COMPUTER

ETHICS

Chapter 3
Privacy
Prof. Alaa El-Halees
OUTLINE
Introduction
Categories of Information
Information Classification
Privacy
Privacy Guidelines
Personally Identifiable Information
Privacy in Information Technology
INTRODUCTION

Privacy is a major concern in information

technology, as the increasing use of
technology in our daily lives has made it
easier for personal information to be
collected, stored, and shared without our
knowledge.
INTRODUCTION

Once Information is put into a computer it

can easily be copied or transmitted. This
puts people's personal information at risk
and organizations that hold such data
should do their best to ensure it remains
private.
INTRODUCTION

Information, in the context of privacy, refers

to data or details about an individual or
organization that can be used to identify them
or describe their characteristics, behavior, or
activities.
Information can be in the form of text,
images, audio, or video, and can be stored in
various formats, including physical
documents, digital files, or databases.
OUTLINE
Introduction
Categories of Information
Information Classification
Privacy
Privacy Guidelines
Personally Identifiable Information
Privacy in Information Technology
CATEGORIES OF INFORMATION

 Different Categories of Information

1.Personal Identifying Information (PII): This
includes information such as full name, Identity
number, driver's license number, passport number,
and date of birth, among others.
2.Financial Information: This includes information
related to an individual's finances, such as bank
account numbers, credit card numbers, and
investment information.
3.Health Information: This includes personal health
information, such as medical records, treatment
plans, and diagnoses.
CATEGORIES OF INFORMATION

4. Contact Information: This includes an individual's

contact details, such as email addresses, telephone
numbers, and postal addresses.
5. Online Information: This includes information related to
an individual's online activities, such as internet search
history, online purchases, and social media activity.
6. Location Data: This includes information related to an
individual's location, such as GPS coordinates and IP
addresses.
7. Biometric Information: This includes unique biological or
behavioral characteristics, such as fingerprints, facial
recognition data, and DNA samples.
CATEGORIES OF INFORMATION

8. Employment Information: This includes

information related to an individual's employment
history, salary, job title, and benefits information.
9. Educational Information: This includes
information related to an individual's education,
such as transcripts, grades, and disciplinary records.
10. Political Views and Associations: This includes
information related to an individual's political
beliefs, relationships, and donations.
CATEGORIES OF INFORMATION

11. Racial or Ethnic Information: This includes

information related to an individual's race or
ethnicity, such as origin and cultural background.
12. Religious Information: This includes
information related to an individual's religious
beliefs, practices, and affiliations.
13. Criminal Records: This includes information
related to an individual's criminal history, such as
arrests, convictions, and prison records.
OUTLINE
Introduction
Categories of Information
Information Classification
Privacy
Privacy Guidelines
Personally Identifiable Information
Privacy in Information Technology
INFORMATION
CLASSIFICATION
Information classification is the process of
categorizing information according to its level of
sensitivity and criticality, as well as the potential
risks associated with its unauthorized disclosure,
alteration, or destruction.
Typically, information is classified into several
levels of sensitivity, such as public, confidential
and private.
INFORMATION
CLASSIFICATION
Public information is information that is available
to the general public and can be accessed and
shared freely without any restrictions.
Examples of Public information: Personal
Identifying Information (PII) , Contact
Information, or information that is available on
websites.
INFORMATION
CLASSIFICATION
Confidential information is information that is sensitive
and not intended for public disclosure. It is information
that is kept secret and only shared with authorized
individuals or groups on a need-to-know basis.
Examples of confidential information include trade
secrets, passwords, confidential email, credit card
numbers, Classified government information (Military
operations).
Confidential information is typically protected through a
variety of technical, administrative, and physical security
measures, such as encryption, access controls, and
security clearances.
INFORMATION
CLASSIFICATION
Private information is personal information that is not
intended for public disclosure and is meant to be kept
confidential.
private information can be collected, used, and shared by
organizations or individuals with permission, but it is
important to ensure that appropriate measures are taken to
protect that information from unauthorized access and
use.
Example of private data are: Financial Information,
Health Information, Online Information, and Employment
Information.
OUTLINE
Introduction
Categories of Information
Information Classification
Privacy
Privacy Guidelines
Personally Identifiable Information
Privacy in Information Technology
 PRIVACY
Privacy: “The claim of individuals,
groups or institutions to determine for
themselves what information about them
is communicated to others.”
Privacy is often considered a
fundamental human right, and is
protected by various laws, regulations,
and ethical standards.
PRIVACY

