Cannon_index.qxd 8/24/04 1:20 PM Page 327 = Index A automatic updates, 64-65 accept lists, spam, 85 centralized privacy settings, 32-33 access cookies, 24, 159-165 control, 36 CPG, 120-123 databases CPO, 119 data minimization, 248-251 databases, 272 data obfuscation, 252-253 DRM, 289 data perturbation, 262-265 applications, 297-298 data quantization, 254 defending privacy, 290 management, 272 development, 298-299 physical security, 245 DMCA, 290 programmatic security, 246-247 languages, 292-296 transaction auditing, 247-248 methods of copyright, 291 Web sites, 148-149 GPO, 76 accounts, e-mail, 89 Group Policy, 55-63 ACLU (American Civil Liberties Help and Support Center, 56 Union), 101 IRM, 37 addresses Linux-based configuration, 33 IP Microsoft Office 2003, 69-73 GUIDs, 9 My Recent Documents, 66 logging, 148-149 papers (Microsoft Windows), 54 privacy, 19 policies, 12 .adm files (administrative template), privacy hierarchies, 124 creating, 74-76 assigning privacy leads, 126 administration creating privacy councils, 124 .adm files, 74-76 developing privacy standards, Authorization Manager, 279, 126-127 285-287 327 Cannon_index.qxd 8/24/04 1:15 PM Page 328 328 Index privacy response centers privacy response teams, 190 manual processes, 139-141 product release, 190 monthly reporting, 142 starting, 176-182 need for, 132 testing, 188 organization of, 133-135 headers, 87 resources, 142-143 specifications, 192 workflow, 135-137 data analysis, 194-195 privacy reviews, 204, 206 dependency analysis, 202 meetings, 207 disclosure plans, 200-202 scope, 208 entity description, 203 team members, 206-207 phone home disclosure, 202-203 templates, 208-211 security analysis, 197-198 spam, 80 usage analysis, 196-197 anti-spam applications, 85-91 user access analysis, 199 bulk e-mail solutions, 94 user control analysis, 198 controlling, 83-84 templates, 307 cost of, 80-81 trend, 139-141 e-mail solutions, 93 anonymity, PATs/PETs, 18 litigation, 82 anonymizers, 19-21 server-side anti-spam applications, anonymous e-mail Web sites, 20 91-92 anti-spam WER, 57-63 applications, 83-92 WMP9, 67-69 policies, 84 administrative template (.adm) files, tools, 22 creating, 74-76 APPEL, 171-172 advertisements applications cookie managers, 24 anti-spam, 83-92 popup blockers, 22-23 context-level application spyware, 23 decomposition, 217 Alexa Toolbar, 43 databases algorithms, 259. See also encryption configuring, 276-278 American Civil Liberties Union creating, 272 (ACLU), 101 program files, 274-275 analysis, 180 testing, 280-287 development, 187-188 decomposition rollup, 221-222, 225 beta release, 189 development, 176 code complete, 189 exposure, 5, 7 deployment guides, 191 Group Policy management, 55-56 design, 186-187 level 0 application documentation, 182-186 decomposition, 218 feature complete, 187 Cannon_index.qxd 8/24/04 1:15 PM Page 329 Index 329 MFCs C design, 228-230 CADP (correlated-noise additive data disclosure, 233-235 perturbation), 265 encryption, 240-241 calculations, perturbation, 266 files, 231-232 CAN-SPAM (Controlling the Assault installing, 231 of Non-Solicited Pornography and privacy settings, 236-238 Marketing), 89 Microsoft Office 2003, 69-73 CAPICOM (Crypto Application onion routing, 21 Programming Interface PATs, 36-37 Component Object Model) privacy library, 273, 279 settings, 29-33 categorization statements, 7-8 data, 251 rights management, 297-298 databases, 272 spam, 84 quantization, 254 spyware, 23 Cavoukian, Ann, 13 tracking, 9-10 centralized privacy setting WER, 61-63 management, 32-33 asymmetric encryption, 260 certification, privacy-certification AT&T Privacy Bird, 166 programs, 51 attachments, 91. See also e-mail; spam CES (Contract Enabled Server), 295 audio, WMP9, 67-69 CFAA (Computer Fraud and Abuse audits, transactions, 247-248 Act), 41, 50 authorization, 19 challenge-response, spam, 86 automatic updates, 64-65 checklists, Web sites, 311-313 Avant, 166 Chief Privacy Officer (CPO), 119 AzMan (Authorization Manager), Children’s Online Privacy Protection 279, 285-287 Act (COPPA), 49-50 classification of data, 250-251 B clearing Backscatter x-ray devices, 110 files, 35 Bayesian filters, spam, 88 histories, 21 beta release phase, 189. See also client-side antispam solutions, 90-91 development client-side components, 303-304 block lists, 86, 91-92 Clip Art tool, 6 blocking RFID tags, 99 clothing, privacy-invasive devices boundaries, DFDs, 219 under, 109-110 branch offices, 134-135 code Brandeis, Louis D., 80 APPEL, 171-172 building privacy-aware complete phase, 189. See also applications, 176 development bulk e-mail, 94 Cannon_index.qxd 8/24/04 1:15 PM Page 330 330 Index collection Group Policy, 55-56 control of data collection, 316 Linux-based, 33 of personal information, 148-149 Microsoft Office 2003, 69-73 privacy policies, 117 My Recent Documents, 66 collusion, avoiding, 248 privacy settings, 29-33 column-count limitations, queries, 257 WER, 61-63 columns Windows Error reporting dialog categorization, 272 box, 58 security, 247 WMP9, 67-69 commands, Help and Support (Start connections menu), 56 phone home disclosure, 202-203 compact policy (P3P), 158, 186 security, 301 compliance, planning, 178 ContentGuard, 298 component teams, privacy hierarchies, context-level application 124-127 decomposition, 217 components Contract Enabled Server (CES), 295 client-side, 303-304 control privacy-process flowcharts, 178-180 access, 36 Web services, 304 of data collection, 316 Computer Fraud and Abuse Act spam, 83-84 (CFAA), 41, 50 Controlling the Assault of Non- computers Solicited Pornography and data minimization, 248-251 Marketing (CAN-SPAM) Act, 89 data obfuscation, 252-253 cookies, 24, 148-149, 159 data perturbation, 262-265 COPPA (Children’s Online Privacy data quantization, 254 Protection Act), 49-50 physical security, 245 copyrights, 289 programmatic security, 246-247 applications, 297-298 transaction auditing, 247-248 defending privacy, 290 concealing data (obfuscation), development, 298-299 252-253 DMCA, 290 configuration languages, 292-296 .adm files, 74-76 methods, 291 Authorization Manager, 279, corporate policies, 12 285-287 Corporate Privacy Group (CPG), automatic updates, 65 120-123 databases, 272 correlated-noise additive data executing, 276-278 perturbation (CADP), 265 program files, 274-275 costs testing, 280-287 right languages, 296 GPO, 76 spam, 80-81 Cannon_index.qxd 8/24/04 1:15 PM Page 331 Index 331 councils, creating, 124 hippocratic, 266-268 CPG (Corporate Privacy Group), 120- linking, 134-135 123, 133-135 management, 272 CPO (Chief Privacy Officer), 119 physical security, 245 crowds, 21 program files, 274-275 Crypto Application Programming programmatic security, 246-247 Interface Component Object queries, 256-257 Model (CAPICOM) library, suppression, 258 273, 279 testing, 280-287 customer service transaction auditing, 247-248 privacy response centers translucent, 252 manual processes, 139-141 dataflow diagrams (DFDs), 213-217 monthly reporting, 142 context-level application need for, 132 decomposition, 217 organization of, 133-135 decomposition rollup, 221-222, 225 resources, 142-143 level 0 application workflow, 135-137 decomposition, 218 providing, 129-132 privacy boundaries, 219 customization. See also configuration privacy-aware applications, 228-230 .adm files, 74-76 decomposition GPO, 76 context-level application Microsoft Office 2003, 69-71, 73 decomposition, 217 My Recent Documents, 66 level 0 application Customize Start Menu dialog box, 66 decomposition, 218 rollup, 221-222, 225 D defending privacy, 290 data analysis, 194-195, 307. See also defining, tracking, 9-10 analysis deleting data classification/isolation, 250-251 files, 25 data minimization, 248-251 hidden data, 73 data obfuscation, 252-253 Deloitte and Touche, privacy data perturbation, 262-265 training, 177 data quantization, 254 demographics, 263 data retention policies, 249 departmental flow of privacy databases policies, 122 configuring, 276, 278 dependency analysis, 202 data minimization, 248-251 deployment data obfuscation, 252-253 guides, 186, 191 data perturbation, 262-265 P3P, 150-151 data quantization, 254 compact policy, 158 encryption, 258-262 policy files, 153-157 Cannon_index.qxd 8/24/04 1:15 PM Page 332 332 Index reference files, 151-153 specifications, 192 design. See also configuration data analysis, 194-195 applications, 228-230 dependency analysis, 202 disclosure, 233-235 disclosure plans, 200-202 encryption, 240-241 entity description, 203 files, 231-232 phone home disclosure, 202-203 installing, 231 security analysis, 197-198 phase, 186-187. See also development usage analysis, 196-197 privacy settings, 236-238 user access analysis, 199 destinations, mix networks, 20 user control analysis, 198 development, 187-188 standards, 315-317 applications, 5 starting, 176-182 beta release, 189 testing, 188 code complete, 189 training programs, 177 deployment guides, 191 trustworthiness, 11-12 design, 186-187 devices, 97 documentation, 182-186 legal view of, 110-111 DRM, 298-299 nTag smart ID badges, 107 feature complete, 187 RFID tags, 98-105 legislation, 41-43 smart dust, 108-109 CFAA, 50 Spotme conferencing devices, COPPA, 49-50 106-107 EU directives on data protection, under clothing, 109-110 45-46 DFDs (dataflow diagrams), 213-217 GLBA, 50 context-level application HIPAA, 51 decomposition, 217 OECD, 44-45 decomposition rollup, 221-222, 225 PIPEDA, 46 level 0 application privacy-certification programs, 51 decomposition, 218 regulations, 42 privacy boundaries, 219 Safe Harbor Privacy Principles, privacy-aware applications, 228-230 47-49 diagrams (DFDs), 213-217 need