Jody Blanke and Janine Hiller August 7, 2017

Slides:



Advertisements
Similar presentations
Module N° 3 – ICAO SARPs related to safety management
Advertisements

What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.
NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholde r to insert your own image. Cybersecurity.
Substantive environmental provisions Prof. Gyula Bándi.
“REACH-THROUGH CLAIMS”
Patents Copyright © Jeffrey Pittman. Pittman - Cyberlaw & E- Commerce 2 Legal Framework of Patents The U.S. Constitution, Article 1, Section 8:
Determining Obviousness under 35 USC 103 in view of KSR International Co. v. Teleflex TC3600 Business Methods January 2008.
Vs. Miguel Chan UC Berkeley IEOR 190G March 2009.
ISMT 520 Lecture #6: Protecting Technical and Business Process Innovations Dr. Theodore H. K. Clark Associate Professor and Academic Director of MSc Programs.
PROCEDURES FOR SELECTING THE CONTRACTOR
Expanded Version of COSO a presentation by Steve Wadleigh Expanded Version of COSO a presentation by Steve Wadleigh Standards for Internal Control in the.
Informed Consent and HIPAA Tim Noe Coordinating Center.
Eurasian Corporate Governance Roundtable
The Role of Risk Management and Assurance in Effective Organizational Governance Urton Anderson The University of Texas at Austin.
Information Systems Controls for System Reliability -Information Security-
Utility Requirement in Japan Makoto Ono, Ph.D. Anderson, Mori & Tomotsune Website:
Determining Obviousness Under 35 U.S.C. § 103 After KSR v. Teleflex
Strategy #5. IT Architecture and IT Infrastructure are Metaphors Architecture - the relationship between planning and building Infrastructure - examples.
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.
NIST Special Publication Revision 1
Roles and Responsibilities
Module 2 Slide 1 NATIONAL COMMUNICATIONS COMMISSION REGULATORY PRACTICES WORKSHOP MODULE: 2 A The Independent Regulator.
Using Risk Management to Improve Privacy in Information Systems 1.
Security Standards and Threat Evaluation. Main Topic of Discussion  Methodologies  Standards  Frameworks  Measuring threats –Threat evaluation –Certification.
Environmental Management System Definitions
Jody Blanke, Professor Computer Information Systems and Law Mercer University, Atlanta 1.
Overview Validity of patent hinges on novelty, utility, and non-obviousness Utility generally not an issue Pre-suit investigation focuses on infringement,
DOC Web Policies & Best Practices Jennifer Hammond NOAA Research WebShop 2002 August 7, 2002.
Claims, Anticipation, and Obviousness Kathleen Kahler Fonda Legal Advisor, Office of Patent Legal Administration July 30, 2010.
1 PARCC Data Privacy & Security Policy December 2013.
Data Registry to support HIPAA standards The Health Insurance Portability and Accountability Act of 1996 Title II - Subtitle F Administrative Simplification.
HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.
Patent Law Jody Blanke, Professor Computer Information Systems and Law Mercer University, Atlanta.
USPTO Guidelines for Determining Obviousness in View of the Supreme Court Decision in KSR International Co. v. Teleflex Inc. TC 1600 Biotech/Chem/Pharma.
Olek Pawlowski IEOR 190 Spring 2009 UC Berkeley Explaining the basic concepts of the landmark Supreme Court patent case of KSR vs. Teleflex and specifically.
HIT Policy Committee Meeting Nationwide Health Information Network Governance June 25, 2010 Mary Jo Deering, PhD ONC, Office of Policy and Planning NHIN.
 Reconsideration of the Employee Inventions System in Japan Pre-Meeting AIPLA Mid-Winter Institute January 27, 2015 Orlando Sumiko Kobayashi 1.
Control and Security Frameworks Chapter Three Prepared by: Raval, Fichadia Raval Fichadia John Wiley & Sons, Inc
USPTO Guidelines for Determining Obviousness in View of the Supreme Court Decision in KSR International Co. v. Teleflex Inc. Kathleen Kahler Fonda Legal.
EVALUATION RESEARCH To know if Social programs, training programs, medical treatments, or other interventions work, we have to evaluate the outcomes systematically.
Class 24: Finish Remedies, then Subject Matter Patent Law Spring 2007 Professor Petherbridge.
Business Challenges in the evolution of HOME AUTOMATION (IoT)
This Webcast Will Begin Shortly If you have any technical problems with the Webcast or the streaming audio, please contact us via at:
© 2015 Waller Lansden Dortch & Davis, LLP. All Rights Reserved. Ready to Patent? Value and Risk Considerations Nicolo Davidson.
NIST SP800 53R4 WMISACA Conferance April 2016 By Dean E Brown CISSP, ISSMP, CSSLP, MCSD Owner – ITSecurityAxioms.com 262 Barrington Cir Lansing, MI
An Information Security Management System
Privacy and Public Policy Implications of IoT
Patents 101 March 28, 2006 And now, for something new, useful and not obvious.
Sample Fit-Gap Kick-off
Higher Education’s Role in the Identity Ecosystem
North Carolina Law Review Symposium
TSMO Program Plan Development
A Long-Term Policy Solution for Taxing Digitalized Business Models
Patent, Trademark & Trade Secret Law
Making Information Security Actionable with GRC
Changes to Exempt Categories
Privacy Project Framework & Structure
Ethical questions on the use of big data in official statistics
KNOWING GOOD GOVERNANCE
AUDITING FOR SUSTAINABLE DEVELOPMENT
WOMEN AS AGENT OF CHANGE- GOOD GOVERNANCE
Strategic Environmental Assessment (SEA)
Chapter 5 the free enterprise system Section 5.1
FCA DECISIONS – CONSTRUCTION AND THE SKILLED PERSON
GDPR PERSONDATAFORORDNINGEN I PRAKSIS
MGT601 SME MANAGEMENT.
A tutorial and update on patentable subject matter
Using Data to Build LEA Capacity to Improve Outcomes
Introduction about sociology
ONAP Risk Assessment – Preparation Material - Overview of the Process - Terminology - Assumptions
Presentation transcript:

