jun murai masaaki sato jun takei may 21, 2009
DESCRIPTION
Spring Semester 2009 IT Policy and Technology: Japan and Global IT Environment 世界のなかの日本としての IT 政策と技術. 6. Privacy and Security #1: Introduction. Jun Murai Masaaki Sato Jun Takei May 21, 2009. Schedule Plan. Today. 4/9Introduction - PowerPoint PPT PresentationTRANSCRIPT
Spring Semester 2009
IT Policy and Technology:Japan and Global IT Environment 世界のなかの日本としての IT 政策と技術
Jun MuraiMasaaki SatoJun Takei
May 21, 2009
6. Privacy and Security #1: Introduction
Schedule Plan1. 4/9 Introduction2. 4/16 Internet & Digital Technology History,
Technology Introduction3. 4/30 Digital Contents Policy #14. 5/7 Digital Contents Policy #25. 5/14 Digital Contents Policy #36. 5/21 Privacy and Security #17. 5/28 Privacy and Security #28. 6/4 Privacy and Security #39. 6/11 Education and Health Care #110. 6/18 Education and Health Care #211. 6/25 Education and Health Care #312. 7/2 Guest Session: Network and Cyber Law13. 7/9 Conclusion
May 21, 2009 IT Policy and Technology: Japan and Global IT Environment #6 2
Today
Personal Information Leakage
May 21, 2009 IT Policy and Technology: Japan and Global IT Environment #6 3
http://sankei.jp.msn.com/affairs/crime/090512/crm0905122249035-n1.htmhttp://sankei.jp.msn.com/affairs/crime/090424/crm0904241755032-n1.htmhttp://www.yomiuri.co.jp/net/security/ryusyutsu/20081027nt0b.htmhttp://mainichi.jp/select/jiken/news/20090429ddm041040033000c.html
Today’s Lecture• Privacy and security basics– What is personal information– OECD principles– Japanese implementation: Personal Information
Protecting Act (PIPA)
May 21, 2009 IT Policy and Technology: Japan and Global IT Environment #6 4
UNDERSTANDING PRIVACY
May 21, 2009 IT Policy and Technology: Japan and Global IT Environment #6 5
What is Privacy?
Privacy• The state of being private and undisturbed• A person’s right to reserve this• Freedom from intrusion or public attention• Avoidance of publicity
May 21, 2009 IT Policy and Technology: Japan and Global IT Environment #6 6
What is Personal Information?• Japanese definition– Information that can identify a person (must be
alive) such as, name, address, phone number, ID, picture, audio
– Above information include a item that doesn’t indicate a person but can be identify a person by combination with other information• Address + name• Phone
May 21, 2009 IT Policy and Technology: Japan and Global IT Environment #6 7
sales
consumermanufacturer
distributer
How Privacy Protection Act Affect ICT?
• ICT environment allows exchange data beyond {group, company, organization, nation} boarders in quick and efficient manner
• It fueled the growth of the global economy• What If it is not allowed to send customer data via
net?
May 21, 2009 IT Policy and Technology: Japan and Global IT Environment #6 8
OECD Guideline• OECD: Organization for Economic Co-operation and
Development– International organization for consulting global economics
(economic growth, development, and trading)– 30 nations are participating
• “OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data”, 1980– Reference document of privacy protection laws – Main objective of the document is “help to harmonize
national privacy legislation and, while upholding such human rights, would at the same time prevent interruptions in international flows of data”
May 21, 2009 IT Policy and Technology: Japan and Global IT Environment #6 9
Balancing Privacy and Social Benefit
Protect basic human rights Smooth global
data flow
May 21, 2009 IT Policy and Technology: Japan and Global IT Environment #6 10
OECD 8 Principles
1. Collection Limitation Principle2. Data Quality Principle3. Purpose Specification Principle4. Use Limitation Principle5. Security Safeguards Principle6. Openness Principle7. Individual Participation Principle8. Accountability Principle
May 21, 2009 IT Policy and Technology: Japan and Global IT Environment #6 11
Collection Limitation Principle• The collection of personal data and any such
data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject.
May 21, 2009 IT Policy and Technology: Japan and Global IT Environment #6 12
Data Quality Principle• Personal data should be relevant to the
purposes for which they are to be used, and, to the extent necessary for those purposes, should be accurate, complete and kept up-to-date
May 21, 2009 IT Policy and Technology: Japan and Global IT Environment #6 13
Purpose Specification Principle• The purposes for which personal data are
collected should be specified not later than at the time of data collection and the subsequent use limited to the fulfillment of those purposes or such others as are not incompatible with those purposes and as are specified on each occasion of change of purpose
May 21, 2009 IT Policy and Technology: Japan and Global IT Environment #6 14
1.purpose
2.data
Use Limitation Principle• Personal data should not be disclosed, made
available or otherwise used for purposes other than those specified
May 21, 2009 IT Policy and Technology: Japan and Global IT Environment #6 15
Security Safeguards Principle• Personal data should be protected by
reasonable security safeguards against such risks as loss or unauthorized access, destruction, use, modification or disclosure of data
May 21, 2009 IT Policy and Technology: Japan and Global IT Environment #6 16
Openness Principle• There should be a general policy of openness
about developments, practices and policies with respect to personal data
May 21, 2009 IT Policy and Technology: Japan and Global IT Environment #6 17
Individual Participation Principle• An individual should have the right:– to obtain from a data controller, or otherwise,
confirmation of whether or not the data controller has data relating to him;
– to have communicated to him, data relating to him
May 21, 2009 IT Policy and Technology: Japan and Global IT Environment #6 18
Accountability Principle• A data controller should be accountable for
complying with measures which give effect to the principles stated above.
May 21, 2009 IT Policy and Technology: Japan and Global IT Environment #6 19
Personal Information Protection Act• Japanese law that defines how to handle
personal information• Based on OECD guideline• Effective since 2003• Mid term review by committee in 2008– No change the law itself
May 21, 2009 IT Policy and Technology: Japan and Global IT Environment #6 20
Issues in Japan• Over reactions by society– Ex) no more member list distribution with phone#
• Too much overhead to economic activity– Ex) company must disclose the lost data or
information leakage• Doesn’t help reducing personal information
leakage– Ex) Intentionally and unintentionally information
leakage are happening every day
May 21, 2009 IT Policy and Technology: Japan and Global IT Environment #6 21
Homework• Find over reaction for the Japanese PIPA and
describe the cause and issue then propose your solutions– Ex: school teachers hesitate to distribute name,
address and phone number list of the class. Of course it is personal information and must be treated with special care. But the law never say it is bad thing. This over reaction reduce teacher and class’s productivity
• Due: Wednesday, May 27 at 11:59PM– Submit the assignment at SFC-SFS
May 21, 2009 IT Policy and Technology: Japan and Global IT Environment #6 22
Extra Credit Assignment• In lecture #3, we asked you to study Google Book Search
to prepare for discussions that were done in lecture #4. If you have anything you've studied or thought in the process of researches, and if you wish to submit them for extra credits, please share your thoughts.
• This assignment is not a mandatory assignment. The assignment may help your grade if you submit a decent assignment; even if you don't submit it, there will be no disadvantages for you.
• Due: Wednesday, May 27 at 11:59PM– Submit the assignment at SFC-SFS
May 21, 2009 IT Policy and Technology: Japan and Global IT Environment #6 23