8-533 / 8-733 / 19-608 / 95-818: Privacy Policy, Law, and Technology

Homework 2 - due September 16, 2014

Don't forget to properly cite all sources (including assigned readings) and include a bibliography with all homework assignments.

Reading assignment: September 9-16 readings (100/120 points)

1. [20 points] 12-unit students: Read and write a summary of one optional reading paper.

2. [40 points] Pick a technology that causes privacy concerns.

• a) Describe the privacy concerns, citing relevant sources.
• b) Prepare a table similar to Table 1 in the I Didn't Buy it for Myself paper that lists privacy risks, possible consequences, and examples of parties to whom personal information might be exposed for the technology you picked.
• c) Prepare a table similar to Table 2 in the I Didn't Buy it for Myself paper that demonstrates how the OECD privacy principles might be applied to reducing the privacy risks associated with the technology you picked.

3. [20 points] Find a reference to privacy in art, literature, advertising, or pop-culture (tv, movie, cartoon, etc.). You can take a look at the Privacy Commissioner of Canada's list of privacy in popular culture for some ideas, but please come up with your own ideas that are not part of this list. It is fine to find something that is not in English, but please provide a translation. Write a paragraph explaining the reference and what it says about privacy. If possible, provide a URL or a copy of the privacy reference that you can share with the class.

4. [40 points] Research a set of privacy principles, or privacy law. Your research should include both reviewing the program's web site and searching for relevant news articles, endorsements, criticism, etc. Please include the relevant citations in your write-up and add the sources to your bibliography. [25 points]

• a) Write a short summary description of the program or law.
• b) Explain which of the fair information practice principles it addresses.
• c) Identify the agency responsible for enforcing it (if any).
• d) Identify the types of enforcement actions (if any) that have been taken and published evaluation of the law's effectiveness.

You will be assigned a program or law to research in class from one of the following (or one that you suggest):

• CTIA Best Practices and Guidelines for Location Based Services
• The Privacy Act of 1974
• The Federal Wiretap Act
• The Fair Credit Reporting Act
• HIPPA
• The Gramm-Leach Bliley Act
• The Video Privacy Protection Act
• Children's Online Privacy Protection Act
• Family Educational Rights and Privacy Act (FERPA)
• CPNI rules
• Cable TV Privacy Act
• California SB-1386
• White House Consumer Privacy Bill of Rights
• NTIA Code of Conduct on Mobile Application Transparency
• Any other national privacy law