User Tools

Site Tools


cbdc:public:cbdc_omg:04_doc:15_common:45_privacy:start

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
cbdc:public:cbdc_omg:04_doc:15_common:45_privacy:start [2022/05/16 18:21]
nick ↷ Page moved from cbdc:public:04_doc:15_common:45_privacy:start to cbdc:public:cbdc_omg:04_doc:15_common:45_privacy:start
cbdc:public:cbdc_omg:04_doc:15_common:45_privacy:start [2022/06/17 18:02] (current)
terrance
Line 1: Line 1:
 ====== 4.4 National Privacy Considerations ====== ====== 4.4 National Privacy Considerations ======
-[[cbdc:​public:​04_doc:​15_common:​start| Return to Common Elements]]+|< 100% >| 
 +[[cbdc:​public:cbdc_omg:​04_doc:​15_common:​start| Return to Common Elements]] ​ ​| ​ <​WRAP>​ 
 +<​html><​b>​ 
 +<a href="​mailto:​[email protected]?​Subject=OMG'​s CBDC WG Response:  
 +4.4 National Privacy Considerations
  
 +">​Provide Feedback</​a></​b>​
 +</​html>​
 +</​WRAP> ​ |
 ===== Overview ===== ===== Overview =====
-[[cbdc:​public:​04_doc:​15_common:​45_privacy:​start| Return to Top]]+[[cbdc:​public:cbdc_omg:​04_doc:​15_common:​45_privacy:​start| Return to Top]]
  
 Although there is no general federal legislation for data and metadata protection and privacy, there are a number of federal data protection laws that are sector-specific or focus on particular types of data. In addition to the Federal regulations,​ there are some state laws that are also applicable. Although there is no general federal legislation for data and metadata protection and privacy, there are a number of federal data protection laws that are sector-specific or focus on particular types of data. In addition to the Federal regulations,​ there are some state laws that are also applicable.
Line 21: Line 28:
  
 ==== U.S. Federal Laws and Regulations ==== ==== U.S. Federal Laws and Regulations ====
-[[cbdc:​public:​04_doc:​15_common:​45_privacy:​start| Return to Top]]+[[cbdc:​public:cbdc_omg:​04_doc:​15_common:​45_privacy:​start| Return to Top]]
  
 There is no single U.S. law or regulation covering **Privacy**,​ but a whole set of laws. Table {{ref>​usPrivacy}} outlines most of the laws as determined by the [[https://​www.omgwiki.org/​dido/​doku.php?​id=dido:​public:​ra:​xapend:​m_acts_laws | OMG DIDO-RA ]].  There is no single U.S. law or regulation covering **Privacy**,​ but a whole set of laws. Table {{ref>​usPrivacy}} outlines most of the laws as determined by the [[https://​www.omgwiki.org/​dido/​doku.php?​id=dido:​public:​ra:​xapend:​m_acts_laws | OMG DIDO-RA ]]. 
Line 67: Line 74:
 </​WRAP>​| </​WRAP>​|
 ^ Privacy ^ [[https://​www.omgwiki.org/​dido/​doku.php?​id=dido:​public:​ra:​xapend:​xapend.a_glossary:​f:​fdcpa | Fair Debt Collection Practices Act (FDCPA) ]]|<​WRAP>​ ^ Privacy ^ [[https://​www.omgwiki.org/​dido/​doku.php?​id=dido:​public:​ra:​xapend:​xapend.a_glossary:​f:​fdcpa | Fair Debt Collection Practices Act (FDCPA) ]]|<​WRAP>​
-Under the FDCPA, collectors are not allowed to publish a consumer'​s name and address on a bad debt list or reveal any information regarding the debt to unaffiliated third parties except the consumers' partner or attorney.+Under the FDCPA, collectors are not allowed to publish a consumer'​s name and address on a bad debt list or reveal any information regarding the debt to unaffiliated third parties except the consumer'partner or attorney.
 </​WRAP>​| </​WRAP>​|
 ^ Privacy ^ [[https://​www.omgwiki.org/​dido/​doku.php?​id=dido:​public:​ra:​xapend:​xapend.a_glossary:​e:​efta | Electronic Funds Transfer Act ]]|<​WRAP>​ ^ Privacy ^ [[https://​www.omgwiki.org/​dido/​doku.php?​id=dido:​public:​ra:​xapend:​xapend.a_glossary:​e:​efta | Electronic Funds Transfer Act ]]|<​WRAP>​
Line 75: Line 82:
  
