protection goals for privacy engineering
play

PROTECTION GOALS FOR PRIVACY ENGINEERING Marit Hansen, Meiko - PowerPoint PPT Presentation

Mar 31, 2023 •353 likes •715 views

www.datenschutzzentrum.de PROTECTION GOALS FOR PRIVACY ENGINEERING Marit Hansen, Meiko Jensen, and Martin Rost International Workshop on Privacy Engineering May 21, 2015 Protection Goals for Privacy Engineering www.datenschutzzentrum.de

  1. www.datenschutzzentrum.de PROTECTION GOALS FOR PRIVACY ENGINEERING Marit Hansen, Meiko Jensen, and Martin Rost International Workshop on Privacy Engineering May 21, 2015 Protection Goals for Privacy Engineering

  2. www.datenschutzzentrum.de Outline • Security Protection Goals • Privacy Protection Goals • Three Axes • Conclusion Protection Goals for Privacy Engineering

  3. www.datenschutzzentrum.de Security Protection Goals Protection Goals for Privacy Engineering

  4. www.datenschutzzentrum.de Confidentiality • “The protection goal of Confidentiality is defined as the property that (privacy-relevant) data and services that process such data cannot be accessed by unauthorized entities.” Protection Goals for Privacy Engineering

  5. www.datenschutzzentrum.de Confidentiality …in other words : • • Secrecy • Non-Disclosure • Access Restrictions • Security Clearances • Data Minimization • Steganography • Unobservability Protection Goals for Privacy Engineering

  6. www.datenschutzzentrum.de Confidentiality Implementation Techniques: • • Data Encryption  in transit (TLS, HTTPS, SSH, …)  at rest (PGP, S/MIME, TrueCrypt , …)  … • Data Segregation  Secret Sharing, Secure Multiparty Computations  Onion Routing • Access Control Enforcement Protection Goals for Privacy Engineering

  7. www.datenschutzzentrum.de Integrity “The protection goal of Integrity is defined as the property that (privacy-relevant) data and services that process such data cannot be modified in an unauthorized or undetected manner.” Protection Goals for Privacy Engineering

  8. www.datenschutzzentrum.de Integrity …in other words : • Authenticity • Detection of Data Changes • Non-Repudiation • Reliability Protection Goals for Privacy Engineering

  9. www.datenschutzzentrum.de Integrity Implementation Techniques: • Digital Signatures  RSA, ElGamal  Message Authentication Codes  … • Hash Values • Access Control Enforcement • Watchdogs / Canaries • Two-Man Rules Protection Goals for Privacy Engineering

  10. www.datenschutzzentrum.de Availability “The protection goal of Availability is defined as the property that access to (privacy-relevant) data and to services that process such data is always granted in a comprehensible, processable , timely manner.” Protection Goals for Privacy Engineering

  11. www.datenschutzzentrum.de Availability …in other words : • Redundancy • Monitoring of Availability • Responsiveness • Accessibility • Uptime Protection Goals for Privacy Engineering

  12. www.datenschutzzentrum.de Availability Implementation Techniques: • Backups • Load Balancers • Failovers • Redundant Components • Avoidance of Single-Points-of-Failure • Watchdogs / Canaries Protection Goals for Privacy Engineering

  13. www.datenschutzzentrum.de Privacy Protection Goals Protection Goals for Privacy Engineering

  14. www.datenschutzzentrum.de Unlinkability “The protection goal of Unlinkability is defined as the property that privacy-relevant data cannot be linked across domains that are constituted by a common purpose and context.” Protection Goals for Privacy Engineering

  15. www.datenschutzzentrum.de Unlinkability …in other words : • Data Minimization • Necessity / Need-to-Know • Purpose Binding • Separation of Power • Unobservability • Undetectability Protection Goals for Privacy Engineering

  16. www.datenschutzzentrum.de Unlinkability Implementation Techniques: • Data Avoidance / Reduction • Access Control Enforcement • Generalization  Anonymization/Pseudonymization  Abstraction  Derivation • Separation / Isolation • Avoidance of Identifiers Protection Goals for Privacy Engineering

  17. www.datenschutzzentrum.de Unlinkability Think of it as … Protection Goals for Privacy Engineering

  18. www.datenschutzzentrum.de Transparency “The protection goal of Transparency is defined as the property that all privacy-relevant data processing −including the legal, technical, and organizational setting− can be understood and reconstructed at any time.” Protection Goals for Privacy Engineering

