The Privacy Projects bases all of its activities, communications, and business processes on the premise that personally-identifiable information, or PII, is critically important and requires both our respect and protection.

Although TPP has a short history, our staff includes leading privacy professionals with long-standing reputations in maintaining personal data.  We have never lost, disclosed, or otherwise compromised personal information and we maintain reasonable and appropriate safeguards to continue that excellent record.  We remain accountable for our privacy promise; if you have questions or need more information, write to us at info@theprivacyprojects.com.

PII Collection

As all modern companies do, we collect personal information when individuals knowingly provide it; we do not collect any PII without first providing individuals an opportunity to understand what we are collecting, how we will use it, with whom we may share it and how we protect it.  Should you share your PII with us, we will safeguard it from all uses and disclosures that are outside the promises we made when we collected it.

PII Use

We use your PII to communicate with you for a variety of reasons, including keeping you informed about our research and educational activities.  You can contact us at anytime to request we not communicate with you; you can also ask us to delete your PII from our systems; we will comply immediately.

PII Sharing

We do not share your PII unless you request that we do.  There is an exception, which is standard procedure for all responsible companies, which is that we will share PII in the event we know of or perceive a reason to do so to comply with the law, to report suspected criminal activities, or to protect our safety and that of others.

PII Safeguards

We protect PII from unauthorized use, disclosure, loss, or corruption by limiting access to digital and physical copies, controlling our premises and equipment and deploying technologies designed to safeguard all of our confidential data.  Our personnel are trained to protect PII and exercise care for all PII under their control.

PII Storage

We store only the minimum PII needed to serve our clients, customers, and other parties.  All PII that is no longer needed is disposed of completely to prevent any unauthorized disclosure.

Data Privacy Day 2010 Retrospective

The Privacy Projects Launch

Global Data Flows Report

We will again ask the hard questions and support the pursuit of reasonable, practical answers.

-      What do hardware and software developers have to know to design and produce privacy-sensitive products and services?

-      In what ways can technology actually enhance our privacy without limiting our access to valuable, even necessary, services?

-      Can technology utilize its power and influence to educate individuals about their choices in providing more or less personal information in exchange for goods and services?

-      Are there limits to technologies ability to intrude into our lives?  Should there be?

Projects and Activities-

• OECD Guidelines in the Public Sector 2011

• Data Privacy Day Retrospective 2010

• The Privacy Projects-Paul Schwartz Global Data Flows 2009

About TPP

TPP’s goal is to create ongoing momentum to update personal information handling policies, practices and tools to match the world-class technologies that power our networked world.  We believe that we can support advances in the ways organizations, including business and government, collect, store, use, share and manage personal information, encouraging more respect for the ‘digital human’ the data represents.  To this end, TPP sponsors research and facilitates informed dialog to promote practical solutions and policy frameworks that foster responsible information sharing while preventing, to the extent possible, inappropriate access to and use of personal information.

 2013 Research Proposals Process

We live in a world of growing interconnection where technology is ever more integrated into both our work and personal lives, resulting in both significant economic and societal benefits.  Those beneficial uses of technology may also create more possibilities for exposing personal information including interests, beliefs, associations, thoughts and actions; these uses connect individuals, communities, the public and the government in new and unexpected ways.  Apart from exposing information as incidental to the use of a service, a new range of bad actors has emerged that seeks to exploit such information accessibility for financial gain.

Technology developments and innovation outpace government’s ability to create new laws, regulations and policies to protect personal data.  In a world of diverse devices and interconnected, networked environments, existing tools have limited ability to address many privacy and data protections issues.  Even commercial and government tools are challenged to keep pace with emerging business models and ways in which information can be used.

In this ever more interconnected context, TPP is committed to directing targeted research, fostering appropriate stakeholder dialog, and promoting practical technical solutions and policy frameworks related to existing and emerging models of information collection, use and governance. Our goal is to facilitate and enhance the collaboration among government, business and individuals to design and implement frameworks and systems that address emerging privacy, security and governance concerns through the development of policy and technical solutions that promote responsible information sharing while preventing, to the extent possible, inappropriate access to and use of personal information.

