# Monday, December 04, 2006

My recent post of a joke about a priest and a politician highlights a privacy issue: sometimes any sufficiently specific information can become identifying information. If the priest had referred to "one of the first confessions" instead of "my very first confession" nobody would have learned anything when the late-arriving politician told the crowd he was the very first to give confession to the then-new priest. Similarly when a CIA operative was identified in the USA, at one point the person who identified her took refuge in pointing out he hadn't named her, hadn't said "X Y is an operative", but instead had named her husband, "A B is married to an operative." Of course that was equivalent to naming her.

Similarly, when you're worrying about privacy in an application, it's not as simple as naming some fields you shouldn't include in the system. That's a good first step, for sure: why does this application have a field for Social Insurance Number, what do we use it for? Why do we need to keep it after that? But it's not the whole story. For example, we may need everyone's home phone numbers, but do we need them on the main screen or would it be better to make people click to see the more private information. Can we use role based security to show private information only to managers? This takes some thought.

Microsoft is offering a 49 page Privacy Guidelines whitepaper you may find helpful. The introduction says:

The purpose of this document is to propose a baseline for establishing this higher bar.  It offers guidance for creating notice and consent experiences, providing sufficient data security, maintaining data integrity, offering customer access, and supplying controls when developing software products and Web sites.  These guidelines are based on the core concepts of the Organisation for Economic Co-operation and Development (OECD) Fair Information Practices and privacy laws such as the EU Data Protection Directive, the U.S. Children’s Online Privacy Protection Act of 1998 (COPPA), and the U.S. Computer Fraud and Abuse Act (as amended 1994 and 1996).  In the interest of developing a common set of industry best practices for privacy, we invite the community and other interested parties to participate in an open dialogue. 

It discusses categories of information, retention, consent, notice, and a few things that are web-specific like cookies. A good place to start your thought process.


Monday, December 04, 2006 3:16:45 PM (Eastern Standard Time, UTC-05:00)  #