should privacy impact assessments should privacy impact
play

Should privacy impact assessments Should privacy impact assessments - PowerPoint PPT Presentation

Mar 24, 2024 •176 likes •542 views

Should privacy impact assessments Should privacy impact assessments be mandatory? be mandatory? David Wright David Wright Trilateral Research & Consulting Trilateral Research & Consulting 17 Sept 2009 17 Sept 2009 1 1 Todays

  1. Should privacy impact assessments Should privacy impact assessments be mandatory? be mandatory? David Wright David Wright Trilateral Research & Consulting Trilateral Research & Consulting 17 Sept 2009 17 Sept 2009 1 1

  2. Today’s presentation � Databases � Databases – – solving one problem & creating solving one problem & creating another another � What is a privacy impact assessment? � What is a privacy impact assessment? � Variations in � Variations in PIAs PIAs – – UK & Canada UK & Canada � Benefits & disadvantages � Benefits & disadvantages � The case for & against mandatory � The case for & against mandatory PIAs PIAs � Beyond mandatory � Beyond mandatory PIAs PIAs – – audits & metrics audits & metrics � Conclusions � Conclusions 2 2

  3. ContactPoint � Abuse & death of eight � Abuse & death of eight- -year year- -old child in 2000 led old child in 2000 led to inquiry & report in 2003 by Lord Laming to inquiry & report in 2003 by Lord Laming � Victoria � Victoria’ ’s death could have been prevented if s death could have been prevented if there had been better communication between there had been better communication between social services social services � Led to creation of a database, called � Led to creation of a database, called ContactPoint ContactPoint � Government said the database would improve � Government said the database would improve child protection by improving way information child protection by improving way information about children is shared about children is shared � ContactPoint � ContactPoint launched in Jan 2009 holds data on launched in Jan 2009 holds data on 11 m children 11 m children 3 3

  4. ContactPoint (cont’d) � Database was designed to solve one set of � Database was designed to solve one set of problems but created another set of problems problems but created another set of problems � It has attracted significant criticism over the risks � It has attracted significant criticism over the risks to privacy and personal data protection to privacy and personal data protection � Some 330,000 people have access to the � Some 330,000 people have access to the database database � Richard Thomas: � Richard Thomas: “ “Is collection of personal Is collection of personal information about every child a proportionate way information about every child a proportionate way to balance opportunities to prevent harm and risks to balance opportunities to prevent harm and risks of misuse?” ” of misuse? � “ � “A PIA would enable better decision A PIA would enable better decision- -making & making & demonstrate how questions of proportionality are demonstrate how questions of proportionality are being addressed” ” being addressed 4 4

  5. Citizens’ views � Eurobarometer � Eurobarometer report on citizens report on citizens’ ’ perceptions of perceptions of data protection in the EU in 2008: data protection in the EU in 2008: � 64 per cent said they were concerned about the � 64 per cent said they were concerned about the protection of privacy protection of privacy � A slight increase over similar poll in 2003 � A slight increase over similar poll in 2003 � Little change since first poll in 1991 when two � Little change since first poll in 1991 when two- - thirds said they were concerned thirds said they were concerned � Public is right to be concerned as shown by � Public is right to be concerned as shown by numerous breaches of databases & losses of numerous breaches of databases & losses of personal data in government & industry personal data in government & industry � PIAs � PIAs are a tool for addressing the risks are a tool for addressing the risks 5 5

  6. What is a privacy impact assessment? � A systematic process for evaluating the potential � A systematic process for evaluating the potential effects on privacy of a project, system or scheme effects on privacy of a project, system or scheme and ways to mitigate or avoid any adverse effects and ways to mitigate or avoid any adverse effects � Term first used in a Canadian Justice Committee � Term first used in a Canadian Justice Committee document in 1984 document in 1984 � 2 PIA drivers: : � Public reaction to privacy � Public reaction to privacy- -invasive actions of invasive actions of governments & corporations governments & corporations � Organisations � Organisations’ ’ recognition of privacy as a strategic recognition of privacy as a strategic variable & need to factor it into risk management. variable & need to factor it into risk management. 6 6

