how badly broken is privacy legislation
play

How Badly Broken is Privacy Legislation? And what can we do to fix - PowerPoint PPT Presentation

Nov 30, 2023 •461 likes •1.11k views

How Badly Broken is Privacy Legislation? And what can we do to fix it? 17th Annual Privacy and Security Conference Privacy and Security by Choice, not Chance Afternoon Workshop Wednesday February 3, 2016 Victoria, B.C. Canada Gerry Bliss

  1. How Badly Broken is Privacy Legislation? And what can we do to fix it? 17th Annual Privacy and Security Conference Privacy and Security by Choice, not Chance Afternoon Workshop Wednesday February 3, 2016 Victoria, B.C. Canada Gerry Bliss gbliss@shaw.ca 250-881-6179

  2. Agenda — Welcome and Introduction — Privacy and ethics — History of privacy in law — What were they thinking? — How far are we from where should be? — Why are we getting it wrong? — Can we get it right? — What’s the fix? 2

  3. Goal — Provide you with additional context for understanding and interpreting privacy legislation — Trigger discussion and debate — Encourage advocacy and engagement in the lawmaking process. — Add to your enthusiasm and optimism as privacy practitioners and advocates. 3

  4. Rules of Engagement — 3 hours – 2 breaks on the hour — Safe environment — Frank and honest discussion — Respectful collegial disagreement — Ask — If I need to clarify — If I’ve set your hair on fire We are all in this together… 4

  5. Gerry’s Bio — 30+ years as an informatician — Data warehouse and applied analytics — IT development, operations and corporate client service — 20+ years as an information risk manager — CSO, CPO, consultant, advocate, teacher — SCORM based web base training tool development — 5 years in formal academic role — Ethics, legal issues, and cybersecurity — Research privacy Gerry Bliss gbliss@shaw.ca 250-881-6179 5

  6. A Quick Poll… — Who thinks privacy and access legislation is working the way it should? — Who thinks privacy and access legislation is broken and can be fixed? — Who thinks privacy and access legislation is beyond repair? 6

  7. Working Definitions Privacy: one’s right to control who has access to information about oneself Confidentiality: a duty owed by one to preserve the personal information of another Security: controls put in place to safeguard privacy and ensure confidentiality is maintained Access: 1. the ability to view and update one’s own information as required. 2. reasonable access to government information that does not meet specific access exclusion criteria. 7

  8. Some people are more protective of their privacy than others… Eg. Ronald Ulysses Swanson 8

  9. Privacy A*tudes Privacy Attitude Categories 70 Percent of Adults Surveyed 60 50 Privacy Fundamentalist 40 Privacy Pragmatist Privacy Unconcerned Linear (Privacy Fundamentalist) Linear (Privacy Pragmatist) 30 Linear (Privacy Unconcerned) 20 10 0 1999 2000 2001 2003 Privacy Fundamentalist 25 25 34 26 Privacy Pragmatist 54 63 58 64 Privacy Unconcerned 22 12 8 10 Year (Source: The Harris Poll #17. March 17 th , 2003. Based on the research of Dr. Alan WesCn, President and publisher of Privacy and American Business) 9

  10. 10 Ref. https://xkcd.com/1269/

  11. Ethical Principles 1. Autonomy and Respect for Persons 2. Equality and Justice 3. Fidelity, Integrity, or Best Action 4. Principle of Beneficence 5. Principle of Non-Malfeasance 6. Principle of Impossibility 11

  12. Autonomy and Respect for Persons • Always treat persons as ends-in-themselves, not as objects or means to an end. • Always treat persons as autonomous decision-makers. 12

  13. Equality and Justice — All persons are equal and should be treated the same. — Exceptions to this must always be based on ethically relevant differences in the nature or status of the person in question. 13

  14. Fidelity, Integrity, or Best Action — Whoever has an obligation, has a duty to fulfill that obligation to the best of her or his ability. 14

  15. Principle of Beneficence — Everyone has a duty to advance the good of others: 1. If it is possible to do so without undue risk to oneself. 2. Where the nature of the good is in keeping with the competent values of the recipients of the action in question. 15

  16. Principle of Non-Malfeasance — Everyone has a duty to prevent harm: 1. Insofar as this is possible without undue risk to oneself. 2. Where the nature of the harm is in keeping with the competent values of the recipient of the action in question. 16

