80 likes | 264 Views
Systems Engineering View of Privacy. David Weitzel, M.S., J.D. Statutory Foundations. Privacy Act of 1974 System of Records Notices (SoRN) E-Government Act of 2002 Privacy Impact Assessments (PIAs) Freedom of Information Act (FOIA) FOIA requests Homeland Security Act
E N D
Systems Engineering View of Privacy David Weitzel, M.S., J.D.
Statutory Foundations • Privacy Act of 1974 • System of Records Notices (SoRN) • E-Government Act of 2002 • Privacy Impact Assessments (PIAs) • Freedom of Information Act (FOIA) • FOIA requests • Homeland Security Act • Statutorily Mandated Privacy Officer • Paperwork Reduction Act • OMB Form Control Numbers • Federal Information Security Management Act • FISMA Certification & Accreditation & POAMs • National Archives, 44 USC 21 et. seq. • Records retention & disposal
Fair Information Practices • Collection limitation • Notice • Choice • Data quality • Finality / use limitation • Security • Accountability
Privacy is a Systems ProblemIntersection of Privacy and Technology Collection • RFID and biometrics • Assured deletion—especially across the enterprise—of personal information • Integrity and hygiene of consolidated and aggregated personal information • De-identification of personal information • Data flow mapping Processing Destruction Disclosure Use • Security controls to enable appropriate and prevent inappropriate cross-boundary sharing of personal information • Detection and prevention of attempts at incompatible secondary use Retention • Privacy enterprise architecture • Privacy system requirements for system development life cycle (SDLC) • Tools to support analytical aspects of Privacy Impact Assessment • Privacy risk modeling • Privacy policy automation and enforcement
Build It In – Create Virtuous Cycles • Architecture IS policy • Lessig – Code • Feedback and control via budget & governance processes • OMB 300s • FISMA inventory, C&A, POAMs • PIAs & SORNs • OMB Form Control Numbers • NARA Records Retention Schedules • Unless privacy, information security, and other policy control points are built into the architecture of systems, the chance for appropriate control points to be added later, is, harder, more costly, less effective
Stakeholder Interests Work Processes Data Sharing Culture of Organization Legal Compliance Mission Ethics and Social Norms Security Policy Compliance … Maintenance Change Management Budget System Integration Model Privacy Program A Privacy ApproachPrivacy Systems Engineering • A repeatable, scalable systems engineering-based approach to uncovering, understanding, and addressing privacy issues • Explicitly considers multi-dimensional context as well as technology • Uses risk management to minimize unintended consequences • Aligns privacy solutions with mission requirements
Privacy Risk Assessment • Relatively narrow scope, i.e., a specific technology, issue, practice, or policy • Can be used to evaluate privacy enhancing technologies (PETs) • Underlying risk model well-defined: potential violations of privacy principles or mandates • Development and use of technology testbeds when appropriate • Can be used as formal input to Privacy Impact Assessment Privacy Impact Assessment • Moderate scope, i.e., a system or business process • Design alternatives explicitly considered within the context of the system or business process • Expanded risk model • Risks related to information life cycle • Systematic analysis of data flows • Can be used as formal input to Privacy-Based Systems Analysis Privacy-Based Systems Analysis • Broad scope, i.e., mission or program • Focuses on interaction and integration of technology, processes, and people • Surfaces unintentional consequences of adopting particular approaches and solutions • System alternatives explicitly considered and evaluated within the context of the mission or program • Includes high-level policy and social dimensions • Includes potential application of PETs • Expansive risk model, less well-defined Privacy Systems Engineering (1 of 2)Analyzing Privacy in a System Context Broadening Context
Privacy Systems Engineering (2 of 2)Developing Privacy in a System Context: Model Privacy Program Foundational Privacy Principles Fundamental tenets that guide a privacy program Analytical Tools Organization People and processes responsible for assessing privacy risks and for developing and implementing plans to manage those risks effectively Redress & Response Monitoring & Compliance Privacy rules of behavior and ways to adhere to them Policy Awareness & Training Systems Development & Security Administrative, physical, and technical safeguards that control privacy risks Systems Development & Security Policy Programs to make the organization, its vendors, and the public aware of the organization’s privacy posture and practices Awareness & Training Organization Monitoring & Compliance Programs to monitor adherence to privacy rules of behavior Redress & Response Systems and processes to respond if needed to privacy issues and incidents Foundational Principles Analytical Tools Tools to support privacy risk management