This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
cbdc:public:cbdc_omg:04_doc:15_common:45_privacy:start [2022/05/16 19:29] terrance |
cbdc:public:cbdc_omg:04_doc:15_common:45_privacy:start [2022/06/17 18:02] (current) terrance |
||
|---|---|---|---|
| Line 3: | Line 3: | ||
| | [[cbdc:public:cbdc_omg:04_doc:15_common:start| Return to Common Elements]] | <WRAP> | | [[cbdc:public:cbdc_omg:04_doc:15_common:start| Return to Common Elements]] | <WRAP> | ||
| <html><b> | <html><b> | ||
| - | <a href="mailto:[email protected]?Subject=OMG CBDC Response: | + | <a href="mailto:[email protected]?Subject=OMG's CBDC WG Response: |
| 4.4 National Privacy Considerations | 4.4 National Privacy Considerations | ||
| Line 74: | Line 74: | ||
| </WRAP>| | </WRAP>| | ||
| ^ Privacy ^ [[https://www.omgwiki.org/dido/doku.php?id=dido:public:ra:xapend:xapend.a_glossary:f:fdcpa | Fair Debt Collection Practices Act (FDCPA) ]]|<WRAP> | ^ Privacy ^ [[https://www.omgwiki.org/dido/doku.php?id=dido:public:ra:xapend:xapend.a_glossary:f:fdcpa | Fair Debt Collection Practices Act (FDCPA) ]]|<WRAP> | ||
| - | Under the FDCPA, collectors are not allowed to publish a consumer's name and address on a bad debt list or reveal any information regarding the debt to unaffiliated third parties except the consumers' partner or attorney. | + | Under the FDCPA, collectors are not allowed to publish a consumer's name and address on a bad debt list or reveal any information regarding the debt to unaffiliated third parties except the consumer's partner or attorney. |
| </WRAP>| | </WRAP>| | ||
| ^ Privacy ^ [[https://www.omgwiki.org/dido/doku.php?id=dido:public:ra:xapend:xapend.a_glossary:e:efta | Electronic Funds Transfer Act ]]|<WRAP> | ^ Privacy ^ [[https://www.omgwiki.org/dido/doku.php?id=dido:public:ra:xapend:xapend.a_glossary:e:efta | Electronic Funds Transfer Act ]]|<WRAP> | ||
| Line 98: | Line 98: | ||
| ^ Kind ^ Law / Regulation ^ Description | | ^ Kind ^ Law / Regulation ^ Description | | ||
| ^ Privacy ^ [[https://www.omgwiki.org/dido/doku.php?id=dido:public:ra:xapend:xapend.a_glossary:c:cpa | California Privacy Act]] |<WRAP> | ^ Privacy ^ [[https://www.omgwiki.org/dido/doku.php?id=dido:public:ra:xapend:xapend.a_glossary:c:cpa | California Privacy Act]] |<WRAP> | ||
| - | California Privacy Act is a state level privacy act that provides protection of consumer information. The act is described as a stricter version of the Gramm-Leach-Bliley Act. | + | California Privacy Act is a state-level privacy act that provides protection of consumer information. The act is described as a stricter version of the Gramm-Leach-Bliley Act. |
| </WRAP>| | </WRAP>| | ||
| ^ Privacy ^ [[https://www.omgwiki.org/dido/doku.php?id=dido:public:ra:xapend:xapend.a_glossary:c:coppa | California Consumer Privacy Act (CCPA)]] | <WRAP> | ^ Privacy ^ [[https://www.omgwiki.org/dido/doku.php?id=dido:public:ra:xapend:xapend.a_glossary:c:coppa | California Consumer Privacy Act (CCPA)]] | <WRAP> | ||
| Line 107: | Line 107: | ||
| </WRAP>| | </WRAP>| | ||
| ^ Privacy ^ [[https://www.omgwiki.org/dido/doku.php?id=dido:public:ra:xapend:xapend.a_glossary:c:crfpa | California Right to Financial Privacy Act ]] |<WRAP> | ^ Privacy ^ [[https://www.omgwiki.org/dido/doku.php?id=dido:public:ra:xapend:xapend.a_glossary:c:crfpa | California Right to Financial Privacy Act ]] |<WRAP> | ||
| - | California Right to Financial Privacy Act regulates the state's government agencies' abilities to access nonpublic consumer information. As a result of the act, California's government agencies are not authorized to access financial records unless the consumer gives consent or if a subpoena or a search warrant is issued for the information. | + | California's Right to Financial Privacy Act regulates the state's government agencies' abilities to access nonpublic consumer information. As a result of the act, California's government agencies are not authorized to access financial records unless the consumer gives consent or if a subpoena or a search warrant is issued for the information. |
| </WRAP>| | </WRAP>| | ||
| ^ Privacy ^ [[https://www.omgwiki.org/dido/doku.php?id=dido:public:ra:xapend:xapend.a_glossary:c:csbcc | California Song-Beverly Credit Card Act]]|<WRAP> | ^ Privacy ^ [[https://www.omgwiki.org/dido/doku.php?id=dido:public:ra:xapend:xapend.a_glossary:c:csbcc | California Song-Beverly Credit Card Act]]|<WRAP> | ||
