Getting to Privacy A Presentation to: Presented by: Mike Gurski.

Slides:

Advertisements

Similar presentations

Office of the Information and Privacy Commissioner, Ontario, Canada

Advertisements

EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.

CHAPTER 4 E-ENVIRONMENT

Consumer Privacy and Information Access Professor Matt Thatcher.

VIU Workshop: Creating a Culture of Privacy Awareness June 12, 2013 By Justin Hodkinson OIPC Policy Analyst/Investigator Office of the Information & Privacy.

© 2005 Morrison & Foerster LLP All Rights Reserved Data Security and Incident Notification: The Impact of Foreign Law Presented April 26, 2006 to EDUCAUSE.

Privacy No matter how exemplary your life is, there are things you want to keep to yourself © 2004, Lawrence Snyder.

1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,

The Privacy Imperative: Go Beyond Compliance to Competitive Advantage Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Bell.

6/1/2015MINISTRY OF ENERGY, COMMUNICATIONS AND MULTIMEDIA 1 PRESENTATION OF PERSONAL DATA PROTECTION BILL PRESENTATION OF PERSONAL DATA PROTECTION BILL.

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

Managing Personal Information - Australian Companies Outsourcing to India and the Philippines Professor Margaret Jackson and Marita Shelly.

P3P: Platform for Privacy Preferences Charlin Lu Sensitive Information in a Wired World November 11, 2003.

Privacy in Ontario Brian Beamish Office of the Information and Privacy Commissioner/Ontario Presentation to Security Canada Central 2002 International.

Lecture to Carleton University, Center for European Studies, December 1, 2010.

What if my organization conducts business across borders ? Your footnote Privacy and “Personal Information” have different meanings in different countries;

A European View of Privacy Protection John Woulds Director of Operations UK Data Protection Commissioner National Conference on Privacy, Technology & Criminal.

Towards a Freedom of Information Law in Qatar Fahad bin Mohammed Al Attiya Executive Chairman, Qatar National Food Security Programme.

Per Anders Eriksson

Transborder dataflows Flow of information across national borders Much of this data involves personal information.

Personal Data Privacy and The Internet by Stephen Lau Privacy Commissioner for Personal Data, Hong Kong SAR at the Joint Conference of the OECD, HCOPIL,

Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Personal Data (Privacy) Ordinance Hong Kong Personal Data (Privacy) Ordinance Hong Kong by Stephen Lau Privacy Commissioner for Personal Data Hong Kong.

An overview of the Data Protection Act Legal framework The Data Protection Act 1998 came into force in March 2001, replacing the Data Protection.

Privacy and Encryption The threat of privacy due to the sale of sensitive personal information on the internet Definition of anonymity and how it is abused.

6th CACR Information Security Workshop 1st Annual Privacy and Security Workshop (November 10, 2000) Incorporating Privacy into the Security Domain: Issues.

Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.

Privacy Codes of Conduct as a self- regulatory approach to cope with restrictions on transborder data flow Dr. Anja Miedbrodt Exemplified with the help.

Privacy by Design: Building Trust into Technology Ann Cavoukian, Ph.D. Information and Privacy Commissioner/Ontario 1 st Annual Privacy & Security Conference.

Whatever Happened to the F air I nformation P ractices ?

Privacy: Do We Need It? Mike Gurski Senior Policy & Technology Advisor Information & Privacy Commission, Ontario Canada JetNet September 25, 2001 Ottawa.

The Privacy Imperative: Go Beyond Compliance to Competitive Advantage Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Cambridge.

Protecting Your Private Parts Tracy Ann Kosa. Protecting Your Private Parts TASK Meeting, 27 February 2008 Objectives  Terminology  Privacy & Security.

1 Office of the Privacy Commissioner for Personal Data Hong Kong SAR Tony LAM Deputy Privacy Commissioner for Personal Data Asian Personal Data Privacy.

The European influence on privacy law and practice Nigel Waters, Pacific Privacy Consulting International Dimension of E-commerce and Cyberspace Regulation.

Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.

Getting to the Truth about Privacy & Security Ann Cavoukian Ph.D. Information and Privacy Commissioner/Ontario Privacy & Security: Totally Committed November.