 ==== U.S. State Laws and Regulations ==== ==== U.S. State Laws and Regulations ====
-[[cbdc:​public:​04_doc:​15_common:​45_privacy:​start| Return to Top]]+[[cbdc:​public:cbdc_omg:​04_doc:​15_common:​45_privacy:​start| Return to Top]]
  
 The U.S. States each can have their own laws or regulations covering **Privacy**,​ as well as, a whole set of laws. Table {{ref>​stateRegulatins}} outlines most of the U.S. State laws as determined by [[https://​www.omgwiki.org/​dido/​doku.php?​id=dido:​public:​ra:​xapend:​m_acts_laws | OMG DIDO-RA ]].  The U.S. States each can have their own laws or regulations covering **Privacy**,​ as well as, a whole set of laws. Table {{ref>​stateRegulatins}} outlines most of the U.S. State laws as determined by [[https://​www.omgwiki.org/​dido/​doku.php?​id=dido:​public:​ra:​xapend:​m_acts_laws | OMG DIDO-RA ]]. 
Line 91: Line 98:
 ^ Kind  ^ Law / Regulation ​ ^ Description ​ | ^ Kind  ^ Law / Regulation ​ ^ Description ​ |
 ^ Privacy ^ [[https://​www.omgwiki.org/​dido/​doku.php?​id=dido:​public:​ra:​xapend:​xapend.a_glossary:​c:​cpa | California Privacy Act]] |<​WRAP>​ ^ Privacy ^ [[https://​www.omgwiki.org/​dido/​doku.php?​id=dido:​public:​ra:​xapend:​xapend.a_glossary:​c:​cpa | California Privacy Act]] |<​WRAP>​
-California Privacy Act is a state level privacy act that provides protection of consumer information. The act is described as a stricter version of the Gramm-Leach-Bliley Act. +California Privacy Act is a state-level privacy act that provides protection of consumer information. The act is described as a stricter version of the Gramm-Leach-Bliley Act. 
 </​WRAP>​| </​WRAP>​|
 ^ Privacy ^ [[https://​www.omgwiki.org/​dido/​doku.php?​id=dido:​public:​ra:​xapend:​xapend.a_glossary:​c:​coppa ​          | California Consumer Privacy Act (CCPA)]] | <​WRAP>​ ^ Privacy ^ [[https://​www.omgwiki.org/​dido/​doku.php?​id=dido:​public:​ra:​xapend:​xapend.a_glossary:​c:​coppa ​          | California Consumer Privacy Act (CCPA)]] | <​WRAP>​
Line 100: Line 107:
 </​WRAP>​| </​WRAP>​|
 ^ Privacy ^ [[https://​www.omgwiki.org/​dido/​doku.php?​id=dido:​public:​ra:​xapend:​xapend.a_glossary:​c:​crfpa | California Right to Financial Privacy Act ]] |<​WRAP>​ ^ Privacy ^ [[https://​www.omgwiki.org/​dido/​doku.php?​id=dido:​public:​ra:​xapend:​xapend.a_glossary:​c:​crfpa | California Right to Financial Privacy Act ]] |<​WRAP>​
-California Right to Financial Privacy Act regulates the state'​s government agencies'​ abilities to access nonpublic consumer information. As a result of the act, California'​s government agencies are not authorized to access financial records unless the consumer gives consent or if a subpoena or a search warrant is issued for the information. ​+California'​s ​Right to Financial Privacy Act regulates the state'​s government agencies'​ abilities to access nonpublic consumer information. As a result of the act, California'​s government agencies are not authorized to access financial records unless the consumer gives consent or if a subpoena or a search warrant is issued for the information. ​
 </​WRAP>​| </​WRAP>​|
 ^ Privacy ^ [[https://​www.omgwiki.org/​dido/​doku.php?​id=dido:​public:​ra:​xapend:​xapend.a_glossary:​c:​csbcc | California Song-Beverly Credit Card Act]]|<​WRAP>​ ^ Privacy ^ [[https://​www.omgwiki.org/​dido/​doku.php?​id=dido:​public:​ra:​xapend:​xapend.a_glossary:​c:​csbcc | California Song-Beverly Credit Card Act]]|<​WRAP>​
-Under the California Song-Beverly Credit Card Act, companies may not collect personally identifiable information from consumers who purchase goods or services using credit cards. Companies cannot set conditions in which consumers must consent to sharing ​their information in order to use their credit cards for a transaction. However, consumer information can be requested in order to complete a credit card transaction as long as the information is never recorded. The act also set a redundant state level requirement that companies must shorten a consumer'​s credit and debit card information on receipts. ​+Under the California Song-Beverly Credit Card Act, companies may not collect personally identifiable information from consumers who purchase goods or services using credit cards. Companies cannot set conditions in which consumers must consent to share their information in order to use their credit cards for a transaction. However, consumer information can be requested in order to complete a credit card transaction as long as the information is never recorded. The act also set a redundant state-level requirement that companies must shorten a consumer'​s credit and debit card information on receipts. ​
 </​WRAP>​| </​WRAP>​|
 ^ Privacy ^ [[https://​www.omgwiki.org/​dido/​doku.php?​id=dido:​public:​ra:​xapend:​xapend.a_glossary:​v:​vpcihi | Vermont Privacy of Consumer Financial and Health Information ]] |<​WRAP>​ ^ Privacy ^ [[https://​www.omgwiki.org/​dido/​doku.php?​id=dido:​public:​ra:​xapend:​xapend.a_glossary:​v:​vpcihi | Vermont Privacy of Consumer Financial and Health Information ]] |<​WRAP>​
Line 113: Line 120:
  
