[Global_industry_committee] Preliminary FTC Staff Report - Protecting Consumer Privacy in an Era of Rapid Change

Colin Watson colin.watson at owasp.org
Fri Dec 17 09:49:37 EST 2010


I'm less certain about this...

  Protecting Consumer Privacy in an Era of Rapid Change
  A framework for businesses and policymakers
  http://www.ftc.gov/os/2010/12/101201privacyreport.pdf

but it is aimed at business, and OWASP has already been cited in this
FTC document:

  Protecting Personal Information: A Guide for Business
  http://business.ftc.gov/documents/bus69-protecting-personal-information-guide-business

The proposed framework is based on three principles, which have some
relevant content:

1. Privacy by design
2. Simplified choice
3. Greater transparency

In the first of these "data security" is listed as an example practice
to build in.  This document also talks about a persistent mechanism to
allow consumers to opt out of tracking - commentators elsewhere
believe this might be a "Do Not Track" header added by the browser.  I
think we need to be careful what constitutes tracking - behavioural
advertising yes, but how about security event logging, incident
response or even session management?

Responses are being accepted until 31 January 2011.  Is it worth responding to:

1. if OWASP has something relevant to say, and
2. to keep OWASP on the radar as an organisation that engages with others

?

Regards

Colin Watson
Global Industry Committee
http://www.owasp.org/index.php/Global_Industry_Committee


More information about the Global_industry_committee mailing list