A Perspective: Data Flow Governance in Asia Pacific & APEC Framework Martin Abrams October 21, 2008.

Initial reflections of the privacy commissioner on Ontario’s draft privacy bill Ann Cavoukian, Ph.D. Information and Privacy Commissioner/Ontario Toronto.

Privacy in computing Material/text on the slides from Chapter 10 Textbook: Pfleeger.

Data Protection Act AS Module Heathcote Ch. 12.

IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.

Location, Location, Location: The Emerging Crisis in Wireless Data Privacy Ari Schwartz & Alan Davidson Center for Democracy and Technology

Robert Guerra Director, CryptoRights Foundation Implementing Privacy Implementing Privacy: Rules of the Game for Developers Mac-Crypto Conference on Macintosh.

PIPEDA and Receivables Management Robin Gould-Soil Receivables Management Association of Canada November 16, 2011.

BC Public Libraries November, 2008 Privacy Principles.

Malcolm Crompton APEC Information Privacy Framework: review, impact, & progress APEC Symposium on Information Privacy Protection in E Government & E Commerce.

PROTECTION OF PERSONAL DATA. OECD GUIDELINES: BASIC PRINCIPLES OF NATIONAL APPLICATION Collection Limitation Principle There should be limits to the collection.

Privacy: An International Perspective Marty Abrams August 18, 2008.

Go Beyond Compliance to Competitive Advantage: Make Privacy Pay Off Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario IFB Toronto.

Fred Carter Senior Policy & Technology Advisor Information and Privacy Commissioner Ontario, Canada MISA Ontario Cloud Computing Transformation Workshop.

Computer Laws Data Protection Act 1998 Computer Misuse Act 1990.

APEC Privacy Framework “The lack of consumer trust and confidence in the privacy and security of online transactions and information networks is one element.

© University of Reading Lee Shailer 06 June 2016 Data Protection the basics.

Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.

Data protection—training materials [Name and details of speaker]

E-C OMMERCE : T HE E -C ONSUMER AND THE ATTACKS AGAINST THE PERSONAL DATA Nomikou Eirini Attorney at Law, Piraeus Bar Association Master Degree in Web.

Data Protection Laws in the European Union John Armstrong CMS Cameron McKenna.

Surveillance around the world

Referral to Community Support Services

Privacy principles Individual written policies

Data Protection: EU & International

Data Protection Legislation

Healthcare Privacy: The Perspective of a Privacy Advocate

IAPP TRUSTe SYMPOSIUM 9-11 JUNE 2004

Presentation transcript:

Getting to Privacy A Presentation to: Presented by: Mike Gurski

Agenda Background on IPC Privacy why’s and what’s Online Risks (Offline too) Online Privacy –Tasks –Tools P3P

Information & Privacy Commission/Ontario established in 1988 independent review of government decisions and practices concerning access and privacy resolve appeals, investigate privacy complaints, ensure compliance with the Acts, research access and privacy issues and educate the public about these laws.

What’s Drives the Privacy Issue? Large organizations disconnected from clients, gathering detailed data Increasing amounts of personal data, held, consolidated, used New privacy invasive technologies Application of a technology paradigm geared to manufactured goods on humans

Privacy & Security: the Difference Security  Privacy

Privacy & Data Security Authentication Data Integrity Confidentiality Non-Repudiation Privacy > Data SecurityPrivacy = Data Security + Data Protection (FIP) Personal Control Informational Self-determination Informed Consent

Privacy Defined Informational Privacy: The protection and control of any recorded information about an identifiable individual.

Some Headlines Stealing cards easy as Web Browsing –Jan 14, 2000 NSNBC Vast online credit card theft revealed: Hacker hides 485,000 stolen cards on US government computer –March 20, 2000 MSNBC CD Universe 300,000 cards hijacked.

