[Global_industry_committee] Preliminary FTC Staff Report - Protecting Consumer Privacy in an Era of Rapid Change

Colin Watson colin.watson at owasp.org
Wed Feb 16 03:32:24 EST 2011


The deadline approaches for the submission to the FTC.  We had some
good input at the meeting in Portugal and I have updated:

  http://www.owasp.org/index.php/Industry:FTC_Protecting_Consumer_Privacy#Draft_Text_version_2

I will submit this tomorrow, unless there are any additional thoughts.

Regards Colin

On 26 January 2011 10:00, Colin Watson <colin.watson at owasp.org> wrote:
> Folks
>
> http://www.owasp.org/index.php/Industry:FTC_Protecting_Consumer_Privacy#Draft_Text_version_2
>
> I am about to email the Leaders List, since I think this might benefit
> from a few more viewpoints.
>
> Colin
>
>
>
>
> On 18 January 2011 17:28, Colin Watson <colin.watson at owasp.org> wrote:
>> Folks
>>
>> I'm going to work through this one tomorrow, and see where we can best
>> comment, if at all.  These 3 questions may be the most relevant:
>>
>>  "How can the full range of stakeholders be given an incentive to
>>   develop and deploy privacy-enhancing technologies?
>>
>>   "What roles should different industry participants – e.g., browser vendors,
>>    website operators, advertising companies – play in addressing privacy
>>   concerns with more effective technologies for consumer control?"
>>
>>   "Is the list of proposed “commonly accepted practices” set forth in
>>    Section V(C)(1) of the report too broad or too narrow?"
>>
>>
>> Colin
>>
>>
>> On 17 December 2010 14:49, Colin Watson <colin.watson at owasp.org> wrote:
>>> I'm less certain about this...
>>>
>>>  Protecting Consumer Privacy in an Era of Rapid Change
>>>  A framework for businesses and policymakers
>>>  http://www.ftc.gov/os/2010/12/101201privacyreport.pdf
>>>
>>> but it is aimed at business, and OWASP has already been cited in this
>>> FTC document:
>>>
>>>  Protecting Personal Information: A Guide for Business
>>>  http://business.ftc.gov/documents/bus69-protecting-personal-information-guide-business
>>>
>>> The proposed framework is based on three principles, which have some
>>> relevant content:
>>>
>>> 1. Privacy by design
>>> 2. Simplified choice
>>> 3. Greater transparency
>>>
>>> In the first of these "data security" is listed as an example practice
>>> to build in.  This document also talks about a persistent mechanism to
>>> allow consumers to opt out of tracking - commentators elsewhere
>>> believe this might be a "Do Not Track" header added by the browser.  I
>>> think we need to be careful what constitutes tracking - behavioural
>>> advertising yes, but how about security event logging, incident
>>> response or even session management?
>>>
>>> Responses are being accepted until 31 January 2011.  Is it worth responding to:
>>>
>>> 1. if OWASP has something relevant to say, and
>>> 2. to keep OWASP on the radar as an organisation that engages with others
>>>
>>> ?
>>>
>>> Regards
>>>
>>> Colin Watson
>>> Global Industry Committee
>>> http://www.owasp.org/index.php/Global_Industry_Committee
>>>
>>
>


More information about the Global_industry_committee mailing list