  19. www.datenschutzzentrum.de Transparency …in other words : • Openness • Accountability • Documentation • Reproducibility • Notice (and Choice) • Auditability • Full-Disclosure Protection Goals for Privacy Engineering

  20. www.datenschutzzentrum.de Transparency Implementation Techniques: • Logging and Reporting • User Notifications • Documentation • Status Dashboards • Privacy Policies • Transparency Services for Personal Data • Data Breach Notifications Protection Goals for Privacy Engineering

  21. www.datenschutzzentrum.de Transparency Think of it as … Protection Goals for Privacy Engineering

  22. www.datenschutzzentrum.de Intervenability “The protection goal of Intervenability is defined as the property that intervention is possible concerning all ongoing or planned privacy-relevant data processing.” Protection Goals for Privacy Engineering

  23. www.datenschutzzentrum.de Intervenability …in other words : • Self-determination • User Controls • Rectification or Erasure of Data • (Notice and) Choice • Consent Withdrawal • Claim Lodging / Dispute Raising • Process Interruption Protection Goals for Privacy Engineering

  24. www.datenschutzzentrum.de Intervenability Implementation Techniques: • Configuration Menu • Help Desks • Stop-Button for Processes • Break-Glass / Alert Procedures • System Snapshots • Manual Override of Automated Decisions • External Supervisory Authorities (DPAs) Protection Goals for Privacy Engineering

  25. www.datenschutzzentrum.de Intervenability Think of it as … Protection Goals for Privacy Engineering

  26. www.datenschutzzentrum.de Three Axes Protection Goals for Privacy Engineering

  27. www.datenschutzzentrum.de Confidentiality <-> Availability No access to data Full access to data No access to services Full access to services Authorized entities only Everybody Confidentiality Availability Protection Goals for Privacy Engineering

  28. www.datenschutzzentrum.de Integrity <-> Intervenability No changes to data All types of changes No changes to process Full process flexibility Defined by processor Defined by individual Integrity Intervenability Protection Goals for Privacy Engineering

  29. www.datenschutzzentrum.de Unlinkability <-> Transparency No linkable data Full linkability of data No disclosure of process Full disclosure of process Need-to-Know Want-to-Know Unlinkability Transparency Protection Goals for Privacy Engineering

  30. www.datenschutzzentrum.de The Six-Pointed Star Confidentiality Unlinkability Integrity Intervenability Transparency Availability Protection Goals for Privacy Engineering

  31. www.datenschutzzentrum.de The Six-Pointed Star Confidentiality Unlinkability Integrity Intervenability Transparency Availability Protection Goals for Privacy Engineering

  32. www.datenschutzzentrum.de Conclusion Protection Goals for Privacy Engineering

  33. www.datenschutzzentrum.de Conclusion • Protection Goals have proven very useful:  for Implementers  for Lawyers  for Data Protection Authorities U C  for Users • Privacy Protection Goals: Iv Iv I  Unlinkability  Transparency  Intervenability T A Protection Goals for Privacy Engineering

  34. www.datenschutzzentrum.de References Shaping the Future Forum Privatheit of Electronic Identity und selbstbestimmtes Leben in der Digitalen Welt partly funded by (Privacy Forum Germany) EU FP7, GA n° 318424 partly funded by the German Federal Ministry of Education and Research www.forum-privatheit.de www.futureid.eu Protection Goals for Privacy Engineering

  35. www.datenschutzzentrum.de Thank You! U C Protection Goals for Privacy Engineering Iv Iv I Marit Hansen, Meiko Jensen, and Martin Rost T A Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein Phone: 0431 988 – 1200 uld6@datenschutzzentrum.de http://www.datenschutzzentrum.de/ Protection Goals for Privacy Engineering

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Privacy Protection Overview Hiroshi Nakagawa The University of Tokyo Overview of Privacy

Privacy Protection Overview Hiroshi Nakagawa The University of Tokyo Overview of Privacy

International Workshop on Spatial and Temporal Modeling from Statistical, Machine Learning and Engineering perspectives:STM2016 23 July 2016 Privacy Protection Overview Hiroshi Nakagawa The University of Tokyo Overview of Privacy Protection

1.35k views • 79 slides
Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; Security and Cooperation in Wireless Networks Georg-August University Gttingen Chapter outline 1 Important privacy related

1.12k views • 33 slides
Paradigms of Privacy Research &amp; Privacy Engineering Seda Grses f.s.gurses@tudelft.nl TU

Paradigms of Privacy Research &amp; Privacy Engineering Seda Grses f.s.gurses@tudelft.nl TU

Paradigms of Privacy Research &amp; Privacy Engineering Seda Grses f.s.gurses@tudelft.nl TU Delft/ KU Leuven 18. June 2019 GDPR requires data protection by design and by default (Article 25) A complex law with many requirements. More

950 views • 58 slides
EU Art.29 Data Protection Users care about privacy Working Party From: Special Eurobarometer

EU Art.29 Data Protection Users care about privacy Working Party From: Special Eurobarometer

28/05/15 Outline Data privacy and the evolving regulation Privacy threats from LBS to geoSN EveryWare Lab Main (location) privacy protection techniques Data Management for Mobile Protecting geo-tagged resource publication

411 views • 7 slides
1 A Critical Analysis of Privacy Design Strategies Michael Colesky Our Goals 1: Translate data

1 A Critical Analysis of Privacy Design Strategies Michael Colesky Our Goals 1: Translate data

1 A Critical Analysis of Privacy Design Strategies Michael Colesky Our Goals 1: Translate data protection legislation into architectural goals which system engineers can understand 2: Make these goals achievable to help them actually happen

466 views • 14 slides
Privacy and Data Protection Designing for Privacy Tobias Pulls CC-BY-4.0 Privacy is a Human

Privacy and Data Protection Designing for Privacy Tobias Pulls CC-BY-4.0 Privacy is a Human

Privacy and Data Protection Designing for Privacy Tobias Pulls CC-BY-4.0 Privacy is a Human Right (1/2) From the United Nations Universal Declaration of Human Rights: Article 12 No one shall be subjected to arbitrary interference with his

338 views • 7 slides
Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance Engineering &amp; Public Policy Lorrie Faith Cranor October 29, 2013 y &amp; c S a e v c i u r P r i t e y l b L a a s

245 views • 20 slides
Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance Engineering &amp; Public Policy Lorrie Faith Cranor November 11, 2014 y &amp; c S a e v c i u r P r i t e y l b L a a s

555 views • 21 slides
Privacy engineering, privacy by design, and privacy governance Engineering &amp; Public Policy

Privacy engineering, privacy by design, and privacy governance Engineering &amp; Public Policy

CyLab Privacy engineering, privacy by design, and privacy governance Engineering &amp; Public Policy Lorrie Faith Cranor November 17, 2015 y &amp; c S a e v c i u r P r i t e y l b L a a s b U o 8-533 / 8-733 /

539 views • 22 slides
Web and privacy Privacy and protection of personal data specific purpose (to collect and

Web and privacy Privacy and protection of personal data specific purpose (to collect and

Web and privacy Industrial perspectives on Cryptography A. Esterle - ENISA Antwerp 29 May 2008 www.enisa.europa.eu Web and privacy Privacy and protection of personal data specific purpose (to collect and process it) subject

732 views • 7 slides
Consumer Privacy Protection Principles: Privacy Principles for Vehicle Technologies and Service

Consumer Privacy Protection Principles: Privacy Principles for Vehicle Technologies and Service

Consumer Privacy Protection Principles: Privacy Principles for Vehicle Technologies and Service Automotive Industry Privacy Principles Nov. 12, 2014 Auto Alliance and Global Automakers come together to create a set of privacy principles

419 views • 20 slides
#MicroFocusCyberSummit Cloud-based Data Privacy and Protection Protecting data and privacy

#MicroFocusCyberSummit Cloud-based Data Privacy and Protection Protecting data and privacy

#MicroFocusCyberSummit Cloud-based Data Privacy and Protection Protecting data and privacy across hybrid IT Farshad Ghazi - Moderator Mat Spitz Lacy Gruen #MicroFocusCyberSummit Reiner Kappenberger Cloud-based Data Privacy and Protection:

453 views • 10 slides
Engineering privacy by design Privacy by Design Let's have it! Information and Privacy

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy

Engineering privacy by design Privacy by Design Let's have it! Information and Privacy Commissioner of Ontario https://www.ipc.on.ca/images/resources/7foundationalprinciples.pdf Privacy by Design Let's have it! Article 25 European

1.32k views • 118 slides
Big Data, Key Challenges: Privacy Protection &amp; Cooperation Observations on international

Big Data, Key Challenges: Privacy Protection &amp; Cooperation Observations on international

Big Data, Key Challenges: Privacy Protection &amp; Cooperation Observations on international efforts to develop frameworks to enhance privacy while realising big datas benefits Seminar arranged by the Office for Personal Data Protection, Macao,