 ==== Exemplar for Metadata ==== ==== Exemplar for Metadata ====
-[[cbdc:​public:​04_doc:​15_common:​45_privacy:​start| Return to Top]]+[[cbdc:​public:cbdc_omg:​04_doc:​15_common:​45_privacy:​start| Return to Top]]
  
 The following user scenario is meant as an exemplar of the importance of Data Strategy and Data Governance for a U.S.-based CBDC. The following user scenario is meant as an exemplar of the importance of Data Strategy and Data Governance for a U.S.-based CBDC.
  
 === Theoretical Problem === === Theoretical Problem ===
-[[cbdc:​public:​04_doc:​15_common:​45_privacy:​start| Return to Top]]+[[cbdc:​public:cbdc_omg:​04_doc:​15_common:​45_privacy:​start| Return to Top]]
  
 The following is a theoretical problem used to highlight some major issues with privacy. The following is a theoretical problem used to highlight some major issues with privacy.
Line 127: Line 134:
   * Jane White is a Chief Executive Officer (CEO) and President of one of the largest, most valued innovative companies in the world   * Jane White is a Chief Executive Officer (CEO) and President of one of the largest, most valued innovative companies in the world
  
-Both show up at a medical facility that treats mental health and substance abuse. The diagnosis and the treatment for John and Jane are identical, with the same prognosis, and the outcomes are expected to be the same.  On a personal level, this is a tragedy for both John and Jane, their families, and friends. ​+Both show up at a medical facility that treats mental health and substance abuse. The diagnosis and treatment for John and Jane are identical, with the same prognosis, and the outcomes are expected to be the same.  On a personal level, this is a tragedy for both John and Jane, their families, and their friends. ​
  
-Both John and Jane would like to keep their visit to the medical facility quiet. John has a better chance of keeping his visit secret, especially since there is no real economic incentive to divulge the secret. However, if it is known that Jane has visited this clinic, the collateral impact on her company, its employees, the investors and even those investing in competing companies can be wide-reaching and significant.+Both John and Jane would like to keep their visit to the medical facility quiet. John has a better chance of keeping his visit secret, especially since there is no real economic incentive to divulge the secret. However, if it is known that Jane has visited this clinic, the collateral impact on her company, its employees, the investorsand even those investing in competing companies can be wide-reaching and significant.
  
