Privacy and Public Policy Implications of IoT

Slides:

Advertisements

Similar presentations

Office of the Information and Privacy Commissioner, Ontario, Canada

Advertisements

1 NAESB Data Privacy Task Force February 16, 2011.

Mobile Payments and the FTC Manas Mohapatra Director of Mobile Policy Mobile Technology Unit Federal Trade Commission The views expressed are not necessarily.

Big Data - Ethical Data Use Kimberlin Cranford. Ethical Use in the Era of Big Data  Landscape has Changed  Attitudes about Big Data  PII, Anonymous,

The Problem Solvers TM Privacy Rights: Minors and Parents Michael J. Hewitt Marcel Daigle Singleton Urquhart LLP.

Silicon Valley Apps for Kids Meetup Laura D. Berger October 22, 2012 The views expressed herein are those of the speaker, and do not represent the views.

Identity Management In A Federated Environment Identity Protection and Management Conference Presented by Samuel P. Jenkins, Director Defense Privacy and.

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

On Privacy-aware Information Lifecycle Management (ILM) in Enterprises: Setting the Context Marco Casassa Mont Hewlett-Packard.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

NTIA Privacy Multistakeholder Meeting March 25, 2014 Amanda Koulousias, Attorney Division of Privacy and Identity Protection Federal Trade Commission FTC.

“Privacy Implications of RFID Technology in Health Care Settings” Marc Rotenberg President EPIC Dept. of Health & Human Services Washington, DC 11 January.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Privacy, Security, and trust in cloud computing BY: SIANI PEARSON PRESENTED BY: KIA MANOOCHEHRI.

Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.

CLOUD AND SECURITY: A LEGISLATOR'S PERSPECTIVE 6/7/2013.

2015 National BDPA Technology Conference Big Data: Cool, Creepy or Privacy Violation? Arlonda Stevens August 18-22, 2015 Washington, DC.

Mi-Gyeong Gwak, Christian Vargas, Jonathan Vinson

Smart Machines, Smart Privacy: Rules of the Road and Challenges Ahead The views expressed are those of the speaker and not necessarily those of the FTC.

EU Data Protection IT Governance view Ger O’Mahony 12 th October 2011.

Privacy Professional Practice for Computer Science Guest Lecture, 05 March 2007 Philippa Lawson Director, Canadian Internet Policy & Public Interest Clinic.

IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.

Identity Crisis: Global Challenges of Identity Protection in a Networked World Alison Knight.

The Internet of Things and Consumer Protection

Malcolm Crompton APEC Information Privacy Framework: review, impact, & progress APEC Symposium on Information Privacy Protection in E Government & E Commerce.

Privacy and Free Speech: It's Good for Business Nicole A. Ozer, Esq. Technology and Civil Liberties Policy Director ACLU of Northern California Online.

Data protection and compliance in context 19 November 2007 Stewart Room Partner.

INTRODUCTION TO DATA PROTECTION An overview of the Irish Data Protection legislation.

1 Copyright © International Security, Trust & Privacy Alliance -All Rights Reserved Making Privacy Operational International Security, Trust.

Fred Carter Senior Policy & Technology Advisor Information and Privacy Commissioner Ontario, Canada MISA Ontario Cloud Computing Transformation Workshop.

Intellectual Property. Confidential Information Duty not to disclose confidential information about a business that would cause harm to the business or.

Chapter 4: Laws, Regulations, and Compliance

APEC Privacy Framework “The lack of consumer trust and confidence in the privacy and security of online transactions and information networks is one element.

Privacy, data protection and connected cars Lilian Edwards, Professor of Internet Law University of Strathclyde Researcher in Residence, Digital Catapult.

LEARNING AREA 1 : INFORMATION AND COMMUNICATION TECHNOLOGY PRIVACY AUTHENTICATION VERIFICATION.

Data Protection in e-Voucher Systems Joel Urbanowicz Manager, ICT Deployment Services Catholic Relief Services.

Business Challenges in the evolution of HOME AUTOMATION (IoT)

The Future Digital Identity Landscape in Europe Timothée Mangenot, chairman 14th of December, 2015 ACSIEL partners day.

Consumer Information Federal Trade Commission Act grants Federal Trade Commission (FTC) responsibility regarding unfair methods of competition and unfair.

Director, Internet, Science, and Technology Research

Profile & Privacy Management Dashboard

Data Protection Officer’s Overview of the GDPR

Identity and Access Management

Surveillance around the world

Security in Internet of Things Begins with the Data

Cornelia Kutterer Director Digital Policy Microsoft.

Security Standard: “reasonable security”

Internet of (Every)Things

A BIG DATA WORLD Smaller and smaller and smarter devices

General Data Protection Regulation (GDPR

Privacy and Security in the Employment Relationship

Threats and Challenges to Data Protection and Privacy :-

BA 625: Privacy Law and Policy

HOSTED BY IN PARTNERSHIP WITH SUPPORTED BY Barcelona iCapital 2015.

GENERAL DATA PROTECTION REGULATION (GDPR)

The Circle of Trust Greg Hungerford.

Big Data Considerations

Internet of Things (IoT)

State of the privacy union

Employee Privacy and Privacy of Employee Information

Ethical questions on the use of big data in official statistics

Information technologies/NBIC and Big data

By The Data Protection Commissioner

The General Data Protection Regulation: Are You Ready?