Jody Blanke and Janine Hiller August 7, 2017 Predictability As an Objective for Privacy Engineering and Risk Management Jody Blanke and Janine Hiller August 7, 2017

Cybersecurity and Privacy are two different concepts, however The Cybersecurity Framework by NIST is widely recognized: adopted by private sector as well Review of Cybersecurity Framework identified that privacy protection is NOT well defined and therefore not necessarily well protected in federal systems

Enter . . .

An Engineering Approach to Privacy (A Systems Approach)

Relationship Between Information Security and Privacy: now working on Privacy

The Privacy Framework In January 2017, NIST released An Introduction to Privacy Engineering and Risk Management in Federal Systems An Engineering Approach to Privacy Components for Privacy Engineering in Federal Systems Privacy Engineering Objectives Predictability Manageability Disassociability Introducing a Privacy Risk Model Privacy Risk Factors Privacy Risk Characteristics

Privacy Engineering: Objectives

Privacy Objectives support the Circular A-130 FIPPs Access and Amendment Accountability Authority Minimization Quality and Integrity Individual Participation Purpose Specification and Use Limitation Security Transparency

Aligning A-130 FIPPs with the Privacy and Security Objectives

Focus on Predictability

What does Predictability really mean What does Predictability really mean? (Especially in an era of quickly changing technology) “A reliable sense of what is occurring with PII in a system is core to building trust and accountability” “By framing predictability in terms of reliable assumptions, agencies can begin to measure more concretely the capabilities in a system that supports these principles” “If system owners and operators can reliably describe what is occurring with PII, they can better maintain accountability for system compliance with organizational privacy policies and system privacy requirements” “Predictability is about designing systems so that stakeholders are not surprised by the handling of PII”

The Meaning and Application of Predictability: Comparison to Legal Concepts Patent Law and Nonobviousness Reasonableness NOTE: 1) these are analogies and comparisons, not direct applications, and 2) we include analysis of the impact of broader acceptance by the private sector

Patent Law: Predictable=Obvious Improvement Predictability is bad for the patent applicant but good for the privacy engineer. When an inventor improves upon an existing, patent protected technology or product, the improvement itself must be non-obvious in order to obtain a patent. The legal determination of whether the improvement is obvious, and therefore not patentable, invokes the question of whether the improvement upon, or a different use of, an existing invention is predictable. 2011 patent drawing for an improved method of delivering shaving lotion via soft pads on a razor

Determining Predictability Prior Art will be considered to determine nonobviousness By analogy, determining prior art for use of PII and privacy protections requires a longitudinal understanding of the use of PII and privacy This is most pressing in today’s environment of fast changing data uses, similar to improvements on patented products In KSR International Co. v. Teleflex Inc. (KSR), the Supreme Court stated that: “When a work is available in one field of endeavor, design incentives and other market forces can prompt variations of it, either in the same field or a different one. If a person of ordinary skill can implement a predictable variation, § 103 likely bars its patentability.”

Two ways of viewing predictability for improvements: “the improvement is more than the predictable use of prior art elements according to their established functions.” OR “[t]he combination of familiar elements according to known methods is likely to be obvious when it does no more than yield predictable results.” KSR (2007) Cotropia: Type I and Type II predictability. Type I is a gap analysis, Type II suffers from hindsight bias DANGER: Type II predictability induces Hindsight Bias for use of personal data under NIST predictability

Mapping Your Home---Sharing the Information with Smart Home/Smart Cities?

Reasonableness The “Reasonable Man” The “Ordinary Man” The “Reasonable Person” The “Reasonable Woman” The “Ordinary Man” The “Average Joe” The “Man on the Clapham Omnibus” The “Man on the Street”

Katz v. United States (1967)

Katz v. United States (1967) The Two-Prong Test [F]irst that a person have established an actual (subjective) expectation of privacy and [S]econd, that the expectation be one that society is prepared to recognize as “reasonable” The “Reasonable Expectation of Privacy” Test

Katz v. U.S. The Reality The Katz test should be just one prong an objective test That’s what had been proposed That’s what courts have actually applied

The Hope for Predictability

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.