Scope and Categories of the Advisory Committee's Work:
Recommendations from the Scope Subgroup

Initial Considerations

I. Sensitivity

The Subgroup felt that in considering access and security issues it was appropriate to consider the sensitivity of the various categories of data and of data elements that may be contained within a broad category. Again, the Subgroup felt that a category-based approach to access and security would help identify common ground and areas of disagreement for the Commission's consideration.

II. Use As An Important Consideration

Similarly, the Subgroup strongly believes that the use of information should be an integral part of considerations of access. Of particular concern is individuals' ability to access information used to make decisions about them, and questions of commingling data from various sources.

There might be differing views of access and correction depending upon the how information is used and whether or not the information is shared. Such factors might impact the recommendations made by the Advisory Commission.

Information can be used to make various kinds of decisions about individuals. For example, a customer's account history could be provided to an insurance company and used to determine eligibility and cost for a policy, or the result of a medical exam could be used to determine whether or not a job is offered. Information may also be used for marketing purposes. For example, an individual purchasing a vintage Corvette may receive information to join a Corvette Club, or to receive a special credit card targeting Corvette owners.

Information may or may not be shared with others. For example, a book seller may or may not share the information that an individual purchased a home improvement book on-line with other on-line marketers of products to help the "do it yourself" homeowner.

The Subgroup felt that in considering the significance and privacy impact of Unique Identifiers the availability and scope of use were of particularly important. For example, a Unique Identifier assigned by one company and never shared with other entities in a fashion that tied it to other identifying information would be considered by the group to be a Local Unique Identifier. The same Unique Identifier used by multiple companies to track and retain information about a specific individual would be considered a Globally Unique Identifier and raise a different level of privacy concern.

III. What Do We Mean By Access

Access is the ability of an individual to view personal information identifying or describing himself or herself. The subgroup disagreed as to whether or not access should in all instances be interpreted to include the ability of the individual to correct, amend, or delete personal information.

IV. Reasons for Access

Although the subgroup believes there are other reasons for providing access, we believe that as a starting point, the following deserve consideration:

1) so that the data subject has full knowledge of and control over personal information held by a data collector;

 

2) so that the data collector, when utilizing that personal information, can operate with greater confidence in the accuracy of that data; and,

 

3) so that consumers can contest, correct, or amend information used to make important decisions, such as those related to loans or insurance policies.

V. Considerations of Sensitive Information?

Sensitive information is a category of personal information that should be considered when discussing the scope of access. At this time, the subgroup does not have an exhaustive list or precise definition for this type of personal information.

The subgroup agreed that there are some categories of personal information, medical and financial, that clearly fall into this category. The subgroup was in disagreement whether to also include other types of personal information such as data pointing out or suggesting political leanings, religious beliefs, or gender.

VI. Categories

The Subgroup felt that developing data categories would assist in defining the scope of the Committee's work and in identifying where differences of opinion exist. The Subgroup also felt the exploration of access and security would be strengthened by an approach that looks at separate categories of data.

In addition to developing categories of data to aid the Committee's work, the Subgroup felt that an initial analysis of whether or not they should come within the scope of the discussions of access would prove useful to the Committee. Therefore, the Subgroup prepared the attached grid which indicates (X) where the Subgroup was in wide agreement that in considering access the record created by the intersection of the two data points should be discussed. (?) indicate mixed opinions and (0) equal wide agreement that access to such records was not a priority for consideration.

Physical Contact Information

Information that allows an individual to be contacted or located in the physical world -- such as phone number or address.

 

Online Contact Information

Information that allows an individual to be contacted or located on the Internet -- such as email. Often, this information is independent of the specific computer used to access the network. (See the category "Computer Information")

 

Globally Unique ID (GUID) 

Non-financial identifiers issued for purposes of consistently identifying the individual across multiple entities.

 

Locally Unique ID (LUID)

Non-financial identifiers issued for purposes of consistently identifying the individual used by a single entity and never released to another entity association with physical contact information, online contact information, or a globally unique ID.

 

Financial Account Identifiers

Identifiers that tie an individual to a financial instrument, account, or payment system -- such as a credit card or bank account number.

 

Computer Information

Information about the computer system that the individual is using to access the network -- such as the IP number, domain name, browser type or operating system.

 

Navigation and Click-stream Data

Data passively generated by browsing the Web site -- such as which pages are visited, and how long users stay on each page.

 

Interactive Data

Data actively generated from or reflecting explicit interactions with a service provider through its site -- such as queries to a search engine, logs of account activity, or purchases made on the Web.

 

Demographic and Socio-economic Data

Data about an individual's characteristics -- such as gender, age, and income.

 

Inferred Data

Information attributed to an individual that is derived from other information known or associated with the individual. Imputed data can be data generated through the application of a mathematical program to known data, or it can be information such as census data that can be imputed to a range of individuals based on residence or some other trait (commonly called overlay data).

 

Preference Data

Data about an individual's likes and dislikes -- such as favorite color or musical tastes.

 

Content

The words and expressions contained in the body of a communication -- such as the text of email, bulletin board postings, or chat room communications.

 

State Management Mechanisms

Mechanisms for maintaining a stateful session with a user or automatically identifying users who have visited a particular site or accessed particular content previously -- such as HTTP cookies.

 

Image

The visual representation of an individual.

VII. Chart for Consideration

http://www.cdt.org/privacy/chart.html