-Regardless, if the data and metadata are about John or Jane, there is a reasonable expectation by both of them that data and metadata about their transaction with the medical facility ​is secure and remains ​private.+Regardless, if the data and metadata are about John or Jane, there is a reasonable expectation by both of them that data and metadata about their transaction with the medical facility ​are secure and remain ​private.
  
 === Theoretical Solution === === Theoretical Solution ===
-[[cbdc:​public:​04_doc:​15_common:​45_privacy:​start| Return to Top]]+[[cbdc:​public:cbdc_omg:​04_doc:​15_common:​45_privacy:​start| Return to Top]]
  
 A theoretical solution is for the CBDC to develop a rigorous and comprehensive Data Strategy that guarantees the security and privacy of the transactional data associated with the CBDC. The CBDC and the Federal Reserve do not need to develop their own Security and Privacy framework but can rely on the existing framework laid out by the U.S. Federal Government. ​ A theoretical solution is for the CBDC to develop a rigorous and comprehensive Data Strategy that guarantees the security and privacy of the transactional data associated with the CBDC. The CBDC and the Federal Reserve do not need to develop their own Security and Privacy framework but can rely on the existing framework laid out by the U.S. Federal Government. ​
Line 141: Line 148:
  
 ==== U.S. Federal Government on Data Strategy ==== ==== U.S. Federal Government on Data Strategy ====
-[[cbdc:​public:​04_doc:​15_common:​45_privacy:​start| Return to Top]]+[[cbdc:​public:cbdc_omg:​04_doc:​15_common:​45_privacy:​start| Return to Top]]
  
 The following is from the U.S. Federal Government on Data Strategy: The following is from the U.S. Federal Government on Data Strategy:
Line 167: Line 174:
 </​WRAP>​ </​WRAP>​
 ===== Examples ===== ===== Examples =====
-[[cbdc:​public:​04_doc:​15_common:​45_privacy:​start| Return to Top]]+[[cbdc:​public:cbdc_omg:​04_doc:​15_common:​45_privacy:​start| Return to Top]]
  
-The "​desirements"​ specified in [[https://​www.omgwiki.org/​CBDC/​doku.php?​id=cbdc:​private:​cbdc_omg:​15_summary:​start&​do=edit | White Paper]] and identified by the [[https://​www.omgwiki.org/​CBDC/​doku.php?​id=cbdc:​private:​cbdc_omg:​15_summary:​start | OMG's White Paper Analysis]] as **Privacy Issues** are listed in Table {{ref>​privacyReq}}.+The "​desirements"​ specified in [[https://​www.omgwiki.org/​CBDC/​doku.php?​id=cbdc:​public:​cbdc_omg:​15_summary:​start&​do=edit | White Paper]] and identified by the [[https://​www.omgwiki.org/​CBDC/​doku.php?​id=cbdc:​public:​cbdc_omg:​15_summary:​start | OMG'​s ​CBDC WG White Paper Analysis]] as **Privacy Issues** are listed in Table {{ref>​privacyReq}}.
  
 <table privacyReq>​ <table privacyReq>​
-<​caption>​Examples of **Privacy Desirements** identified during the White Paper Analysis conducted by the OMG</​caption>​+<​caption>​Examples of **Privacy Desirements** identified during the White Paper Analysis conducted by the OMG's CBDC WG</​caption>​
 |< 100% 20% ->| |< 100% 20% ->|
 ^ Category ​ ^ Desirements ​ ^ ^ Category ​ ^ Desirements ​ ^
Line 183: Line 190:
  
 ===== Discussion of Examples ===== ===== Discussion of Examples =====
-[[cbdc:​public:​04_doc:​15_common:​45_privacy:​start| Return to Top]]+[[cbdc:​public:cbdc_omg:​04_doc:​15_common:​45_privacy:​start| Return to Top]]
  
-Table {{ref>​privacyReqDiscussion}} provides discussion points for each of the "​desirements"​ identified by the [[https://​www.omgwiki.org/​CBDC/​doku.php?​id=cbdc:​private:​cbdc_omg:​15_summary:​start | OMG's White Paper Analysis]].+Table {{ref>​privacyReqDiscussion}} provides discussion points for each of the "​desirements"​ identified by the [[https://​www.omgwiki.org/​CBDC/​doku.php?​id=cbdc:​public:​cbdc_omg:​15_summary:​start | OMG'​s ​CBDC WG White Paper Analysis]].
  
