This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Talk:Summit 2011 Working Sessions/Session073

From OWASP
Revision as of 19:46, 10 February 2011 by Elke Roth-Mandutz (talk | contribs)

Jump to: navigation, search

Thank you for attending! This page is for the session participants to add their ideas and comments.

Please also take a look at the draft FTC response http://www.owasp.org/index.php/Industry:FTC_Protecting_Consumer_Privacy#Draft_Text_version_2 - your input would be very welcome!

Thank you

colin.watson(at)owasp.org


Accomplishments

I was asked to provide the top 3 accomplishments from our session to the summit team. I have suggested:

1) A recognition that OWASP MUST (not should) be active in this space

2) Direct input into OWASP's response to the FTC staff report on consumer privacy

3) A consensus to try to document the drivers, issues, resources and relevant technical approaches

Ideas...

Some suggested headings, but please feel free to add more:

Government policies

Legislation:

  • EU:
  • UK:

Primary data protection authorities:


Issues

  • Fair processing
  • Acceptable use/specified purpose
  • Avoid collecting excessive information
  • Data accuracy
  • Data retention period enforcement (& disposal)
  • Protection of data
  • Transfers (inter department, company, country)
  • Tracking consent and withdrawal of consent
  • Provision of consent
  • Use of cookies

Privacy vulnerabilities

Technical approaches

Tools

1. Ghostery plug-in Available for Firefox, Chrome, Safari, Internet Explorer It scans the page for scripts, pixels, and other elements and notifies the user of the companies whose code is present on the page. These page elements aren't otherwise visible to the user, and often not detailed in the page source code. Ghostery allows users to learn more about these companies and their practices, and block the page elements from loading if the user chooses. Download: http://www.ghostery.com/download

2. Mozilla Firefox 4 Beta: "Do Not Track" Option - Privacy Feature You can check a “Do Not Track” box in the “Advanced” screen of Firefox’s Options. When this option is selected, a header will be sent signaling to websites that you wish to opt-out of online behavioral tracking. You will not notice any difference in your browsing experience until sites and advertisers start responding to the header. See: http://blog.mozilla.com/blog/2011/02/08/mozilla-firefox-4-beta-now-including-do-not-track-capabilities/

3. PrimeLife - Research project funded by the European Commission’s 7th Framework Programme Bringing sustainable privacy and identity management to future networks and services See: http://www.primelife.eu/