305 views • 8 slides
Privacy &amp; Data Protection Laws Overview and History Introduction to Privacy and the GDPR

Privacy &amp; Data Protection Laws Overview and History Introduction to Privacy and the GDPR

Privacy &amp; Data Protection Laws Overview and History Introduction to Privacy and the GDPR Simone Fischer-Hbner CC-BY-4.0 Privacy Legislation - History 1950 Art. 8 ECHR: Everyone has the right to respect for his private and family

413 views • 4 slides
Privacy law overview Engineering &amp; Public Policy Rebecca Balebako Lorrie Cranor September

Privacy law overview Engineering &amp; Public Policy Rebecca Balebako Lorrie Cranor September

Privacy law overview Engineering &amp; Public Policy Rebecca Balebako Lorrie Cranor September 22, 2015 8-533 / 8-733 / 19-608 / 95-818: Privacy Policy, Law, and Technology # Today you will learn Key models of privacy protection

465 views • 20 slides
spending Experience of UNCITRAL Samira Musayeva, UNCITRAL secretariat Relevance of the UNCITRAL

spending Experience of UNCITRAL Samira Musayeva, UNCITRAL secretariat Relevance of the UNCITRAL

UNCITRAL United Nations Commission on International Trade Law Using E-Procurement data to measure the transparency and performance of public spending Experience of UNCITRAL Samira Musayeva, UNCITRAL secretariat Relevance of the UNCITRAL

357 views • 8 slides
Decision on Data Release Phase 3 Greg Cook Greg Cook Director, Market and Infrastructure Policy

Decision on Data Release Phase 3 Greg Cook Greg Cook Director, Market and Infrastructure Policy

Decision on Data Release Phase 3 Greg Cook Greg Cook Director, Market and Infrastructure Policy ISO Board of Governors Meeting General Session May 18-19, 2011 y , Phase 3 releases additional data to improve market efficiency and

72 views • 5 slides
Integrated Knowledge Translation (IKT) Co-production of knowledge On-going relationship

Integrated Knowledge Translation (IKT) Co-production of knowledge On-going relationship

Developing and improving indicators to capture the activity of Integrated Care Diabetes Clinical Nurse Specialists: a collaborative audit and feedback process Fiona Riordan School of Public Health, UCC Integrated Knowledge Translation (IKT)

342 views • 9 slides
Machine Translation Proposal Pilot Objective: Cost : PEMT 27% savings over human translation

Machine Translation Proposal Pilot Objective: Cost : PEMT 27% savings over human translation

Machine Translation Proposal Pilot Objective: Cost : PEMT 27% savings over human translation Efficiency : PEMT 25% faster than human translation Quality : an acceptable score under 30 according to the Harmonized the TAUS Dynamic

509 views • 26 slides
Achieve Quality Targets for Integrated Behavioral Health in Primary Care Kathleen Tatem, MPH

Achieve Quality Targets for Integrated Behavioral Health in Primary Care Kathleen Tatem, MPH

1 Leveraging Population Health Analytics to Achieve Quality Targets for Integrated Behavioral Health in Primary Care Kathleen Tatem, MPH Office of Population Health, NYC Health + Hospitals NYC Health + Hospitals: 2 Largest Safety-Net

494 views • 11 slides
Overview of the VA APCD Data Validation Process VHI Represents all Health Care Stakeholders

Overview of the VA APCD Data Validation Process VHI Represents all Health Care Stakeholders

Overview of the VA APCD Data Validation Process VHI Represents all Health Care Stakeholders VHI is an independent, nonprofit, 501(c)(3) health information organization established in 1993 Formed to administer Virginia Health Care Data

189 views • 15 slides
[01.04] Africa Regional Status Report 7 TH Regional Coordinators Meeting September 19-21, 2012

[01.04] Africa Regional Status Report 7 TH Regional Coordinators Meeting September 19-21, 2012

[01.04] Africa Regional Status Report 7 TH Regional Coordinators Meeting September 19-21, 2012 Washington, DC Outline Distribution of participating countries Status of data collection and submission Importance indicators

477 views • 15 slides
Reinvent Your IP Management. The State of Automating IP Data Management Minimizing manual data

Reinvent Your IP Management. The State of Automating IP Data Management Minimizing manual data

The World is Being Reinvented. Reinvent Your IP Management. The State of Automating IP Data Management Minimizing manual data entry Eliminating data redundancies Ensuring data quality About Your Speaker Created IPfolio , a

341 views • 18 slides

More recommend