Recently, the Information and Privacy Commissioner of Ontario released a report entitled: Privacy and the Digital Rights Management (DRM): An Oxymoron? The report details the advent of DRM and discusses how DRM has evolved. In particular, the report examines the effect of DRM on privacy and provides a seven step procedure that DRM developers can follow to ensure that DRM technology does not adversely affect consumers privacy rights. These steps include:
- defining and communicating the privacy expectation to the public,
- developing privacy policies and principles,
- assessing human and information resources,
- conducting a threat risk assessment by completing a Privacy Impact Assessment,
- setting up methodology for privacy risk management at the system level,
- introducing rules and controls deployed in privacy risk management, and
- deploying and auditing review expectations and requirements.