ISACA Privacy Forum 17 October 2013 on big data and facebook privacy
Privacy by Design: Big Privacy for Big Data 2013 Digital Odyssey: Big Data, Small World Ontario...
-
Upload
emily-cole -
Category
Documents
-
view
214 -
download
0
Transcript of Privacy by Design: Big Privacy for Big Data 2013 Digital Odyssey: Big Data, Small World Ontario...
![Page 1: Privacy by Design: Big Privacy for Big Data 2013 Digital Odyssey: Big Data, Small World Ontario Library IT Association Toronto, Canada June 7, 2013.](https://reader036.fdocuments.us/reader036/viewer/2022062511/5513dc0055034674748b51f0/html5/thumbnails/1.jpg)
Privacy by Design: Big Privacy for Big Data
2013 Digital Odyssey: Big Data, Small WorldOntario Library IT Association
Toronto, CanadaJune 7, 2013
![Page 2: Privacy by Design: Big Privacy for Big Data 2013 Digital Odyssey: Big Data, Small World Ontario Library IT Association Toronto, Canada June 7, 2013.](https://reader036.fdocuments.us/reader036/viewer/2022062511/5513dc0055034674748b51f0/html5/thumbnails/2.jpg)
Overview• Introduction to IPC• Privacy 101• Challenges to Privacy in the Age
of Big Data• Privacy by Design• Big Privacy for Big Data
![Page 3: Privacy by Design: Big Privacy for Big Data 2013 Digital Odyssey: Big Data, Small World Ontario Library IT Association Toronto, Canada June 7, 2013.](https://reader036.fdocuments.us/reader036/viewer/2022062511/5513dc0055034674748b51f0/html5/thumbnails/3.jpg)
Ann Cavoukian, PhDOntario’s Information and Privacy Commissioner
• Ensure that government organizations (provincial and municipal) comply with freedom of information and privacy laws in Ontario
• Investigate privacy complaints and resolve appeals when the government refuses to grant access to government-held information
• Conduct research on and raise awareness of emerging privacy & access to information issues
![Page 4: Privacy by Design: Big Privacy for Big Data 2013 Digital Odyssey: Big Data, Small World Ontario Library IT Association Toronto, Canada June 7, 2013.](https://reader036.fdocuments.us/reader036/viewer/2022062511/5513dc0055034674748b51f0/html5/thumbnails/4.jpg)
IPC Philosophy: 3 C’s
• Consultation: by keeping open lines of communication
• Co-operation: rather than confrontation in resolving complaints
• Collaboration: through working together to find solutions
![Page 5: Privacy by Design: Big Privacy for Big Data 2013 Digital Odyssey: Big Data, Small World Ontario Library IT Association Toronto, Canada June 7, 2013.](https://reader036.fdocuments.us/reader036/viewer/2022062511/5513dc0055034674748b51f0/html5/thumbnails/5.jpg)
• Information privacy refers to the right or ability of individuals to exercise control over the collection, use and disclosure by others of their personal information
• Personally-identifiable information (“PII”) can be biographical, biological, genealogical, historical, transactional, locational, relational, computational, vocational or reputational, and is the stuff that makes up our modern identity
Personal information must be managed responsibly. When it is not, accountability is undermined and confidence in our evolving information society is eroded.
Privacy 101
![Page 6: Privacy by Design: Big Privacy for Big Data 2013 Digital Odyssey: Big Data, Small World Ontario Library IT Association Toronto, Canada June 7, 2013.](https://reader036.fdocuments.us/reader036/viewer/2022062511/5513dc0055034674748b51f0/html5/thumbnails/6.jpg)
From PC to Web 4.0: Challenges to Privacy in the Age of Big Data
Radar Networks & Nova Spivack, 2007
![Page 7: Privacy by Design: Big Privacy for Big Data 2013 Digital Odyssey: Big Data, Small World Ontario Library IT Association Toronto, Canada June 7, 2013.](https://reader036.fdocuments.us/reader036/viewer/2022062511/5513dc0055034674748b51f0/html5/thumbnails/7.jpg)
Wireless and Mobile: Beware of Unintended Consequences
![Page 8: Privacy by Design: Big Privacy for Big Data 2013 Digital Odyssey: Big Data, Small World Ontario Library IT Association Toronto, Canada June 7, 2013.](https://reader036.fdocuments.us/reader036/viewer/2022062511/5513dc0055034674748b51f0/html5/thumbnails/8.jpg)
Source: www.sciencedaily.com/releases/2013/03/130327132547.htm
![Page 9: Privacy by Design: Big Privacy for Big Data 2013 Digital Odyssey: Big Data, Small World Ontario Library IT Association Toronto, Canada June 7, 2013.](https://reader036.fdocuments.us/reader036/viewer/2022062511/5513dc0055034674748b51f0/html5/thumbnails/9.jpg)
“We need to be more deliberate (about privacy). A lot of information-age architecture is about data: what is collected, who controls it, and how it is used. Data is the lifeblood of the information age, but much of it is very personal. We need to design systems that limit unnecessary data collection, give individuals control over their data, and limit the ability of those in power to use that data for mass surveillance.”
