privacy and security by design regulatory compliance will
play

Privacy and Security by Design: Regulatory Compliance Will Not be - PowerPoint PPT Presentation

Mar 14, 2023 •2.43k likes •3.12k views

Privacy and Security by Design: Regulatory Compliance Will Not be Enough to Preserve our Privacy Ann Cavoukian, Ph.D. Distinguished Expert-in-Residence Privacy by Design Centre of Excellence Ryerson University Ryerson CSR Institute / PPOCIR

  1. Privacy and Security by Design: Regulatory Compliance Will Not be Enough to Preserve our Privacy Ann Cavoukian, Ph.D. Distinguished Expert-in-Residence Privacy by Design Centre of Excellence Ryerson University Ryerson CSR Institute / PPOCIR Privacy Protection in 2018 December 7 th , 2018

  2. Let’s Dispel The Myths

  3. Privacy ≠ Secrecy Privacy is not about having something to hide

  4. Privacy = Control

  5. Privacy = Personal Control • User control is critical • Freedom of choice • Informational self-determination Context is key!

  6. Privacy is Essential to Freedom: A Necessary Condition for Societal Prosperity and Well-Being • Innovation, creativity, and the resultant prosperity of a society requires freedom; • Privacy is the essence of freedom: Without privacy, individual human rights, property rights and civil liberties – the conceptual engines of innovation and creativity, could not exist in a meaningful manner; • Surveillance is the antithesis of privacy: A negative consequence of surveillance is the usurpation of a person’s limited cognitive bandwidth, away from innovation and creativity.

  7. The Decade of Privacy by Design

  8. Adoption of “Privacy by Design” as an International Standard Landmark Resolution Passed to Preserve the Future of Privacy By Anna Ohlden – October 29th 2010 - http://www.science20.com/newswire/landmark_resolution_passed_preserve_future_privacy JERUSALEM, October 29, 2010 – A landmark Resolution by Ontario's Information and Privacy Commissioner, Dr. Ann Cavoukian, was approved by international Data Protection and Privacy Commissioners in Jerusalem today at their annual conference. The resolution recognizes Commissioner Cavoukian's concept of Privacy by Design - which ensures that privacy is embedded into new technologies and business practices, right from the outset - as an essential component of fundamental privacy protection. Full Article: http://www.science20.com/newswire/landmark_resolution_passed_preserve_future_privacy

  9. Why We Need Privacy by Design Most privacy breaches remain undetected – as regulators, we only see the tip of the iceberg The majority of privacy breaches remain unchallenged, unregulated ... unknown Regulatory compliance alone, is unsustainable as the sole model for ensuring the future of privacy

  10. Privacy by Design: Proactive in 40 Languages! 29.Danish 15.Ukrainian 1. English 30.Hungarian 16.Korean 2. French 31.Norwegian 17.Russian 3. German 32.Serbian 18.Romanian 4. Spanish 33.Lithuanian 19.Portuguese 5. Italian 34.Farsi 20.Maltese 6. Czech 35.Finnish 21.Greek 7. Dutch 36.Albanian 22.Macedonian 8. Estonian 37.Catalan 23.Bulgarian 9. Hebrew 38. Georgian 24. Croatian 10. Hindi 39. Urdu 25.Polish 11. Chinese 40. Tamil 26.Turkish 12. Japanese 41. Afrikaans 27.Malaysian 13. Arabic (pending) 28.Indonesian 14.Armenian

  11. Get Rid of the Dated Win/ Lose, Zero-Sum Models!

  12. Positive-Sum Model: The Power of “And” Change the paradigm from a zero-sum to a “positive-sum” model: Create a win-win scenario, not an either/or (vs.) involving unnecessary trade-offs and false dichotomies … replace “vs.” with “and”

  13. Privacy by Design: The 7 Foundational Principles 1. Proactive not Reactive : Preventative, not Remedial; 2. Privacy as the Default setting; 3. Privacy Embedded into Design; 4. Full Functionality: Positive-Sum, not Zero-Sum; 5. End-to-End Security : Full Lifecycle Protection; 6. Visibility and Transparency: Keep it Open ; 7. Respect for User Privacy: http://www.ryerson.ca/pbdce/papers/ http://www.ontla.on.ca/library/repository/mon/24005/301946.pdf Keep it User-Centric .

