Empirical evidence shows that people are not willing to read the privacy policy of each website they visit, if at all possible. A 2008 study estimated that “if all American Internet users were to annually read the online privacy policies word-for-word each time they visited a new site, the nation would spend about 54 billion hours reading privacy policies.”[1] Today, organizations update their websites’ privacy policies more frequently to comply with the emerging regulations (e.g., GDPR, CCPA). Accordingly, today it is even more challenging for individuals to read privacy policies. The practical problem here is that organizations are attempting to comply with the regulations in order to protect themselves against potential lawsuits (therefore, detailed written privacy policies); however, this makes it practically infeasible for individuals to be informed about how their personal data is being collected, processed, and used by organizations.
As an InfoSec or privacy professional, your job is to:
Develop a practical solution to address the problem with the current design of privacy policies. Your goal is to develop an effective technique, method, or framework for implementing a privacy policy. The solution should consider the fact that individuals are more likely to rely on shortcuts and hence less willing to read whereas organizations are strict about having a comprehensive privacy policy that complies with the regulations. Thus, the proposed solution for developing a privacy policy needs to be creative enough in a way to meet two major goals: 1) ease of comprehension, from an individual perspective and 2) comprehensiveness, from an organizational perspective.
Deliverables:
(1)Provide a description of the proposed technique, method, or framework and make sure to justify any assumption(s) you make, if any. You can also use the GDPR summary document to strengthen your proposal. For example, you may consider incorporating into your proposal the Rights of the Data Subject, GDPR Chapter 3. (2 pages, double space)
(2)Apply the proposed technique, method, or framework with at least four of the major elements comprising a privacy policy (e.g., data collection, data storage, data processing/use, data sharing, cookies, etc.). To do this, choose any website or app and use its privacy policy’s content to apply the proposed technique, method, or framework. In other words, present an example of how your proposed solution can be applied. Provide the name of the organization or company and a link of its privacy policy page. (2 pages, double space)
(3)Discuss the effectiveness of the proposed solution relative to the currently applied one at the website/app chosen or relative to the generally applied technique at other websites/apps (i.e., “I agree to the terms & conditions”). Remember that one of the main objectives of any privacy policy is to inform individuals (i.e., notice) and receiving their consent, in addition to providing information about choice, access, and integrity. Therefore, the effectiveness of the proposed technique is heavily dependent on how effective and efficient it is in terms of informing individuals and receiving their consent. (1-2 pages, double space)
(4)Suggest measures for validating the effectiveness of the proposed policy. (1-2 pages, double space)
(5)Add references whenever applicable.
Total Length 6-8 pages
———-Please use the attached presentation as a base for the framework that will be used for the report and build on it.
[1] org/pubs/readingPolicyCost-authorDraft.pdf”>http://lorrie.cranor.org/pubs/readingPolicyCost-authorDraft.pdf
0 comments