IBM Global Services © 2003 IBM Corporation Privacy Technology and the Public Sector CACR Conference November 6, 2003 IBM Global Services

CACR © 2003 IBM Corporation 52% 20% 13% 11% Public Sector Privacy Issues - Architecture and Technology Drivers  Reactive vs. Proactive  PIA’s well established and useful but essentially a reactive tool  Privacy architecture helps move to a proactive stance  Governed by Public Legislation but held to highest standard  Expectation that PIPEDA is a minimum  Arguably must also offer the privacy functionality of the private sector  Contention between e-government initiatives and privacy  Provide convenience and efficiency without sharing or consolidating data  The Public expects both – but limited concept of choice and individual customization in existing services (act by legislative authority vs. consent)  Privacy architecture can provide guidance/solutions  Privacy technology can help manage the complexity and reduce risk

IBM Global Services CACR © 2003 IBM Corporation Transaction Service Enterprise+ OTR Customized Personalized Increased growth & profitability Trust, compliance & assurance challenge Trust  Increased Emphasis on Consent  Increased secondary use of data means increased focus on purpose and consent  Individual Comfort Levels  Privacy is individual, dynamic, context sensitive and culturally influenced  Implications for Enterprise Processes and IT Infrastructure  Superior data management, data ownership, educated employees  Universal opt-in/out, Individual access and update of data  Mistakes can Damage or Destroy Brand  The more sensitive the data, the higher the potential damage to the individual  Mistake by a business partner still affects your brand Business Strategy can change the Privacy Dynamic

IBM Global Services CACR © 2003 IBM Corporation DataObjects Technical Architecture Rules Strategy Controls Practices IBM Copyright EPA Components  Management Infrastructure:  Strategy: embedding business rules/best practices into policy  Controls: supporting and ensuring general policy compliance  Practices: privacy specific enterprise enablers  Business Activities:  Business process analysis (PIA) and optimization  Mapping key players, rules and data  Embedding policy into process and applications  Minimizing risk, leveraging opportunities  Supporting Technology:  Identifying where technology is appropriate  Providing the parameters for technical implementations

IBM Global Services CACR © 2003 IBM Corporation EPA - Management Infrastructure

IBM Global Services CACR © 2003 IBM Corporation Management Infrastructure - mapping to PIPEDA

IBM Global Services CACR © 2003 IBM Corporation 3. De-Identified use Subject or Guardian or Authority 4. Anonymized use give consent update access withdraw consent anonymiz e release 2. Personalized use disclos e utiliz e delete de-identify re-identify form = data + rules Law, regulations, privacy agreements, preferences, consent Data Subject notify Rule s authorizatio n, obligation request... 1a. Collection 1b. Control Data User The Process Model Optimizes PI Handling Processes for Privacy DataObjectsRules Process Model  Process Mapping:  Data Collection, Storage  Data Types  Uses, Disclosures, Retention  Risk Analysis:  Threats  Vulnerabilities  Adherence to Policy  Optimization and Risk Mitigation:  Data Transformation Opportunities  Limiting collection, use, disclosure  Security controls  Contractual, Audit measures  Sticky Policy Paradigm  Data Classification  Data Transformation  Dynamic Rules, Obligations  Privacy Relevant Actions

IBM Global Services CACR © 2003 IBM Corporation PIA Tool Reports

IBM Global Services CACR © 2003 IBM Corporation Passive vs. Active Privacy Technology  Passive Privacy Technology  Design and implementation decisions that support privacy objectives  Examples:  User Interface Design  PII storage and transmission decisions  EPA Technical Architecture:  Design and Implementation Guidance  ==>Design Privacy "in" Now  Active Privacy Technology  Specialized components or functions that dynamically react to ensure transactions are compliant with privacy policy  Examples:  Privacy policy display and interpretation (ex: P3P)  Audit tools such as privacy-tuned web scanners (ex: Watchfire)  Privacy enhanced access control (ex: Tivoli Privacy Manager)  EPA Technical Architecture:  Component Model for Active Privacy  ==> Prepare for Privacy Enhancing Technology Now

IBM Global Services CACR © 2003 IBM Corporation Passive Privacy Design and Implementation Guidance  EPA Technical Architecture Provides Guidance on:  Application Design  User Interface Design  Database Design  Logging, Retention and Audit  Authentication, Authorization and Identity Management  Classification Schemes  Architectural Concepts  Specific technology issues, ex: Biometrics, Smartcards  Value  Can be built into IT development cycle checkpoints  Can be built into IT procurement/acquisition criteria  Can be used in audit procedures

IBM Global Services CACR © 2003 IBM Corporation Active Privacy Requirements  Privacy rules for data access:  Purpose  Consent  Obligations  "Sticky Policy Paradigm" - policy sticks to data not resources  Communication, Interpretation, Negotiation of Privacy Policy  Personal access to information and tracking use, disclosure etc.  Real-time transformation of data to less identified forms  Managing fulfillment of obligations  Pseudonymous and anonymous interactions  Anonymous assertions

IBM Global Services CACR © 2003 IBM Corporation IBM Enterprise Privacy Architecture (EPA) These components interact with users to present policies, gain consent, accept requests etc. These components map identity, facilitate pseudonymous interaction and use of assertions etc. These components enforce privacy policy for PI access, check consent and transform PI. These components manage policy, audit logs and obligations These support tools indirectly support the active privacy components

IBM Global Services CACR © 2003 IBM Corporation Transformed Data PPNS:Policy Presentation/ Negotiation Service UPCM: User Privacy Contact Manager UPAM : User Privacy Action Manager Access/update to stored PII Data Subject PTE: Privacy Data Trans- formation Engine Data Users Results Request/Prove Assertion Register/ Issue Assertion Present/ negotiate policy POES: Privacy Obligation Event Service Generate obligation event Log privacy decisions PII Submit and Access Requests Get policy Obligation event notification Policy EPD Consent EPD PPM : Privacy Policy Manager Log EPD PAAM : Privacy Action Audit Manager Notice or consent request Replicate policies + deploymen t + consent Other Enterprises Vulnerability Checker Log privacy actions PII Discovery Log Analyzer Policy Editor Request Consent, Post Notice Legacy Data EPD Web Data EPD PERM : Privacy Enabling Resource Manager Store Identifier s Get PII ask for additonal data Enterprise Applications generalized request information data decision Deployment Engine Policy EPD Consent EPD PDM: Privacy Decision Manager Request/Prove Assertion Mappings EPD Credential EPD PAE: Privacy-Enabled Authentication AAE: Attribute Exchange Engine PECS: Privacy Enabled Credential Service Exchange PII Attributes Support Tools Sub-System User Interaction Sub-System Directory and Security Sub- System Privacy Services Sub-System Privacy Data Handling Sub-System Purpose Specification Security Safeguards IP : Identity Protection Collection Limitation Openness Access Data Quality Use Limitation Accountability Consent Disclosure Limitation Compliance Retention Limitation Relationship to Privacy Principles

IBM Global Services CACR © 2003 IBM Corporation Transformed Data PPNS:Policy Presentation/ Negotiation Service UPCM: User Privacy Contact Manager UPAM : User Privacy Action Manager Access/update to stored PII Data Subject PTE: Privacy Data Trans- formation Engine Data Users Result s Request/Prove Assertion Register/ Issue Assertion Present/ negotiate policy POES: Privacy Obligation Event Service Generate obligation event Log privacy decisions PII Submit and Access Requests Get policy Obligation event notification Policy EPD Consent EPD PPM : Privacy Policy Manager Log EPD PAAM : Privacy Action Audit Manager Notice or consent request Replicate policies + deploymen t + consent Other Enterprises Vulnerability Checker Log privacy actions PII Discovery Log Analyzer Policy Editor Request Consent, Post Notice Legacy Data EPD Web Data EPD PERM : Privacy Enabling Resource Manager Store Identifier s Get PII ask for additonal data Enterprise Applications generalized request information data decision Deployment Engine Policy EPD Consent EPD PDM: Privacy Decision Manager Request/Prove Assertion Mappings EPD Credential EPD PAE: Privacy-Enabled Authentication AAE: Attribute Exchange Engine PECS: Privacy Enabled Credential Service Exchange PII Attributes Support Tools Sub-System User Interaction Sub-System Directory and Security Sub- System Privacy Services Sub-System Privacy Data Handling Sub-System Tivoli Privacy Manager Policy Wizard Monitor Tivoli Privacy Manager Publish P3P Policy IP : Identity Protection Relationship to Tivoli Privacy Manager

IBM Global Services CACR © 2003 IBM Corporation  Description  A review of an enterprise's website privacy management practices to create trust among website users to ensure that appropriate privacy and security measures are taken and are visible to the user  Use of best-of-breed automated platform to test for privacy compliance  Deliverable  A comprehensive, web-based report identifying: Website Privacy Compliance

IBM Global Services CACR © 2003 IBM Corporation 20% 13% 11%.... please Questions???