[Global_industry_committee] Preliminary FTC Staff Report - Protecting Consumer Privacy in an Era of Rapid Change

Colin Watson colin.watson at owasp.org
Wed Jan 26 05:00:24 EST 2011


Folks

http://www.owasp.org/index.php/Industry:FTC_Protecting_Consumer_Privacy#Draft_Text_version_2

I am about to email the Leaders List, since I think this might benefit
from a few more viewpoints.

Colin




On 18 January 2011 17:28, Colin Watson <colin.watson at owasp.org> wrote:
> Folks
>
> I'm going to work through this one tomorrow, and see where we can best
> comment, if at all.  These 3 questions may be the most relevant:
>
>  "How can the full range of stakeholders be given an incentive to
>   develop and deploy privacy-enhancing technologies?
>
>   "What roles should different industry participants – e.g., browser vendors,
>    website operators, advertising companies – play in addressing privacy
>   concerns with more effective technologies for consumer control?"
>
>   "Is the list of proposed “commonly accepted practices” set forth in
>    Section V(C)(1) of the report too broad or too narrow?"
>
>
> Colin
>
>
> On 17 December 2010 14:49, Colin Watson <colin.watson at owasp.org> wrote:
>> I'm less certain about this...
>>
>>  Protecting Consumer Privacy in an Era of Rapid Change
>>  A framework for businesses and policymakers
>>  http://www.ftc.gov/os/2010/12/101201privacyreport.pdf
>>
>> but it is aimed at business, and OWASP has already been cited in this
>> FTC document:
>>
>>  Protecting Personal Information: A Guide for Business
>>  http://business.ftc.gov/documents/bus69-protecting-personal-information-guide-business
>>
>> The proposed framework is based on three principles, which have some
>> relevant content:
>>
>> 1. Privacy by design
>> 2. Simplified choice
>> 3. Greater transparency
>>
>> In the first of these "data security" is listed as an example practice
>> to build in.  This document also talks about a persistent mechanism to
>> allow consumers to opt out of tracking - commentators elsewhere
>> believe this might be a "Do Not Track" header added by the browser.  I
>> think we need to be careful what constitutes tracking - behavioural
>> advertising yes, but how about security event logging, incident
>> response or even session management?
>>
>> Responses are being accepted until 31 January 2011.  Is it worth responding to:
>>
>> 1. if OWASP has something relevant to say, and
>> 2. to keep OWASP on the radar as an organisation that engages with others
>>
>> ?
>>
>> Regards
>>
>> Colin Watson
>> Global Industry Committee
>> http://www.owasp.org/index.php/Global_Industry_Committee
>>
>


More information about the Global_industry_committee mailing list