TRUST:Team for Research in Ubiquitous Secure Technologies

Slides:

Advertisements

Similar presentations

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

Advertisements

© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Management for a Global Enterprise.

SECURITY What does this word mean to you? The sum of all measures taken to prevent loss of any kind.

 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.

Jan. 28, 2004UCB Sensor Nets Day1 TOWARD A LEGAL FRAMEWORK FOR SENSOR NETWORKS Pamela Samuelson, Law/SIMS UCB Sensor Nets Day January 28, 2004.

Privacy and Sensor Networks: Do Sensor Networks fit with Fair Information Practices Deirdre K. Mulligan Acting Clinical Professor of Law Director, Samuelson.

March 13, 2004Securing Privacy Conference1 SENSOR NETWORKS & PRIVACY Pamela Samuelson, UC Berkeley, Securing Privacy Conference, March 13, 2004.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Information Resources and Communications University of California, Office of the President System-Wide Strategies for Achieving IT Security at the University.

Contemporary Issues in Canadian Health Care Nola M. Ries, MPA, LLM Adjunct Assistant Professor, University of Victoria Research Associate, Health Law Institute,

1 25 October EPFL Conference Data Protection in Intergovernmental Organizations Workshop 7 February 2013 K. Ernst S. Lüders C. Viala.

Lawyer at the Brussels Bar Lecturer at the University of Strasbourg Assistant at the University of Brussels Data Protection & Electronic Communications.

RFID Policy Update 1/23/08 Dan Caprio President DC Strategies, LLC.

City Hall of Iasi Ethics in e-guidance, privacy and security devices Date: Author: Cristina Nucuta.

State Alliance for e-Health Conference Meeting January 26, 2007.

HIT Standards Committee Privacy and Security Workgroup: Initial Reactions Dixie Baker, SAIC Steven Findlay, Consumers Union June 23, 2009.

Session ID: Session Classification: Dr. Michael Willett OASIS and WillettWorks DSP-R35A General Interest OASIS Privacy Management Reference Model (PMRM)

Overview Privacy Management Reference Model and Methodology (PMRM) John Sabo Co-Chair, PMRM TC.

Europe's work in progress: quality of mHealth Pēteris Zilgalvis, J.D., Head of Unit, Health and Well-Being, DG CONNECT Voka Health Community 29 September.

Copyright © 2009 by The McGraw-Hill Companies, Inc. All Rights Reserved. McGraw-Hill Chapter 6 The Privacy and Security of Electronic Health Information.

LEGAL ASPECTS OF DIGITAL LIBRARIES By TALWANT SINGH ADDL DISTT. & SESSIONS JUDGE; DELHI.

Staying ahead of the storm: know your role in information security before a crisis hits Jason Testart, IST Karen Jack, Secretariat.

1 Copyright © International Security, Trust & Privacy Alliance -All Rights Reserved Making Privacy Operational International Security, Trust.

Infrastructure Breakout What capacities should we build now to manage data and migrate it over the future generations of technologies, standards, formats,

Business Challenges in the evolution of HOME AUTOMATION (IoT)

Regulation models addressing data protection issues in the EU concerning RFID technology Ioannis Iglezakis Assistant Professor in Computers & Law Faculty.

Understanding Privacy An Overview of our Responsibilities.

Nassau Association of School Technologists

Law Firm Data Security: What In-house Counsel Need to Know

Audit Trail LIS 4776 Advanced Health Informatics Week 14

Privacy on the Internet

Strategies in the Game of

Cyber Security – An Existential Threat? (IIC, Singapore)

Learning objective Understand how to safeguard children in relation to legislation, frameworks, policies and procedures. Identify current.

VIRTUALIZATION & CLOUD COMPUTING

Information Sharing for Integrated care A 5 Step Blueprint

Capital Project / Infrastructure Renewal – Making the Business Case

Viewing the GDPR Through a De-Identification Lens

Tim Carter Sales Director Sybase Confidential Propriety.

Data Security Policies

TRUST Area 3 Overview: Privacy, Usability, & Social Impact

© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Page 1 Fundamentals of Information Systems.

BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT

Privacy and Security in the Employment Relationship

ICT meeting Business needs

Tim Carter Sales Director Sybase Confidential Propriety.

VERMONT INFORMATION TECHNOLOGY LEADERS

Implications of HIV Self Testing (HIVST) for Sex Workers in Australia

G.D.P.R General Data Protection Regulations

Current Privacy Issues That May Affect Your Credit Union

Institutional Framework, Resources and Management

TRUST:Team for Research in Ubiquitous Secure Technologies

TRUST:Team for Research in Ubiquitous Secure Technologies

Contact Center Security Strategies

Presentation for information days Units involved:

The Practical Side of Meaningful Use:

Sameer Sharma, ITU 7 August, 2018 Dhaka, Bangladesh.

In Argentina Ana Palmero Legal and Research Ethics Advisor

Drew Hunt Network Security Analyst Valley Medical Center

COMPETITION POLICY AND IP

THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner,

Student Data & Privacy.

JULIE University of Wollongong, Australia

AUP, EDP, & Centralized Printing

HIPAA Privacy and Security Update - 5 Years After Implementation

Data Privacy by Design Expanding Security for bepress Users

SUSTAINABLE ENERGY SUPPLY

Abby Kinchy Presentation for the Teach-In on Disappearing Data

Cloud Computing for Wireless Networks

Presentation transcript:

TRUST:Team for Research in Ubiquitous Secure Technologies Social Science Dimensions, Pamela Samuelson, Law/SIMS, UC Berkeley NSF STC Review September 6, 2004

PRIVACY It is desirable for persons and organizations to able to maintain privacy and confidentiality interests in their data Can’t have privacy without meaningful security Fair information practices provide a regulatory framework that address many information privacy concerns, but they are sometimes difficult to map onto new technologies (e.g., sensor networks) Traditional focus has been on data custodian but advances in technology makes widening policy inquiry (e.g., datamining) important NSF STC Review December 26, 2018

KEY QUESTIONS What privacy rules, practices, & technologies promote better security? What level of security is necessary to promote privacy and confidentiality? How do we achieve appropriate levels of investment in security to ensure appropriate levels of actual security? When is necessary to access private information in order to provide security? What technical tools, legal policies, practices are necessary to control or monitor such access? NSF STC Review December 26, 2018

COLLABORATION Technologists and the policy analysts may be able to work together to find the right mix of technology and policy solutions Culler, Hellerstein, Wagner, Samuelson & Mulligan research (3 technologists, 2 lawyers) on sensor network privacy issues High tech clinic at Boalt worked with Berkeley Public Library to assess privacy implications of deployment of RFID technology, cooperation with EECS professor & grad student as well NSF STC Review December 26, 2018

PRIVACY-SENSITIVE IT May be possible to design privacy-sensitive information technology Encrypt PII so can only be used for one purpose Use authentication/access control systems Store data only where security can be strong Aggregate data to anonymize, hide mapping Don’t log or flush out data when no longer needed Give users ability to turn sensors off or provide detector devices or notice of sensor presence May be necessary to develop new laws or fair information practices for sensor networks to maintain privacy (e.g., require deployers to give notice if sensing PII) NSF STC Review December 26, 2018

INFORMATION POLICY Need for research to explore whether rules on electronic surveillance should be updated or otherwise changed and if so, why and how Electronic Privacy Communications Act was written decades ago, long before advanced IT networks and security technologies were deployed; ambiguities in law Policies favoring free flows of information and those favoring security and secrecy should be analyzed to ensure that restrictions are not greater than necessary and are directed at the right targets E.g., communities can’t assess vulnerabilities if they can’t/don’t share information about them (multidisciplinary research may aid formation of sound policy about disclosure policies) NSF STC Review December 26, 2018

OUTPUTS Research publications Conferences, workshops, other public meetings to discuss results Meetings with key industry leaders or associations about privacy-sensitive technology possibilities Possible proposed legislation or other policy recommendations NSF STC Review December 26, 2018