Association for Computing Machinery ACM the First Society in Computing

Contact Us contact us bullet Join ACM join ACM bullet Search Search ACM bullet Policy Homepage

USACM Policy Brief

USACM Policy Recommendations on Privacy
June 2006
 

    BACKGROUND:

    Current computing technologies enable the collection, exchange, analysis, and use of personal information on a scale unprecedented in the history of civilization. These technologies, which are widely used by many types of organizations, allow for massive storage, aggregation, analysis, and dissemination of data. Advanced capabilities for surveillance and data matching/mining are being applied to everything from product marketing to national security.

    Despite the intended benefits of using these technologies, there are also significant concerns about their potential for negative impact on personal privacy. Well-publicized instances of personal data exposures and misuse have demonstrated some of the challenges in the adequate protection of privacy. Personal data -- including copies of video, audio, and other surveillance -- needs to be collected, stored, and managed appropriately throughout every stage of its use by all involved parties. Protecting privacy, however, requires more than simply ensuring effective information security.

    The U.S. Public Policy Committee of the Association for Computing Machinery (USACM) advocates a proactive approach to privacy policy by both government and private sector organizations. We urge public and private policy makers to embrace the following recommendations when developing systems that make use of personal information. These recommendations should also be central to any development of any legislation, regulations, international agreements, and internal policies that govern how personal information is stored and managed. Striking a balance between individual privacy rights and valid government and commercial needs is a complex task for technologists and policy makers, but one of vital importance. For this reason, USACM has developed the following recommendations on this important issue.

    RECOMMENDATIONS:

    MINIMIZATION

    1. Collect and use only the personal information that is strictly required for the purposes stated in the privacy policy.
    2. Store information for only as long as it is needed for the stated purposes.
    3. If the information is collected for statistical purposes, delete the personal information after the statistics have been calculated and verified.
    4. Implement systematic mechanisms to evaluate, reduce, and destroy unneeded and stale personal information on a regular basis, rather than retaining it indefinitely.
    5. Before deployment of new activities and technologies that might impact personal privacy, carefully evaluate them for their necessity, effectiveness, and proportionality: the least privacy-invasive alternatives should always be sought.

    CONSENT

    6. Unless legally exempt, require each individual's explicit, informed consent to collect or share his or her personal information (opt-in); or clearly provide a readily-accessible mechanism for individuals to cause prompt cessation of the sharing of their personal information, including when appropriate, the deletion of that information (opt-out). (NB: The advantages and disadvantages of these two approaches will depend on the particular application and relevant regulations.)
    7. Whether opt-in or opt-out, require informed consent by the individual before using personal information for any purposes not stated in the privacy policy that was in force at the time of collection of that information.

    OPENNESS

    8. Whenever any personal information is collected, explicitly state the precise purpose for the collection and all the ways that the information might be used, including any plans to share it with other parties.
    9. Be explicit about the default usage of information: whether it will only be used by explicit request (opt-in), or if it will be used until a request is made to discontinue that use (opt-out).
    10. Explicitly state how long this information will be stored and used, consistent with the "Minimization" principle.
    11. Make these privacy policy statements clear, concise, and conspicuous to those responsible for deciding whether and how to provide the data.
    12. Avoid arbitrary, frequent, or undisclosed modification of these policy statements.
    13. Communicate these policies to individuals whose data is being collected, unless legally exempted from doing so.

    ACCESS

    14. Establish and support an individual's right to inspect and make corrections to her or his stored personal information, unless legally exempted from doing so.
    15. Provide mechanisms to allow individuals to determine with which parties their information has been shared, and for what purposes, unless legally exempted from doing so.
    16. Provide clear, accessible details about how to contact someone appropriate to obtain additional information or to resolve problems relating to stored personal information.

    ACCURACY

    17. Ensure that personal information is sufficiently accurate and up-to-date for the intended purposes.
    18. Ensure that all corrections are propagated in a timely manner to all parties that have received or supplied the inaccurate data.