  14. Operationalizing Privacy by Design 11 PbD Application Areas • CCTV/Surveillance cameras in mass transit systems; • Biometrics used in casinos and gaming facilities; • Smart Meters and the Smart Grid; • Mobile Communications; • Near Field Communications; • RFIDs and sensor technologies; • Redesigning IP Geolocation; • Remote Home Health Care; • Big Data and Data Analytics; • Privacy Protective Surveillance; • SmartData. http://www.ryerson.ca/pbdce/papers/ http://www.ontla.on.ca/library/repository/mon/26012/320221.pdf

  15. Letter from JIPDEC – May 28, 2014 “Privacy by Design is considered one of the most important concepts by members of the Japanese Information Processing Development Center … We have heard from Japan’s private sector companies that we need to insist on the principle of Positive-Sum, not Zero-Sum and become enlightened with Privacy by Design.” — Tamotsu Nomura, Japan Information Processing Development Center, May 28, 2014

  16. GDPR General Data Protection Regulation – Strengthens and unifies data protection for individuals within the European Union – Gives citizens control over their personal data and simplifies regulations across the EU by unifying regulations • Proposed – January 25 th 2012 • Passed - December 17, 2015 • Adoption – Spring 2016 • Enforcement – Spring 2018

  17. E.U. General Data Protection Regulation • The language of “Privacy/Data Protection by Design” and “Privacy as the Default” will now be appearing for the first time in a privacy statute, that was recently passed in the E.U. – Privacy by Design – Data Protection by Design – Privacy as the Default

  18. The Similarities Between PbD and the GDPR “Developed by former Ont. Information & Privacy Commissioner, Ann Cavoukian, Privacy by Design has had a large influence on security experts, policy markers, and regulators … The EU likes PbD … it’s referenced heavily in Article 25, and in many other places in the new regulation. It’s not too much of a stretch to say that if you implement PbD, you’ve mastered the GDPR.” Information Age September 24, 2015

  19. Privacy Commissioner of Canada: Annual Report “Organizations must also be more transparent and accountable for their privacy practices. Because they know their business best, it is only right that we expect them to find effective ways, within their own specific context, to protect the privacy of their clients, notably by integrating approaches such as Privacy by Design .” September 21, 2017 https://www.priv.gc.ca/en/opc-actions-and-decisions/ar_index/201617/ar_201617/#heading-0-0-3-1

  20. 42 nd Parliament, First Session February, 2018 https://www.ourcommons.ca/Content/Committee/421/ETHI/Reports/RP9690701/ethirp12/ethirp12-e.pdf

  21. Privacy by Design as an ISO Standard - New ISO Project Committee on Privacy by Design for Consumer Goods and Services (ISO PC317); - The Standards Council of Canada (SCC) is the mirror committee for the International PC 317 committee.

  22. Privacy by Design Certification We have now re-launched Privacy by Design Certification lead by Dr. Ann Cavoukian, partnering with KPMG www.ryerson.ca/pbdce/ certification

  23. Privacy by Design Certification - We chose to partner with Sylvia Kingsmill, Senior Partner at KPMG, for our re-launch of Privacy by Design Certification, to ensure that our upgraded Certification seal provides proof of compliance with the GDPR; - We have also aligned with ISO, a leading accredited certification body, in our international re-launch of Privacy by Design Certification.

  24. Canadian Companies Have Taken the Lead with PbD Certification - Leading companies have taken a proactive risk management approach to protecting their customers’ privacy by getting certified, as opposed to doing the least required via regulatory compliance; - At a time when trust is at an all-time low, and data breaches are proliferating, companies realize that in getting certified, it’s a reputational exercise to enhance one’s brand, not a “tick-the-box” compliance exercise.

