29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.

Slides:



Advertisements
Similar presentations
Terra Incognita Auditing for Privacy Workshop: Chairman’s Remarks
Advertisements

EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
Interactive Financial eXchange XML Usage in Financial Services Mark Tiggas President, Interactive Financial eXchange Open Applications.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
Privacy: Accountability and Enforceability Jamie Yoo April 11, 2006 CPSC 457: Sensitive Information in a Wired World.
The Geopolitics of Personal Data and the Governance of Privacy Colin J. Bennett Department of Political Science University of Victoria BC, Canada
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
Security Controls – What Works
The U.S.-E.U. Safe Harbor Framework The U.S.-E.U. Safe Harbor Framework New Developments in Data Flows, Standards, & Compliance Damon Greer U.S. Department.
Privacy By Design Sample Use Case Privacy Controls Insurance Application- Vehicle Data.
Tackling the Policy Challenges of Health Information Exchange Carol Diamond, MD, MPH Managing Director, Markle Foundation.
Privacy and Trust In Europe Mike Small Principal Consultant Security Management CA EMEA.
OASIS PRIVACY MANAGEMENT REFERENCE MODEL EEMA European e-identity Management Conference Paris, June 2012 John Sabo, CA Technologies Co-Chair, OASIS.
© 2007 The MITRE Corporation. MITRE Privacy Practice W3C Government Linked Data Working Group Michael Aisenberg, Esq. 29 June 2011 Predicate for Privacy.
Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
Confidential1 ISTPA Framework Project Combining Security and Privacy Throughout the Life Cycle of Personal Information MICHAEL WILLETT Wave Systems Chair:
WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ Identity and Privacy: the.
Case Study: Pharmaceuticals Patrick F. Sullivan, Ph.D. 939 North Graham Avenue, Indianapolis, IN
PMRM TC Emergency Responder Use Case Draft: 2 Aug 2011.
Session ID: Session Classification: Dr. Michael Willett OASIS and WillettWorks DSP-R35A General Interest OASIS Privacy Management Reference Model (PMRM)
A Perspective: Data Flow Governance in Asia Pacific & APEC Framework Martin Abrams October 21, 2008.
Overview Privacy Management Reference Model and Methodology (PMRM) John Sabo Co-Chair, PMRM TC.
IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.
Policies for Information Sharing April 10, 2006 Mark Frisse, MD, MBA, MSc Marcy Wilder, JD Janlori Goldman, JD Joseph Heyman, MD.
Federal Trade Commission U.S. Rules on Privacy and Data Security Organization for International Investment General Counsel Conference October 16, 2009.
1 The ISTPA Privacy Framework John Sabo Manager, Security, Privacy and Trust Initiatives Computer Associates Workshop on the Relationship between Security.
Confidential1 ISTPA Framework Project Combining Security and Privacy Throughout the Life Cycle of Personal Information MICHAEL WILLETT Wave Systems Chair:
1 PARCC Data Privacy & Security Policy December 2013.
1 Designing a Privacy Management System International Security Trust & Privacy Alliance.
1 Copyright © International Security, Trust & Privacy Alliance -All Rights Reserved Making Privacy Operational International Security, Trust.
Dino Tsibouris & Mehmet Munur Privacy and Information Security Laws and Updates.
PMRM Revision Discussion Slides Illustrations/Figures 1-3 o Model, Methodology, “Scope” options Functions, Mechanisms and “Solutions” Accountability and.
Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.
Incorporating Privacy Into Systems Development Methodology Phil Moleski Director Corporate Information Technology Branch Saskatchewan Health
Microsoft 365 Get help with regulatory compliance
Employee Privacy and Privacy of Employee Information
American Health Information Management Association
Analysis of Privacy and Data Protection Laws and Directives
Non-HIPAA Governmental Regulation of Healthcare Privacy and Security
Presentation transcript:

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS CONFERENCE 29e Confrence internationale des commissaires à la protection de la vie prive

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS CONFERENCE 29e Confrence internationale des commissaires à la protection de la vie prive Making Privacy Operational Updating the ISTPA Privacy Framework John T. Sabo President, International Security Trust and Privacy Alliance (ISTPA) Director Global Government Relations CA, Inc.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS CONFERENCE What is the ISTPA? The International Security, Trust, and Privacy Alliance (ISTPA), founded in 1999, is a global alliance of companies, institutions and technology providers working together to clarify and resolve existing and evolving issues related to security, trust, and privacy. ISTPAs focus is on the protection of personal information (PI) See ISTPA

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS CONFERENCE 29e Confrence internationale des commissaires à la protection de la vie prive Privacy Reality: Complex, Challenging Industry Global Laws Regulations Evolving nature and concepts of Privacy Technology Standards Information Society National Security Digital Economy Forces Rapid Change

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS CONFERENCE 29e Confrence internationale des commissaires à la protection de la vie prive Global Privacy Laws and Policies – Wide Variance OECD Privacy Principles Fair Information Practices CSA Model Code U.S. Privacy Act EU Data Directive HIPAA APEC Privacy Framework

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS CONFERENCE ISTPAs Perspective on Privacy Operational - Solution Focus – Migrate to privacy engineering discipline – Privacy framework supporting full privacy lifecycle – Not a policy framework – rather this is a technical framework for business processes and supporting IT systems Platform for multidisciplinary collaboration Must address variations in law and policies Industry Specific Use Cases ISTPA

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS CONFERENCE 29e Confrence internationale des commissaires à la protection de la vie prive ISTPA Framework v 1.1 Concepts An open, policy configurable set of collaborating services and capabilities used to guide the analysis, design and implementation and assessment of privacy solutions and infrastructure An architectural approach that provides a template usable by IT architects and program managers to develop interoperable applications

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS CONFERENCE 29e Confrence internationale des commissaires à la protection de la vie prive ISTPA Privacy v 1.1 Framework Services Control – policy – data management Certification – credentials, trusted processes Interaction - manages data/preferences/notice Negotiation – of agreements, rules, privileges Agent – software that carries out processes Usage – data use, aggregation, anonymization Audit – independent, verifiable accountability Validation - checks accuracy of PI Enforcement – including redress for violations Access - subject correct/update PI

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS CONFERENCE 29e Confrence internationale des commissaires à la protection de la vie prive ISTPA Framework Submitted as ISO Publicly Available Specification Submitted by ISSEA (International Systems Security Engineering Association) in October Balloting was to close December 11, 2004 Caused significant discussion, including Privacy Technology Study Group under ISO JTC-1 Withdrawal requested November 22, 2004 for additional work

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS CONFERENCE 29e Confrence internationale des commissaires à la protection de la vie prive Recent Work: Analysis of Privacy Principles: Making Privacy Operational Select representative global privacy laws & directives Analyze disparate language, definitions and expressed requirements Parse expressed requirements into working set of privacy principles Cross-map and derive common and unique requirements

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS CONFERENCE 29e Confrence internationale des commissaires à la protection de la vie prive Selected Laws, Directives, Codes The Privacy Act of 1974 (U.S.) OECD Privacy Guidelines UN Guidelines EU Data Protection Directive Canadian Standards Association Model Code Health Insurance Portability and Accountability Act (HIPAA) US FTC Fair Information Practice Principles US-EU Safe Harbor Privacy Principles Australian Privacy Act Japan Personal Information Protection Act APEC Privacy Framework California Security Breach Bill

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS CONFERENCE 29e Confrence internationale des commissaires à la protection de la vie prive Derived Core Privacy Principles Accountability Notice Consent Collection Limitation Use Limitation Disclosure Access & Correction Security/Safeguards Data Quality Enforcement Openness Additionally: Anonymity Data Flow Sensitivity

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS CONFERENCE 29e Confrence internationale des commissaires à la protection de la vie prive Example: Notice Principle Includes: definition of the personal information collected its use (purpose specification) its disclosure to parties within or external to the entity practices associated with the maintenance and protection of the information options available to the data subject regarding the collectors privacy practices changes made to policies or practices information provided to data subject at designated times and under designated circumstances

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS CONFERENCE 29e Confrence internationale des commissaires à la protection de la vie prive Next Steps: Path to ISTPA Privacy Framework v 2.0 Use Analysis study to evaluate existing Framework – full document available online Analysis being used by external organizations Complete expansion of Framework functions, including function labeling Continue collaboration with ISSEA on security mapping Continue development of Master Toolset project to make Framework more accessible and usable Expected draft v 2.0: 2008

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS CONFERENCE 29e Confrence internationale des commissaires à la protection de la vie prive Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.