Privacy engineering, privacy by design, and privacy governance

Similar documents
Standards and privacy engineering ISO, OASIS, PRIPARE and Other Important Developments

EXIN Privacy and Data Protection Foundation. Preparation Guide. Edition

Information Privacy Awareness Seminar

RFID and privacy - Some industry perspectives (ICC, EICTA)

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Privacy framework

Presentation Outline

Privacy by Design with or without information security? Kirsten Bock CPDP

Privacy by design: the definitive workshop. A foreword by Ann Cavoukian, Ph.D

Protection of Privacy Policy

A Guide for Structuring and Implementing PIAs

Privacy by Design: Integrating Technology into Global Privacy Practices

Submission of the Information & Privacy Commissioner, Ontario, Canada

Guidance on the anonymisation of clinical reports for the purpose of publication in accordance with policy 0070

Privacy by Design: essential for organizational accountability and strong business practices

Location Privacy by Design - Technology & Business Incentives

The GDPR and Upcoming mhealth Code of Conduct. Dr Etain Quigley Postdoctoral Research Fellow (ARCH, UCD)

Privacy by Design: Research and Action. Deirdre K. Mulligan

Privacy Management in Smart Cities

Applying Privacy by Design in Software Engineering - An European Perspective

CONSENT IN THE TIME OF BIG DATA. Richard Austin February 1, 2017

Is Transparency a useful Paradigm for Privacy?

Privacy by Design Assessment and Certification. For discussion purposes only

LAB3-R04 A Hard Privacy Impact Assessment. Post conference summary

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Privacy framework

Pan-Canadian Trust Framework Overview

Towards a Modern Approach to Privacy-Aware Government Data Releases

Ethics Review Data Sharing Bridging Legal Environments

Our position. ICDPPC declaration on ethics and data protection in artificial intelligence

Robert Bond Partner, Commercial/IP/IT

GUIDELINES ON PRIVACY BY DESIGN AND PRIVACY IMPACT ASSESSMENT

Responsible Data Use Policy Framework

Toward Objective Global Privacy Standards. Ari Schwartz Senior Internet Policy Advisor

A systematic methodology for privacy impact assessments - a design science approach

The General Data Protection Regulation and use of health data: challenges for pharmaceutical regulation

Integrating Fundamental Values into Information Flows in Sustainability Decision-Making

- A CONSOLIDATED PROPOSAL FOR TERMINOLOGY

FUNDING DUE DILIGENCE WHAT YOUR INVESTORS NEED YOU TO KNOW ABOUT COMPLIANCE. May 26, 2010

Data Protection and Ethics in Healthcare

Data Protection by Design and by Default. à la European General Data Protection Regulation

Data Anonymization Related Laws in the US and the EU. CS and Law Project Presentation Jaspal Singh

First Components Ltd, Savigny Oddie Ltd, & Datum Engineering Ltd. is pleased to provide the following

Comments of Shared Spectrum Company

A Critical Analysis of Privacy Design Strategies Michael Colesky. Our Goals

Nymity Demonstrating Compliance Manual: A Structured Approach to Privacy Management Accountability

Privacy and Security in an On Demand World

LESSONS LEARNED. Mr. Gianfranco Scipione, M.Sc., J.D./M.B.A. Manager, Research Integrity UHN Research

Rosatom Approach to IPR Management in Collaborative Projects on Innovations

Privacy Policy SOP-031

Privacy Impact Assessments

Where s The Beep? Privacy, Security, & User (Mis)undestandings of RFID

Gender pay gap reporting tight for time

ISACA Privacy Principles and Program Management Guide. Yves LE ROUX CISM, CISSP ISACA Privacy TF Chairman. Insert Date Here

04 - Introduction to Privacy

Shift to Positive-Sum (Not Zero-Sum) Thinking

Sheet Metal Punch ifeatures

Guidance on the anonymisation of clinical reports for the purpose of publication

0x1A Great Papers in Computer Security

What%is%a%technical% contribu1on % when%doing%policy%work?%

Hong Kong Personal Data Protection Regulatory Framework From Compliance to Accountability

Violent Intent Modeling System

Implementability of the Identity Management Part in Pfitzmann/Hansen s Terminology for a Complex Digital World

Privacy, Technology and Economics in the 5G Environment

Whatever Happened to the. Fair Information Practices?

The Internet of Things ecosystem: the blockchain and privacy issues. The challenge for a global privacy standard

Privacy Impact Assessment in Practice

Embedding Privacy Into What s Next: Privacy by Design for the Internet of Things

Is Privacy Still an Issue for Data Mining? Chris Clifton 11 October, 2007

Systematic Privacy by Design Engineering

BUILDING A SAFER FUTURE GUIDANCE DOCUMENT

Data Protection and Privacy in a M2M world. Yiannis Theodorou, Regulatory Policy Manager GSMA Latam Plenary Peru, November 2013

The University of Sheffield Research Ethics Policy Note no. 14 RESEARCH INVOLVING SOCIAL MEDIA DATA 1. BACKGROUND

Ten Principles for a Revised US Privacy Framework

ITAC RESPONSE: Modernizing Consent and Privacy in PIPEDA

BUREAU OF LAND MANAGEMENT INFORMATION QUALITY GUIDELINES

TechAmerica Europe comments for DAPIX on Pseudonymous Data and Profiling as per 19/12/2013 paper on Specific Issues of Chapters I-IV

ADDENDUM D COMERICA WEB INVOICING TERMS AND CONDITIONS

Staffordshire Police

The Toronto Declaration: Protecting the rights to equality and non-discrimination in machine learning systems

APIs for USER CONTROLLABLE LOCATION PRIVACY

International Seminar on Personal Data Protection and Privacy Câmara Dos Deputados-BRAZIL

Malcolm Crompton. Future trends in consumer credit and privacy. Cockle Bay Wharf Sydney

2018 Federal Scientists Survey FAQ

Should privacy impact assessments be mandatory? David Wright Trilateral Research & Consulting 17 Sept 2009

IAB Europe Guidance THE DEFINITION OF PERSONAL DATA. IAB Europe GDPR Implementation Working Group WHITE PAPER

2018 Census Independent Privacy Impact Assessment 7 July Trust An independent assessment. Privacy

RFID, user identity and the public interest

Building DIGITAL TRUST People s Plan for Digital: A discussion paper

Protecting Privacy After the Failure of Anonymisation. The Paper

Consumer-Oriented Social Media How to Achieve Easy Privacy

Cross-border Flow of Health Information: is Privacy by Design sufficient to obtain complete and accurate data for Public Health in Europe?

Towards Code of Conduct on Processing of Personal Data for Purposes of Scientific Research in the Area of Health

EXPLORATION DEVELOPMENT OPERATION CLOSURE

Global Alliance for Genomics & Health Data Sharing Lexicon

The SAFARI Syndrome. Implementing CRIS and Open Science By Joachim Schöpfel, University of Lille 3

This is a preview - click here to buy the full publication

NCRIS Capability 5.7: Population Health and Clinical Data Linkage

Biometric Data, Deidentification. E. Kindt Cost1206 Training school 2017

Toronto Real Estate Board Submission to Office of the Privacy Commissioner of Canada. July 2016

Enabling Trust in e-business: Research in Enterprise Privacy Technologies

PRIVACY ANALYTICS WHITE PAPER

Transcription:

CyLab Lorrie Faith Cranor" Engineering & Public Policy acy & Secur ity Priv e l HT TP ratory bo La 8-533 / 8-733 / 19-608 / 95-818:! Privacy Policy, Law, and Technology CyLab U sab November 17, 2015 :// C DU Privacy engineering, privacy by design, and privacy governance U P S.C S.C M U.E 1

Today s agenda Quiz Questions about midterm Homework 7 discussion Beam case study Privacy engineering Privacy by design Privacy governance 2

By the end of class you will be able to: Understand how to apply various approaches to privacy engineering and privacy by design to design problems 3

