1 / 26

Privacy Impact Assessments PHIPA Summit 2005

Privacy Impact Assessments PHIPA Summit 2005. Peter Hope-Tindall Chief Privacy Architect dataPrivacy Partners Ltd. pht@dataprivacy.com. November 3, 2005. My view of Privacy PIAs What? Why? How?. Security and Privacy – a technical view. data protection - FIPs (not FIPS).

giacomo-birney
Download Presentation

Privacy Impact Assessments PHIPA Summit 2005

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Privacy Impact AssessmentsPHIPA Summit 2005 Peter Hope-Tindall Chief Privacy Architect dataPrivacy Partners Ltd. pht@dataprivacy.com November 3, 2005

  2. My view of Privacy • PIAs • What? • Why? • How? PIA - PHIPA Summit 2005

  3. Security and Privacy – a technical view • data protection - FIPs (not FIPS) • authentication • data-integrity • confidentiality • access controls • non-repudiation Privacy Security n.b. FIPs: Fair Information Practices FIPS: Federal Information Processing Standards PIA - PHIPA Summit 2005

  4. Present day Problems • Traditional IT dogma and practices have encouraged the collection of information. • Opportunistic database design • Driven by hardware/software limitations of the past • Creates Other Problems (If you collect it; you need to protect it!) • Privacy Aware IT and records management will discourage the collection of information. • Minimalist database and system design • Justification PIA - PHIPA Summit 2005

  5. Security vs. Privacy • Accountable to President/CEO Board of Directors. • Risk based assessment. (how likely is it?) • Access and use controls defined by the system owner. • Has been focused on protecting against outsiders. • Accountable to the data subject/customer/patient. • Capabilities based assessment.(is it possible?) • Access and use controls defined by use limitation and consent of data subject and legislation. • Protecting against outsiders, insiders and system owner. PIA - PHIPA Summit 2005

  6. The Complex nature of Privacy • Identity • Measures the degree to which information is personally identifiable. • Linkability • Measures the degree to which data tuples or transactions are linked to each other. • Observability • Measures the degree to which identity or linkability may be impacted from the use of a system. Which other data elements are visible; implicitly or explicitly. With thanks and apologies to the Common Criteria PIA - PHIPA Summit 2005

  7. Identity (nymity) Measures the degree to which information is personally identifiable. Anonymity Non-ReversiblePseudonymity ReversiblePseudonymity Verinymity The quality or state of being unknown. without name from Greek pseudonumon, neuter of pseudonumos, falsely named from Latin verus, true, truly named PIA - PHIPA Summit 2005

  8. Linkability This metric requires n data elements. Where n > 1. Measures the degree to which data elements are linked to each other. (Identity measurement can be thought of as the degree to which data elements are linkable to the verinym or true name of the data subject). Unlinkability Full Linkability It cannot be determined which set of transactions belong which each other. It may be fully determined which set of transactions belong with each other. Example: Transactions belonging to the same individual. PIA - PHIPA Summit 2005

  9. Observability Measures the degree to which identity or linkability may be impacted from the use of a system. Non Observability Full Observability Nothing can be inferred from the record of the use of a system. No record is made of the use of resources, location or transactions. Identity or Linkability can be inferred from the record of the use of a system. Full audit record is made of the use of resources, location or transactions. PIA - PHIPA Summit 2005

  10. Identity Observability Linkability PIA - PHIPA Summit 2005

  11. Example: Public Spaces • Most commentators would suggest we have “No reasonable expectation of Privacy” • Justification for CCTV or other tracking. Not that simple: • In a public place, • Observable – Expectation that I will be observed • Anonymous/Pseudonymous - Expectation • May/may not be Linkable PIA - PHIPA Summit 2005

  12. Privacy: Why do we even bother? • It’s the law • It’s good government/business • It’s good informational stewardship • It’s the professional thing to do PIA - PHIPA Summit 2005

  13. Approaches to Privacy: Implementation Modalities to Protect Privacy • Statutory • Policy • Privacy Impact Assessment • Threat Risk Assessment • Common Criteria Scheme • Standards • Technology • STEPs • Privacy Architecture PIA - PHIPA Summit 2005

  14. Different Approaches to PrivacyBuild in elements of personal Consent and Control • Central Repository/Decision Model – a rule based or heuristic Privacy Model; EPM • Divide and Conquer – strategic pseudonymisation/anonymisation (SIGINT) • Smart Hardware • Privacy Rules Embedded in Hardware • Smart Data • Encapsulate Methods inside the data PIA - PHIPA Summit 2005

  15. PIA: What? • Diagnostic Tool • Identifies Risks & Issues • Can help to measure statutory compliance • May address issues with non-technical solutions • May address Issues with technical solutions (Section 12(1), 13(1) “reasonable steps to ensure … protected” • Active and Passive: Introduce elements of individual consent and control PIA - PHIPA Summit 2005

  16. PIA: Why? • Limit risk • Save money • Internal Communications Tool • IT • Bridge the Legal-Policy Divide • External Communications Tool • Set expectations with partners • Communicate with the IPC • Communicate with the Public • RFP: Privacy Chapter • Demonstrate Good Faith PIA - PHIPA Summit 2005

  17. PIA: How? • Synthesize Framework • Iterate • Collect Information • Perform Analysis • Identify Risks • Mitigate Risks PIA - PHIPA Summit 2005

  18. Privacy Framework • Summary of Legislation, Practices, Directives, Policies, High Level Overview of Proposed System. • Customized to specific project • Best Practices • Document can be used as an early demonstration of good faith and approach PIA - PHIPA Summit 2005

  19. Problems with the Traditional PIA • Often encourages ‘compliance mentality’ • Point of pain may become point of no solution • Risk that issues may be reported and forgotten • Emphasizes Policy and Legislative solutions not technical solutions • Integration with IT Architecture group problems PIA - PHIPA Summit 2005

  20. PIA Output Examples • Date tracking (adding fields to records) • Encryption • Report labeling and classification • Education • Confidentiality Agreements • Nothing we can do: Accept more risk. PIA - PHIPA Summit 2005

  21. Other Thoughts: Hard Copy Reports • Another type of output interface! • Need a list of all reports • Extend accountability with the use of contractual protection • Ensure appropriate distribution and storage protocol PIA - PHIPA Summit 2005

  22. Other Thoughts: Data Records • Bind Consent into the data • Create ‘date of death’ at time of birth • Record the policies • Purging • Timestamp PIA - PHIPA Summit 2005

  23. Epilogue • Objectivity of privacy • Question the appropriateness of ‘Public Acceptance’ as a measurement of anything. • Useful at telling us what is wrong. • Not so useful at telling us what is right. • How about we RAISE the expectations? PIA - PHIPA Summit 2005

  24. Resources • Roger Clarke • http://www.anu.edu.au/people/Roger.Clarke/ • PIA Paper • Contact me at: pht@dataprivacy.com • Privacy Architecture Paper (The PIA and your IT Department) • Contact me at: pht@dataprivacy.com PIA - PHIPA Summit 2005

  25. Contact Information Peter Hope-Tindall dataPrivacy Partners Ltd. 6505 Mississauga Road Unit ‘D’ Mississauga, ON L5N 1A6 +1 (416) 410-0240 pht@dataprivacy.com PIA - PHIPA Summit 2005

  26. pht@dataprivacy.com http://www.dataprivacy.com PIA - PHIPA Summit 2005

More Related