 <table privacyReqDiscussion>​ <table privacyReqDiscussion>​
Line 193: Line 200:
 ^ B0004 ^ Protect consumer privacy ​ | Consumer privacy is information privacy as it relates to the consumers of products and services. A variety of social, legal and political issues arise from the interaction of the public'​s potential expectation of privacy and the collection and dissemination of data by businesses or merchants | ^ B0004 ^ Protect consumer privacy ​ | Consumer privacy is information privacy as it relates to the consumers of products and services. A variety of social, legal and political issues arise from the interaction of the public'​s potential expectation of privacy and the collection and dissemination of data by businesses or merchants |
 ^ B0022 ^ Provide a CBDC that is:<​WRAP>​ ^ B0022 ^ Provide a CBDC that is:<​WRAP>​
-  : 1. YES [[cbdc:​public:​8_append:​20_glossary:​privacy-protected| Privacy-Protected ]] +  : 1. YES [[cbdc:​public:cbdc_omg:​8_append:​20_glossary:​privacy-protected| Privacy-Protected ]] 
-  : 2. NO [[cbdc:​public:​8_append:​20_glossary:​intermediated| Intermediated]] +  : 2. NO [[cbdc:​public:cbdc_omg:​8_append:​20_glossary:​intermediated| Intermediated]] 
-  : 3. NO [[cbdc:​public:​8_append:​20_glossary:​transferable| Widely Transferable]] +  : 3. NO [[cbdc:​public:cbdc_omg:​8_append:​20_glossary:​transferable| Widely Transferable]] 
-  : 4. NO [[cbdc:​public:​8_append:​20_glossary:​identity-verified| Identity-Verified]]+  : 4. NO [[cbdc:​public:cbdc_omg:​8_append:​20_glossary:​identity-verified| Identity-Verified]]
 </​WRAP>​ | Privacy-Protected means that the Central Bank Digital Currency (CBDC) protecting consumer privacy is critical. Any CBDC would need to strike an appropriate balance, however, between safeguarding the privacy rights of consumers and affording the transparency necessary to deter criminal activity. ​ | </​WRAP>​ | Privacy-Protected means that the Central Bank Digital Currency (CBDC) protecting consumer privacy is critical. Any CBDC would need to strike an appropriate balance, however, between safeguarding the privacy rights of consumers and affording the transparency necessary to deter criminal activity. ​ |
 ^ P0004 ^ Protect consumer privacy ​ | See **''​B0004''​**. | ^ P0004 ^ Protect consumer privacy ​ | See **''​B0004''​**. |
Line 204: Line 211:
 </​WRAP>​| </​WRAP>​|
 ^ D0012 ^ Design should address privacy concerns by leveraging existing tools already in use by intermediaries | Intermediaries means commercial banks and regulated **''​nonbank''​** financial service providers that would operate in an open market for CBDC services | ^ D0012 ^ Design should address privacy concerns by leveraging existing tools already in use by intermediaries | Intermediaries means commercial banks and regulated **''​nonbank''​** financial service providers that would operate in an open market for CBDC services |
-| **''​B''​** = [[cbdc:​public:​04_doc:​12_summary:​start#​benefits| Benefit Considerations ]] ||| +| **''​B''​** = [[cbdc:​public:cbdc_omg:​04_doc:​12_summary:​start#​benefits| Benefit Considerations ]] ||| 
-| **''​P''​** = [[cbdc:​public:​04_doc:​12_summary:​start#​policy_considerations| Policy Considerations]] ||| +| **''​P''​** = [[cbdc:​public:cbdc_omg:​04_doc:​12_summary:​start#​policy_considerations| Policy Considerations]] ||| 
-| **''​R''​** = [[cbdc:​public:​04_doc:​12_summary:​start#​risks| Risk Considerations ]] ||| +| **''​R''​** = [[cbdc:​public:cbdc_omg:​04_doc:​12_summary:​start#​risks| Risk Considerations ]] ||| 
-| **''​D''​** = [[cbdc:​public:​04_doc:​12_summary:​start#​design| Design Considerations]] |||+| **''​D''​** = [[cbdc:​public:cbdc_omg:​04_doc:​12_summary:​start#​design| Design Considerations]] |||
 </​table>​ </​table>​
  
