1 / 14

Keeping Your Eye on Privacy

Keeping Your Eye on Privacy. Mike Gurski, Director: Bell Privacy Centre of Excellence April, 2008 NY. NY. Background Privacy Threats Canadian Privacy Law Sample of University Privacy Postures Solutions for Privacy Management. Background: How Soon We Forget.

gomer
Download Presentation

Keeping Your Eye on Privacy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Keeping Your Eye on Privacy Mike Gurski, Director: Bell Privacy Centre of Excellence April, 2008 NY. NY.

  2. Background Privacy Threats Canadian Privacy Law Sample of University Privacy Postures Solutions for Privacy Management

  3. Background: How Soon We Forget • On August 1, 2006, USA Today reported that, "in the past 18 months, colleges were the source of one-third to half of all publicly disclosed (privacy) breaches. By reviewing 109 privacy breaches at 76 campuses, USA Today found that 70 percent of the incidents involved hacking." • What does this tell us? Bell Restricted

  4. U.S. to Ease Privacy Rules • Federal Education Department proposed new regulations to clarify when Universities may release confidential student information after Virginia Tech shootings. • NY Times, March 25th, 2008 Bell Restricted

  5. Privacy Threat Models Reviewed • The ‘duh’ factor • The infinite information appetite syndrome: including Hackers • The privacy policy riddle • The attacker models: and willing participants in a University setting • Reporter, Marketer, Insider • The ‘balancing rights’ conundrum • The proportional response problem • The save us from disaster misconception • Examining the Risks: Probabilities and Outcomes Bell Restricted

  6. A Special University Privacy Challenge • A Hot Bed of Early Adopters • Web 2.0/3.0 • Social Networks • Software as a Service Bell Restricted

  7. A Different Privacy Landscape in Canada? • Provincial OCIO bans instant messaging and file sharing after privacy breaches in NFLD: • Memorial University CSO mirrors ban: • March 28, 2008 NFLD • Question: How is the University Responding? • Primary Focus on tactical PIA’s for BANNER and Laptops Bell Restricted

  8. The Canadian Particulars • Legislative Landscape: Fair Information Practices Based • A Digression to GWU and Daniel Solove • A Privacy Maturity Model for Universities • The Role of Strategy as opposed to Tactics • The Role of Technology and New Tools Bell Restricted

  9. Daniel Solove • A taxonomy of privacy attacks • A new way to think about privacy legislation and technology Bell Restricted

  10. Level 4 Integrated Level 3 Standardized Level 2 Focused Level 1 Ad-Hoc Organization’s Privacy Management Maturity • Processes fully defined and audited • Privacy management fully integrated with bus. • Processes, roles, and workflows are defined • Privacy Management is broad based to serve strategic goals • Training ongoing • Privacy processes are partially documented • Minimal automation for privacy automation • Training policy with event based training • Privacy processes are not defined or documented Bell Restricted

  11. A Strategic Approach • The key steps: • Build a business case for strategic investment in privacy management • Build Internal Privacy Management Capacity (reducing cost and reliance on outside consultants) • Use tools that allow non-specialists to manage privacy • Set out a strategy and planning roadmap • Develop a vulnerability assessment/gap analysis of personal information management within the University • Engage all levels in privacy management • Reduce resources needed to manage privacy • Provide a new focus on system design for personal information banks Bell Restricted

  12. New Tools • Compliance and Assessment Tools • Internal Capacity Workshops • Data repository for knowledge transfer • Training Curriculum geared to privacy management capacity • Enterprise Privacy Strategy/Roadmap • Privacy Enhancing Technologies Bell Restricted

  13. Contact Information Mike Gurski, Director: Bell Privacy Centre of Excellence 905-751-4310 mike.gurski@bell.ca Bell Restricted

More Related