Technology by itself doesn't violate

our privacy or anything else: it's the
people using this technology and the
policies they carry out that create
violations.
 PRIVACY : EXAMPLE
Example by Joke
Google's pizza
- Hello! Gordon's pizza?
* No sir it's Google's pizza.
- So it's a wrong number? Sorry
-* No sir, Google bought it.
- OK. Take my order please
* Well sir, you want the usual?
- The usual? You know me?
*According to our caller ID data sheet, in the last 12 times, you
ordered pizza with cheeses, sausage, thick crust.
- OK! This is it ...
* May I suggest to you this time Italian Cheese and special
vegetables and dry tomato.?
- What? I hate vegetables.
 PRIVACY : EXAMPLE
-How do you know?.
* We have the result of your blood tests for the last 7 years.
- Okay, but I do not want this pizza!,I already take medicine
* Excuse me, but you have not taken the medicine regularly,
you only purchased a box with 30 cholesterol tablets.
- I bought more from another drugstore.
* It's not showing on your credit card statement
- I paid in cash
* But you did not withdraw that much cash according to your
bank statement
- I paid in cash
* But you did not withdraw that much cash according to
your bank statement
 PRIVACY : EXAMPLE
- I have other source of cash
* This is not showing as per you last Tax form unless you
bought them from undeclared income source.
-WHAT THE HELL?
* I'm sorry, sir, we use such information only with the
intention of helping you.
- Enough! I'm sick of google, Facebook, twitter,
WhatsApp. I'm going to an Island without internet, cable
TV, where there is no cell phone line and no one to watch
me or spy on me
* I understand sir but you need to renew your passport
first as it has expired 5 weeks ago
 PRIVACY : EXAMPLE
Facebook-Cambridge Analytica scandal: In 2018, it was
revealed that the political consulting firm Cambridge
Analytica had collected the personal data of millions of
Facebook users without their agreement, in order to
influence the outcome of the 2016 US presidential
election. This scandal highlighted the importance of
privacy in the context of social media and online
advertising, and led to increased scrutiny of Facebook's
data practices.
PRIVACY : EXAMPLE
Apple-FBI encryption case: In 2016, Apple and the
FBI were involved in a legal disagreement over the
FBI's demand that Apple create a backdoor to
access the iPhone of one of the San Bernardino
shooters. Apple argued that creating such a
backdoor would compromise the security and
privacy of all iPhone users, while the FBI argued
that it was necessary to prevent future terrorist
attacks. This case raised important questions about
the balance between privacy and security in the
context of encryption and law enforcement
PRIVACY : EXAMPLE

Some games is automatically granting permission

to read your Gmail,  Google Drive data, photos ,
videos, and full access to all data in the Google
account,  and access browser and maps histories.
And the most important issue, you give him the
right to now your location.
OUTLINE
Introduction
Categories of Information
Information Classification
Privacy
Privacy Guidelines
Personally Identifiable Information
Privacy in Information Technology
PRIVACY GUIDELINES

Privacy guidelines are a set of recommendations,

principles, or standards that help individuals and
organizations protect personal information and
ensure that it is collected, processed, and used in
a manner that respects privacy.
PRIVACY GUIDELINES

Collection limitation: Which states that personal )1

data should be collected only for a specific, explicit, and
.legitimate purpose
PRIVACY GUIDELINES

Example of collecting personal data for a specific

purpose would be a fitness app that collects users'
health data, such as their heart rate, blood pressure,
and sleep patterns, for the purpose of providing
fitness advice and tracking their progress.
However, if the app developer were to sell this data to
third-party advertisers or use it for other purposes,
such as developing targeted advertisements for
health-related products, without obtaining the user's
explicit consent, this would be a violation of the
principle of collecting personal data only for a
specific purpose.
PRIVACY GUIDELINES

Example of Collection legitimate purpose:

Covert surveillance is a type of surveillance where
an individual, group, or organization monitors the
activities of others without their knowledge or
consent. This can be done through various means,
such as hidden cameras, audio recorders, or
tracking devices.
PRIVACY GUIDELINES

2) Data quality: Personal data should be accurate,

complete, current, and relevant to the purpose for
which it is used data quality is an important
consideration, as inaccurate or incomplete data
can lead to incorrect decisions, inappropriate use
of personal data, and potential harm to
individuals.
PRIVACY GUIDELINES

