© 2007 The MITRE Corporation. MITRE Privacy Practice W3C Government Linked Data Working Group Michael Aisenberg, Esq. 29 June 2011 Predicate for Privacy.

Slides:

Advertisements

Similar presentations

PRIVACY ACT OF 1974 OVERVIEW. FAIR INFORMATION PRACTICES The Privacy Act is primarily concerned with fair information practices. The Privacy Act is primarily.

Advertisements

EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.

AN OVERVIEW OF DATA PROTECTION LAW IN THE GCC NICK OCONNELL, Senior Associate – TMT JUNE 2013.

NCVHS: Privacy and Confidentiality Leslie P. Francis, Ph.D., J.D. Distinguished Professor of Law and Philosophy Alfred C. Emery Professor of Law University.

The Data Protection (Jersey) Law 2005.

IS3350 Security Issues in Legal Context

The Geopolitics of Personal Data and the Governance of Privacy Colin J. Bennett Department of Political Science University of Victoria BC, Canada

The Internet industry’s privacy seal program Silicon Valley Web Guild.

1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,

On Privacy-aware Information Lifecycle Management (ILM) in Enterprises: Setting the Context Marco Casassa Mont Hewlett-Packard.

FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.

Per Anders Eriksson

Transborder dataflows Flow of information across national borders Much of this data involves personal information.

Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

Anglican Province of Canada Privacy Policy. Commitment to Privacy The Privacy Policy, including the Web Privacy Statement, is the Anglican Province of.

Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario.

“Privacy Implications of RFID Technology in Health Care Settings” Marc Rotenberg President EPIC Dept. of Health & Human Services Washington, DC 11 January.

Sharing Low-Income Customer Information Water & Energy Utilities LIOB Meeting - January 2009 Seaneen M Wilson Division of Water & Audits.

6th CACR Information Security Workshop 1st Annual Privacy and Security Workshop (November 10, 2000) Incorporating Privacy into the Security Domain: Issues.

Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.

WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ Identity and Privacy: the.

Protecting Your Private Parts Tracy Ann Kosa. Protecting Your Private Parts TASK Meeting, 27 February 2008 Objectives  Terminology  Privacy & Security.

Computerized Networking of HIV Providers Workshop Data Security, Privacy and HIPAA: Focus on Privacy Joy L. Pritts, J.D. Assistant Research Professor Health.

A Perspective: Data Flow Governance in Asia Pacific & APEC Framework Martin Abrams October 21, 2008.

IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.

Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.

PricewaterhouseCoopers 1 Administrative Simplification: Privacy Audioconference April 14, 2003 William R. Braithwaite, MD, PhD “Doctor HIPAA” HIPAA Today.

The right item, right place, right time. DLA Privacy Act Code of Fair Information Principles.

Policies for Information Sharing April 10, 2006 Mark Frisse, MD, MBA, MSc Marcy Wilder, JD Janlori Goldman, JD Joseph Heyman, MD.

BC Public Libraries November, 2008 Privacy Principles.

IT Applications Theory Slideshows By Mark Kelly Vceit.com Privacy Laws.

Malcolm Crompton APEC Information Privacy Framework: review, impact, & progress APEC Symposium on Information Privacy Protection in E Government & E Commerce.

Approved for Public Release. Distribution Unlimited. 1 Government Privacy Rick Newbold, JD, MBA, CIPP/G Futures Branch 28.

HIPAA and Human Subjects Research IRB Member CE May 2014 Slideshow by Sean Horkheimer.

An Introduction to the Privacy Act Privacy Act 1993 Promotes and protects individual privacy Is concerned with the privacy of information about people.

Davis Wright Tremaine LLP The Seventh National HIPAA Summit HIPAA Privacy: Privacy Rule Compliance on Public Health Activities and Research Thomas E. Jeffry,

1 Copyright © International Security, Trust & Privacy Alliance -All Rights Reserved Making Privacy Operational International Security, Trust.

1/29/ Ask Matt - November 2011 – FERPA – Surveillance Video and Emergencies Matt Carver, J.D., Director of Legal Services tel fax.

HIT Policy Committee Meeting Nationwide Health Information Network Governance June 25, 2010 Mary Jo Deering, PhD ONC, Office of Policy and Planning NHIN.

Roundtable on Privacy in Transition: Is Privacy Policy Working in the Healthcare Sector?

HIPAA Overview Why do we need a federal rule on privacy? Privacy is a fundamental right Privacy can be defined as the ability of the individual to determine.

APEC Privacy Framework “The lack of consumer trust and confidence in the privacy and security of online transactions and information networks is one element.

HIPAA Privacy Rule Positive Changes Affecting Hospitals’ Implementation of the Rule.

DON Code of Privacy Act Fair Information Principles DON has devised a list of principles to be applied when handling Protected Personal Information (PPI).

Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.

COMMUNITY-WIDE HEALTH INFORMATION EXCHANGE: HIPAA PRIVACY AND SECURITY ISSUES Ninth National HIPAA Summit September 14, 2004 Prepared by: Robert Belfort,

Presented by Ms. Teki Akuetteh LLM (IT and Telecom Law) 16/07/2013Data Protection Act, 2012: A call for Action1.

