Does Your Web Application Protect Privacy and How
Does Your Web Application Protect Privacy? and How Can You Be Sure? by Darrell Blevins, Social Security Administration
Perfect Privacy Protection May Be Impossible • “The intersection of privacy and the internet requires a rule book that has yet to be written” Senator Patrick Leahy. • In the absence of a clear, objective standard, what is good enough?
What happens when you don’t get it right? • Possible Negative PR • Possible Congressional attention-legislation • Potential loss of confidence in your agency and Government in general • Possible chilling effect on implementation of similar applications
An Example SSA’s PEBES Experience • What we did--offered individuals on-line access to their personal records • What happened next--Significant negative press-- application not well protected • SSA reaction--pulled application, conducted forums, gathered expert advice, set protocol for future internet applications
Lessons from PEBES • Government held to a higher standard • Be inclusive in planning/implementing • Use an incremental approach • Offer customer choice wherever possible
SSA’s next big internet application: what we did differently IRIB On- line application for Social Security Retirement Benefits
IRIB: Outside Consultations • Focus Groups, general public and interest groups (AARP, etc) • Consultations with outside privacy advocates/experts • Surveys of initial users/non users of service
IRIB: Incremental Approach • Pilot began in July, 2000 • 18, 000 invitations to participate mailed June, 2000 • 43, 000 invitations mailed in August, 2000 • Available to general public November, 2000 • Spouses on-line application--April, 2001
IRIB: Individual Choice • Individuals given full notice regarding: – Risk – Security – Privacy • Individual decides to participate or not
More on Notice and Choice • Core principles in potential private-sector legislation and FTC recommendations • Good internet privacy policy would make these the default position • Choice principle carries nuances
Does your web application protect Privacy? • A subjective judgement; better chance of getting the right answer if: – Allow customer to choose what level of risk to bear – Understand Govt. must meet higher standard – Extensive outside consultation – Incremental approach
- Slides: 11