Privacy Risk
Contents
Full Title or Meme
The growing concern about the risk of exposure of User Private Information has been labeled as a Privacy Risk that has been legislated into a legal and reputation risk for Enterprises that collect and store that information.
Context
User Risk
The meaning of the term Privacy has been growing as the Information Age has expanded into every aspect of our human experience. While it started with the Warren and Brandeis article as the "right to the let alone" [1] it has expanded into a wide range of User Rights. While users have shown increasing anxiety about their privacy, they continue to show very little apetitie for changing their behavior to protect their Privacy. As a result governments around the
Enterprise Risk
While in an earlier age it was possible to appeal to an Enterprise's good will, in an age of "maximizing shareholder value" the only way to coerce socially beneficial behaviors is by demonstrating risks to their continued profitability or existence. The are two broad categories of Enterprise Risk: Legal risk and Conduct Risk.
Legal Risk
- Compliance with legislation mandates always entail additional expenses for a hosting provider, both operational and fines for non-compliance.
- The risk of tort costs will also expand with additional legislation mandates, both for lawyers fees and judgements.
Conduct Risk
Since executive compensation is often predicated on shareholder value, any risk must be measured strictly in that metric to become an important consideration for executive action by the bulk of public companies. A similar calculus will apply to public enterprises because of pressures from the population at large and thanks to the investigations of a free press where it still exists. In both cases Conduct Risk is a growing discipline that Enterprises
Problems
- Compliance by the Web Site with the agreed terms will be hard to track.
Solutions
- It would probably improve the conversation to change the discussion from Privacy to User Rights, but habits and meanings of words are had to change, so it may be necessary to continue to talk about Privacy even though it would be more informative to talk about User Rights.
Intent Casting
| Name | TBD | Privacy Risk | Notes |
| Site and App Use | information will be used for providing and / or enhancing the site or service only. This information seems better a part of the following fields. | ||
| 1st party | yes | 2 | data on the user device that does not leave the user device, for example apps that access the local data. This cast is to access limited (in theory) to the device itself. |
| 2nd party | yes | 3 | The Web Site that the user navigated to and understand through some secure indication of the site identity. |
| 3rd party | yes | 9 | Some other site that is able to access the User Device or User Information which was not the user's intent to access. |
| tracking | not clear that this can give more information that 1,2,3 above. | ||
| session | yes | 5 | data may not persist beyond completion (may be long for commercial transaction) |
| duration | yes | shorter better | how long can the data be held (default one year) |
| data category | yes | na | list of permitted categories (optional) |
References
- ↑ Warren and Brandeis The Right to Privacy (1890-12-15) Harvard Law Review http://groups.csail.mit.edu/mac/classes/6.805/articles/privacy/Privacy_brand_warr2.html