Some more Headlines The Illusion of Privacy –National Post, Dec. 14, 1999 Woman’s one-way trip on information highway –Toronto Star March 23, 2000 Web sites can follow a trail of your data, recording every move –Ottawa Citizen, Jan. 18, 2000

Online Risks Web Bugs Web Cookies…Cookie Synchronization Double Clicks Malicious code Viruses

More Online Risks Unauthorized Access Snooping Spoofing Identity Theft

Remedies Become Privacy Literate –Know the Laws International National Provincial –Visit the Web Sites –Read the Books and Articles

Privacy Literacy Why are you asking? collection; purpose specification How will my information be used? primary purpose; use limitation Who will be able to see my information? restricted access; third parties Will there be any secondary uses? notice and consent; unauthorized disclosure

Who Has What Laws: E.U. Canada United States Other Countries

Current Global Environment E.U. Directive on Data Protection OECD Guidelines on E-Commerce C.S.A. Model Code for the Protection of Personal Information Canada’s Personal Information Protection and Electronic Document Act (Bill C-6) Principles for Consumer Protection in Electronic Commerce- A Canadian Framework U.S. Safe Harbor Proposal

Canadian Online Privacy Context Bill C-6: Personal Information Protection and Electronic Documents Act

The Canadian Privacy Legislative Framework Purpose: –support E-commerce strategy, –enable business with Europe, and –domestically to ensure Canadians feel secure in delving into e-commerce

Bill C-6 & CSA Model Codes: The Ten Commandments Accountability for personal information and shall designate an individual(s) accountable for compliance of principle Identifying Purposes purpose of collection must be clear and done at or before time of collection Consent individual has to give consent to collection, use, disclosure of personal information

The Ten Commandments Limiting Collection collect only information required for the identified purpose and information shall be collected by fair and lawful means Limiting Use, Disclosure, Retention consent of individual required for other purposes Accuracy keep as accurate and up-to-date as necessary for identified purpose Safeguards protection and security required appropriate to the sensitivity of the information

The Ten Commandments Openness policies and information about the management of personal information should be readily available Individual Access upon request, an individual shall be informed of the existence, use and disclosure of her personal information and be given access to that information, challenge its accuracy and completeness and have it amended as appropriate Challenging Compliance ability to challenge all practices in accord with the above principles to the accountable body in the organization.

European Union (E.U.) Directive on Data Protection Non-E.U. countries must be able to meet the test of having an ‘adequate level of data protection’. The absence of private sector privacy protection will serve as a non-economic trade barrier with E.U. and Asia/Pacific-Rim countries.

U.S. Proposed Safe Harbor Privacy Principles Notice Choice Onward Transfer Security Data Integrity Reasonable Access Enforcement

Other Jurisdictions Australia to introduce legislation in the first sittings of 2000 to strengthen self-regulatory privacy protection in the private sector. Asian countries, have developed or are currently developing laws in an effort to promote electronic commerce. Self-regulation is currently the policy promoted by the governments of Japan, and Singapore.

Other Jurisdictions “Many countries in the [South East] region have either adopted comprehensive [privacy]laws or are currently in the process. Hong Kong and New Zealand already have comprehensive acts in force. Taiwan’s act covers the public sector and eight areas of the private sector. The governments of Thailand, Malaysia and India are all currently developing comprehensive data protection legislation”.

More Remedies Tasks –Follow Ben Franklin’s Key Steps Be discreet Leave your SIN at home Go unlisted and non-published for your phone Get a P.O. Box

More Tasks Check out a Web’s Privacy Policy Never provide personal information –over the phone, –to unfamiliar web sites –to clerks (be positive and insistent) Get encrypted

Online Tools (cookie control) ( security sandbox, personal firewall, antivirus) ( encryption made easy) (pseudonymisers) (secure financial transactions)

Privacy Resources

P3P: A Proactive Approach Platform for Privacy Preferences –Consumer sets his/her privacy preference –Web sites set their privacy policy –P3P built into Browsers and Web sites –Allows consumer to be more informed and choose whether or not to proceed into a Web site

P3P: the June 21 Interop Invitation for your company to participate. Interested? Contact Lorrie Faith Cranor:

How to Contact Us Dr. Ann Cavoukian Ph. D. Commissioner, Information & Privacy Commission Ontario, Canada, M5S 2V1 Phone: Web: Info.ipc.on.ca Mike Gurski: