The Game Changer: Privacy by Design

Similar documents
Shift to Positive-Sum (Not Zero-Sum) Thinking

CANADIAN CENTRE FOR ETHICS AND CORPORATE POLICY. Annual General Meeting. May 17, :30 7:00 pm

Privacy by design: the definitive workshop. A foreword by Ann Cavoukian, Ph.D

Our position. ICDPPC declaration on ethics and data protection in artificial intelligence

European Charter for Access to Research Infrastructures - DRAFT

Privacy and the EU GDPR US and UK Privacy Professionals

Towards a Magna Carta for Data

The Information Commissioner s response to the Draft AI Ethics Guidelines of the High-Level Expert Group on Artificial Intelligence

Global citizenship at HP. Corporate accountability and governance. Overarching message

Hong Kong Personal Data Protection Regulatory Framework From Compliance to Accountability

How Explainability is Driving the Future of Artificial Intelligence. A Kyndi White Paper

Should privacy impact assessments be mandatory? David Wright Trilateral Research & Consulting 17 Sept 2009

Privacy by Design: essential for organizational accountability and strong business practices

GDPR Implications for ediscovery from a legal and technical point of view

Robert Bond Partner, Commercial/IP/IT

Privacy by Design Assessment and Certification. For discussion purposes only

LAB3-R04 A Hard Privacy Impact Assessment. Post conference summary

The EFPIA Perspective on the GDPR. Brendan Barnes, EFPIA 2 nd Nordic Real World Data Conference , Helsinki

The Passion Project TM Business Launch Blueprint

PRIVACY ANALYTICS WHITE PAPER

MJ DURKIN 2016 MJ DURKIN ALL RIGHTS RESERVED mjdurkinseminars.com

Vice Chancellor s introduction

ITAC RESPONSE: Modernizing Consent and Privacy in PIPEDA

The Medical Device Regulation: Transitioning between old and new

CEOCFO Magazine. Pat Patterson, CPT President and Founder. Agilis Consulting Group, LLC

12 April Fifth World Congress for Freedom of Scientific research. Speech by. Giovanni Buttarelli

Canadian Health Food Association. Pre-budget consultations in advance of the 2018 budget

Building DIGITAL TRUST People s Plan for Digital: A discussion paper

A Practical Guide to Supply Teaching

9 PILLARS OF BUSINESS MASTERY

A Simple Guide To Practicing English With Native Speakers

Protection of Privacy Policy

What does the revision of the OECD Privacy Guidelines mean for businesses?

Nymity Demonstrating Compliance Manual: A Structured Approach to Privacy Management Accountability

Stakeholder Involvement. Nuclear Issues. INSAG and IAEA perspective BASIS FOR KNOWN PUBLIC CONCERN. INSAG-20 Stakeholder Involvement in

ICO submission to the inquiry of the House of Lords Select Committee on Communications - The Internet : To Regulate or not to Regulate?

Finally, The Truth About Why Your Home Didn t Sell and Your Mad As Heck

DON T LET WORDS GET IN THE WAY

Submission of the Information & Privacy Commissioner, Ontario, Canada

Internet of Things Market Insights, Opportunities and Key Legal Risks

SlideShare Traffic Rush

If you like the idea of keeping customers happy and helping them with their enquiries, then you should consider a career in customer service.

Executive Summary Industry s Responsibility in Promoting Responsible Development and Use:

Documents for the Winning Job Search

The Ultimate DIY Guide to Getting Great Press

Testimony of Professor Lance J. Hoffman Computer Science Department The George Washington University Washington, D.C. Before the

InternetMarketingWithBarb.com

Embedding Privacy Into What s Next: Privacy by Design for the Internet of Things

Global Standards Symposium. Security, privacy and trust in standardisation. ICDPPC Chair John Edwards. 24 October 2016

Responsible Data Use Policy Framework

I m sorry, my friend, but you re implicit in the algorithm Privacy and internal access to #BigDataStream

The new GDPR legislative changes & solutions for online marketing

How to get more quality clients to your law firm

THE UNIVERSITY OF AUCKLAND INTELLECTUAL PROPERTY CREATED BY STAFF AND STUDENTS POLICY Organisation & Governance

How to Be a Sought After In-Demand Expert Guest on Multiple Podcasts!

How to Become Your Own Money Magnet

Ethics Guideline for the Intelligent Information Society

Welcome to RHI Magnesita The driving force of the refractory industry

The Art of. Christy Whitman s. Interview with. Kat Loterzo

WWF-Canada s Recommendations to the National Energy Board Regarding Arctic Offshore Drilling Requirements

Brief to the. Senate Standing Committee on Social Affairs, Science and Technology. Dr. Eliot A. Phillipson President and CEO

Cultural Evolution Is the future in our own hands?

The insider s guide to data-driven cleaning

Paid Surveys Secret. The Most Guarded Secret Top Survey Takers Cash In and Will Never Tell You! Top Secret Report. Published by Surveys & Friends

Legal Aspects of Identity Management and Trust Services

Children s rights in the digital environment: Challenges, tensions and opportunities

100 Freelance Writing Questions Answered. By Carol Tice Edited by Angie Mansfield

Venturing into contracting?

Myth Bookkeeper SAMPLE MICHAEL E. GERBER. Why Most Bookkeeping Practices Don t Work and What to Do About It CHAPTER

Enfield CCG. CCG 360 o stakeholder survey 2015 Main report. Version 1 Internal Use Only Version 1 Internal Use Only

Oxfordshire CCG. CCG 360 o stakeholder survey 2015 Main report. Version 1 Internal Use Only Version 1 Internal Use Only

Southern Derbyshire CCG. CCG 360 o stakeholder survey 2015 Main report. Version 1 Internal Use Only Version 1 Internal Use Only

South Devon and Torbay CCG. CCG 360 o stakeholder survey 2015 Main report Version 1 Internal Use Only

Publication Date Reporter Pharma Boardroom 24/05/2018 Staff Reporter

Portsmouth CCG. CCG 360 o stakeholder survey 2015 Main report. Version 1 Internal Use Only Version 1 Internal Use Only

Commonwealth Data Forum. Giovanni Buttarelli

Phase 1: Ideation Getting Started with Concept Testing

MOBILIZE AND MAXIMIZE THE POTENTIAL OF P25 DIGITAL LMR

the Companies and Intellectual Property Commission of South Africa (CIPC)

National approach to artificial intelligence

CHAPTER 1 PURPOSES OF POST-SECONDARY EDUCATION

Sutton CCG. CCG 360 o stakeholder survey 2015 Main report. Version 1 Internal Use Only Version 1 Internal Use Only

YOUR IMPACT INITIATIVES

Malcolm Crompton. Future trends in consumer credit and privacy. Cockle Bay Wharf Sydney

Start your adventure here.

6 SIMPLE WAYS TO ADD VALUE TO YOUR NETWORK BY SELENA SOO

MILLION-DOLLAR WEBINAR TEMPLATE DAN LOK

Leadership: Getting and Giving the Call for Action

CanNor Building a Strong North Together Strategic Framework CanNor.gc.ca

Working On It, Not In It: The Four Secrets to Successful Entrepreneurship

THE ULTIMATE GUIDE TWITTER CHATS

HL7 Standards and Components to Support Implementation of the European General Data Protection Regulation (GDPR)

Be Yourself to Greatness Worksheet

Detailed Instructions for Success

The Sullivan Group at Morgan Stanley Smith Barney. Where Your Needs Come First

Our Digital Future: An Interview with the UM Dean of School of Information

Ocean Energy Europe Privacy Policy

HOW TO DECIDE IF YOUR CONSULTANT IS WORTH THE MONEY.

DELEGATE WORKSHEET: ASKING PEOPLE TO JOIN OUR UNION

Ten Principles for a Revised US Privacy Framework

Transcription:

WHITE PAPER Dr. Ann Cavoukian, Privacy by Design Centre of Excellence, on leading with privacy by design The Game Changer: Privacy by Design

Data Security: Cost of Taking the Reactive Approach CONTENTS Introduction Privacy, Dispelling the Myths Privacy by Design, Game Changer Reactive Approach, at What Cost? Master GDPR, Reap the Rewards Single Piece of Advice About Echoworx 3 4 5 6 7 8 9

INTRODUCTION Last year ended with some of the largest data breaches in history. Yahoo, LinkedIn, the DNC, to name a few. The message, you have to protect the data of your customers, employees and business partners, is a message that s increasingly being heard - what most organizations are struggling with is, how.. Protecting privacy while meeting the regulatory requirements for data protection around the world is becoming an increasingly challenging task. Taking a comprehensive, properly implemented risk-based approach where globally defined risks are anticipated and countermeasures are built into systems and operations, by design can be far more effective, and more likely to respond to the broad range of requirements in multiple jurisdictions. Dr. Ann Cavoukian In an interview about the cost of taking a reactive approach to privacy breaches, Ann discusses: What privacy is, is not and dispels the myths; Privacy by design, the gold standard in data protection; The benefits of taking the proactive approach to privacy breaches. Dr. Ann Cavoukian is recognized as one of the world s leading privacy experts. She is presently the Distinguished Expert-in-Residence, leading the Privacy by Design Centre of Excellence at Ryerson University. Dr. Cavoukian served an unprecedented three terms as the Information & Privacy Commissioner of Ontario, Canada. There she created Privacy by Design. In 2010, International Privacy Regulators unanimously passed a Resolution recognizing Privacy by Design as an international standard. Dr. Cavoukian has received numerous awards recognizing her leadership in privacy, including being named as one of the Top 25 Women of Influence in Canada, named among the Top 10 Women in Data Security and Privacy, named as one of the Power 50 by Canadian Business, named as one of the Top 100 Leaders in Identity, and most recently, Dr. Cavoukian was awarded the Meritorious Service Medal for her outstanding work on creating Privacy by Design and taking it global (May, 2017). 3

Data Security: Cost of Taking the Reactive Approach PRIVACY, DISPELLING THE MYTHS MAGEE: Hi. I m Lorena Magee, VP of Marketing at Echoworx. I m talking today about the essential need for both privacy and security and the business advantages of a proactive model of prevention. It s my pleasure to be speaking with Dr. Ann Cavoukian. Ann, as the creator of privacy by design, why do you think most people, largely, take privacy for granted? Is it legitimate to believe that if you are a law-abiding citizen and have nothing to hide, privacy isn t important? CAVOUKIAN: Let me start by dispelling some of the myths. What is privacy and what is myth? Privacy is not about secrecy. It s not about having something to hide. I m sure you ve heard that expression, well if you have nothing to hide, you have nothing to fear right? Wrong. It s the exact opposite. PRIVACY IS NOT ABOUT SECRECY PRIVACY IS ALL ABOUT PERSONAL CONTROL Sometimes, people may believe that as long as they re law-abiding citizens, there s nothing wrong with police spying on them. But that s not what freedom is about. Freedom is about you deciding what you want to do with your information, not the government, not your mother, not your spouse, you. You make those decisions. Privacy is all about personal control. For you as a user, it s critical. It s so important that you can exercise that freedom of choice. The Germans have a wonderful term for this called informational self-determination. Big term, simple concept that it should be the individual who determines the fate of his or her personal information. We largely take privacy for granted. We take freedom for granted but once you start chipping away at this, it s very difficult to get back. MAGEE: Let s turn to privacy by design. What is it and why do you feel it is so important? CAVOUKIAN: Privacy by design is all about proactively protecting privacy by embedding the necessary protective measures into technologies and business practices. It is an essential framework that compliments regulatory compliance. I first developed the framework for privacy by design in late 90 s but it really took off after 9/11 because after 9/11, as you can imagine, no one was interested in privacy. Everyone was focused on public safety and security. Unfortunately, what was forgotten is that in order to have public safety and security, we need privacy. I wanted a system that would allow for both security and privacy - that s one of the cornerstones of privacy by design. In 2010, International Privacy Regulators unanimously passed a Landmark Resolution recognizing Privacy by Design as an international standard. This proactive means of protection is very different from the conventional reactive 4

PRIVACY BY DESIGN, A GAME CHANGER The 7 Foundational Principles Proactive not reactive Lead with privacy as the default setting Embed privacy into design Retain full functionality Ensure end-to-end security approach. But, in this day in age of ubiquitous computing, online connectivity, massive social media and data collection, we are no longer able to protect privacy with a reactive model alone. MAGEE: What is the essence of the Privacy by Design model and how is this beneficial to businesses? CAVOUKIAN: There are two essentials to Privacy by Design. One is that it s proactive and prevents the harm from arising. The other is to abandon the idea of privacy versus security. The power of both is enormous because it enables two positive gains. It s not an either/or proposition, which invariably involves unnecessary trade offs and false dichotomy. Not only will such a model jeopardize our freedoms it will also diminish our prosperity as a society diminishing innovation and creativity, leading to a lose/lose outcome. You ll be far better off doing privacy and security, privacy and data utility, privacy and marketing. I always tell people privacy s not anti marketing, it s pro choice. You can do both and you will gain significantly by doing that. Privacy by default, is a game changer. It basically says companies and governments aren t going to do anything else with my information other than what was intended. This is the opposite of what s happening now. PRIVACY BY DESIGN GOES WELL BEYOND ACCEPTED FAIR INFORMATION PRACTICES AND PRIVACY STANDARDS, VIRTUALLY ASSURING REGULATORY COMPLIANCE NO MATTER WHERE YOU OPERATE MAGEE: This is very interesting but seems like a theoretical concept. Academic construct doesn t usually work in real life, does it? Maintain visibility and transparency Respect user privacy CAVOUKIAN: Let me assure you, when I was privacy commissioner, if it didn t work on the ground right then and there I had no use for it. This is real. Think of any major tech company, any of the big ones, Microsoft, Intel, HP, Oracle, IBM, I could go on. We ve worked with all of them to develop specific papers showing how Privacy by Design can effectively deal with all digital information being collected or transmitted by devices and operations - that it is being transmitted securely and encrypted. We developed full infrastructures - and they ve been very successful. MAGEE: What, according to you, are the flaws of the reactive model in privacy breaches? 5