(Bruce Schneier, IEEE Security & Privacy January/February 2009 )
![Page 10: Privacy by Design: Big Privacy for Big Data 2013 Digital Odyssey: Big Data, Small World Ontario Library IT Association Toronto, Canada June 7, 2013.](https://reader036.fdocuments.us/reader036/viewer/2022062511/5513dc0055034674748b51f0/html5/thumbnails/10.jpg)
![Page 11: Privacy by Design: Big Privacy for Big Data 2013 Digital Odyssey: Big Data, Small World Ontario Library IT Association Toronto, Canada June 7, 2013.](https://reader036.fdocuments.us/reader036/viewer/2022062511/5513dc0055034674748b51f0/html5/thumbnails/11.jpg)
Data Assets = Data Risks and Liabilities
Threats to Privacy
![Page 12: Privacy by Design: Big Privacy for Big Data 2013 Digital Odyssey: Big Data, Small World Ontario Library IT Association Toronto, Canada June 7, 2013.](https://reader036.fdocuments.us/reader036/viewer/2022062511/5513dc0055034674748b51f0/html5/thumbnails/12.jpg)
Data Privacy requires Good Data Security
but
Good Data Security ≠ Privacy
![Page 13: Privacy by Design: Big Privacy for Big Data 2013 Digital Odyssey: Big Data, Small World Ontario Library IT Association Toronto, Canada June 7, 2013.](https://reader036.fdocuments.us/reader036/viewer/2022062511/5513dc0055034674748b51f0/html5/thumbnails/13.jpg)
Why We Need Privacy by DesignMost privacy breaches remain undetected – as regulators, we only see the tip of the iceberg
The majority of privacy breaches remain unchallenged, unregulated ... unknown
Regulatory compliance alone, is unsustainable as the sole model for ensuring the future of
privacy
![Page 14: Privacy by Design: Big Privacy for Big Data 2013 Digital Odyssey: Big Data, Small World Ontario Library IT Association Toronto, Canada June 7, 2013.](https://reader036.fdocuments.us/reader036/viewer/2022062511/5513dc0055034674748b51f0/html5/thumbnails/14.jpg)
Privacy by Design:The 7 Foundational Principles
1. Proactive not Reactive: Preventative, not Remedial
2. Privacy as the Default3. Privacy Embedded into
Design
4. Full Functionality: Positive-Sum, not Zero-Sum
5. End-to-End Security: Full Lifecycle Protection
6. Visibility and Transparency: Keep it Open
7. Respect for User Privacy: Keep it User-Centric
![Page 15: Privacy by Design: Big Privacy for Big Data 2013 Digital Odyssey: Big Data, Small World Ontario Library IT Association Toronto, Canada June 7, 2013.](https://reader036.fdocuments.us/reader036/viewer/2022062511/5513dc0055034674748b51f0/html5/thumbnails/15.jpg)
Security End to End Lifecycle Protection
Purpose SpecificationData Minimization
Privacy as the Default (Setting)
Consent, Accuracy, Access Respect for User Privacy
Accountability, Openness, Compliance
Openness & Transparency
Proactive Not Reaction; Preventative Not Remedial
Privacy Embedded into Design
Full Functionality – Positive-Sum, not Zero-Sum
Privacy by Design
FIPPs
![Page 16: Privacy by Design: Big Privacy for Big Data 2013 Digital Odyssey: Big Data, Small World Ontario Library IT Association Toronto, Canada June 7, 2013.](https://reader036.fdocuments.us/reader036/viewer/2022062511/5513dc0055034674748b51f0/html5/thumbnails/16.jpg)
Privacy by Design
InformationTechnology
AccountableBusinessPractices
PhysicalDesign &
Infrastructure
ww
w.p
rivacy
byd
esi
gn
.ca
![Page 17: Privacy by Design: Big Privacy for Big Data 2013 Digital Odyssey: Big Data, Small World Ontario Library IT Association Toronto, Canada June 7, 2013.](https://reader036.fdocuments.us/reader036/viewer/2022062511/5513dc0055034674748b51f0/html5/thumbnails/17.jpg)
![Page 18: Privacy by Design: Big Privacy for Big Data 2013 Digital Odyssey: Big Data, Small World Ontario Library IT Association Toronto, Canada June 7, 2013.](https://reader036.fdocuments.us/reader036/viewer/2022062511/5513dc0055034674748b51f0/html5/thumbnails/18.jpg)
De-identification – Data Minimization
• Restoring the value of de-identification;
• Challenges in re-identifying de-identified information;
• The implications of including de-identified information under privacy legislation;
• Rejecting the zero-sum paradigm;
• Conducting re-identification risk assessment.