  17. Principle of Impossibility — No-one can have an obligation to do what it is impossible to do under the circumstances that apply — Except when the impossibility is the result of inappropriate action by the individual who otherwise would have the relevant duty 17

  18. 18

  19. Ethical Principles Reflected in Legislation: Privacy 1. As an autonomous person, your information is yours to control – you can share it and unshare it. 2. You share your information with specified individuals for specific purposes by consent only. By default your consent state is set to “No”… 3. The custodian of your information is accountable for taking reasonable steps to: 1. Control access and destruction 2. Maintain accuracy 3. Give you access 19

  20. Ethical Principles Reflected in Legislation: Access 1. Access to information collected or created by the state is a right of citizenship and made available as a part of normal operation 2. If state information is not specifically exempted from access, it is reasonably accessible 3. Exemptions are based on reasonable assessment of harm to the state and citizens 4. The state custodian has an obligation to assist the citizen in accessing information 20

  21. Privacy and Access Responsibilities — Organization – protects personal information in it’s custody and in transit through policy, process, and technical controls. Enables authorized access to individual and business information. — Executive – set policy and example — Management – ensure staff are aware of policy and procedure and are trained — Staff – understand and meet privacy accountabilities. Assist clients with access. — All – observe and report threats to privacy and access or weaknesses in controls 21

  22. 22

  23. How Are Laws Made? — “All laws begin with dreams.” George Elliot Clarke, Canadian Parliamentary Poet Laureate. — Some laws begin with nightmares… — In Canada, law creation federally and provincially begin with legislators and a policy agenda, and ends with Royal assent. — Most laws have foundations in ethical principles. — Criminal, Contract, Tort 23

  24. Federal Lawmaking Process Flow Ref. http://www.parl.gc.ca/Content/LOP/ResearchPublications/prb0864-e.htm 24

  25. Charter of Rights and Freedoms — Section 7: — Right to life, liberty and security of the person and the right not to be deprived thereof except in accordance with the principles of fundamental justice. — Information cannot be achieved through state trickery and silence cannot be used to make inference of guilt. — Section 8: — Right to be secure against unreasonable search or seizure. — Your home and your car are protected – your garbage is not. 25

  26. A Brief History of Information and Privacy Law — Documented privacy rights as far back as the Greeks - Hippocrates — Personal rights and freedoms encoded over the past 2,000 years - Magna Carta (1215) — Privacy and Access post WWII and the Holocaust: UN -1948 Universal Declaration of Human Rights, Article 12 — Canadian Constitution -1982 Charter Sec. 7 and 8 — Privacy Legislation: US -1974, Canada -1983, BC Privacy -1986, FIPPA -1996, PIPA - 2004 — Constitutional and case law – McInerney vs. MacDonald – Access (1992), R. v. Spencer – Privacy (2014) 26

  27. What Were They Thinking? — The proactive disclosure and access practices of the time would continue — 30 day access was intended for information not normally disclosed — Personal information was excluded from the 30 day access allowance — The problem was smaller than it actually is — The problem was less complex than it actually is — Technology impact was underestimated — Sometimes you have to pick what works over what’s ideal 27

  28. Political/Legal Changes — 9/11, Al-Qaeda, ISIS, N. Korea driving new state security legislation worldwide — State authorized hacking; organized crime based hacking — State Surveillance: CSE, 2 million monitors for Chinese Internet, Increased domestic law enforcement surveillance — Bills C-13 Passed October 2014; Bill C-51 August 2015 — Privacy tort precedents – non-compliance, theft, harm, breach of contract, invasion of privacy…. — Affirmation of rights to access and privacy in case and constitutional law 28

  29. Technology Changes — Social networking — Cloud services — BYOD — Big Data and Analytics — Siri, Cortana, and Alexa — Continuous information gathering by: — Your car — Your house — Your watch — Your mattress — Your toothbrush 29

  30. Seriously… 30

  31. Tele-diagnostic Breakthrough — Your toilet: — High PSA — Pregnancy — GI bacteria — Occult GI bleed — STI — Blood sugar — Cholesterol — Recreational substances Ref. The Toilet and Its Role In the Internet of Things. WIRED, April 2014 31

  32. 32

  33. Solve’s Perspective 33

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Overview of legislation and the OIPC AFNIGC - Privacy Education Series Chris Stinner September

Overview of legislation and the OIPC AFNIGC - Privacy Education Series Chris Stinner September

