Homework 2 - due September 20, 2007
Please email your homework in Microsoft Word or PDF format to privacy-homework AT cups DOT cs
DOT cmu DOT edu and put "hw2"
in the subject line.
Don't forget to properly cite all sources (including assigned
readings) and include a bibliography with all homework
- Privacy Rights Clearinghouse, A Review of
the Fair Information Principles, 2004.
- Privacy, Information, and Technology, 1A
Introduction: Information Privacy, Technology, and the Law,
- Lorrie Faith Cranor, I Didn't
Buy it for Myself, in Designing Personalized User
Experiences in eCommerce, 2004.
- Privacy, Information, and Technology, 1B
Introduction: Information Privacy Law: Origins and Types,
- Privacy, Information, and Technology, 4B
Privacy, Business Records, and Financial Information: Regulating
Business Records and Databases,
- Web Privacy with P3P, Foreword,
- Robert Gellman, Privacy:
Finding a Balanced Approach to Consumer Options, in
Considering Consumer Privacy: A Resource for Policymakers and
- Hal Varian, Economic
Aspects of Personal Privacy, in Privacy
and Self-Regulation in the Information Age, 1997.
- Alessandro Acquisti and Jens Grossklags, Privacy
and Rationality in Individual Decision Making, IEEE
Security & Privacy, January/February 2005, pp. 24-30.
1. Write a short summary of each chapter in the reading
assignment (3-7 sentences each). Graduate students should also read and
write a summary of one optional reading paper. After each summary (in a separate
paragraph) provide a "highlight" for that chapter. This can be
something new you learned that you found particularly interesting, a
point you would like to discuss further in class, a question the
chapter did not fully answer, something you found confusing, a point
you disagree with, or anything else you found noteworthy. [30 points]
2. Pick a technology that causes privacy concerns. [35 points]
- a) Find two relevant sources of information about the privacy
concerns associated with this technology and summarize their key
- b) Prepare a table
similar to Table 1 in the I Didn't Buy it for Myself paper that
lists privacy risks, possible consequences, and examples of parties to
whom personal information might be exposed for the technology you picked.
- c) Prepare a table similar to Table 2 in the I Didn't Buy it for
Myself paper that demonstrates how the OECD privacy principles
might be applied to reducing the privacy risks associated with the
technology you picked.
3. Research a self-regulatory privacy program or privacy law. Your research should include both reviewing the
program's web site and searching for relevant news articles,
endorsements, criticism, etc. Please include the relevant citations
in your write-up and add the sources to your bibliography. [35 points]
- a) Write a short summary description of the program or law.
- b) Explain which of the fair
information practice principles it addresses.
- For self-regulatory
programs state c) who runs it and d) the kinds
of praise and criticism it has been getting.
- For laws state c) the
agency responsible for enforcing them and d) the types of enforcement actions
that have been taken and published evaluation of the law's
You will be
assigned a program or law to research in class from one of the
following (or one that you suggest):
- Network Advertising Initiative
- Direct Marketing Association Privacy Promise
- CTIA Location-based privacy guidelines
- Safe Harbor
- The Privacy Act of 1974
- The Fair Credit Reporting Act
- The Gramm-Leach Bliley Act
- The Video Privacy Protection Act
- Childrens Online Privacy Protection
- CPNI rules
- Cable TV Privacy Act
- EU Directive
- PIPEDA (Canadian privacy law)
- Japanese Personal Information Protection Act (PIPA)
- California SB-1386