TPP will consider, on an ongoing basis, research proposals in line with our mission statement that consider the following factors:

1. Addresses practical challenges and seeks solutions to real world conditions
2. Supports developing public policy reforms that address challenges faced by organization who collect, store, use, share and manage personal information
3. Helps organizations to enhance data governance capabilities and capacities
4. Capable of broad deployment, adoption and implementation

Please submit a brief abstract describing your project including timeline and researches involved with the work.  Please note that TPP prefers to take on projects for which we are not the sole funders.   Submissions will be accepted at info@theprivacyprojects.org.

Review and Approval Process

Proposals will be accepted for consideration upon submission.  The Board of Directors will review and evaluate each proposal based on the following elements:

1. Distinct Contribution: TPP will strive to support innovative research that brings new issues and perspectives to the privacy policy dialogue;
2. Impact: TPP will strive to support research on topics that will advance organizations’ management and stewardship of personal information; and,
3. Influence:  TPP will strive to support research that will be influential.

Decisions on funding will be made and notified subject to a Board decisions.   The Board will review submissions on a quarterly basis (March, June, September, December) and make a determination on funding.

Please contact info@theprivacyprojects.org for questions or for more information.

Cross Border Data Flows

Importantly, technology tools have broken down national borders, overwhelming national authorities to set laws and rules that actually protect the individual.  Our first project examines the procedures employed by leading multi-national companies when providing services that span the globe, available to virtually any computer on the planet.  We are looking for the set of core practices that emerge as common to all, providing both an efficient data management practice as well as providing information privacy and security protections.

Our first report is due for publication in October 2009; we look forward to hearing your reactions.

Recent principles discussions, focused on preventing harms and clarifying accountability, support new interpretations of the older principles and help companies implement procedures designed to promote privacy.

Hard questions remain.

-      Has the efficacy of Notice and Consent passed by in the Internet Age?

-      Can we reasonably expect people to understand complex data management enough to provide substantially reasonable informed consent?

-      Is the concept of Data Subject Access practical in our networked environments?

Audrey Plonk

Previously, at the OECD Secretariat in Paris, Audrey authored a report on malicious software, and co-authored a series of comparative policy analyses about critical information infrastructure protection including a recommendation to the OECD Council. Prior to that, Audrey worked as a consultant for the Department of Homeland Security’s National Cyber Security Division in the international affairs division. Audrey attended George Washington University and received her BA in International Affairs and minors in French and Dance. She is fluent in French.

Peter Cullen-Microsoft

Peter Cullen - TPP vice-chair and GM of Trustworthy Computing and Chief Privacy Strategist at Microsoft Corp., and is directly responsible for managing the development and implementation of programs that bolster the privacy and trustworthiness of Microsoft® products, services, processes and systems worldwide.

Cullen leads Microsoft’s privacy group as well as teams of online safety, geopolitical and accessibility experts, all committed to enhancing customers’ computing experiences. Cullen brings more than a decade of expertise in privacy and data protection to his role as well as extensive background in building sound organizational practices.

Stan Crosley- Eli Lilly Corporation

Stanley Crosley is TPPs Secretary and Co-Director of the Indiana University Center for Strategic Health Information Provisioning, a health information strategy and management center created through IU’s schools of Law, Medicine and Informatics.  He is also a principal in Privacy and Information Management Services and Crosley Law Offices, LLC.

Stan is the former Chief Privacy Officer for Eli Lilly Company, where he initiated Lilly’s global privacy program in 1998.  The program received the 2007 Innovation Award from the International Association of Privacy Professionals. Stan also co-founded and served as Chair of the International Pharmaceutical Privacy Consortium and was a member of the IOM Medical Research and Privacy Committee.  He serves on the boards of the Indiana Health Informatics Technology, Inc., the International Association Privacy Professionals, and The Privacy Projects and is a member of the Brookings Institute Experts’ Committee on Active Medical Product Surveillance.

Stan is a graduate of Hillsdale College with a BS in Biology/Chemistry and of Indiana University Maurer School of Law – Bloomington, where he received a JD with honors.  Stan is a member of the board of Shepherd Community Center, dedicated to breaking the cycle of poverty on Indianapolis’ east side, and is active in his church and community.

Joseph Alhadeff -  is the VP, Global Public Policy and CPO for Oracle Corporation, and is responsible for coordinating and managing Oracle’s global privacy and public policy issues.