Disclaimer This presentation is intended only for use by Tulane University faculty, staff, and students. No copy or use of this presentation should occur.

Data Protection Laws in the European Union John Armstrong CMS Cameron McKenna.

Juvenile Legislative Update 2013 Confidential Records and Protected Disclosures.

HIPAA Privacy Rule Positive Changes Affecting Hospitals’ Implementation of the Rule Melinda Hatton -- Oct. 31, 2002.

Data Protection Officer’s Overview of the GDPR

Surveillance around the world

Student Privacy in an Ever-Changing Digital World

Data Protection: EU & International

HIPAA Administrative Simplification

Information Governance and Data Privacy: A World of Risk

Confidential Records and Protected Disclosures

HIPAA Pros - Minimum Necessary

Employee Privacy and Privacy of Employee Information

OECD Guidelines Collection Limitation: should be limited to personal data, obtained by lawful and fair means, and (where appropriate) with knowledge and.

Analysis of Privacy and Data Protection Laws and Directives

Paul T. Smith, Esq. Partner, Davis Wright Tremaine LLP

National Congress on Health Care Compliance

The General Data Protection Regulation: Are You Ready?

THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner,

IAPP TRUSTe SYMPOSIUM 9-11 JUNE 2004

HIPAA Privacy and Security Update - 5 Years After Implementation

Presentation transcript:

© 2007 The MITRE Corporation. MITRE Privacy Practice W3C Government Linked Data Working Group Michael Aisenberg, Esq. 29 June 2011 Predicate for Privacy : Overview of Privacy considerations in Linked Data Environment

© 2007 The MITRE Corporation. MITRE Privacy Practice Privacy Primer 1: What is Privacy ?

© 2007 The MITRE Corporation. MITRE Privacy Practice Privacy Primer 2: Policy Framework n OECD: “Fair Information Practice Principles” n EU: Data Protection Directive: citizens “own” their PII –Data Protection Authority n U.S.: Distinguish Obligations by Identity of Collector of Data –Government: Privacy Act of 1974, 1976, 2002 Amendments n Privacy and Security: FISMA n All data collections “Systems of Records” –Special treatment of individuals’ data in sectors n Children: COPPA n Health Information: HIPAA n Banking/Financial Service Information: Sarbanes/Oxley n Global presence of U.S. collectors: EU Safe Harbor Agreement n Duty of custodial control by collector –“Data Breech” legislation

© 2007 The MITRE Corporation. MITRE Privacy Practice Privacy Primer 3: When do Privacy Act obligations apply ? 4

© 2007 The MITRE Corporation. MITRE Privacy Practice Privacy Primer 4:Core Privacy Principles* (Based on Fair Information Practices, foundation for the Privacy Act of 1974) PRINCIPLEMEANS Notice Provide clear information to subject about the agency’s collection and intended use of PII Choice Provide individuals with the ability to consent to the collection and use of their PII Limitation Ensure that minimal necessary PII is collected, used, disclosed, and retained for stated purposes Accuracy Ensure that individuals are treated fairly, based on PII that is correct Access and Redress Provide individuals with the ability to review the PII held about them, correct it, and challenge agency’s compliance with stated privacy practices Security Protect systems against inappropriate access and data disclosure and poor integrity of PII 5 *Based on information at

© 2007 The MITRE Corporation. MITRE Privacy Practice Background Information/Deeper Dive

© 2007 The MITRE Corporation. MITRE Privacy Practice Privacy Issues (1): Policy n Scope of consent –Consistency between avowed purpose as disclosed to subject and actual use –Use beyond scope as disclosed n Problem areas: Law enforcement Intelligence/counter-terrorism Minimization: least data necessary to accomplish agency’s purpose n “Routine uses” –Recognized, permissible “exceptions” to disclosed intended use n Share with congress, OMB: program oversight, often anonymized n Law enforcement/intelligence: by law, need NOT be disclosed if for specific investigation of an individual Grey area: routine sharing with LE/Intel for analytical, statistical purposes –The “exception” which threatens to consume the Rule….

© 2007 The MITRE Corporation. MITRE Privacy Practice Privacy Issues (2): Architecture

© 2007 The MITRE Corporation. MITRE Privacy Practice Emerging approaches to Controlling Data ”collection abuse” n Technical capacity to identify subjects of collection; e.g. n Meta tagging of ALL PII data fields ? n “Record locator” identifier for each collected record ? n Other options ? n System Design: Precursor: Common lexicon/uniform structure for data fields, critical PII data elements: n E.g. Name, D-O-B, Country of Birth/Citizenship/Origin n Cheat-sheet/template for foreign passports, other credential systems (ICAO badges) n How to enforce multi-laterally ? Rely on multi-jurisdictional vendors (e.g.—IBM, Siemens, Barclays) n Deployment Candor: What are the intended uses of data: what does agency REALLY intend to do with the data ? –Data matching systems; TTIC –Why ? Accurate “scope” information in required disclosures and informed consent to be obtained from subjects ?