  7. PIA should take into account four aspects of privacy � Privacy of personal information � Privacy of personal information – – others others have our data have our data � Privacy of the person � Privacy of the person – – body searches, body searches, biometric measurement biometric measurement � Privacy of personal behaviour � Privacy of personal behaviour – – surveillance, media intrusion surveillance, media intrusion � Privacy of personal communications � Privacy of personal communications – – telephonic intercepts, monitoring e- -mail, etc. mail, etc. telephonic intercepts, monitoring e 7 7

  8. What PIAs are not � Compliance checks � Compliance checks � Audits � Audits � Prior checking � Prior checking – – Data Protection Directive Art 20: Data Protection Directive Art 20: “Member States shall determine the processing Member States shall determine the processing “ operations likely to present specific risks to the operations likely to present specific risks to the rights and freedoms of data subjects and shall rights and freedoms of data subjects and shall check that these processing operations are check that these processing operations are examined prior to the start thereof.” ” examined prior to the start thereof. 8 8

  9. Who is using PIAs? � Australia � Australia � Canada � Canada � Hong Kong � Hong Kong � New Zealand � New Zealand � UK � UK � United States � United States � ISO � ISO – – has produced a standard for has produced a standard for PIAs PIAs in in financial services financial services � Some companies � Some companies – – e.g., Vodafone, e.g., Vodafone, Phorm Phorm 9 9

  10. The UK PIA process - 1 � In Dec 2007, the UK ICO published its PIA manual (with a � In Dec 2007, the UK ICO published its PIA manual (with a nd version in June 2009) 2 nd version in June 2009) 2 � PIA process should begin � PIA process should begin asap asap, when the PIA can affect , when the PIA can affect development of the “ “project project” ” development of the � Aims to identify privacy impacts � Aims to identify privacy impacts � Understand & benefit from views of stakeholders � Understand & benefit from views of stakeholders � Understand acceptability of projects & how people might � Understand acceptability of projects & how people might be affected be affected � Identify less privacy � Identify less privacy- -invasive alternatives invasive alternatives � Avoid or mitigate negative impacts on privacy � Avoid or mitigate negative impacts on privacy � Document & publish the outcomes of the PA process � Document & publish the outcomes of the PA process 10 10

  11. The UK PIA process - 2 � PIA manual has screening questions to determine � PIA manual has screening questions to determine if a PIA is necessary and, if so, whether a full- - if a PIA is necessary and, if so, whether a full scale or small- -scale PIA scale PIA scale or small � Scope of the PIA depends on size of the � Scope of the PIA depends on size of the organisation, sensitivity of data, the risks, the organisation, sensitivity of data, the risks, the intrusiveness of the technology, etc intrusiveness of the technology, etc � Full � Full- -scale PIA has five phases: scale PIA has five phases: – Preliminary Preliminary – – preparation preparation – – consultation & analysis – consultation & analysis – documentation documentation – – review & audit review & audit – 11 11

  12. The UK PIA process - 3 � Preliminary phase – – establish terms of reference, establish terms of reference, scope & resources scope & resources � Prepare a background paper for discussion with � Prepare a background paper for discussion with stakeholders, which describes… … stakeholders, which describes – the project the project’ ’s objectives, s objectives, – – scope, scope, – – business rationale, business rationale, – – the project the project’ ’s design, s design, – – initial assessment of potential privacy issues & risks, initial assessment of potential privacy issues & risks, – – options for dealing with them, – options for dealing with them, – list of stakeholders to be invited to contribute list of stakeholders to be invited to contribute – 12 12

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance Engineering & Public Policy Lorrie Faith Cranor October 29, 2013 y & c S a e v c i u r P r i t e y l b L a a s

245 views • 20 slides
Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance

Privacy engineering, CyLab privacy by design, privacy impact assessments, and privacy governance Engineering & Public Policy Lorrie Faith Cranor November 11, 2014 y & c S a e v c i u r P r i t e y l b L a a s

555 views • 21 slides
Formal Privacy: Making an Impact at Large Organizations Deploying Differential Privacy for the

