[Global_industry_committee] Preliminary FTC Staff Report - Protecting Consumer Privacy in an Era of Rapid Change

Colin Watson colin.watson at owasp.org
Fri Dec 17 09:49:37 EST 2010

I'm less certain about this...

  Protecting Consumer Privacy in an Era of Rapid Change
  A framework for businesses and policymakers

but it is aimed at business, and OWASP has already been cited in this
FTC document:

  Protecting Personal Information: A Guide for Business

The proposed framework is based on three principles, which have some
relevant content:

1. Privacy by design
2. Simplified choice
3. Greater transparency

In the first of these "data security" is listed as an example practice
to build in.  This document also talks about a persistent mechanism to
allow consumers to opt out of tracking - commentators elsewhere
believe this might be a "Do Not Track" header added by the browser.  I
think we need to be careful what constitutes tracking - behavioural
advertising yes, but how about security event logging, incident
response or even session management?

Responses are being accepted until 31 January 2011.  Is it worth responding to:

1. if OWASP has something relevant to say, and
2. to keep OWASP on the radar as an organisation that engages with others



Colin Watson
Global Industry Committee

More information about the Global_industry_committee mailing list