IAPP TRUSTe SYMPOSIUM 9-11 JUNE 2004

Legislative Response to Data Inferences

Student Data Privacy: National Trends and Wyoming’s Role

Colorado “Protections For Consumer Data Privacy” Law

802E Privacy Report Date: Authors: January 2016

Presentation transcript:

Privacy and Public Policy Implications of IoT The Internet Society 1/24/2018 Privacy and Public Policy Implications of IoT Girard Kelly California State Legislature

The Internet Society 1/24/2018 Agenda Introduction Challenges and Opportunities for Privacy in the IoT Privacy by Design Principles Fair Information Practice Principles (FIPPs) 2015 Privacy Legislative Summary Future Privacy Policy Roadmap

Introduction The “Internet of Things” (IoT) is one of the fastest emerging, transformative, and disruptive technology developments since the Internet itself. By 2025, an estimated 50 billion “smart” devices are expected to be wirelessly connected to the Internet. Gartner predicts that the aggregated value and economic benefit of the IoT will exceed $1.9 trillion in the year 2020. IoT Devices will be collecting, analyzing, and sharing personal information in real-time. The IoT will dramatically change consumer’s expectations of personal data and privacy.

Challenges and Opportunities for Privacy in the IoT

IoT Privacy Challenges IoT notice and consent model Unexpected data collection and sharing Discrimination through data aggregation and consumer profiling Increased criminal, civil, and reputational harm New types of sensor data will require new definitions of Personally Identifiable Information (PII) Re-identification of anonymized data shared with third-parties

IoT Privacy Opportunities Convenience and information sharing Real-time feedback and analysis “Trusted” or connected computing Automation and control New forms of multi-factor authentication Big data analytics and sensor fusion

Privacy by Design Principles

Privacy by Design Principles Privacy by Design is an approach to systems engineering which takes privacy into account throughout the entire engineering process. Proactive not reactive Preventative not remedial Privacy as the default setting Privacy embedded into design Full functionality – positive- sum, not zero-sum End-to-end security – full lifecycle protection Visibility and transparency – keep it open Respect for user privacy – keep it user-centric

Fair Information Practice Principles

Fair Information Practice Principles The Fair Information Practice Principles (FIPPs) are a widely accepted framework of defining principles to be used in the evaluation and consideration of systems, processes, or programs that affect individual privacy. Transparency Individual Control Respect for Context Focused Collection and Responsible Use Security Access and Accuracy Accountability

2015 Legislative Summary

2015 Legislative Summary AB-66 (Weber) - Peace officers: body worn cameras AB-83 (Gatto) - Personal Data AB-195 (Chau) - Unauthorized access to computer systems AB-259 (Dabahneh) - Personal information: privacy

2015 Legislative Summary AB-856 (Calderon) - Invasion of Privacy AB-964 (Chau) - Civil Law: privacy AB-1116 ( Privacy Committee) - Connected televisions AB-1541 (Privacy Committee) - Privacy: personal information

2015 Legislative Summary SB-30 (Gaines) - Carjacking The Internet Society 1/24/2018 2015 Legislative Summary SB-30 (Gaines) - Carjacking SB-34 (Hill) - Automated license plate recognition systems: use of data SB-178 (Leno) - Privacy: electronic communications: search warrant SB-570 (Jackson) - Personal information: privacy: breach

2015 Legislative Summary SB-576 (Leno) - Mobile applications: geolocation information: privacy SB-690 (Stone)- Stalking SB-741 (Hill) - Mobile communications: privacy SB-1177 (Steinberg) - Privacy: students of 2014

Future Privacy Policy Roadmap

Fundamental Privacy Principles Transparency Individual Control Respect for Context Focused Collection and Responsible Use Security Access and Accuracy Accountability

1. Transparency Expand California’s Online Privacy Protection Act (CalOPPA) to include: A short-form summary at the beginning of every privacy policy Notice of what “type” of IoT sensor information is collected Notice of what “specific” personal information an organization has collected Notice of what “purpose” information is collected and shared with whom Application of CalOPPA to State agencies and their use of personal information

2. Individual Control Require opt-in/opt-out consent distinct from the operation of the IoT device Provide more consumer privacy choices—Not simply all or nothing Provide the ability to delete information Privacy by Design—default IoT settings for privacy

3. Respect for Context Restrict third-party sale of sensitive PII for marketing or unrelated advertising purposes Respect the purpose for which the data is collected Prohibit the use of data in unexpected ways Require a “reasonable expectation of privacy” standard

4. Focused Collection and Responsible Use Expand the definition of “Personally Identifiable Information” (PII) Expand the definition of “Personal Information” under the Information Practices Act Provide data minimization incentives for organizations Provide data correction and “second-hand” exclusion Responsible use of data based on fairness

The Internet Society 1/24/2018 5. Security Provide for increased data breach notification of non-encrypted re-identified information Require robust identity theft protection Require reasonable security procedures and practices of businesses Incentivize two-factor authentication / Biometric authentication Align product warranty and customer expectations with security fixes and product life-cycle

6. Access and Accuracy “Right to Know” what information an organization has collected about you Right to know what third-parties an organization has shared your PII with Right to correct inaccuracies in your information Right to export or transfer your information Right to access digital assets or information from deceased heirs

7. Accountability Provide stronger enforcement mechanisms: Federal Trade Commission (FTC) California Office of the Attorney General Consumer private right of action Data Breach Notification Requirements EU-U.S. Privacy Shield Safe Harbor

Thank You Girard.Kelly@asm.ca.gov