These numbers are very problematic. Having a privacy notice is such a fundamental step for protecting privacy. Beyond informing the consumer, the process of creating a privacy notice forces developers to think about the privacy implications of their technology, and it informs experts, NGOs, and regulators about what the technology is doing. This is essential for accountability.
To help address this problem, in 2011, the Federal Trade Commission (FTC) and the HHS Office of the National Coordinator for Health Information Technology (ONC) joined forces to create a Model Privacy Notice for designers of technology involving data to health.
I entered this competition with R. Jason Cronk. Jason is the founder of Enterprivacy Consulting Group, a boutique privacy consulting firm focused on Privacy by Design. He holds a JD from Florida State University and has been recognized by the International Association of Privacy Professionals as a Fellow of Information Privacy. He is a frequent blogger and speaker on privacy issues and tweets through @privacymaverick.
I’m delighted to announce that we have produced the winning MPN tool!
We collaborated on developing this tool because we wanted to help health technology developers generate privacy notices easily and in a way that is understandable to a wide audience. We designed the generator to produce policies that are clear, comprehensible, and visually appealing. We also built the generator so that it would be easy to use by developers.
With our tool, as developers input information about their privacy practices in a form on the left side, the tool generates the privacy notice on the right side, showing how it will look to the consumer. The generator tool breaks down the MPN in a simple and visual way and takes developers through it step by step.
The tool also generates raw HTML that the developers can copy and paste into their website for displaying their finalized notice to consumers, allowing for further customization as desired by the developer. The tool uses open source jQuery UI and Bootstrap CSS and the images are provided under the open MIT license. It is available on GitHub or on Enterprivacy.com.
We hope to put the concept and architecture of this tool to other uses. We believe it can be of help in many other contexts, and we welcome ideas and suggestions.
As we hope we have demonstrated, technology and design can be used to enhance privacy, making it easier for organizations to improve their privacy practices and better communicate about privacy with consumers.
* * * *
This post was authored by Professor Daniel J. Solove, who through TeachPrivacy develops computer-based privacy training, data security training, HIPAA training, and many other forms of awareness training on privacy and security topics. Professor Solove also posts at his blog at LinkedIn. His blog has more than 1 million followers.
Professor Solove is the organizer, along with Paul Schwartz of the Privacy + Security Forum (Oct. 4-7, 2017 in Washington, DC), an annual event that aims to bridge the silos between privacy and security.
NEWSLETTER: Subscribe to Professor Solove’s free newsletter (2x per month).
TWITTER: Follow Professor Solove on Twitter.