In addition, Joe has a prominent role in influential international organizations dedicated to Internet policy, security and privacy, including as the BIAC Chair to the OECD ICCP Committee, head of industry delegation to the OECD Security Steering Group, and Vice Chair of the International Chamber of Commerce’s Electronic Business and Information Technology Committee.   Domestically, Mr. Alhadeff <span>chairs the US-Malaysia Business Council, the Information Technology Committee for the US India Business Council and the Government Affairs Committee for the Software and Information Industry Association.  Prior to joining Oracle, Joe was GC and VP for Electronic Commerce for the USCIB in New York.  Alhadeff holds and M.B.A. in management and information systems from New York University, Leonard N. Stern School of Business and  a J.D. from Boston University School of Law, and a B.A. from Oberlin College.

Prof. Fred Cate- Indiana University

Fred H. Cate is a Distinguished Professor, C. Ben Dutton Professor of Law, and Adjunct Professor of Informatics at Indiana University. He directs IU’s Center for Applied Cybersecurity Research.

Fred is a senior policy advisor to the Centre for Information Policy Leadership at Hunton & Williams LLP, and he is a member of Microsoft’s Trustworthy Computing Academic Advisory Board, the Board of Directors of the Center for Applied Identity Management Research, and the Board of Advisors of Trustee. He testifies regularly before congressional committees, and speaks frequently before professional, industry, and government groups. He serves as co-editor of the Privacy Department for Security & Privacy (IEEE) and is a member of BNA’s Privacy & Security Law Report Advisory Board. Fred is listed in Who’s Who in the World, Who’s Who in America, Who’s Who in American Law, and Who’s Who in American Education. Computerworld included him in its 2007 and 2008 annual lists of “Best Privacy Advisers.”

Deirdre K. Mulligan is a professor of law at the UC Berkeley School of Information and a Faculty Director of the Berkeley Center for Law and Technology. She was the founding director of the Samuelson Clinic, which she led from 2001-2008. Before coming to Boalt, she was staff counsel at the Center for Democracy & Technology in Washington.

Professor Mulligan’s current research agenda focuses on information privacy and security. Current projects include qualitative interviews to understand the institutionalization and management of privacy within corporate America, and role of law in corporate information security policy and practice. Other areas of current research include digital rights management technology and privacy and security issues in sensor networks and visual surveillance systems, and alternative legal strategies to advance network security.

Toby Milgrom Levin served as Senior Advisor and Director of the Privacy Policy in the Department of Homeland Security (DHS) Privacy Office for 5 years until her retirement in March 2010. Ms. Levin’s responsibilities included advising the Chief Privacy Officer on issues such as government information sharing, use of social media, CCTV, data mining, identity management, and cloud computing. Ms. Levin helped draft the DHS Fair Information Practice Principles (FIPPs) and its incident response program. Ms. Levin was also instrumental in drafting the recently issued NIST SP 800-53 Appendix J, Privacy Control Catalog, which provides privacy controls, based on the FIPPs and best practices, to enforce privacy requirements across the federal government. Ms. Levin was awarded the DHS Secretary’s Silver Medal in 2007. Prior to joining the DHS Privacy Office in 2005, Ms. Levin was a Senior Attorney at the Federal Trade Commission (FTC), where she was a lead attorney on the FTC’s first privacy cases. During her 20 years at the FTC, she participated in writing the Commission’s early privacy reports, coordinated public privacy workshops, served as the first manager of the Children’s Online Privacy Protection Act enforcement program, and was a lead attorney enforcing the Gramm-Leach-Bliley (GLB) “Safeguards Rule.” She currently serves on the Information Security and Privacy Advisory Board (ISPAB), advising NIST, the Secretary of Commerce, and OMB on federal information security and privacy.

Elizabeth Denham was appointed Information and Privacy Commissioner for British Columbia in May, 2010.

From 2007-2010, Ms. Denham served as Assistant Privacy Commissioner of Canada, where she monitored and enforced private sector privacy obligations under the Personal Information Protection and Electronic Documents Act.

As Assistant Privacy Commissioner, she led a groundbreaking investigation into the privacy practices of Facebook resulting in a number of changes to the social networking site––changes that were implemented on a global basis. She also led the Office’s discussions with the global search engine Google, which prompted improvements to the company’s street-level imaging service in Canada.