Data Security: Cost of Taking the Reactive Approach REACTIVE APPROACH, AT WHAT COST? CAVOUKIAN: The flaw is that most privacy breaches remain undetected regulators only see the tip of the iceberg. The majority of privacy breaches remain unchallenged, unregulated... unknown. Regulatory compliance after the fact is no longer sustainable and yet it is still the model for ensuring privacy. We need to be proactive and need a security model of prevention much like a medical model of prevention. Could you imagine going to see your doctor and he says, yeah it looks like you got some cancer developing here. Let s see if it gets worse and if it does get worse we ll offer you some chemo. It s an unthinkable proposition. It should be equally unthinkable that we allow security harms to develop and then offer a system of redress after the fact. MAGEE: What are the consequences of taking a reactive approach to data breaches? CAVOUKIAN: I am often asked, what is this going to cost me? But the question should be, what is it going to save me? It s guaranteed that a dynamic, proactive approach is going to save you not only a lot of money but also a lot of heart ache. Of course, there is some cost associated with being proactive Source: Deloitte Privacy by Design certification but it is a fraction of the cost that you incur when you have data breaches and privacy infractions, which I guarantee you will have. Ensuring privacy and security through every phase of the data lifecycle has become crucial to avoiding legal liability, maintaining regulatory compliance, protecting your brand, and preserving customer confidence. These days there are not just law suits that arrive, there are class action law suits that cost companies millions but far worst may be the damage to your brand and the damage to your reputation, which may be irrefutable. The cost in terms of loss of consumer confidence - loss of trust is huge. Think of Target whose gross expenses for the 2013 breach, so far, total over $240 million. The costs are huge when you take a reactive approach. MAGEE: As we all know, the EU passed the General Data Protection Regulation (GDPR), which comes into effect May 6

MASTER GDPR, REAP THE REWARDS 2018. It will be affecting businesses across the globe given that it is one overarching privacy law for all of the member countries. How can Privacy by Design help? CAVOUKIAN: For the first time ever, the language of Privacy/Data Protection by Design and Privacy as the Default actually appears in the GDPR statute. It s referenced heavily in Article 25, and in many other places in the new regulation. This dramatically raises the bar on privacy and data protection. Recently, Information Age magazine published an article about GDPR and they said it s not too much of a stretch to say that if you implement Privacy by Design, you ve mastered the General Data Protection Regulation. The General Data Protection Regulation (GDPR) comes into effect across Europe in May 2018, US and Canadian companies who think it doesn t affect them are in for a rude awakening - with fines of 20 million, or 4% of your global revenue, whichever is higher! STRONG SECURITY MEASURES ARE ESSENTIAL FROM START TO FINISH To meet the GDPR requirements, all businesses will have to implement Privacy by Design along with Privacy by Default measures strong security measures are essential, from start to finish. GDPR specifically calls out encryption as a security requirement. It is important to mention how vitally important encryption is. Moreover, companies that apply encryption to personal data will be exempt from the GDPR s new mandatory data breach notification provisions: The communication of a personal data breach to the data subject shall not be required if the controller demonstrates to the satisfaction of the supervisory authority that it has implemented appropriate technological protection measures, and that those measures were applied to the data concerned by the personal data breach. Such technological protection measures should render the data unintelligible to any person who is not authorised to access it. [page 61] Focus on prevention. Proactively embed privacy by default into your operations, use encryption to protect your data, and strengthen the protections associated to personal data. Privacy is good for business. 7

A trusted path to secure communications As a pure-play encryption solutions provider, Echoworx works with banking, financial service, government, healthcare, legal, and compliance professionals to tailor secure communication solutions that don t impede on customer experience. Our encryption experts take pride in transforming chaos into order for leading multi-national enterprises through our data centers in the U.S., Canada, Ireland, Mexico, and the U.K. For more information www.echoworx.com info@echoworx.com North America 1 800.346.4193 UK 44 0.800.368.5334 Mexico 52 800.123.9553 @Echoworx

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback