Identity Management In A Federated Environment Identity Protection and Management Conference Presented by Samuel P. Jenkins, Director Defense Privacy and.

Slides:

Advertisements

Similar presentations

RBAC and HIPAA Security Uday O. Ali Pabrai, CHSS, SCNA Chief Executive, HIPAA Academy.

Advertisements

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.

Operating System Security

Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.

Topics Rule Changes Skagit County, WA HIPAA Magic Bullet HIPAA Culture of Compliance Foundation to HIPAA Privacy and Security Compliance Security Officer.

Developing Privacy and Security Standards Allen Briskin Allen Briskin

Annual Army FOIA/Privacy/Records Management Conference Privacy Leadership – Accountability - Action presented by Samuel P. Jenkins, Director Defense Privacy.

Data Classification & Privacy Inventory Workshop

Information Security Policies and Standards

Using Digital Credentials On The World-Wide Web M. Winslett.

Stephen S. Yau CSE465 & CSE591, Fall Information Assurance (IA) & Security Overview Concepts Security principles & strategies Techniques Guidelines,

© 2003, EDUCAUSE Information Privacy: Public Policy and Institutional Policies Rodney J. Petersen Policy Analyst, EDUCAUSE EDUCAUSE/Internet2 Security.

“Privacy Implications of RFID Technology in Health Care Settings” Marc Rotenberg President EPIC Dept. of Health & Human Services Washington, DC 11 January.

DEFENSE PRIVACY & CIVIL LIBERTIES OFFICE Safeguarding Personally Identifiable Information (PII) Samuel P. Jenkins Director for Privacy Defense Privacy.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Tackling the Policy Challenges of Health Information Exchange Carol Diamond, MD, MPH Managing Director, Markle Foundation.

Auditing Logical Access in a Network Environment Presented By, Eric Booker and Mark Ren New York State Comptroller’s Office Network Security Unit.

Information Security Technological Security Implementation and Privacy Protection.

Storage Security and Management: Security Framework

Privacy: Understanding the Needs, Policy, and Approach Owen Greenspan Director Law and Policy Program.

Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.

WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ Identity and Privacy: the.

Ames Laboratory Privacy and Personally Identifiable Information (PII) Training Welcome to the Ames Laboratory’s training on Personally Identifiable Information.

Federated or Not: Secure Identity Management Janemarie Duh Identity Management Systems Architect Chair, Security Working Group ITS, Lafayette College.

April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.

A Perspective: Data Flow Governance in Asia Pacific & APEC Framework Martin Abrams October 21, 2008.

HIPAA Michigan Cancer Registrars Association 2005 Annual Educational Conference Sandy Routhier.

1 Information Sharing Environment (ISE) Privacy Guidelines Jane Horvath Chief Privacy and Civil Liberties Officer.

Chapter VII Security Management for an E-Enterprise -Ramyah Rammohan.

Privacy and Security Risks to Rural Hospitals John Hoyt, Partner December 6, 2013.

PricewaterhouseCoopers 1 Administrative Simplification: Privacy Audioconference April 14, 2003 William R. Braithwaite, MD, PhD “Doctor HIPAA” HIPAA Today.

The right item, right place, right time. DLA Privacy Act Code of Fair Information Principles.

Definitions of Business, E- Business, and Risk  Business: An organization involved in trade of goods and/or services to the consumers  E-Business: Application.

Patient Confidentiality and Electronic Medical Records Ann J. Olsen, MBA, MA Information Security Officer and Director, Information Management Planning.

HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.

Policies for Information Sharing April 10, 2006 Mark Frisse, MD, MBA, MSc Marcy Wilder, JD Janlori Goldman, JD Joseph Heyman, MD.

Tad and Terry Legal Issues in ILP. 28 CFR Part 23 The federal rule that governs or provides guidance for these issues. § 23.3 Applicability: These policy.

Data Governance 101. Agenda  Purpose  Presentation (Elijah J. Bell) Data Governance Data Policy Security Privacy Contracts  FERPA—The Law  Q & A.

Malcolm Crompton APEC Information Privacy Framework: review, impact, & progress APEC Symposium on Information Privacy Protection in E Government & E Commerce.

PROTECTION OF PERSONAL DATA. OECD GUIDELINES: BASIC PRINCIPLES OF NATIONAL APPLICATION Collection Limitation Principle There should be limits to the collection.

1 PARCC Data Privacy & Security Policy December 2013.

Privacy Act United States Army (Managerial Training)

Organizing a Privacy Program: Administrative Infrastructure and Reporting Relationships Presented by: Samuel P. Jenkins, Director Defense Privacy Office.

Personal data protection in research projects

APEC Privacy Framework “The lack of consumer trust and confidence in the privacy and security of online transactions and information networks is one element.

Module 7: Designing Security for Accounts and Services.

DON Code of Privacy Act Fair Information Principles DON has devised a list of principles to be applied when handling Protected Personal Information (PPI).

Data protection—training materials [Name and details of speaker]

©Canada Health Infoway 2016 Health System Use Summit: Health Analytics for Informed Decision Making Technology and Infrastructure Enablers Joan Roch, Chief.

INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.

By: Mark Reed.  Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.

Framework of engagement : big data for official use Roy D. Ibay AVP Regulatory PLDT – Smart.

Information Security and Privacy in HRIS

Nassau Association of School Technologists

Privacy principles Individual written policies

Providing Access to Your Data: Handling sensitive data

General Data Protection Regulation

FOIA, Privacy & Records Management Conference 2009

Move this to online module slides 11-56

The E-Authentication Initiative

Paul T. Smith, Esq. Partner, Davis Wright Tremaine LLP

THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner,

IAPP TRUSTe SYMPOSIUM 9-11 JUNE 2004

PRIVACY PRESENTATION TO THE SPRING 2013 CONFERENCE BY HANK MOORLAG

Data Protection in Law Enforcement Area Chapter 9a of the draft law

Student Privacy in the age of big data

HIPAA Privacy and Security Update - 5 Years After Implementation

Data Protection What can I do? GDPR Principles General Data Protection

Baseline Expectations for Trust in Federation

NPHS 1510 Federal and International

Presentation transcript:

Identity Management In A Federated Environment Identity Protection and Management Conference Presented by Samuel P. Jenkins, Director Defense Privacy and Civil Liberties Office April 2010

2 Presentation Outline Success factors for identity federation and relation to privacy Fair Information Practice Principles for Identity Management Systems Core Information Privacy Concerns Privacy Design Considerations

Identity Federation Goal  Enable users to securely access data, systems, or applications of another domain seamlessly and without the need for completely redundant user administration 3

Identity Federation 4 Technology Identity Management Domain and Individual Privacy Assurances

Identity Federation Basis for Success  Agreement on root identities  Trust Between domains Between domain and individual 5

Root Identity Agreement  Identity theft risk  Authentication  Social Security Number  Access control 6

Domain Trust  Information sharing agreements Purpose and authorities Training Data correction and deletion Breach notification  Baseline security requirements Access credentialing/Access controls Technical safeguards 7

Individual Trust  One person, one identity  Accuracy and timeliness  Controlled information sharing  IT Security 8

Fair Information Practice Principles 9 Source: Organization for Economic Cooperation and Development PrincipleDescription Security safeguards Personal information should be protected with reasonable security safeguards against risks such as loss or unauthorized access, destruction, use, modification, or disclosure. Openness The public should be informed about privacy policies and practices, and individuals should have ready means of learning about the use of personal information. Individual participation Individuals should have the following rights: to know about the collection of personal information, to access that information, to request correction, and to challenge the denial of those rights. Accountability Individuals controlling the collection or use of personal information should be accountable for taking steps to ensure the implementation of these principles.

Fair Information Practice Principles 10 Fair Information Practice Principles for Identity Management Systems PrincipleDescription Diversity and decentralization Resist centralizing identity information or using a single credential for multiple purposes. Proportionality The amount, type, and sensitivity of identity information collected and stored by an identity management system should be consistent with and proportional to the system’s purpose. Privacy by designPrivacy considerations should be incorporated into the identity management system from the outset of the design process.

Core Informational Privacy Concerns  Observability The possibility that others (potential observers) will gain information.  Linkability The potential to link between data and an individual as well as potential links between different data sets that can be tied together for further analysis. 11

Privacy Design Considerations  Determine whether identity is necessary  Identify risks  Discourage unnecessary linkages  Implement security during design  Adopt trust-enhancing measures 12

Thank you! Questions? 13