Richard Purcell Corporate Privacy Officer Microsoft Corporation

Slides:



Advertisements
Similar presentations
How You Can Identify Abuse and Help Older Adults at Risk.
Advertisements

1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.
Security Controls – What Works
Information Security Policies and Standards
Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.
The 10 Deadly Sins of Information Security Management
Brian Markham Director, DIT Compliance and Risk Services May 1, 2014
David L. Wasley Office of the President University of California Maybe it’s not PKI … Musings on the business case for PKI EDUCAUSEEDUCAUSE PKI Summit.
Internet eCommerce 101 Or, how to enjoy your summer... profitably Or.
HIPAA Privacy & Security EVMS Health Services 2004 Training.
© by Seclarity Inc. 2005, Slide: 1 Seclarity, Inc Lightfall Court Columbia, MD A Blumberg Capital, Valley Ventures and Intel Capital Funded.
1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.
Basic Persuasion Skills in Employee Ownership Corey Rosen National Center for Employee Ownerships.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
1 General Awareness Training Security Awareness Module 1 Overview and Requirements.
FORESEC Academy FORESEC Academy Security Essentials (II)
POSITIONING STATEMENT For people who operate shared computers with Genuine Windows XP, the Shared Computer Toolkit is an affordable, integrated, and easy-to-use.
1 Secure Commonwealth Panel Health and Medical Subpanel Debbie Condrey - Chief Information Officer Virginia Department of Health December 16, 2013 Virginia.
Establishing a Digital Identity Martin Roe - Director of Technology, Royal Mail ViaCode.
April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.
Lecture 17 Page 1 CS 236 Online Network Privacy Mostly issues of preserving privacy of data flowing through network Start with encryption –With good encryption,
Information Security Governance and Risk Chapter 2 Part 3 Pages 100 to 141.
Introduction to Computer Security PA Turnpike Commission.
Data Security in a Mobile World Emmitt Wells – Getronics.
FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.
ARMA International Washington, DC Chapter Change Management Seminar Using Change Management to Facilitate Enterprise RIM Implementation.
Security Engineering Assurance & Control Objectives Priyanka Vanjani ASU Id #
Lecture 13: Anonymity on the Web Modified from Levente Buttyan, Michael K. Reiter and Aviel D. Rubin.
Easy Read Summary Mental Capacity Act Mental Capacity Act A Summary The Mental Capacity Act 2005 will help people to make their own decisions.
Csci5233 Computer Security & Integrity 1 Overview of Security & Java (based on GS: Ch. 1)
Case Study: Applying Authentication Technologies as Part of a HIPAA Compliance Strategy.
HIPAA Compliance Case Study: Establishing and Implementing a Program to Audit HIPAA Compliance Drew Hunt Network Security Analyst Valley Medical Center.
Safeguarding Sensitive Information. Agenda Overview Why are we here? Roles and responsibilities Information Security Guidelines Our Obligation Has This.
1 Ethics of Computing MONT 113G, Spring 2012 Session 31 Privacy as a value.
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
Customer-Centric Banking The Digital Opportunity Hassan Abouzeid Group Head of Digital.
How to Make Yourself More Secure Using Public Computers and Free Public Wi-Fi.
The technology behind the USPS EPM. AND COMPLIANCE March 25, 2004 Adam Hoffman.
Finance and Accounts.
Creating your online identity
3 Do you monitor for unauthorized intrusion activity?
Taking Lessons from End Users, “Convergence” Rises from the Ashes
Data Minimization Framework
Best Practices in Creating Next Generation PDFs
Security Standard: “reasonable security”
SETTING UP OF E-COMMERCE WEBSITE
HIPAA Administrative Simplification
Welcome to Week 3 in the computer lab
It’s not the company, It’s the people in the company. It’s you!
Rights Management Services (RMS)
Compliance Matters May 2013 Webinar – Bon Avis.
Microsoft 365 Business Customer Targeting 2/6/18
IS4550 Security Policies and Implementation
Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek
Managing Information Technology
11/19/2018 4:38 AM Microsoft 365 Business Customer Targeting Janine Brittain - EXEED 2/6/18 © Microsoft Corporation. All rights reserved. MICROSOFT.
Why ISO 27001? Subtitle or presenter
Integrated Management System
County HIPAA Review All Rights Reserved 2002.
Other Sources of Information
Drew Hunt Network Security Analyst Valley Medical Center
Online Safety: Rights and Responsibilities
Managing Customer Expectations
HIPAA Privacy and Security Update - 5 Years After Implementation
3 Do you monitor for unauthorized intrusion activity?
CHAPTER 3: ETHICS AND CORPORATE SOCIAL RESPONSIBILITY
Your Credit and the Law Chapter 27 5/24/2019.
Colorado “Protections For Consumer Data Privacy” Law
Make it real: Help your customers comply with the GDPR
3 Do you monitor for unauthorized intrusion activity?
Presentation transcript:

