continued compliance efforts of an organization and the security that results from those efforts."
Verizon: Verizon 2011 Payment Card Industry compliance report (PDF)
[Open link in this window | Open link in new window]
Inside Privacy: Verizon report concludes that industry's compliance with PCI standards remains low
[Open link in this window | Open link in new window]
A report by Erica Newland, Caroline Nolan, Cynthia Wong, and Jillian York.
From the Executive Summary:
"Intentionally or not, private entities assume a primary role in providing and controlling access to the ‘networked public sphere.’ This ‘networked public sphere’ has supplanted, in part, the traditional town square by providing an open and dynamic online space for social and political debate and activism where citizens around the world increasingly exercise their rights to free expression, opinion, assembly, and association. Platform operators are often faced with challenging decisions regarding content removal or account deactivation, which, even when valid or reasonable, may have costly implications for the rights of users, especially activists."
Erica Newland, Caroline Nolan, Cynthia Wong, and Jillian York: Account deactivation and content removal - guiding principles and practices for companies and users (PDF)
[Open link in this window | Open link in new window]
Berman Center for Internet & Society: Account deactivation and content removal
[Open link in this window | Open link in new window]
BoF: Nieuw rapport over informatie- en accountverwijdering roept vooral vragen op
[Open link in this window | Open link in new window]
EFF: New paper sets forth principles and practices for account deactivation and content removal
[Open link in this window | Open link in new window]
A report by Check Point.
From the Detailed Findings:
"Participants were asked if their organizations have been targeted by social engineering attacks. While 43% of participants indicated that they had, only 16% had confidence that they had not been targeted. A large number of participants (41%) were not aware of any attacks, but could not say definitively that there had not been an attempt. This response implies a potential risk that businesses and IT teams are not dealing with."
Check Point: The risk of social engineering on information security - a survey of IT professionals (PDF)
[Open link in this window | Open link in new window]
Check Point: Check Point survey reveals that nearly half of enterprises are victims of social engineering
[Open link in this window | Open link in new window]
Security.nl: Helft bedrijven doelwit social engineering-aanvallen
[Open link in this window | Open link in new window]
More at... [11/10/09 (NL/01)]
A report by the ACLU.
From the introduction:
"Ten years later, as we remember and mourn those who died on September 11th, our nation still faces the challenge of remaining both safe and free. Our choice is not, as some would have it, between safety and freedom. Just the opposite is true. As President Obama recognized in a 2009 speech, 'our values have been our best national security asset—in war and peace; in times of ease and in eras of upheaval.' Yet, our government’s policies and practices during the past decade have too often betrayed our values and undermined our security."
ACLU: A call to courage - reclaiming our liberties ten years after 9/11 (PDF)
[Open link in this window | Open link in new window]
ACLU: Report - A call to courage - reclaiming our liberties ten years after 9/11
[Open link in this window | Open link in new window]
Schneier on Security: ACLU report on the war on terror
[Open link in this window | Open link in new window]
A Chatham House report by Paul Cornish, David Livingstone, Dave Clemente and Claire Yorke.
From the Executive Summary and Recommendations:
"With regard to threat perceptions and sensitivity, the principal finding of the report is that there appears to be no coherent picture or sense of what constitutes a vulnerability, or of the likely severity of the consequences of that vulnerability. There is, in short, no agreement on the nature and gravity of the problem that is either so compelling or so widely accepted as to catalyse a society-wide response to the challenges of cyber security, embracing the public and private sectors."
Paul Cornish, David Livingstone, Dave Clemente and Claire Yorke: Cyber security and the UK's national infrastructure (PDF)
[Open link in this window | Open link in new window]
Out-law.com: UK business executives should be more aware of cyber threats, report says
[Open link in this window | Open link in new window]
A report by Symantec.
From finding 3:
"Remarkably, this survey revealed the great extent to which small businesses do not sufficiently protect their data and systems with regular backups and security safeguards."
Symantec: Small business virtualization poll - Global results (PDF)
[Open link in this window | Open link in new window]
Symantec: Symantec survey finds surprising number of small businesses not protecting data on virtualized servers
[Open link in this window | Open link in new window]
AG: MKB is laks met beveiliging in de cloud
[Open link in this window | Open link in new window]
A document by Covington & Burling LLP.
From question 4:
"Long before the Patriot Act was enacted, US courts held that a company with a presence in the United States was obligated to respond to a valid demand for information from the US government – regardless of the location of that information – so long as the company retained 'possession, custody or control' of the data. This legal principle, which is not dissimilar to the approach followed by some EU Member States (whose rules permit law enforcement to exercise jurisdiction over data that is 'accessible' in-country), has long required companies that have contacts with or a presence in the US to comply with lawful US government requests for information — including EU companies and their data held in the EU."
Covington & Burling LLP: The USA PATRIOT Act and the use of cloud services - Q&A (PDF)
[Open link in this window | Open link in new window]
Inside Privacy: USA PATRIOT Act and the use of cloud services
[Open link in this window | Open link in new window]
A document by the GSMA Mobile Privacy Initiative.
From the Introduction:
"The guidelines we provide here adopt a 'Privacy by Design' approach and are intended to help ensure that mobile applications are developed in ways that respect and protect the privacy of users and their personal information. Privacy by Design is also about recognising that users have privacy interests (expectations, needs, wants and concerns) that must be addressed in a pro-active manner from the start and not as an afterthought or an 'add-on'."
GSMA Mobile Privacy Initiative: Discussion document - privacy design guidelines for mobile application development (PDF)
[Open link in this window | Open link in new window]
Annex A, Use cases, Annex B, High level privacy principles (PDF)
[Open link in this window | Open link in new window]
Data Protector: The perils of devising privacy principles
[Open link in this window | Open link in new window]
A publication by Microsoft.
From 'A connected world':
"The media, government, and law enforcement have given much attention to online safety issues including cyberbullying, child predators, sexting, pornography, digital plagiarism, violations of privacy, oversharing of personal information, Internet addiction, and pirated content. Many countries have implemented a three-part approach to confront these issues— with technology tools, safety education, and law enforcement activities. All three play a vital role in protecting young people, but these strategies often consist of reactive responses to emerging safety concerns. A more advanced approach to online safety would include comprehensive measures, which take into account that young people must understand rules and behaviors that are unique to the digital world before they can become responsible citizens within emerging digital societies."
Microsoft: Fostering digital citizenship (PDF)
[Open link in this window | Open link in new window]
Microsoft Privacy & Safety: Microsoft on digital citizenship
[Open link in this window | Open link in new window]
More at... [11/10/02 (NL/01)]
More at... [11/10/02 (NL/02)]
More at... [11/10/02 (NL/03)]
More at... [11/10/02 (NL/04)]