| - | Under the California Song-Beverly Credit Card Act, companies may not collect personally identifiable information from consumers who purchase goods or services using credit cards. Companies cannot set conditions in which consumers must consent to sharing their information in order to use their credit cards for a transaction. However, consumer information can be requested in order to complete a credit card transaction as long as the information is never recorded. The act also set a redundant state level requirement that companies must shorten a consumer's credit and debit card information on receipts. | + | Under the California Song-Beverly Credit Card Act, companies may not collect personally identifiable information from consumers who purchase goods or services using credit cards. Companies cannot set conditions in which consumers must consent to share their information in order to use their credit cards for a transaction. However, consumer information can be requested in order to complete a credit card transaction as long as the information is never recorded. The act also set a redundant state-level requirement that companies must shorten a consumer's credit and debit card information on receipts. |
| </WRAP>| | </WRAP>| | ||
| ^ Privacy ^ [[https://www.omgwiki.org/dido/doku.php?id=dido:public:ra:xapend:xapend.a_glossary:v:vpcihi | Vermont Privacy of Consumer Financial and Health Information ]] |<WRAP> | ^ Privacy ^ [[https://www.omgwiki.org/dido/doku.php?id=dido:public:ra:xapend:xapend.a_glossary:v:vpcihi | Vermont Privacy of Consumer Financial and Health Information ]] |<WRAP> | ||
| Line 134: | Line 134: | ||
| * Jane White is a Chief Executive Officer (CEO) and President of one of the largest, most valued innovative companies in the world | * Jane White is a Chief Executive Officer (CEO) and President of one of the largest, most valued innovative companies in the world | ||
| - | Both show up at a medical facility that treats mental health and substance abuse. The diagnosis and the treatment for John and Jane are identical, with the same prognosis, and the outcomes are expected to be the same. On a personal level, this is a tragedy for both John and Jane, their families, and friends. | + | Both show up at a medical facility that treats mental health and substance abuse. The diagnosis and treatment for John and Jane are identical, with the same prognosis, and the outcomes are expected to be the same. On a personal level, this is a tragedy for both John and Jane, their families, and their friends. |
| - | Both John and Jane would like to keep their visit to the medical facility quiet. John has a better chance of keeping his visit secret, especially since there is no real economic incentive to divulge the secret. However, if it is known that Jane has visited this clinic, the collateral impact on her company, its employees, the investors and even those investing in competing companies can be wide-reaching and significant. | + | Both John and Jane would like to keep their visit to the medical facility quiet. John has a better chance of keeping his visit secret, especially since there is no real economic incentive to divulge the secret. However, if it is known that Jane has visited this clinic, the collateral impact on her company, its employees, the investors, and even those investing in competing companies can be wide-reaching and significant. |
| - | Regardless, if the data and metadata are about John or Jane, there is a reasonable expectation by both of them that data and metadata about their transaction with the medical facility is secure and remains private. | + | Regardless, if the data and metadata are about John or Jane, there is a reasonable expectation by both of them that data and metadata about their transaction with the medical facility are secure and remain private. |
| === Theoretical Solution === | === Theoretical Solution === | ||
| Line 176: | Line 176: | ||
| [[cbdc:public:cbdc_omg:04_doc:15_common:45_privacy:start| Return to Top]] | [[cbdc:public:cbdc_omg:04_doc:15_common:45_privacy:start| Return to Top]] | ||
| - | The "desirements" specified in [[https://www.omgwiki.org/CBDC/doku.php?id=cbdc:private:cbdc_omg:15_summary:start&do=edit | White Paper]] and identified by the [[https://www.omgwiki.org/CBDC/doku.php?id=cbdc:private:cbdc_omg:15_summary:start | OMG's White Paper Analysis]] as **Privacy Issues** are listed in Table {{ref>privacyReq}}. | + | The "desirements" specified in [[https://www.omgwiki.org/CBDC/doku.php?id=cbdc:public:cbdc_omg:15_summary:start&do=edit | White Paper]] and identified by the [[https://www.omgwiki.org/CBDC/doku.php?id=cbdc:public:cbdc_omg:15_summary:start | OMG's CBDC WG White Paper Analysis]] as **Privacy Issues** are listed in Table {{ref>privacyReq}}. |