Richard Purcell Corporate Privacy Officer Microsoft Corporation Trustworthy Computing: Privacy, Security & Usability HIPAA – Summit West II Coordinating Security & Privacy Richard Purcell Corporate Privacy Officer Microsoft Corporation

Microsoft Corporation What is Privacy? It’s about me Who I am, where I am, what I do It’s about being in control I control who gets access Let me be the judge about use It’s about being left alone Don’t bug me It’s about respect Like I said, don’t bug me 11/9/2018 Microsoft Corporation

What is the Value of My Information? For me: Defines WHO I am as an individual Defines WHAT I do and WANT Defines WHERE I am and WHEN For others: In emergencies, it’s critical In communities, it’s important In business, it’s convenient In some cases, I’d rather be invisible Most importantly – it’s empowering! 11/9/2018 Microsoft Corporation

When Information is Critical Don’t expect any privacy Emergencies like 911 Identify-based services, like passports Use of others’ resources as employees Legal actions like taxes and divorce Law enforcement like stop signs 11/9/2018 Microsoft Corporation

When Information is Important Financial dealings like bank and credit accounts Job applications like resumes and references Airline travel Medical services Contracted services Government protections 11/9/2018 Microsoft Corporation

When Information is Convenient Business transactions like catalog purchases Local/national directories like phone books and church directories Retail sales like tailored clothing Personal preferences like nutritional requirements 11/9/2018 Microsoft Corporation

Microsoft Corporation This is Easy, Right? Nope – it’s way complicated Privacy requires Security, but not too much Security doesn’t require privacy at all Gov’ts compel information … …and promises to reveal it, too! No one really can agree on what privacy means No one-size-fits-all formula 11/9/2018 Microsoft Corporation

Microsoft Corporation How Hard Could It Be? Do you want your government to know about you? To tax me to the max? Rather not! Public services? OK! Protective services? Darned right! 11/9/2018 Microsoft Corporation

Microsoft Corporation Keep this Stuff Secure! Different kinds of data require different protections Name & address – some, but not a lot Shopping behaviors – a bit more Finances – a lot Health – quite a lot Political, sexual, racial – lots & lots Configuring security can be quite complicated Data types and potentials uses (and abuses) are the key 11/9/2018 Microsoft Corporation

Oh, yeah, Make it Easy for Me to Use, Too! High security means high difficulty That’s the point – security makes it hard to get to the data If it’s hard for someone else to get to my data, then it’s hard for me to get to it, too Base Points: Recognition is not enough Authentication is often required Authorization has to be based on verified identity 11/9/2018 Microsoft Corporation

Microsoft Corporation This Really is Hard Privacy is very personal Who can decide what is the right balance for everyone? Governments have to be intrusive, and provide open access, too Really hard balance, particularly for the judiciary Business cannot succeed without customer trust More clear today then ever before 11/9/2018 Microsoft Corporation

Microsoft Corporation The Elements of Trust Data Protection Privacy Security Control of Information Control of Devices Choice re: Content Goal: empower people 11/9/2018 Microsoft Corporation

A Trust Taxonomy Goals Means Execution Availability At advertised levels Suitability Features fit function Integrity Against data loss or alteration Privacy Use & Access authorized by end-user Reputation System and provider brand Security Resists unauthorized access Quality Performance criteria Dev Practices Methods, philosophy Operations Guidelines and benchmarks Business Practices Business model Policies Laws, regulations, standards, norms Intent Management assertions Risks What undermines intent, causes liability Implementation Steps to deliver intent Evidence Audit mechanisms

A Trust Scorecard: 120 Grades

Passport Anxiety: Will My Data Be Safe? Goal: Privacy Means: Security Risk: unauthorized access to the user’s data

TCI Process for Privacy Privacy Directive 100+ page policy documentation Privacy Checklist Training module required for all staff Privacy Health Index Assessment tool required for targeted product, systems, and services managers Scorecard – you can’t manage what you can’t measure 11/9/2018 Microsoft Corporation

Microsoft Corporation Thank You! 11/9/2018 Microsoft Corporation

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.