SECURITY N COMPUTING FIETH EDITION Chapter 9: Privacy 授课教师:高海波 可南中医药大学 信息管理与信息系统教研室 rom Security in Computing, Fifth Edition, by Charles P. Pfleeger, et aL. (ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved
SECURITY IN COMPUTING, FIFTH EDITION Chapter 9: Privacy From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. 1 授课教师:高海波 河南中医药大学 信息管理与信息系统教研室
2 Chapter 9 Objectives Define privacy and fundamental computer-related privacy challenges Privacy principles and laws Privacy precautions for web surfing Spyware Email privacy Privacy concerns in emerging technologies rom Security in Computing, Fifth Edition, by Charles P. Pfleeger, et aL. (ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. Chapter 9 Objectives • Define privacy and fundamental computer-related privacy challenges • Privacy principles and laws • Privacy precautions for web surfing • Spyware • Email privacy • Privacy concerns in emerging technologies 2
3 What Is Privacy Privacy is the right to control who knows certain aspects about you, your communications, and your activities Types of data many people consider private Identity Finances Health Biometrics Privileged communications Location data Subject: person or entity being described by the data Owner: person or entity that holds the data rom Security in Computing, Fifth Edition, by Charles P. Pfleeger, et aL. (ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. What Is Privacy? • Privacy is the right to control who knows certain aspects about you, your communications, and your activities • Types of data many people consider private: • Identity • Finances • Health • Biometrics • Privileged communications • Location data • Subject: person or entity being described by the data • Owner: person or entity that holds the data 3
Computer-Related Privacy Problems Data collection Advances in computer storage make it possible to hold and manipulate huge numbers of records, and those advances continue to evolve Notice and consent Notice of collection and consent to allow collection of data are foundations of privacy, but with modern data collection, it is often mpossible to know what is being collected Control and ownership of data Once a user consents to provide data, the data is out of that user's control. It may be held indefinitely or shared with other entities rom Security in Computing, Fifth Edition, by Charles P. Pfleeger, et aL. (ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. Computer-Related Privacy Problems • Data collection • Advances in computer storage make it possible to hold and manipulate huge numbers of records, and those advances continue to evolve • Notice and consent • Notice of collection and consent to allow collection of data are foundations of privacy, but with modern data collection, it is often impossible to know what is being collected • Control and ownership of data • Once a user consents to provide data, the data is out of that user’s control. It may be held indefinitely or shared with other entities. 4
Fair Information Practices Data should be obtained lawfully and fairly Data should be relevant to their purposes, accurate, complete and up to date The purposes for which data will be used should be identified and that data destroyed if no longer necessary for that purpose Use for purposes other than those specified is authorized only with consent of data subject or by authority of law Procedures to guard against loss, corruption, destruction, or misuse of data should be established It should be possible to acquire information about the collection, storage, and use of personal data systems The data subjects normally have a right to access and challenge data relating to them A data controller should be designated and accountable for complying with the measures to effect these principles om Security in Computing, Fifth Edition, by Charles P. Pfleeger, et aL.(ISBN: 9780134085043) Copyright 2015 by Pearson Education, Inc. All rights reserved
From Security in Computing, Fifth Edition, by Charles P. Pfleeger, et al. (ISBN: 9780134085043). Copyright 2015 by Pearson Education, Inc. All rights reserved. Fair Information Practices • Data should be obtained lawfully and fairly • Data should be relevant to their purposes, accurate, complete, and up to date • The purposes for which data will be used should be identified and that data destroyed if no longer necessary for that purpose • Use for purposes other than those specified is authorized only with consent of data subject or by authority of law • Procedures to guard against loss, corruption, destruction, or misuse of data should be established • It should be possible to acquire information about the collection, storage, and use of personal data systems • The data subjects normally have a right to access and challenge data relating to them • A data controller should be designated and accountable for complying with the measures to effect these principles 5