| <table privacyReq> | <table privacyReq> | ||
| - | <caption>Examples of **Privacy Desirements** identified during the White Paper Analysis conducted by the OMG</caption> | + | <caption>Examples of **Privacy Desirements** identified during the White Paper Analysis conducted by the OMG's CBDC WG</caption> |
| |< 100% 20% ->| | |< 100% 20% ->| | ||
| ^ Category ^ Desirements ^ | ^ Category ^ Desirements ^ | ||
| Line 192: | Line 192: | ||
| [[cbdc:public:cbdc_omg:04_doc:15_common:45_privacy:start| Return to Top]] | [[cbdc:public:cbdc_omg:04_doc:15_common:45_privacy:start| Return to Top]] | ||
| - | Table {{ref>privacyReqDiscussion}} provides discussion points for each of the "desirements" identified by the [[https://www.omgwiki.org/CBDC/doku.php?id=cbdc:private:cbdc_omg:15_summary:start | OMG's White Paper Analysis]]. | + | Table {{ref>privacyReqDiscussion}} provides discussion points for each of the "desirements" identified by the [[https://www.omgwiki.org/CBDC/doku.php?id=cbdc:public:cbdc_omg:15_summary:start | OMG's CBDC WG White Paper Analysis]]. |
| <table privacyReqDiscussion> | <table privacyReqDiscussion> | ||
| Line 226: | Line 226: | ||
| ^ Kind ^ Law / Regulation ^ Description | | ^ Kind ^ Law / Regulation ^ Description | | ||
| ^ Privacy ^ [[https://www.omgwiki.org/dido/doku.php?id=dido:public:ra:xapend:xapend.a_glossary:c:cpa | California Privacy Act]] |<WRAP> | ^ Privacy ^ [[https://www.omgwiki.org/dido/doku.php?id=dido:public:ra:xapend:xapend.a_glossary:c:cpa | California Privacy Act]] |<WRAP> | ||
| - | California Privacy Act is a state level privacy act that provides protection of consumer information. The act is described as a stricter version of the Gramm-Leach-Bliley Act. | + | California Privacy Act is a state-level privacy act that provides protection of consumer information. The act is described as a stricter version of the Gramm-Leach-Bliley Act. |
| </WRAP>| | </WRAP>| | ||
| ^ Privacy ^ [[https://www.omgwiki.org/dido/doku.php?id=dido:public:ra:xapend:xapend.a_glossary:c:cccra | California Consumer Credit Reporting Agencies Act (CCCRA)]]|<WRAP> | ^ Privacy ^ [[https://www.omgwiki.org/dido/doku.php?id=dido:public:ra:xapend:xapend.a_glossary:c:cccra | California Consumer Credit Reporting Agencies Act (CCCRA)]]|<WRAP> | ||
| Line 232: | Line 232: | ||
| </WRAP>| | </WRAP>| | ||
| ^ Privacy ^ [[https://www.omgwiki.org/dido/doku.php?id=dido:public:ra:xapend:xapend.a_glossary:c:crfpa | California Right to Financial Privacy Act ]] |<WRAP> | ^ Privacy ^ [[https://www.omgwiki.org/dido/doku.php?id=dido:public:ra:xapend:xapend.a_glossary:c:crfpa | California Right to Financial Privacy Act ]] |<WRAP> | ||
| - | California Right to Financial Privacy Act regulates the state's government agencies' abilities to access nonpublic consumer information. As a result of the act, California's government agencies are not authorized to access financial records unless the consumer gives consent or if a subpoena or a search warrant is issued for the information. | + | California's Right to Financial Privacy Act regulates the state's government agencies' abilities to access nonpublic consumer information. As a result of the act, California's government agencies are not authorized to access financial records unless the consumer gives consent or if a subpoena or a search warrant is issued for the information. |
| </WRAP>| | </WRAP>| | ||
| ^ Privacy ^ [[https://www.omgwiki.org/dido/doku.php?id=dido:public:ra:xapend:xapend.a_glossary:c:csbcc | California Song-Beverly Credit Card Act]]|<WRAP> | ^ Privacy ^ [[https://www.omgwiki.org/dido/doku.php?id=dido:public:ra:xapend:xapend.a_glossary:c:csbcc | California Song-Beverly Credit Card Act]]|<WRAP> | ||
| Line 240: | Line 240: | ||
| The law defines the purpose, scope, application, compliance, and exceptions to the law. | The law defines the purpose, scope, application, compliance, and exceptions to the law. | ||
| - | The purpose of the Vermont Privacy of Consumer Financial and Health Information is to govern the treatment of nonpublic personal information about consumers by the financial institutions. | + | The purpose of the Vermont Privacy of Consumer Financial and Health Information is to govern the treatment of nonpublic personal information about consumers by financial institutions. |
| </WRAP>| | </WRAP>| | ||
| </table> | </table> | ||