For example, a financial institution that uses

inaccurate data to determine a customer's
creditworthiness could deny them credit or
offer them unfavorable terms, leading to
financial harm.
Similarly, a healthcare provider that relies on
incomplete or inaccurate medical records
could provide incorrect treatment, leading to
harm to the patient.
PRIVACY GUIDELINES
3) Security Safeguards: Personal data should be
protected against unauthorized access, modification,
or disclosure
Security safeguards refer to the measures and practices
used to protect personal data from unauthorized
access, use, disclosure, alteration, or destruction.
Examples of security safeguards may include:
Access controls, Encryption, Firewalls , Data backup
and recovery:, Employee training and awareness.
PRIVACY GUIDELINES

4) Openness Principle is one of the

fundamental principles of data protection and
privacy.
It states that individuals and organizations
that collect and process personal data must
be transparent about their data processing
activities and provide individuals with clear
and accessible information about how their
personal data is being used.
PRIVACY GUIDELINES
For example: The company would be required to inform its
customers (i.e. in company website ,or email) of the
following:
1) The name and contact information of the company
responsible for collecting and processing the personal data.
2) The reasons why the personal data is being collected and
processed, such as for marketing or to fulfill an order.
3) The types of personal data being collected and processed,
such as name, address, email address, or payment information.
4) Any third parties that will have access to the personal data,
such as payment processors or shipping companies.
5) The measures taken by the company to protect the personal
data from unauthorized access or theft.
 PRIVACY GUIDELINES
5) The Storage Limitation principle requires that personal
data be kept only for as long as is necessary to achieve the
purpose for which it was collected. Once the purpose for
which the data was collected has been achieved, the data
should be securely deleted or destroyed.
For instance, a company might continue to hold the personal
data of customers who have terminated their relationship
with the company or employees who have left the company,
even though this data is no longer required for any legitimate
business purposes.
OUTLINE
Introduction
Categories of Information
Information Classification
Privacy
Privacy Guidelines
Personally Identifiable Information
Privacy in Information Technology
PERSONALLY
IDENTIFIABLE
INFORMATION
Personally identifiable information (PII) is
any information that can be used to
identify an individual. This can include
information such as a person's name, email
address, Mobil number, Identify Number,
passport number, driver's license number,
and other similar information.
PERSONALLY
IDENTIFIABLE
INFORMATION
Private Information that can be associated
with PII include: Contact information,
Biographical data, Financial data, Health
and medical data, Online activity data and
Employment and education data.
PERSONALLY
IDENTIFIABLE
INFORMATION
De-identification is a process of removing or
obscuring personal information from data so that
it can no longer be linked to an individual. De-
identified data can be useful for research,
analysis, or other purposes where personal
information is not necessary, but the data itself is
still valuable.
PERSONALLY
IDENTIFIABLE
INFORMATION
Example:
PERSONALLY
IDENTIFIABLE
INFORMATION
An Indirect PII allows information to be connected until
an individual can be identifiable. Examples can include, a
client number, vehicle registration number, or
demographic data such as date of birth and gender.
An example of indirect PII could be a person's web
browsing history. While the browsing history itself does
not contain direct identifiers such as the person's name or
address, it can still provide insight into their personal
interests, preferences, and behavior.
PERSONALLY
IDENTIFIABLE
INFORMATION
Example: By analyzing a person's web browsing history
in combination with other data, such as their device
identifiers or geolocation data, companies or advertisers
can create detailed profiles of their users
OUTLINE
Introduction
Categories of Information
Information Classification
Privacy
Privacy Guidelines
Personally Identifiable Information
Privacy in Information Technology
PRIVACY IN INFORMATION
TECHNOLOGY
Privacy in information technology has become
increasingly important as the amount of personal
information collected and processed by
technology companies and other organizations has
grown.
With the spread of digital devices and online
services, it has become easier for companies to
collect and analyze vast amounts of personal
information about individuals, including their
browsing habits, location data, social media
activity, and more.
PRIVACY IN
INFORMATION
TECHNOLOGY
There are several information technology tools
that can potentially invade privacy, either
intentionally or unintentionally.
Some examples include:
PRIVACY IN IT: SEARCH
ENGINES
1- Search Engines are powerful tools that can
access vast amounts of information online,
including personal information. As a result,
privacy issues can arise in the following ways:
Search engines collect user data to provide
personalized search results and targeted
advertising. This data can include search history,
IP addresses, location, device information, and
other browsing data, which can be used to create
user profiles. This data can be sold or shared with
third-party advertisers, raising privacy concerns.
PRIVACY IN IT: SEARCH
ENGINES
For example, if a user enters “brakes” as a
search term, Google might display
advertisements from automotive repair
companies within the user’s geographic
area. Although Google collects search
information for advertising purposes, it also
stores this information in a Google
database.
PRIVACY IN IT: SEARCH
ENGINES
The "Right to be Forgotten" is a legal concept
that allows individuals to request the removal of
their personal information from online search
results. This right is based on the idea that
individuals have the right to control their own
personal information and to have outdated or
irrelevant information about them removed from
public view.
PRIVACY IN IT: SEARCH
ENGINES
Example: In 2010, Mario Costeja González, a
Spanish lawyer, discovered that when he
searched his name on Google, he found links to a
newspaper article from 1998 that contained
information about a property auction related to
his social security debts. Mr. Costeja González
argued that the information was no longer
relevant, as the debts had been resolved and the
information was harming his reputation.
PRIVACY IN IT: COOKIES
2) Cookies are used to remember user
preferences and activity on a website, such as
login information, language preference, and
browsing history. However, cookies can also
raise privacy concerns because they can be used
to track a user's online activity across multiple
websites.
PRIVACY IN IT: COOKIES
Cookies can be used to:
Save your password(s) so you don't need to remember
them whenever you visit websites
Remember what sites you've visited in the past so you
can view your browser history
Keep track of your shopping cart as you browse an online
store
Show you targeted ads based on your browsing behavior
Verify user login details
PRIVACY IN IT: COOKIES

