SLIDE 1
Karl Kopper
Caltrans Privacy and Chief Information Security Officer
Karl Kopper Caltrans Privacy and Chief Information Security Officer - - PowerPoint PPT Presentation
Karl Kopper Caltrans Privacy and Chief Information Security Officer - - PowerPoint PPT Presentation
Karl Kopper Caltrans Privacy and Chief Information Security Officer Four Questions Every Auditor Should Know the Answer To What is What is PII? De- Identification? What is Re-Identification? Privacy Internal Controls & Behavioral
SLIDE 2
SLIDE 3
What is PII? What is Re-Identification? What is De- Identification?
SLIDE 4
Privacy
Internal Controls & Behavioral Analytics
SLIDE 5
First VoIP Call First Touch Screen First Computer Monitor First Ethernet Network First UPC Barcode System First Cell Phone Call
1973 1973
SLIDE 6
First VoIP Call Touch Screen Developed First Computer Monitor Ethernet Created First UPC Barcode System
First Cell Phone Call
1973 1973 Martin Cooper Martin Cooper
SLIDE 7
SLIDE 8
U.S. Department of Health, Education, and Welfare “HEW Report” of 1973 U.S. Department of Health, Education, and Welfare “HEW Report” of 1973
Personally Identifiable Information
- No secret record-keeping systems
- Individuals must know what and how
- Individuals must be able to correct
- Data about individuals must not be reused
SLIDE 9
Privacy act of 1974 Privacy act of 1974
Personally Identifiable Information
The increasing use of computers and sophisticated information technology, while essential to the efficient
- perations of the Government, has
greatly magnified the harm to individual privacy that can occur from any collection, maintenance, use, or dissemination of personal information.
SLIDE 10
SLIDE 11
Personally Identifiable Information
Financial
Payment Card Industry – Data Security Standards
Cardholder Data Sensitive Authentication Data
SLIDE 12
Personally Identifiable Information
Health Insurance Portability and Accountability Act of 1996
Individually Identifiable Health Information (IIHI)
Health
SLIDE 13
To determine whether information is PII, the agency shall perform an assessment of the specific risk that an individual can be identified using the information with other information that is linked or linkable to the individual.
Office of Management and Budget M-17-12 2017 Office of Management and Budget M-17-12 2017
Personally Identifiable Information
SLIDE 14
Personally Identifiable Information
California Consumer Privacy Act
“You should have the right to know what personal information businesses collect about you and your children and what they do with it, including to whom they sell it.”
California
SLIDE 15
Personally Identifiable Information
California Consumer Privacy Act
“It is almost impossible to apply for a job, raise a child, drive a car, or make an appointment without sharing your personal information..”
California
SLIDE 16
Personally Identifiable Information
California Consumer Privacy Act Consuming History or Tendency Browsing History Geolocation Data Audio, Electronic, Visual, Thermal, Olfactory or Similar Information
California
SLIDE 17
Personally Identifiable Information
California Consumer Privacy Act Consuming History or Tendency Browsing History Geolocation Data Audio, Electronic, Visual, Thermal, Olfactory or Similar Information “Inferences drawn from any of the information identified above”
California
SLIDE 18
State HIPAA
Gramm-Leach-Bliley
PCI Federa l GDPR
SLIDE 19
Privacy
SLIDE 20
“The State of California is committed to unlocking the value of government data to propel innovation, improve the delivery of public services and empower the people of California while protecting privacy.”
State of California Administrative Manual Section 5160
SLIDE 21
Privacy
Innovation
SLIDE 22
Innovation
31% of fatal accidents involved alcohol 3,382 fatalities involving a distracted driver Men were drivers in 65% of accidents (2015-2017) 2,790 Lives were saved through the use of Airbags
SLIDE 23
Innovation
De-Identification
SLIDE 24
Privacy
SLIDE 25
Governor William Weld Keynote Graduation Address Bentley College 1996
SLIDE 26
Visit Date Diagnostics Procedures Zip Birth Date Gender Name Address Party Voted Health Data Voter List
Latanya Sweeney MIT Graduate Student
SLIDE 27
Re-Identification
SLIDE 28
SLIDE 29
SLIDE 30
SLIDE 31
Skiing in Salt Lake
SLIDE 32
Kiteboarding in La Ventana, Baja, Mexico
SLIDE 33
Burning Man
SLIDE 34
Burning Man
700 million activities 1.4 trillion latitude/longitude points 7.7 trillion pixels 5 terabytes data Activity duration = 100 thousand years
SLIDE 35
Burning Man
“Our global heatmap is the largest, richest, and most beautiful dataset
- f its kind.”
SLIDE 36
SLIDE 37
SLIDE 38
SLIDE 39
Soldiers, remember, rotate from one assignment to the next…
SLIDE 40
Traffic Counter Loop Detector Automated Toll System Carpool Lane Infrared Scanner Connected Vehicle
Privacy Concerns
ITS and Locational Privacy: Suggestions for Peaceful Coexistence
Hubert H. Humphrey School of Public Affairs University of Minnesota Frank Douma & Sarah Aue 2011
Speed/Red Light Camera
SLIDE 41
What is PII? What is Re-Identification? What is De- Identification? What does your
- rganization do
to protect PII?
SLIDE 42
Security Information & Event Management
SLIDE 43
UEBA
SLIDE 44
User & Entity Behavior
al
Analytics
Executive Assets Accessed Insider Threat Compromised Credentials
SLIDE 45
What is PII? What is Re-Identification? What is De- Identification? What does your
- rganization do
to protect PII?