15-508 / 17-801 / 19-608: Privacy Policy, Law, and Technology

Homework 2 - due January 22, 2004

Reading assignment: Cranor 2; Agre and Rotenberg 3, 7, 8

1. Compare the US FTC's five privacy principles to the fair information practice principles in the OECD Guidelines. What's missing from the FTC principles? Are these omissions important? (You may wish to read parts of the FTC report.)

2. Research a self-regulatory privacy program or privacy law and write up a short summary description. Explain which of the fair information practice principles it addresses. For self-regulatory programs include who runs it, how the program works, and the kinds of praise and criticism it has been getting. For laws include what the laws require, the agency responsible for enforcing them, and any information you can find on the types of enforcement actions that have been taken and evaluation of the law's effectiveness. Your research should include both reviewing the program's web site and searching for relevant news articles, endorsements, criticism, etc. Please include the relevant URLs in your write-up. Please come to class prepared to discuss your findings. You will be assigned a program or law to research in class from one of the following (or one that you suggest):

Self-regulatory programs

Laws