+1(978)310-4246 credencewriters@gmail.com
  

Description

Empirical evidence shows that people are not willing to read the privacy policy of each website they visit, if at all possible. A 2008 study estimated that “if all American Internet users were to annually read the online privacy policies word-for-word each time they visited a new site, the nation would spend about 54 billion hours reading privacy policies.”

[1]

Today, organizations update their websites’ privacy policies more frequently to comply with the emerging regulations (e.g., GDPR, CCPA). Accordingly, today it is even more challenging for individuals to read privacy policies. The practical problem here is that organizations are attempting to comply with the regulations in order to protect themselves against potential lawsuits (therefore, detailed written privacy policies); however, this makes it practically infeasible for individuals to be informed about how their personal data is being collected, processed, and used by organizations.

As an InfoSec or privacy professional, your job is to:

Develop a practical solution to address the problem with the current design of privacy policies. Your goal is to develop an effective technique, method, or framework for implementing a privacy policy. The solution should consider the fact that individuals are more likely to rely on shortcuts and hence less willing to read whereas organizations are strict about having a comprehensive privacy policy that complies with the regulations. Thus, the proposed solution for developing a privacy policy needs to be creative enough in a way to meet two major goals: 1) ease of comprehension, from an individual perspective and 2) comprehensiveness, from an organizational perspective.

Deliverables

:

(1)Provide a description of the proposed technique, method, or framework and make sure to justify any assumption(s) you make, if any. You can also use the GDPR summary document to strengthen your proposal. For example, you may consider incorporating into your proposal the Rights of the Data Subject, GDPR Chapter 3. (1-2 pages, double space)

(2)Apply the proposed technique, method, or framework with at least four of the major elements comprising a privacy policy (e.g., data collection, data storage, data processing/use, data sharing, cookies, etc.). To do this, choose any website or app and use its privacy policy’s content to apply the proposed technique, method, or framework. In other words, present an example of how your proposed solution can be applied. Provide the name of the organization or company and a link of its privacy policy page. (1-2 pages, double space)

(3)Discuss the effectiveness of the proposed solution relative to the currently applied one at the website/app chosen or relative to the generally applied technique at other websites/apps (i.e., “I agree to the terms & conditions”). Remember that one of the main objectives of any privacy policy is to inform individuals (i.e., notice) and receiving their consent, in addition to providing information about choice, access, and integrity. Therefore, the effectiveness of the proposed technique is heavily dependent on how effective and efficient it is in terms of informing individuals and receiving their consent. (1-2 pages, double space)

(4)Suggest measures for validating the effectiveness of the proposed policy. (1-2 pages, double space)

(5)Add references whenever applicable.

———-Please use the attached presentation as a base for the framework that will be used for the report and build on it.

[1]

http://lorrie.cranor.org/pubs/readingPolicyCost-authorDraft.pdf

Outline
• The Privacy Policy Framework
• Simulation
• Effectiveness
The Framework
• Standard Framework mandated by the law and regulators
(one detailed policy e.g. GDPR)
– applicable sections of policy depending on Information
Technology product/service i.e. different categories
• Clickable info/motion graphic page(s)
– Must cover major elements of privacy policy
• (data collection, data storage, data processing/use, data sharing,
cookies etc.)
– Approx. 15 words max for each element
Simulation
Acknowledge/Accept
Decline/Reject
Effectiveness
•
•
•
•
•
Easy for customers to read and understand
Enforced customers to read to read
Time efficient
Higher transparency between firms and customers
Standardized privacy policy that protects customers
data, and fair treatments of firms at the same time
Thank You !
Manage privacy the way your customers want!

Purchase answer to see full
attachment

  
error: Content is protected !!