1 / 10

Privacy by Design Discussions

Privacy by Design Discussions. Dr. Marilyn Prosch, CIPP Arizona State University September 22, 2009. Privacy by Design. Change made retroactively always cost more!. What are the costs associated with changes. Time Resources Morale Possibility of ultimately inferior output.

alpha
Download Presentation

Privacy by Design Discussions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Privacy by Design Discussions Dr. Marilyn Prosch, CIPP Arizona State University September 22, 2009

  2. Privacy by Design Change made retroactively always cost more!

  3. What are the costs associated with changes • Time • Resources • Morale • Possibility of ultimately inferior output

  4. Consider Facebook • Member of the Canadian federal Privacy Office spent 30 days at Facebook’s office investigation • Facebookhas committed to using its best efforts to roll out the permissions model by September 1, 2010. • In the meantime, Facebook will oversee the applications developers’ compliance with contractual obligations. Since the conclusion of the investigation, Facebook has provided us with detailed information on its oversight activities, and I am satisfied that it will be a useful means of monitoring developers’ compliance with Facebook’s Statement of Rights and Responsibilities, in the interim. • Facebook has also agreed to a test of the model by an expert third party, prior to its implementation, to ensure that the new model meets the expectations of our report and the company’s subsequent undertakings. http://www.priv.gc.ca/media/nr-c/2009/let_090827_e.cfm

  5. Maturity Model • Organizations may be in different implementation phases of their privacy program • An objective assessment of the maturity level of the program is a key step in assessing if the organization is ready to undergo a privacy audit (either internal or external) • Organizations at a low maturity level most likely will lack the foundations needed, and will be better served by developing the existing privacy infrastructure

  6. Privacy Maturity Model • The AICPA and CICA Privacy Task Force is developing a Privacy Maturity Model • The model is based on the U.S. Department of Defense Software Engineering Institute’s CMM model • The six levels are: • Non-Existent – Management process are not applied at all • Ad Hoc – Processes are ad hoc and disorganized • Repeatable – Processes follow a regular pattern • Defined – Processes are documented and communicated • Managed – Processes are monitored and measured • Optimized – Best practices are followed and automated

  7. Privacy Maturity Model

  8. We are interested in conducting rigorous and useful research • Let’s consider the following model and discuss what areas concern you and/or your organization about privacy and what we can do to move organizations along the privacy maturity model

  9. Nehmer & Prosch 2009 Model of Privacy Corporate Responsibility Based on Dillard & Layzell’s 2008 Model Corporate Culture Create a Privacy Culture, Cavoukian, 2008 Motivating forces Compliance Fiscal Viability Privacy Payoff, Cavoukian & Hamilton, 2008 Customer Churnrate, Ponemon 2007 FTC Sanctions State Attorney Generals EU Safe Harbor Expectations Privacy Cultural Lag Theory, Prosch 2008 Operational modalities Programs Goals Resource Allocations Privacy Audit Privacy Maturity Lifecycle, Prosch 2008 Chief Privacy Officer Privacy Enhancing Technologies Privacy Policies Community Involvement Allowing constituents a “voice” in privacy design Education Support Environmental Improvements Reducing data pollution: Reducing identify theft risk, Unnecessary workplace Monitoring, cyberbullying, etc. outcomes Educating customers/employees Rights & obligations in process Economic Benefits Privacy Payoff, Cavoukian & Hamilton, 2008

  10. Discussion

More Related