IT Polocy and Technology: Japan and Global IT

Spring Semester 2009
IT Policy and Technology:
Japan and Global IT Environment
世界のなかの日本としてのIT政策と技術
Jun Murai
Masaaki Sato
Jun Takei
May 21, 2009
6. Privacy and Security
#1: Introduction
Schedule Plan
1.
2.
4/9
4/16
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
4/30
5/7
5/14
5/21
5/28
6/4
6/11
6/18
6/25
7/2
7/9
May 21, 2009
Introduction
Internet & Digital Technology History,
Technology Introduction
Digital Contents Policy #1
Digital Contents Policy #2
Digital Contents Policy #3
Privacy and Security #1
Today
Privacy and Security #2
Privacy and Security #3
Education and Health Care #1
Education and Health Care #2
Education and Health Care #3
Guest Session: Network and Cyber Law
Conclusion
IT Policy and Technology: Japan and Global IT Environment #6
2
Personal Information Leakage
http://sankei.jp.msn.com/affairs/crime/090512/crm0905122249035-n1.htm
http://sankei.jp.msn.com/affairs/crime/090424/crm0904241755032-n1.htm
http://www.yomiuri.co.jp/net/security/ryusyutsu/20081027nt0b.htm
http://mainichi.jp/select/jiken/news/20090429ddm041040033000c.html
May 21, 2009
IT Policy and Technology: Japan and Global IT Environment #6
3
Today’s Lecture
• Privacy and security basics
– What is personal information
– OECD principles
– Japanese implementation: Personal Information
Protecting Act (PIPA)
May 21, 2009
IT Policy and Technology: Japan and Global IT Environment #6
4
UNDERSTANDING PRIVACY
May 21, 2009
IT Policy and Technology: Japan and Global IT Environment #6
5
What is Privacy?
Privacy
• The state of being private and undisturbed
• A person’s right to reserve this
• Freedom from intrusion or public attention
• Avoidance of publicity
May 21, 2009
IT Policy and Technology: Japan and Global IT Environment #6
6
What is Personal Information?
• Japanese definition
– Information that can identify a person (must be
alive) such as, name, address, phone number, ID,
picture, audio
– Above information include a item that doesn’t
indicate a person but can be identify a person by
combination with other information
• Address + name
• Phone
May 21, 2009
IT Policy and Technology: Japan and Global IT Environment #6
7
How Privacy Protection Act Affect ICT?
• ICT environment allows exchange data beyond {group,
company, organization, nation} boarders in quick and
efficient manner
• It fueled the growth of the global economy
• What If it is not allowed to send customer data via
net?
May 21, 2009
distributer
sales
manufacturer
consumer
IT Policy and Technology: Japan and Global IT Environment #6
8
OECD Guideline
• OECD: Organization for Economic Co-operation and
Development
– International organization for consulting global economics
(economic growth, development, and trading)
– 30 nations are participating
• “OECD Guidelines on the Protection of Privacy and
Transborder Flows of Personal Data”, 1980
– Reference document of privacy protection laws
– Main objective of the document is “help to harmonize
national privacy legislation and, while upholding such
human rights, would at the same time prevent interruptions
in international flows of data”
May 21, 2009
IT Policy and Technology: Japan and Global IT Environment #6
9
Balancing Privacy and Social Benefit
Protect basic
human rights
May 21, 2009
Smooth global
data flow
IT Policy and Technology: Japan and Global IT Environment #6
10
OECD 8 Principles
1.
2.
3.
4.
5.
6.
7.
8.
Collection Limitation Principle
Data Quality Principle
Purpose Specification Principle
Use Limitation Principle
Security Safeguards Principle
Openness Principle
Individual Participation Principle
Accountability Principle
May 21, 2009
IT Policy and Technology: Japan and Global IT Environment #6
11
Collection Limitation Principle
• The collection of personal data and any such
data should be obtained by lawful and fair
means and, where appropriate, with the
knowledge or consent of the data subject.
May 21, 2009
IT Policy and Technology: Japan and Global IT Environment #6
12
Data Quality Principle
• Personal data should be relevant to the
purposes for which they are to be used, and, to
the extent necessary for those purposes,
should be accurate, complete and kept up-todate
May 21, 2009
IT Policy and Technology: Japan and Global IT Environment #6
13
Purpose Specification Principle
• The purposes for which personal data are
collected should be specified not later than at
the time of data collection and the subsequent
use limited to the fulfillment of those purposes
or such others as are not incompatible with
those purposes and as are specified on each
occasion of change of purpose
2.data
1.purpose
May 21, 2009
IT Policy and Technology: Japan and Global IT Environment #6
14
Use Limitation Principle
• Personal data should not be disclosed, made
available or otherwise used for purposes other
than those specified
May 21, 2009
IT Policy and Technology: Japan and Global IT Environment #6
15
Security Safeguards Principle
• Personal data should be protected by
reasonable security safeguards against such
risks as loss or unauthorized access,
destruction, use, modification or disclosure of
data
May 21, 2009
IT Policy and Technology: Japan and Global IT Environment #6
16
Openness Principle
• There should be a general policy of openness
about developments, practices and policies
with respect to personal data
May 21, 2009
IT Policy and Technology: Japan and Global IT Environment #6
17
Individual Participation Principle
• An individual should have the right:
– to obtain from a data controller, or otherwise,
confirmation of whether or not the data controller
has data relating to him;
– to have communicated to him, data relating to him
May 21, 2009
IT Policy and Technology: Japan and Global IT Environment #6
18
Accountability Principle
• A data controller should be accountable for
complying with measures which give effect to
the principles stated above.
May 21, 2009
IT Policy and Technology: Japan and Global IT Environment #6
19
Personal Information Protection Act
• Japanese law that defines how to handle
personal information
• Based on OECD guideline
• Effective since 2003
• Mid term review by committee in 2008
– No change the law itself
May 21, 2009
IT Policy and Technology: Japan and Global IT Environment #6
20
Issues in Japan
• Over reactions by society
– Ex) no more member list distribution with phone#
• Too much overhead to economic activity
– Ex) company must disclose the lost data or
information leakage
• Doesn’t help reducing personal information
leakage
– Ex) Intentionally and unintentionally information
leakage are happening every day
May 21, 2009
IT Policy and Technology: Japan and Global IT Environment #6
21
Homework
• Find over reaction for the Japanese PIPA and
describe the cause and issue then propose your
solutions
– Ex: school teachers hesitate to distribute name,
address and phone number list of the class. Of
course it is personal information and must be
treated with special care. But the law never say it is
bad thing. This over reaction reduce teacher and
class’s productivity
• Due: Wednesday, May 27 at 11:59PM
– Submit the assignment at SFC-SFS
May 21, 2009
IT Policy and Technology: Japan and Global IT Environment #6
22
Extra Credit Assignment
• In lecture #3, we asked you to study Google Book
Search to prepare for discussions that were done
in lecture #4. If you have anything you've studied
or thought in the process of researches, and if you
wish to submit them for extra credits, please share
your thoughts.
• This assignment is not a mandatory assignment.
The assignment may help your grade if you submit
a decent assignment; even if you don't submit it,
there will be no disadvantages for you.
• Due: Wednesday, May 27 at 11:59PM
– Submit the assignment at SFC-SFS
May 21, 2009
IT Policy and Technology: Japan and Global IT Environment #6
23