Overview of legislation and the OIPC AFNIGC - Privacy Education Series Chris Stinner September 20, 2017 Senior Information and Privacy Manager Office of the Information and Privacy Commissioner of Alberta 1 Agenda Legislation Overview

299 views • 12 slides
Privacy October 2006 Overview I. Definition II. Basic Privacy Principles III. Privacy Issues

Privacy October 2006 Overview I. Definition II. Basic Privacy Principles III. Privacy Issues

Simone Fischer-Hbner Privacy October 2006 Overview I. Definition II. Basic Privacy Principles III. Privacy Issues (LBS, RFID,...) IV. European Privacy Legislation/ Directives I. Definition Warren & Brandeis 1890 The right to

694 views • 30 slides
Privacy & Data Protection Laws Overview and History Introduction to Privacy and the GDPR

Privacy & Data Protection Laws Overview and History Introduction to Privacy and the GDPR

Privacy & Data Protection Laws Overview and History Introduction to Privacy and the GDPR Simone Fischer-Hbner CC-BY-4.0 Privacy Legislation - History 1950 Art. 8 ECHR: Everyone has the right to respect for his private and family

413 views • 4 slides
Galatians Whos Your Mama? Broken people know theyre broken! They know they need Jesus

Galatians Whos Your Mama? Broken people know theyre broken! They know they need Jesus

Galatians Whos Your Mama? Broken people know theyre broken! They know they need Jesus & have given up on being their own savior! Abraham Sarah (wife) Isaac (son) Hagar (maidservant) Ishmael (son) Abraham, our broken spiritual

258 views • 21 slides
Family Educational Rights and Privacy Act (FERPA) Family Educational Rights and Privacy Act

Family Educational Rights and Privacy Act (FERPA) Family Educational Rights and Privacy Act

Family Educational Rights and Privacy Act (FERPA) Family Educational Rights and Privacy Act (FERPA) Federal Legislation passed in 1974, amended in 1996 Two Components Rights of parents/students to inspect/review student records

329 views • 16 slides
Broken Authentication: What it means, and what you can do hassan.abudu@owasp.org OWASP Top 10

Broken Authentication: What it means, and what you can do hassan.abudu@owasp.org OWASP Top 10

Broken Authentication: What it means, and what you can do hassan.abudu@owasp.org OWASP Top 10 Vulnerabilities - 2017 Rank Name 1 Injection 2 Broken Authentication 3 Sensitive Data Exposure 4 XML External Entities 5 Broken Access

207 views • 6 slides
$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

Presentation Slides $ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

318 views • 13 slides
GOD BLESSED THE BROKEN LINES This much I know is true. God blessed the broken lines

GOD BLESSED THE BROKEN LINES This much I know is true. God blessed the broken lines

GOD BLESSED THE BROKEN LINES This much I know is true. God blessed the broken lines that led me straight to Christ. MATTHEW 1:1-17 UNCONDITIONAL & CONDITIONAL I. UNDERLYING COVENANTS Edenic & Adamic Covenants A. 1.

364 views • 20 slides
Installing and Configuring SharePoint 2013 (too badly) Without Screwing It Up (Too Badly) Todd

Installing and Configuring SharePoint 2013 (too badly) Without Screwing It Up (Too Badly) Todd

Installing SharePoint 2013 without screwing it up Installing and Configuring SharePoint 2013 (too badly) Without Screwing It Up (Too Badly) Todd Klindt SharePoint Nerd Rackspace Todd.klindt@Rackspace.com Who is this Todd guy? WSS MVP

481 views • 16 slides
Insecure Direct Object Reference IDOR ( Broken Access Control ) IDOR ( Broken Access Control ) ~#

Insecure Direct Object Reference IDOR ( Broken Access Control ) IDOR ( Broken Access Control ) ~#

Insecure Direct Object Reference IDOR ( Broken Access Control ) IDOR ( Broken Access Control ) ~# whoami Eric Biako Bsc. IT, CEH v9 Information security officer @ E-connecta Moderator @ https://legalhackmen.com IDOR ( Broken Access Control )

517 views • 12 slides
Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; Security and Cooperation in Wireless Networks Georg-August University Gttingen Chapter outline 1 Important privacy related

1.12k views • 33 slides
Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

CISPA Center for IT Security, Privacy and Accountabiltiy Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when,

573 views • 26 slides
$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

Presentation Slides $ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

429 views • 13 slides
CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies

CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies

CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies US Privacy Laws Sources: Baase: A Gift of Fire and Quinn: Ethics for the Information Age Ethics Spring 2010 Privacy 1 Privacy The original

725 views • 45 slides
An International Perspective on Internet Legislation 1 7 th May 2 0 0 7 Richard Clayton Outline

An International Perspective on Internet Legislation 1 7 th May 2 0 0 7 Richard Clayton Outline

ECommerce Computer Science Tripos Part II An International Perspective on Internet Legislation 1 7 th May 2 0 0 7 Richard Clayton Outline IANAL! Data Protection Act 1998 US Privacy Laws Regulation of Investigatory Powers Act

601 views • 21 slides
Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is

1.01k views • 76 slides
Incentives and Behavior Prof. Dr. Heiner Schumacher KU Leuven 14. Multitasking/Crowding Prof.

Incentives and Behavior Prof. Dr. Heiner Schumacher KU Leuven 14. Multitasking/Crowding Prof.

Incentives and Behavior Prof. Dr. Heiner Schumacher KU Leuven 14. Multitasking/Crowding Prof. Dr. Heiner Schumacher (KU Leuven) Incentives and Behavior 14. Multitasking/Crowding 1 / 20 Introduction In the last chapters, we discussed how we

509 views • 20 slides
Disclaimer completeness of information which is contained in this presentation. Except insofar as

Disclaimer completeness of information which is contained in this presentation. Except insofar as

This presentation has been prepared by Nucleus Wealth and is for general information only. Every effort has been made to ensure that it is accurate, however it is not intended to be a complete description of the matters described. The

599 views • 35 slides
Accra, We Have A Problem Peter Gallert Department of Computer Science Faculty of Computing and

Accra, We Have A Problem Peter Gallert Department of Computer Science Faculty of Computing and

Accra, We Have A Problem Peter Gallert Department of Computer Science Faculty of Computing and Informatics Namibia University of Science and Technology WikiIndaba, 20 January 2017 Peter Gallert (FCI) Accra, We Have A Problem WikiIndaba, 20

556 views • 21 slides
Lets Try This Again: Revamping Oral History At Warren County Jen Haney Conover & Jenifer

Lets Try This Again: Revamping Oral History At Warren County Jen Haney Conover & Jenifer

Lets Try This Again: Revamping Oral History At Warren County Jen Haney Conover & Jenifer Baker Warren County Records Center and Archives Background Lebanon, Ohio Records Center established in 2001 Staff of 7 Mission: to

235 views • 8 slides
Impact Assessment in Financial Regulation Delivered at the Association of Albanian Banks 10-11

Impact Assessment in Financial Regulation Delivered at the Association of Albanian Banks 10-11

Impact Assessment in Financial Regulation Delivered at the Association of Albanian Banks 10-11 January 2010 by Qamar Zaman Disclaimer: This presentation draws on slides built by or contributed towards by other IA advisors from the FSA. The

2.13k views • 187 slides
Honours / MPhil Information Session Dr Benjamin Avanzi Honours coordinator New Oxford American

Honours / MPhil Information Session Dr Benjamin Avanzi Honours coordinator New Oxford American

Australian School of Business Honours / MPhil in Actuarial Studies, 2014 Honours / MPhil Information Session Dr Benjamin Avanzi Honours coordinator New Oxford American Dictionary: entice |en t s| verb [ with obj. ] attract or tempt by

576 views • 42 slides
Evaluation of in-silico Anticancer Potential of Pyrethroids: A Comparative Molecular Docking Study

Evaluation of in-silico Anticancer Potential of Pyrethroids: A Comparative Molecular Docking Study

Evaluation of in-silico Anticancer Potential of Pyrethroids: A Comparative Molecular Docking Study Kamal Kant, Anoop Kumar, Padma Charan Behera, Naresh Rangra, Uma Ranjan Lal, Manik Ghosh * Department of Pharmaceutical Sciences and Technology

524 views • 11 slides
Smokeless Tobacco and Public Health: Professional Ethics, Popular Communication, and Harm

Smokeless Tobacco and Public Health: Professional Ethics, Popular Communication, and Harm

Smokeless Tobacco and Public Health: Professional Ethics, Popular Communication, and Harm Reduction Carl V. Phillips MPP PhD Associate Professor, U of A Department of Public Health Sciences Editor-in-Chief, Epidemiologic Perspectives &

962 views • 39 slides

More recommend