    SECURITY

    19. Use appropriate physical, administrative, and technical measures to maintain all personal information securely and protect it against unauthorized and inappropriate access or modification.
    20. Apply security measures to all potential storage and transmission of the data, including all electronic (portable storage, laptops, backup media), and physical (printouts, microfiche) copies.

    ACCOUNTABILITY

    21. Promote accountability for how personal information is collected, maintained, and shared.
    22. Enforce adherence to privacy policies through such methods as audit logs, internal reviews, independent audits, and sanctions for policy violations.
    23. Maintain provenance -- information regarding the sources and history of personal data -- for at least as long as the data itself is stored.
    24. Ensure that the parties most able to mitigate potential privacy risks and privacy violation incidents are trained, authorized, equipped, and motivated to do so.

    USACM does not accept the view that individual privacy must typically be sacrificed to achieve effective implementation of systems, nor do we accept that cost reduction is always a sufficient reason to reduce privacy protections. Computing options are available today for meeting many private sector and government needs while fully embracing the recommendations described above. These include the use of de-identified data, aggregated data, limited datasets, and narrowly defined and fully audited queries and searches. New technologies are being investigated and developed that can further protect privacy. USACM can assist policy-makers in identifying experts and applicable technologies.

    For more information about USACM, please contact the ACM Office of Public Policy at (202) 659-9711 or see http://www.acm.org/usacm/.

    USACM Activities

  • USACM Chair Eugene Spafford testified on the technical challenges of expanding electronic employment verification systems before the Social Security Subcommittee of the House Ways and Means Committee. May 6, 2008

  • USACM-EC member Annie Antón testified on the security and privacy of Social Security numbers before the Social Security Subcommittee of the House Ways and Means Committee. June 21, 2007

  • USACM member Peter Neumann testified on a proposed electronic Employment Eligibility Verfification system before the Social Security Subcommittee of the House Ways and Means Committee. June 7, 2007

  • USACM submitted comments responding to the Department of Homeland Security's request for comment on the REAL ID Act, which imposes new guidelines for drivers license and identification cards issued by the states. May 8, 2007

  • USACM sent a letter to the Federal Identity Theft Task Force responding to their request for comment on a variety of proposals to reduce the risk of identity theft and to better assist victims of identity theft. January 19, 2007.

  • USACM sent a letter to the Director of the Office of Management and Budget offering comment on their work to develop privacy guidelines for e-communications between government agencies and the public. May 1, 2003

  • In a letter to Congress, USACM recommends a rigorous independent review of the U.S. Government's Total Information Awareness program. USACM also released a media statement regarding TIA. January 23, 2003

  • USACM Co-Chair Barbara Simons participated in a privacy study co-chaired by USACM member Virginia Rezmierski called the Logging and Monitoring Privacy Project (LAMP). The study focused on the relationship between computer logging information collected by universities and student records, which are protected under FERPA, and changes due to passage of USA/PATRIOT Act. The study can be found at Lamp Project, and a brief description of the project is available at LAMP.

  • Dr. Ben Shneidermen's Testimony on a National ID Cards given before a Congressional Committee. November 16, 2001

  • Dr. Barbara Simon's testimony on medical privacy before the National Committee on Vital and Health Statistics, June 3-4, 1997.

  • Dr. Barbara Simon's testimony on SSA and privacy, May 1997.

  • Dr. Peter Neumann's testimony on SSA and privacy before Ways and Means Committee,U.S. House of Representatives May 6,1997.

  • Marc Rotenberg's testimony before Ways and Means Committee, U.S. House of Representatives, May 6, 1997.

  • ACM & USACM letter to Senator Paul Simon supporting creation of a privacy commission in the US, November 1993

  • Existing ACMstatement on privacy, March 1991.

  • ACM resolution issued in 1974 on National Identification. November 14, 1974

Other Materials on Privacy

     
 
Questions? Comments? Suggestions? Email usacm_dc@acm.org.