Formal Privacy: Making an Impact at Large Organizations Deploying Differential Privacy for the

Formal Privacy: Making an Impact at Large Organizations Deploying Differential Privacy for the 2020 Census of Population and Housing Simson L. Garfinkel Senior Scientist, Confidentiality and Data Access U.S. Census Bureau July 31, 2019 JSM

458 views • 35 slides
matching and the Privacy Act 1988 (Cth) Dimitrios (Jim) Kormas | Assistant Director| Privacy

matching and the Privacy Act 1988 (Cth) Dimitrios (Jim) Kormas | Assistant Director| Privacy

Government data matching and the Privacy Act 1988 (Cth) Dimitrios (Jim) Kormas | Assistant Director| Privacy Assessments 17 May 2018 Brief overview of the OAIC, Privacy Act and Australian Privacy Principles (APPs) OAICs involvement

454 views • 16 slides
$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

$ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that

Presentation Slides $ Lesson Ten Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

318 views • 13 slides
privacy regulations impact Australia What to consider as an Australian researcher. JACINTA

privacy regulations impact Australia What to consider as an Australian researcher. JACINTA

Tough European Union (EU) privacy regulations impact Australia What to consider as an Australian researcher. JACINTA OPIE 12 th August 2019 Overview Non GDPR Compliance Our Experience Core Principles TrueNTH GDPR Global Registry

452 views • 16 slides
Privacy Engineering Objectives and Risk Model Objective-Based Design for Improving Privacy in

Privacy Engineering Objectives and Risk Model Objective-Based Design for Improving Privacy in

Privacy Engineering Objectives and Risk Model Objective-Based Design for Improving Privacy in Information Systems 1 NIST research has a broad impact shutterstock.com shutterstocom G. Hooijer/ D. Stork/ Facilitates trade and fair Improves

405 views • 18 slides
Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in

Privacy Protection privacy notions and metrics; privacy in RFID systems; location privacy in vehicular networks; Security and Cooperation in Wireless Networks Georg-August University Gttingen Chapter outline 1 Important privacy related

1.12k views • 33 slides
Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy -

CISPA Center for IT Security, Privacy and Accountabiltiy Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when,

573 views • 26 slides
Conducting DPIAs to Reduce Business Risk Lecio de Paula Director of Data Privacy, FIP,

Conducting DPIAs to Reduce Business Risk Lecio de Paula Director of Data Privacy, FIP,

Conducting DPIAs to Reduce Business Risk Lecio de Paula Director of Data Privacy, FIP, CIPP/E, CIPP/US, CIPP/C, CIPM, AWS Certified Todays Presentation Discuss benefits of conducting data privacy impact assessments Why

497 views • 26 slides
$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

$ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy

Presentation Slides $ Lesson Fourteen Consumer Privacy 04/09 privacy and information information privacy: privacy that involves the rights of individuals in relation to information about them that is circulating in society. why privacy is an

429 views • 13 slides
CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies

CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies

CS305 Topic Privacy Concept Evolution Rights to Privacy Privacy and Technologies US Privacy Laws Sources: Baase: A Gift of Fire and Quinn: Ethics for the Information Age Ethics Spring 2010 Privacy 1 Privacy The original

725 views • 45 slides
Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals,

Introduction to Cybersecurity Database Privacy Review: Anonymity vs. Privacy Privacy - Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is

1.01k views • 76 slides
Sharing Multimedia on the Internet and the Impact for Online Privacy Dr. Gerald Friedland

Sharing Multimedia on the Internet and the Impact for Online Privacy Dr. Gerald Friedland

Sharing Multimedia on the Internet and the Impact for Online Privacy Dr. Gerald Friedland Senior Research Scientist International Computer Science Institute Berkeley, CA friedland@icsi.berkeley.edu A Popular Introduction to the Problem 3

550 views • 39 slides
Study of Snort Rule- set Privacy Impact Nils Ulltveit-Moe and Vladimir Oleshchuk University of

Study of Snort Rule- set Privacy Impact Nils Ulltveit-Moe and Vladimir Oleshchuk University of