![Page 19: Privacy by Design: Big Privacy for Big Data 2013 Digital Odyssey: Big Data, Small World Ontario Library IT Association Toronto, Canada June 7, 2013.](https://reader036.fdocuments.us/reader036/viewer/2022062511/5513dc0055034674748b51f0/html5/thumbnails/19.jpg)
Data Co-management
• Data accountability• Data minimization• Data security• Data access
In the Web 2.0 era, information may very well “want to be free” but not necessarily personal information!
The Big Idea: Data co-management – Citizen participation in the care and management of his/her own personal data held by others throughout the data life cycle
![Page 20: Privacy by Design: Big Privacy for Big Data 2013 Digital Odyssey: Big Data, Small World Ontario Library IT Association Toronto, Canada June 7, 2013.](https://reader036.fdocuments.us/reader036/viewer/2022062511/5513dc0055034674748b51f0/html5/thumbnails/20.jpg)
PERSONAL DATA ECOSYSTEM (PERSONAL DATA VAULT/PERSONAL DATA PLATFORM)
![Page 21: Privacy by Design: Big Privacy for Big Data 2013 Digital Odyssey: Big Data, Small World Ontario Library IT Association Toronto, Canada June 7, 2013.](https://reader036.fdocuments.us/reader036/viewer/2022062511/5513dc0055034674748b51f0/html5/thumbnails/21.jpg)
UI Design Concepts: Transparency & Trust
• Context – think of the device as well as the context for how the information will be treated
• Awareness – does the user know that privacy policies exist and that they can exercise choice
• Discoverability – ease of finding relevant privacy policies & ease of acting on available privacy settings
• Comprehension - consider if users can understand the privacy policies & privacy settings to be able to make an informed decision
![Page 22: Privacy by Design: Big Privacy for Big Data 2013 Digital Odyssey: Big Data, Small World Ontario Library IT Association Toronto, Canada June 7, 2013.](https://reader036.fdocuments.us/reader036/viewer/2022062511/5513dc0055034674748b51f0/html5/thumbnails/22.jpg)
Privacy by Design in the Age of Big Data and Sensemaking Systems
• Ability of analytical tools to process & make sense of extremely large sets of structured and unstructured data
• New class of analytic capability where the data finds the data and the relevance finds the user– Increase in accuracy of data – context
reduces ambiguity– Accumulation of bad data = smarter
system– As data store increases, context is
enhanced = faster results• Requires Big Privacy!
![Page 23: Privacy by Design: Big Privacy for Big Data 2013 Digital Odyssey: Big Data, Small World Ontario Library IT Association Toronto, Canada June 7, 2013.](https://reader036.fdocuments.us/reader036/viewer/2022062511/5513dc0055034674748b51f0/html5/thumbnails/23.jpg)
PbD Features for Next-generation Sensemaking Systems
1. Full attribution: preserve record metadata; do not allow merge/purge processing
2. Data tethering: any changes to records must apply across the information sharing ecosystem in real-time
3. Analytics on anonymized data: anonymize data at source prior to transfer; utilize homomorphic encryption
4. Tamper-resistant audit logs: every user search logged, even database administrator
5. False negative favoring methods: trust but verify
6. Self-correcting false positives: reverse earlier assertions real-time and scaled
7. Information transfer accounting: capture data flows for discovery by individual
![Page 24: Privacy by Design: Big Privacy for Big Data 2013 Digital Odyssey: Big Data, Small World Ontario Library IT Association Toronto, Canada June 7, 2013.](https://reader036.fdocuments.us/reader036/viewer/2022062511/5513dc0055034674748b51f0/html5/thumbnails/24.jpg)
“Your identity is your most valuable possession.
Protect it. And if anything goes wrong, use your
powers.”
Helen (aka Elastigirl)The IncrediblesDisney/Pixar 2004
Patience, Persistence and Faith: The Chronicles of a Crusader
Privacy by Design NOT Privacy by Disaster!
![Page 25: Privacy by Design: Big Privacy for Big Data 2013 Digital Odyssey: Big Data, Small World Ontario Library IT Association Toronto, Canada June 7, 2013.](https://reader036.fdocuments.us/reader036/viewer/2022062511/5513dc0055034674748b51f0/html5/thumbnails/25.jpg)
How to Contact Us
Michelle Chibba, Director, Policy and Special ProjectsMichelle Chibba, Director, Policy and Special ProjectsInformation and Privacy Commissioner’s Office of Ontario2 Bloor Street East, Suite 1400Toronto, Ontario, CanadaM4W 1A8
Phone: (416) 326-3333 / 1-800-387-0073Web: www.ipc.on.caE-mail: [email protected]