  25. Privacy by Design: The Global Privacy Framework Dr. Cavoukian is offering the definitive Privacy by Design Online Course at Ryerson University Should you wish to sign up for the Fall 2018 registration list, visit: https://www.ryerson.ca/pbdce/privacy-by-design-chang-school-course/

  26. Privacy: The Business Case

  27. Privacy is Good for Business!

  28. The Bottom Line Privacy should be viewed as a business issue, not a compliance issue Think strategically and transform privacy into a competitive business advantage

  29. Cost of Taking the Reactive Approach to Privacy Breaches Damage to Class-Action One ’ s Brand Lawsuits Proactive Reactive Loss of Consumer Confidence and Trust

  30. First “Privacy Marketplace” at the International Consumer Electronics Show in Vegas “ Privacy is a hot issue right now. It’s on everyone’s radar … Consumers asking about privacy – that was the big takeaway. These companies in the privacy marketplace, in large part aren’t advocates. They’re entrepreneurs looking to capitalize on market opportunity. They expect a larger privacy marketplace next year and for brands to incorporate “privacy” into their marketing… Anyone, everyone, can understand the need for privacy.” Victor Cocchia CEO, Vysk Speaking at CES: Jan, 2015

  31. Guard Your Reputation “Trust takes years to build, seconds to destroy, and forever to repair.” … And trust among the public is at an all-time low today

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The Vital Need for Privacy and Security by Design Ann Cavoukian, Ph.D. Executive Director

The Vital Need for Privacy and Security by Design Ann Cavoukian, Ph.D. Executive Director

The Vital Need for Privacy and Security by Design Ann Cavoukian, Ph.D. Executive Director Global Privacy & Security by Design Centre Technion Summer School on Cyber Security Haifa, Israel September 9, 2020 Lets Dispel The Myths

929 views • 55 slides
Compliance Workshop Privacy & Security Protecting Personal Information & SNAP Program

Compliance Workshop Privacy & Security Protecting Personal Information & SNAP Program

3/27/2015 Compliance Workshop Privacy & Security Protecting Personal Information & SNAP Program Considerations August 14, 2014 Presentation by: Jennifer L. Cox, J.D. Cox & Osowiecki, LLC Hartford, Connecticut 1 Todays Privacy &

475 views • 24 slides
Regulatory Compliance Update NAFCUs Regulatory Compliance Update Webcast Wednesday, November

Regulatory Compliance Update NAFCUs Regulatory Compliance Update Webcast Wednesday, November

Regulatory Compliance Update NAFCUs Regulatory Compliance Update Webcast Wednesday, November 18, 2015 Presented By: Brandy Bruyere, NCCO, NAFCU Director of Regulatory Compliance Eliott C. Ponte, NCCO, NAFCU Regulatory Compliance Counsel

1.03k views • 68 slides
Identity Powers Adaptive Security Robert MacDonald #MicroFocusCyberSummit security leaders

Identity Powers Adaptive Security Robert MacDonald #MicroFocusCyberSummit security leaders

Identity Powers Adaptive Security Robert MacDonald #MicroFocusCyberSummit security leaders regard achieving and 68 % REGULATORY maintaining regulatory compliance as COMPLIANCE a critical priority. (Forrester 2017) 59 % technology

503 views • 24 slides
Engineering privacy by design Privacy by Design Let's have it! Information and Privacy

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy Commissioner of Ontario https://www.ipc.on.ca/images/resources/7foundationalprinciples.pdf Privacy by Design Let's have it! Article 25 European

1.32k views • 118 slides
Regulatory Compliance for Healthcare Facilities Introduction Amec Foster Wheeler

Regulatory Compliance for Healthcare Facilities Introduction Amec Foster Wheeler

Regulatory Compliance for Healthcare Facilities Introduction Amec Foster Wheeler Multidisciplinary engineering and architectural design firm Specialty consulting Regulatory compliance Third party reviews and inspections

246 views • 20 slides
Threats to Data: Legal Compliance Challenges at the Intersection of Privacy and Security William

Threats to Data: Legal Compliance Challenges at the Intersection of Privacy and Security William

Threats to Data: Legal Compliance Challenges at the Intersection of Privacy and Security William Denny Secure Delaware Workshop September 24, 2019 Common Cyber Incidents Espionage & surveillance Business email compromise