Line 219: Line 226:
 ^ Kind  ^ Law / Regulation ​ ^ Description ​ | ^ Kind  ^ Law / Regulation ​ ^ Description ​ |
 ^ Privacy ^ [[https://​www.omgwiki.org/​dido/​doku.php?​id=dido:​public:​ra:​xapend:​xapend.a_glossary:​c:​cpa | California Privacy Act]] |<​WRAP>​ ^ Privacy ^ [[https://​www.omgwiki.org/​dido/​doku.php?​id=dido:​public:​ra:​xapend:​xapend.a_glossary:​c:​cpa | California Privacy Act]] |<​WRAP>​
-California Privacy Act is a state level privacy act that provides protection of consumer information. The act is described as a stricter version of the Gramm-Leach-Bliley Act. +California Privacy Act is a state-level privacy act that provides protection of consumer information. The act is described as a stricter version of the Gramm-Leach-Bliley Act. 
 </​WRAP>​| </​WRAP>​|
 ^ Privacy ^ [[https://​www.omgwiki.org/​dido/​doku.php?​id=dido:​public:​ra:​xapend:​xapend.a_glossary:​c:​cccra | California Consumer Credit Reporting Agencies Act (CCCRA)]]|<​WRAP>​ ^ Privacy ^ [[https://​www.omgwiki.org/​dido/​doku.php?​id=dido:​public:​ra:​xapend:​xapend.a_glossary:​c:​cccra | California Consumer Credit Reporting Agencies Act (CCCRA)]]|<​WRAP>​
Line 225: Line 232:
 </​WRAP>​| </​WRAP>​|
 ^ Privacy ^ [[https://​www.omgwiki.org/​dido/​doku.php?​id=dido:​public:​ra:​xapend:​xapend.a_glossary:​c:​crfpa | California Right to Financial Privacy Act ]] |<​WRAP>​ ^ Privacy ^ [[https://​www.omgwiki.org/​dido/​doku.php?​id=dido:​public:​ra:​xapend:​xapend.a_glossary:​c:​crfpa | California Right to Financial Privacy Act ]] |<​WRAP>​
-California Right to Financial Privacy Act regulates the state'​s government agencies'​ abilities to access nonpublic consumer information. As a result of the act, California'​s government agencies are not authorized to access financial records unless the consumer gives consent or if a subpoena or a search warrant is issued for the information. ​+California'​s ​Right to Financial Privacy Act regulates the state'​s government agencies'​ abilities to access nonpublic consumer information. As a result of the act, California'​s government agencies are not authorized to access financial records unless the consumer gives consent or if a subpoena or a search warrant is issued for the information. ​
 </​WRAP>​| </​WRAP>​|
 ^ Privacy ^ [[https://​www.omgwiki.org/​dido/​doku.php?​id=dido:​public:​ra:​xapend:​xapend.a_glossary:​c:​csbcc | California Song-Beverly Credit Card Act]]|<​WRAP>​ ^ Privacy ^ [[https://​www.omgwiki.org/​dido/​doku.php?​id=dido:​public:​ra:​xapend:​xapend.a_glossary:​c:​csbcc | California Song-Beverly Credit Card Act]]|<​WRAP>​
Line 233: Line 240:
  The law defines the purpose, scope, application,​ compliance, and exceptions to the law.  The law defines the purpose, scope, application,​ compliance, and exceptions to the law.
  
-The purpose of the Vermont Privacy of Consumer Financial and Health Information is to govern the treatment of nonpublic personal information about consumers by the financial institutions.+The purpose of the Vermont Privacy of Consumer Financial and Health Information is to govern the treatment of nonpublic personal information about consumers by financial institutions.
 </​WRAP>​| </​WRAP>​|
 </​table>​ </​table>​
cbdc/public/cbdc_omg/04_doc/15_common/45_privacy/start.1652739683.txt.gz · Last modified: 2022/05/16 18:21 by nick