Study of Snort Rule- set Privacy Impact Nils Ulltveit-Moe and Vladimir Oleshchuk University of Agder Presented at: Fifth International PrimeLife/IFIP Summer School, Nice, France 7.-11. September 2009. This work is Funded by Telenor R&I

278 views • 24 slides
Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in

Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in

Data privacy: an introduction (part 1) Klara Stokes What is privacy? Privacy has been defined in many ways over the years. Usually privacy is concerned with the individual human being. We may talk about privacy as the control over your own

230 views • 21 slides
PUBLIC INFORMATION ACT Paul Miles, Associate General Counsel Questions? Give us a ring! Why are

PUBLIC INFORMATION ACT Paul Miles, Associate General Counsel Questions? Give us a ring! Why are

PUBLIC INFORMATION ACT Paul Miles, Associate General Counsel Questions? Give us a ring! Why are we here? 1 2 3 PIA Records Review How to deal with Records retention Review sample PIA written requests and disposition, request. for

692 views • 45 slides
November 18th, 2015 at Noon EST 2016 Overview What stays the same in 2016? No plan design

November 18th, 2015 at Noon EST 2016 Overview What stays the same in 2016? No plan design

SPD Benefits October 28th through November 18th, 2015 at Noon EST 2016 Overview What stays the same in 2016? No plan design changes for Vision. No premium changes for Vision. No State HSA contribution amount changes. No

462 views • 35 slides
3/25/2015 Marta M.MardiValentino, CMC, MPA Director of Human Resources City of West

3/25/2015 Marta M.MardiValentino, CMC, MPA Director of Human Resources City of West

3/25/2015 Marta M.MardiValentino, CMC, MPA Director of Human Resources City of West Columbia Nothing contained in this presentation is intended as a substitute for legal advice. Please consult your municipal attorney for legal

349 views • 11 slides
All the sport physicals should be coordinated through the Athletic Directors With Mary Matthews

All the sport physicals should be coordinated through the Athletic Directors With Mary Matthews

All the sport physicals should be coordinated through the Athletic Directors With Mary Matthews 728-5858 ext 237 Request should be made three weeks prior to screening Step 1 Step 2 Step 3 Step 4 Packets are AD calls Well AD requests

187 views • 3 slides
Meet FCIBs European Advisory Council Members Pia Porvari, CICP (Chairperson) - UPM-Kymmene

Meet FCIBs European Advisory Council Members Pia Porvari, CICP (Chairperson) - UPM-Kymmene

Meet FCIBs European Advisory Council Members Pia Porvari, CICP (Chairperson) - UPM-Kymmene Corporation Michael Andreasen, ICCE (past Chairperson) - Covestro GmbH Najia Hernandez, ICCE Maxim IP Enterprise Solutions Corp. Faysal Kadi

568 views • 12 slides
February Department of Planning and Budget Major Project Report Constance Scott IT Investment

February Department of Planning and Budget Major Project Report Constance Scott IT Investment

February Department of Planning and Budget Major Project Report Constance Scott IT Investment Management Division February 14, 2020 www.vita.virginia.gov www.vita.virginia.gov 1 1 Agenda Presentation www.vita.virginia.gov 2 What is

542 views • 20 slides
Skills for Care Pia Rathje-Burton, Locality Manager Kent and Medway, Skills for Care Who we are,

Skills for Care Pia Rathje-Burton, Locality Manager Kent and Medway, Skills for Care Who we are,

Skills for Care Pia Rathje-Burton, Locality Manager Kent and Medway, Skills for Care Who we are, what we do The employer-led workforce development body for adult social care in England. Largely funded by Department of Health and Social

531 views • 17 slides
e-Governance application for Watershed Development Component (erstwhile IWMP) under Pradhan Mantri

e-Governance application for Watershed Development Component (erstwhile IWMP) under Pradhan Mantri

Presentation on e-Governance application for Watershed Development Component (erstwhile IWMP) under Pradhan Mantri Krishi Sinchayee Yojana (PMKSY) Department of Land Resources Ministry of Rural Development 29 th July 2019 Presented by National

523 views • 25 slides

More recommend