Cookies can be used to track a user's online

activity, including which websites they visit, what
products they browse or purchase, and what ads
they click on.
This information can be used to create user
profiles, which can be sold to third-party
advertisers or used to target users with
personalized ads.
PRIVACY IN IT: COOKIES

Cookies are not an invasion of privacy and they are

ethical. Because cookies do not do anything to your
computer, and are just a piece of text data.
For website to use Cookies and to be ethical it
should ask user for confirmation.
PRIVACY IN IT: COOKIES
Example:
 Google agreed to pay $17 million to 37 states and
the District of Columbia in a wide-
reaching settlement over tracking consumers online
without their knowledge.
The case involved Google’s go around of privacy
settings in Apple’s Safari browser to use cookies to
track users and show them advertisements in 2011 and
2012.
“By tracking millions of people without their
knowledge, Google violated not only their privacy,
but also their trust.”
PRIVACY IN IT: SOCIAL
NETWORKS
3) Social Networks Sites that facilitate
interaction between members through their
self-published personal profiles.
Through the site, individuals offer
representations of their selves to others to
peruse, with the intention of contacting or
being contacted by others, to meet new friends,
find new jobs, receive or provide
recommendations, …
 PRIVACY IN IT: SOCIAL
NETWORKS
Privacy
Nowadays, various social networks, with huge
amount of user-generated content, are becoming a
huge repository for private information.
Unfortunately, users are not quite aware of the
privacy risks.
Users often think of such sites as safe and closed
worlds where they can publish challenging and
controversial materials, without being aware of the
potential.
PRIVACY IN IT: SOCIAL
NETWORKS
Privacy in social networks refers to the ability of
users to control access to their personal
information and online activities on social media
platforms. It includes the right to limit who can
view, share, or access their personal information,
posts, and messages, as well as the ability to
choose how much of their personal information is
collected, stored, and used by the platform and
third-party entities.
PRIVACY IN IT: SOCIAL
NETWORKS
Therefore, it is essential that users remain aware
and take steps to protect their online privacy,
such as using strong passwords, avoiding sharing
sensitive information online, and regularly
reviewing and updating their privacy settings.
PRIVACY IN IT: SOCIAL
NETWORKS
Example:
In 2018, Google faced a privacy scandal when it
was revealed that the company had exposed the
personal information of up to 500,000 users of its
Google+ social network, due to a security
vulnerability. The vulnerability allowed third-
party developers to access user data, including
name, email address, occupation, and age, even if
the user had set their profile to private.
PRIVACY IN IT:
SOCIAL NETWORKS
Example:
Social networking’s usage in hiring and firing
decisions. There have been lots of companies
recently who’ve asked for passwords out of their
former workers and their potential new hires. This
is due to the fact that the company believes they
need to have the ability to observe the articles and
upgrades from a societal networking user to find
out whether they’re engaged in the action that’s
damaging to the enterprise.
PRIVACY IN IT: CLOUD
COMPUTING
4) Cloud computing describes the use of
software, storage or processing services
delivered over the web from massive
datacentres.
Cloud computing is a model of computing
that involves the delivery of on-demand
computing resources over the internet, such
as servers, storage, databases, software, and
applications.
PRIVACY IN IT: CLOUD
COMPUTING
PRIVACY IN IT: CLOUD
COMPUTING
Privacy in cloud computing
Your data, files and every thing stored at third party
server(cloud hosting vendor’s),your e-mails, social
networking records and everything stored in hosting.
People and businesses take advantage of all sorts of
Internet-based services, they may well find trade
secrets in the hands of competitors, private medical
records made public, and e-mail correspondence in
the hands of government investigators without any
prior notice.
PRIVACY IN IT: CLOUD
COMPUTING
Privacy issues
Main issue is that information is no longer
in your direct custody or control.
You no longer directly secure your data.
Information may be resident in a different
authority or multiple authorities.