Beam https://www.suitabletech.com/ 4

5

6

Beam discussion https://www.youtube.com/watch?v=uub4trpyxs What privacy issues does this technology raise in the home environment? How might these issues be addressed? 7

Privacy by policy vs. architecture What techniques are used in each approach? What are the advantages and disadvantages of each approach? 8

How rights are protected Privacy by Policy Through laws and policies Requires enforcement, technology can facilitate compliance Violations possible due to bad actors, mistakes, government mandates Privacy by Architecture Through technology Reduces need to rely on trust & external enforcement" Violations possible if technology fails or availability of new data or technology defeats protections May be viewed as too expensive or restrictive 9

What system features tend to lead to more or less privacy? Degree of Person Identifiability high low Privacy by Policy through FIPs Privacy by Architecture high Degree of Network Centricity low 10

Privacy by policy techniques Notice Choice Security safeguards Access Accountability Audits Privacy policy management technology Enforcement engine 11

Privacy by architecture techniques Best No collection of contact information No collection of long-term person characteristics k-anonymity with large value of k Good No unique identifiers across databases No common attributes across databases Random identifiers Contact information stored separately from profile or transaction information Collection of long-term personal characteristics w/ low granularity Technically enforced deletion of profile details at regular intervals 12

Privacy stages identifiability Approach to privacy protection 0 identified privacy by policy (notice and choice) 1 2 pseudonymous privacy by architecture Linkability of data to personal identifiers linked linkable with reasonable & automatable effort not linkable with reasonable effort 3 anonymous unlinkable System Characteristics unique identifiers across databases contact information stored with profile information no unique identifies across databases common attributes across databases contact information stored separately from profile or transaction information no unique identifiers across databases no common attributes across databases random identifiers contact information stored separately from profile or transaction information collection of long term person characteristics on a low level of granularity technically enforced deletion of profile details at regular intervals no collection of contact information no collection of long term person characteristics k-anonymity with large value of k 13

De-identification and re-identification Simplistic de-identification: remove obvious identifiers Better de-identification: also k-anonymize and/or use statistical confidentiality techniques Re-identification can occur through linking entries within the same database or to entries in external databases 14

Examples When RFID tags are sewn into every garment, how might we use this to identify and track people? What if the tags are partially killed so only the product information is broadcast, not a unique ID? How can a cellular provider identify an anonymous pre-paid cell phone user? 15

Privacy by Design Principles (PbD) 1. Proactive not Reactive; Preventative not Remedial 2. Privacy as the Default Setting 3. Privacy Embedded into Design 4. Full Functionality Positive-Sum, not Zero-Sum 5. End-to-End Security Full Lifecycle Protection 6. Visibility and Transparency Keep it Open 7. Respect for User Privacy Keep it User-Centric Ann Cavoukian https://www.privacybydesign.ca/content/uploads/ 2009/08/7foundationalprinciples.pdf 16

Data governance People, process, and technology for managing data within an organization Data-centric threat modeling and risk assessment Protect data throughout information lifecycle Including data destruction at end of lifecycle Assign responsibility 17

Privacy Impact Assessment A methodology for assessing the impacts on privacy of a project, policy, program, service, product, or other initiative which involves the processing of personal information and, in consultation with stakeholders, for taking remedial actions as necessary in order to avoid or minimize negative impacts D. Wright and P. De Hert, eds. Privacy Impact Assessment. Springer 2012. 18

PIA is a process Should begin at early stages of a project Should continue to end of project and beyond 19

Why carry out a PIA? To manage risks Negative media attention Reputation damage Legal violations Fines, penalties Privacy harms Opportunity costs To derive benefits Increase trust Avoid future liability Early warning system Facilitate privacy by design early in design process Enforce or encourage accountability 20

Who has to carry out PIAs? US administrative agencies, when developing or procuring IT systems that include PII Required by E-Government Act of 2002 Government agencies in many other countries Sometimes done by private sector Case studies from Vodaphone, Nokia, and Siemens in PIA book 21

CyLab Usable Privacy & Security Laboratory HT TP://CUPS.CS.CMU.EDU CyLab Engineering & Public Policy

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback