Data Privacy for data in transit and The Semantic Web Mike Davies.

Slides:



Advertisements
Similar presentations
IT Security Policy Framework
Advertisements

Confidentiality and Legislation The boring little things that you REALLY need to know about! …
Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.
Confidentiality and Privacy Controls
By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.
Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.
Netiquette Rules.
Security Controls – What Works
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Electronic Transaction Security (E-Commerce)
Elias M. Awad Third Edition ELECTRONIC COMMERCE From Vision to Fulfillment 13-1© 2007 Prentice-Hall, Inc ELC 200 Day 23.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Privacy as an International Information Issue MD823 October 18, 2004.
INTERNET and CODE OF CONDUCT
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
PART THREE E-commerce in Action Norton University E-commerce in Action.
Eric J. Pritchard One Liberty Place, 46 th Floor 1650 Market Street Philadelphia, Pennsylvania (215)
Company Confidential How to implement privacy and security requirements in practice? Tobias Bräutigam, OTT Senior Legal Counsel, Nokia 8 October
Electronic Use Policies.   Social Media  Internet.
Cyber crime & Security Prepared by : Rughani Zarana.
Internet Security for Small & Medium Business Week 6
Security and Privacy Strategic Global Partners, LLC.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
 Much of the information needed by an organisation comes from within the organisation, and the organisation’s IT systems can be used to extract this.
Component 4: Introduction to Information and Computer Science Unit 2: Internet and the World Wide Web 1 Component 4/Unit 2Health IT Workforce Curriculum.
Contact Center Security Strategies Karl Walder Director - Solutions Noble Systems.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
© Copyright 2011, Vorys, Sater, Seymour and Pease LLP. All Rights Reserved. Higher standards make better lawyers. ® CISO Executive Network Executive Breakfast.
Monitoring Employees on Networks: Unethical or Good Business?
Privacy in computing Material/text on the slides from Chapter 10 Textbook: Pfleeger.
Why the Data Protection Act was brought in  The 1998 Data Protection Act was passed by Parliament to control the way information is handled and to give.
Customer Interface for wuw.com 1.Context. Customer Interface for wuw.com 2. Content Our web-site can be classified as an service-dominant website. 3.
ND e-commerce Carl Arrowsmith Session 14 Consumer Protection & Trust.
IT Security Policy Framework ● Policies ● Standards ● Procedures ● Guidelines.
E-Business Project - Strategy Carl Arrowsmith
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Information Management in Retail: A Legal Perspective Chris Hill Barlow Lyde & Gilbert LLP 17 September 2009.
Reducing data loss by threats detection. InfoWatch Traffic Monitor & Workplace Security. Andrey Sokurenko Business Development Director.
James Fox Shane Stuart Danny Deselle Matt Baldwin Acceptable Use Policies.
CHAPTER 5 ETHICS & PRIVACY.
Intellectual Property. Confidential Information Duty not to disclose confidential information about a business that would cause harm to the business or.
Dino Tsibouris (614) Updates on Cloud, Contracting, Privacy, Security, and International Privacy Issues Mehmet Munur (614)
1 Law, Ethical Impacts, and Internet Security. 2 Legal Issues vs. Ethical Issues Ethics — the branch of philosophy that deals with what is considered.
GCSE ICT Data and you: The Data Protection Act. Loyalty cards Many companies use loyalty cards to encourage consumers to use their shops and services.
 Information privacy involves the protection of an individual’s personally identifiable information. Such information can include health records, criminal.
LESSON 12 Business Internet. Electronic business, or e-business, is the application of information and communication technologies (ICT) in support of.
Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.
Why Does The Site Need an SSL Certification?. Security should always be a high concern for your website, but do you need an SSL certificate? A secure.
BTEC ICT Level 3 Unit 8 E-Commerce
Chapter 5 Electronic Commerce | Security
General Data Protection Regulations: what you really need to know
Done BY: Zainab Sulaiman AL-Mandhari Under Supervisor: Dr.Tarek
The introduction and the essential elements of E- Commerce.
is not secure is not secure..
Chapter 5 Electronic Commerce | Security
Confidentiality and Privacy Controls
Digital $$ Quiz Test your knowledge.
GDPR (General Data Protection Regulation)
E-Commerce and Economic Forces
 How does GDPR impact your business? Pro Tip: Pro Tip: Pro Tip:
Module 4 System and Application Security
Mohammad Alauthman Computer Security Mohammad Alauthman
BTEC ICT Level 3 Unit 8 E-Commerce
Colorado “Protections For Consumer Data Privacy” Law
Disclosures Right to Consent You have a right to consent to how Innovative Results Group / IRG Consulting uses your data. Below is a list of the data.
Presentation transcript:

Data Privacy for data in transit and The Semantic Web Mike Davies

VeriSign Confidential Data privacy at rest vs in transit + Personal data at rest ▪ Stored within a company’s network + Personal data in transit ▪ Moved either within a public or private network + Industry and regulations has focused on the former ▪ Rather than the latter

VeriSign Confidential The Semantic Web + The Semantic web will make it easier to get data on any subject from the internet + Data privacy will be impacted as the fog of information becomes clearer + Fraudsters will use these tools to steal identities by looking at multiple sources ("Phoraging") + Where security needs to be applied to protect privacy

VeriSign Confidential SSL – SSL Certificates used externally Customer Company SSL Fraudster

VeriSign Confidential SSL – SSL Certificates CustomerPartner Employee Company SSL SSL – SSL Certificates used Internally SSL Administrator Fraudster MPKI for SSL

VeriSign Confidential How much value to a fraudster is there in data? Value of data Public Message boards / articles Public Information Private Message boards Enquiries Registrations for events or newsletters, Brochures Low value private data Healthcare records Financial payments data High value private data The Security Line The Privacy Line Consumer interaction With site

VeriSign Confidential So who says where the security line should be? + Privacy line position is very clear ▪ Name and Address ( or physical) is personal data + Position of Security line depends on following ▪ 1) Regional or country Data protection laws – i.e. UK data protection act of 1998 ▪ 2) Best practice in standards – i.e. BS 7799, ISO ▪ 3) Potential or percieved threat – Currently “Potential threat vs value of data vs cost of solution” – Should be “Potential brand or equity damage vs cost of solution”

VeriSign Confidential 1) Regional or country based Data Protection laws + Current laws in Europe all based on EU Privacy Directive ▪ and then interpreted by the member states + In UK became “Data Protection Act of 1998” ▪ Over 8 years old + The “dummies guide to DP law” says… ▪ “Personal Data should be protected to an appropriate level of security dependant on the potential for and implications of misuse” + In 1998 “the Security Line” was drawn ▪ the internet has changed a little since then!

VeriSign Confidential 1) EU Law based on “Physical world” (Postal Model) ConsumerOnline Merchant € Internet ConsumerMerchant € Postal network Online world Physical world DATA PROTECTION STARTS

VeriSign Confidential 1) Regional or country based Data Protection laws + Decisions were made on the “postal model” ▪ but one major difference + Consumer “feels” like they are “in the store” ▪ Not reliant on a trusted third party to deliver (i.e. Royal Mail) ▪ Even use the term “domain” + At best creates a “duty of care” for Site Owner ▪ To ensure that customers are safe + At least implies that the Site Owner should be worried ▪ Brand and equity issues if there is a compromise

VeriSign Confidential 2) Best Practice in standards + British Standards BS7799 ▪ Dictates best practice for online security + Standards only, no legal requirement ▪ However very influential in EMEA

VeriSign Confidential 2) Best Practice in standards + EU Safe Harbour Standard ▪ EU initiative to ensure security when personal data leaves EU + “Packets” of data could travel outside of EU ▪ On their route over the internet within EU + EU Safe Harbour states ▪ “Organizations creating, maintaining, using or disseminating personal information must take reasonable precautions to protect it from loss, misuse and unauthorized access, disclosure, alteration and destruction” + This could ALONE give us enough reason to say that best practice states that you should encrypt ANY personal data

VeriSign Confidential 3) Potential or perceived threat + Percieved threat to low value personal data is changing ▪ Cost of processing power very different to 1998 ▪ Potential to build illegal “database” of personal data real ▪ Use geo location software to correlate information? + “Packet sniffing” ▪ Originally used for credit card data ▪ Searches all data going into a site for known characteristics ▪ No reason why it can’t be used for other data sets + Looking for real life examples but could be used for ▪ Corporate espionageSpammers ▪ FraudPress ▪ BlackmailBurglary

VeriSign Confidential 3) Potential or perceived threat - Privacy Policy

VeriSign Confidential 3) Example Threat 1 – Burglary Database To: From: Subject: Brochure request Please help!!!! We are looking for a holiday destination for our honeymoon from the 1st October 2006 to 15th October Can you suggest anywhere? We would also really like to see a printed copy of your brochure or at worse a.pdf we can print out here If.pdf please to: If Physical copy please send to the below address. 111 Main Street, Chiswick, London, W4 1AA, UK Alternatively if you have a representative who can call me to discuss you can get me on Thanks! Mike Davies holiday 1st October 2006 to 15th October Main Street, Chiswick, London, W4 1AA, UK

VeriSign Confidential 3) Example Threat 1 – Similar example in US

VeriSign Confidential 3) Example threat 2 – Spammers To: From: Subject: Brochure request Please help!!!! We are looking for a holiday destination for our honeymoon from the 1st October 2006 to 15th October Can you suggest anywhere? We would also really like to see a printed copy of your brochure or at worse a.pdf we can print out here If.pdf please to: If Physical copy please send to the below address. 111 Main Street, Chiswick, London, W4 1AA, UK Alternatively if you have a representative who can call me to discuss you can get me on Thanks! Mike Davies honeymoon Mike To : From : Subject: ½ price Viagra Dear Mike, Getting married is stressful enough, we can help take away one of the worries. We can send you the highest strength and cheapest Viagra on themarket, all you need to do is….

VeriSign Confidential 3) Example threat 3 – Government

VeriSign Confidential 3) Example threat 4 – Entrepeneurs

VeriSign Confidential Some questions for the ICO + Do you feel that companies should protect consumer data in transit? + If so, do you think the Data Protection law gives you adequate powers to enforce protecting data in transit?

Data Privacy for data in transit and The Semantic Web Mike Davies

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.