8-533 / 8-733 / 19-608 / 95-818: Privacy Policy, Law, and Technology

Homework 2 - due September 16, 2010

Don't forget to properly cite all sources (including assigned readings) and include a bibliography with all homework assignments.

Reading assignment: September 7-16 readings

1. Write a short summary of each of the required readings excluding the PRC, AICPA, and APEC readings on Sept 7 (3-7 sentences each). Graduate students should also read and write a summary of one optional reading paper. After each summary (in a separate paragraph) provide a "highlight" for that chapter. This can be something new you learned that you found particularly interesting, a point you would like to discuss further in class, a question the chapter did not fully answer, something you found confusing, a point you disagree with, or anything else you found noteworthy. [25 points]

2. Describe the privacy principles you read about. What is the purpose of privacy principles? Compare and contrast the principles you read about. [25 points]

3. Pick a technology that causes privacy concerns. [25 points]

• a) Find two relevant sources of information about the privacy concerns associated with this technology and summarize their key points briefly.
• b) Prepare a table similar to Table 1 in the I Didn't Buy it for Myself paper that lists privacy risks, possible consequences, and examples of parties to whom personal information might be exposed for the technology you picked.
• c) Prepare a table similar to Table 2 in the I Didn't Buy it for Myself paper that demonstrates how the OECD privacy principles might be applied to reducing the privacy risks associated with the technology you picked.

4. Research a self-regulatory privacy program, set of privacy principles, or privacy law. Your research should include both reviewing the program's web site and searching for relevant news articles, endorsements, criticism, etc. Please include the relevant citations in your write-up and add the sources to your bibliography. [25 points]

• a) Write a short summary description of the program or law.
• b) Explain which of the fair information practice principles it addresses.
• For self-regulatory programs state c) who runs it and d) the kinds of praise and criticism it has been getting.
• For laws state c) the agency responsible for enforcing them and d) the types of enforcement actions that have been taken and published evaluation of the law's effectiveness.

You will be assigned a program or law to research in class from one of the following (or one that you suggest):

• TRUSTe
• Network Advertising Initiative
• Safe Harbor
• APEC Privacy Framework
• CTIA Best Practices and Guidelines for Location Based Services
• The Privacy Act of 1974
• The Federal Wiretap Act
• The Fair Credit Reporting Act
• HIPPA
• The Gramm-Leach Bliley Act
• The Video Privacy Protection Act
• Children's Online Privacy Protection Act
• Family Educational Rights and Privacy Act (FERPA)
• CPNI rules
• Cable TV Privacy Act
• EU Directive
• PIPEDA (Canadian privacy law)
• Japanese Personal Information Protection Act (PIPA)
• California SB-1386
• Australian Federal Privacy Law
• Any other national privacy law