PRIVACY IN IT: CLOUD
COMPUTING
For example:
“We are notifying people about a bug that may have
affected users who used Google to export their Google
Photos content between November 21 and November
25,” explains a Google spokesperson in a statement t.
“These users may have received either an incomplete
archive, or videos — not photos — that were not theirs.
We fixed the underlying issue and have conducted an
in-depth analysis to help prevent this from ever
happening again. We are very sorry this happened.”
PRIVACY IN IT: MOBILE
DEVICES
5) Mobile devices, such as smartphones and tablets, have
become an integral part of our daily lives, and they can
contain a lot of sensitive personal information.
Here are some privacy issues that are associated with mobile
devices:
1) Location tracking: Mobile devices use GPS or other
location tracking technologies to provide location-based
services. However, this can also be used to track individuals'
movements and behavior without their knowledge or consent.
PRIVACY IN IT: MOBILE
DEVICES
2) Data collection: Mobile apps and devices can
collect data on users' browsing behavior, social
connections, and other sensitive information. This
data can be used to create detailed profiles of
individuals and may be shared with third parties
without their knowledge or consent.
3) App permissions: Mobile apps often require access
to various device features, such as the camera or
microphone, in order to provide their services.
However, users may not be aware of the full extent of
the data that is being collected or how it is being used.
PRIVACY IN IT: MOBILE
DEVICES
5) Mobile payment systems: Mobile payment systems,
such as Apple Pay or Google Wallet, may store sensitive
financial information on the device. This information can
be vulnerable to hacking or theft if the device is lost or
stolen.
PRIVACY IN IT: MOBILE
DEVICES
Example: In 2018, it was discovered that the mobile app
for Uber had been secretly collecting user data,
including location data, even when the app was not in
use. The data was collected through a feature which
allowed employees to track the real-time locations of
Uber drivers and passengers.
This data was not only a violation of user privacy, but it
also had the potential to be misused by employees or
shared with third parties.
PRIVACY IN IT: MOBILE
DEVICES
Example: In 2019, it was discovered that the
popular mobile app FaceApp, which allows users
to upload photos of themselves and apply filters
that make them look older, younger, or change
their gender, was collecting and storing users'
photos and other data without their explicit
consent.
PRIVACY IN IT:
CHATBOTS
6) Personal assistants and chatbots: Personal
assistants, such as Amazon's Alexa or Apple's
Siri, and chatbots may collect data on users'
interactions and behavior, which can be used to
create profiles of individuals and provide
personalized services.
However, this data may also be shared with third
parties or used for other purposes without the
individual's knowledge or consent.
PRIVACY IN IT:
CHATBOTS
Chatbots may collect personal information from
users, and it is important to ensure that this data
is collected and used in a responsible and ethical
manner, with proper consent and protections in
place.
Chatbots should be transparent about what data
they collect and how they use it. This can be done
through clear and accessible privacy policies and
terms of service.
PRIVACY IN IT:
CHATBOTS
Example: In 2019, it was discovered that a chatbot
created by a fitness app called PumpUp had been
leaking sensitive information about its users.
The chatbot, which was intended to provide users
with fitness tips and motivation, was found to be
sending private user information, such as email
addresses and phone numbers, to a third-party
analytics company without the users' knowledge or
consent.
PRIVACY IN IT: IOT
7) Internet of Things (IoT): IoT devices, such as smart
home devices or wearables, collect data on users'
behavior and interactions with their environment.
However, this data can be used to create detailed profiles
of individuals and may be shared with third parties
without their knowledge or consent.
PRIVACY IN IT: IOT

Example: 2016 incident involving smart TV

manufacturer, Vizio. The company was found to
have been collecting viewing data from its
customers' smart TVs without their consent or
knowledge. The data included information about
what channels and programs were being watched,
as well as demographic information about the
viewers.