1 / 10

Privacy Management for a Global Enterprise

Privacy Management for a Global Enterprise. Tomas Sander Secure Systems Lab, HP Labs Princeton tomas.sander@hp.com. What is privacy. For corporations, privacy is about:

ocean
Download Presentation

Privacy Management for a Global Enterprise

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Privacy Management for a Global Enterprise Tomas Sander Secure Systems Lab, HP Labs Princeton tomas.sander@hp.com

  2. What is privacy • For corporations, privacy is about: • The application of laws, policies, standards and processes by which “personally identifiable information” of individuals is managed.” • For global companies requires ability to manage • complex local/global regulatory environment • their own company’s related privacy polices and practices • Company positions vary: • Liability based model • Avoid reputation risk • View good privacy as a way to enhance trust in their brand • Accountability based approach • Include ethical principles in business decision making

  3. Source: Ponemon Institute

  4. Challenge • Include good privacy decision making in all your business processes

  5. Example: Privacy issues in Outsourcing • Excessive media scrutiny • Continuous reassurance required by customers and government agencies on data protection • Risks and liabilities • Significant volumes of privacy sensitive data processed • Large number of staff required in data processing • Contractual liabilities • Reputation risk!!

  6. Privacy concerns during BPO deal life cycle

  7. Privacy in outsourcing • From a compliance team’s perspective • Technical point solutions do only address small part of problem • Tools that are missing today • Tools that support (practical) privacy management • Needs to be able to manage privacy requirements, activities and control • HP Labs in cooperation with the HP Privacy Office and HP BPO Business Unit has built a tool that • Takes as input data specifying a particular BPO deal • Outputs requirements, advice, warnings and controls which apply in the specified scenario • Tool is deployed within HP BPO

  8. Problem 1 • Create formal policy language framework, so that the output is at “medium” level of detail and understandable and actionable for human users. • Should to allow to • Model Security and privacy relevant activities and controls • Model business processes at appropriate level of detail • Translate higher level policies and regulatory requirements into actionable chunks

  9. Problem 2: Add Accountability - what does it mean? • Liability-Based: • Privacy Laws & Regulations • Case Law Interpretation, Codes of Conduct, Safe Harbor, Contracts • Accountability-Based: • Assertions, Promises, Policies • Ethics- and Values-driven Considerations & Decision Making

  10. Problem 3 • Provide decision support for privacy and security in corporate settings • Policy Effectiveness, • e.g. (Mathematical) Modeling of the behavior of systems and networks and also the users of systems, both internal (operators, staff) and external (customers, regulators), in the context of security policies and protocols; • Operations and Assurance • including finding meaningful, measurable, and actionable metrics that can be leveraged to evaluate the risk exposure of an enterprise as well as to decide how well security and governance decisions are performing operationally. • Developing deeper insights into how the economics of security can be modeled in an enterprise

More Related