609 views • 27 slides
Reboot Communications 18 th Annual Privacy and Security Conference Keri Bennett

Reboot Communications 18 th Annual Privacy and Security Conference Keri Bennett

Reboot Communications 18 th Annual Privacy and Security Conference Keri Bennett kebennett@fasken.com Drones and Privacy: The Regulatory Landscape March 2013 Report: Research Group of the Office of the Privacy Commissioner of Canada:

357 views • 13 slides
How to Solve CCPA and GDPR's Toughest Compliance Mandates Automating Data Privacy and Security

How to Solve CCPA and GDPR's Toughest Compliance Mandates Automating Data Privacy and Security

WEBINAR How to Solve CCPA and GDPR's Toughest Compliance Mandates Automating Data Privacy and Security for API-based Services Welcome and Introductions Elias Terman Chandan Golla Shan Zhou VP of Global Marketing Head of Product Management

506 views • 34 slides
Gas Compliance Initiative Don Tretheway Sr. Advisor, Market Design and Regulatory Policy

Gas Compliance Initiative Don Tretheway Sr. Advisor, Market Design and Regulatory Policy

Regional Integration - California Greenhouse Gas Compliance Initiative Don Tretheway Sr. Advisor, Market Design and Regulatory Policy Technical Workshop October 13, 2016 ISO Confidential Agenda Time Topic Presenter 10:00 10:10

905 views • 67 slides
CCPA - How To Do It Tanya Forsheit, Chair, Privacy & Data Security Group, Frankfurt Kurnit

CCPA - How To Do It Tanya Forsheit, Chair, Privacy & Data Security Group, Frankfurt Kurnit

CCPA - How To Do It Tanya Forsheit, Chair, Privacy & Data Security Group, Frankfurt Kurnit Klein & Selz Beth Hill, General Counsel & Chief Compliance Officer, FordDirect Maggie Mansourkia Mobley, Advisor, Privacy Matters Privacy &

524 views • 26 slides
CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security

CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security

CS573 Data Privacy and Security Data Privacy and Security in Healthcare Data Privacy and Security in Healthcare Li Xiong Healthcare security and privacy HIPAA overview Research survey on information security and privacy in healthcare

1.05k views • 57 slides
Engineering Privacy By Design Seda Grses COSIC, ESAT K.U. Leuven Belgium 1 Outline -

Engineering Privacy By Design Seda Grses COSIC, ESAT K.U. Leuven Belgium 1 Outline -

Engineering Privacy By Design Seda Grses COSIC, ESAT K.U. Leuven Belgium 1 Outline - Introduction and Approach - Privacy Requirements Definition Problem - Privacy Requirements Analysis Problem - Policy and Compliance - Privacy By Design -

1.48k views • 63 slides
NAFCUs Annual Regulatory Compliance Update November 6, 2014 2:00 3:30 p.m. ET Presented

NAFCUs Annual Regulatory Compliance Update November 6, 2014 2:00 3:30 p.m. ET Presented

NAFCUs Annual Regulatory Compliance Update November 6, 2014 2:00 3:30 p.m. ET Presented by: JiJi Bahhur , NCCO, Director of Regulatory Compliance Bernadette Clair , NCCO, CAMS, Senior Regulatory Compliance Counsel Eliott C.

1.12k views • 69 slides
Session 5b Privacy, Data Security and Legal Considerations in Software as a Service and Cloud

Session 5b Privacy, Data Security and Legal Considerations in Software as a Service and Cloud

Session 5b Privacy, Data Security and Legal Considerations in Software as a Service and Cloud Computing Services for Educational Institutions Presented by: Cristina Blanton Erin Fonte Associate Systemwide Compliance and Member, Privacy

310 views • 28 slides
Privacy and Security Jason I. Epstein, Partner, Nelson Mullins Roy Wyman, Partner, Nelson Mullins

Privacy and Security Jason I. Epstein, Partner, Nelson Mullins Roy Wyman, Partner, Nelson Mullins

Privacy and Security Jason I. Epstein, Partner, Nelson Mullins Roy Wyman, Partner, Nelson Mullins Rob Rolfsen, Senior Director, Privacy Audit, and Compliance, Asurion 1 Topics The Current Sources of Privacy Guidance and Constraints

269 views • 15 slides
POST MAY 25TH GDPR OBLIGATIONS, GOVERNANCE, AND RESPONSE WEBINAR May 2, 2018 BDO USA, LLP,

POST MAY 25TH GDPR OBLIGATIONS, GOVERNANCE, AND RESPONSE WEBINAR May 2, 2018 BDO USA, LLP,

POST MAY 25TH GDPR OBLIGATIONS, GOVERNANCE, AND RESPONSE WEBINAR May 2, 2018 BDO USA, LLP, a Delaware limited liability partnership, is the U.S. member of BDO International Limited, a UK company limited by guarantee, and forms part of the

589 views • 28 slides
DATA PROTECTION TODAY: CHALLENGES AND PERSPECTIVES Eleonora Bassi (Nexa Center) On January,

DATA PROTECTION TODAY: CHALLENGES AND PERSPECTIVES Eleonora Bassi (Nexa Center) On January,

DATA PROTECTION TODAY: CHALLENGES AND PERSPECTIVES Eleonora Bassi (Nexa Center) On January, 25th 2012 The European Commission presented his official Proposal for a Regulation (replacing Directive 95/46/EC) setting out a general EU framework

374 views • 19 slides
Live Webinar #4 Thursday 5 December 2019 GDPR : where do we stand? Complaints Framework : 1%

Live Webinar #4 Thursday 5 December 2019 GDPR : where do we stand? Complaints Framework : 1%

Live Webinar #4 Thursday 5 December 2019 GDPR : where do we stand? Complaints Framework : 1% 94622 27th April 2016 : Adoption 6th May 2018 : Application May 2020 : Public e valuation report by the Commission in May 2020 and

412 views • 24 slides
Legal Questions surrounding the Blockchain The 6th Vienna Forum on European Energy Law Austrian

Legal Questions surrounding the Blockchain The 6th Vienna Forum on European Energy Law Austrian

Legal Questions surrounding the Blockchain The 6th Vienna Forum on European Energy Law Austrian Supreme Court of Justice Vienna, 28 September 2018, 09.45 10.00 Dr. Matthias Lang Dr. Matthias Lang Partner, Energy & Utilities

269 views • 23 slides
General Data Protection Regulation David Sumner EU GDPR P CISM In association Certified by

General Data Protection Regulation David Sumner EU GDPR P CISM In association Certified by

General Data Protection Regulation David Sumner EU GDPR P CISM In association Certified by Accredited by Powered by with General Data Protection Regulation (GDPR) Why? Supports a single digital market place Protect privacy

413 views • 22 slides
Tachograph Forum Bernardo MARTNEZ Land Transport Unit (DGMOVE) bernardo.martinez@ec.europa.eu

Tachograph Forum Bernardo MARTNEZ Land Transport Unit (DGMOVE) bernardo.martinez@ec.europa.eu

Tachograph Forum Bernardo MARTNEZ Land Transport Unit (DGMOVE) bernardo.martinez@ec.europa.eu Transport Objective and composition Objective: support dialogue on technical matters concerning tachograph (art. 43 Regulation 165/2014)

365 views • 8 slides
Industry Day M adrid Current information as of 23 rd October 2019 2 Goods Regulation

Industry Day M adrid Current information as of 23 rd October 2019 2 Goods Regulation

Industry Day M adrid Current information as of 23 rd October 2019 2 Goods Regulation Department for Business, Energy and Industrial Strategy 3 Check which regulations apply to your product Old Approach: goods New Approach : a

641 views • 30 slides
The Actual Situation and Priorities of Island Economies Joseph Borg President INSULEUR WEBINAR

The Actual Situation and Priorities of Island Economies Joseph Borg President INSULEUR WEBINAR

The Actual Situation and Priorities of Island Economies Joseph Borg President INSULEUR WEBINAR | EU Islands economy & COVID -19 Actual situation & requests from islands - EU plans for the recovery after crisis 26 th May 2020

405 views • 7 slides

More recommend