Privacy by Design: Building Trust into Technology Ann Cavoukian, Ph.D. Information and Privacy Commissioner/Ontario 1 st Annual Privacy & Security Conference.

Slides:

Advertisements

Similar presentations

Office of the Information and Privacy Commissioner, Ontario, Canada

Advertisements

Building in Privacy from the Bottom up: How to Preserve Privacy in a Security-Centric World Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.

Privacy on the WEB Privacy on the WEB Group 0227 Efrain Castro, Dinesh Parmer, Michael Raiford Robert Reich, Kim Walker, Claudia Worme.

National Security in a Post-9/11 World: The Rise of Surveillance, … the Demise of Privacy? Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario.

Silicon Valley Apps for Kids Meetup Laura D. Berger October 22, 2012 The views expressed herein are those of the speaker, and do not represent the views.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,

Chief Information Officer Branch Gestion du dirigeant principal de l’information “We will have a world class public key infrastructure in place” Prime.

The Privacy Imperative: Go Beyond Compliance to Competitive Advantage Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Bell.

Seamless Customer Experience: What Will It Take? Offering Security and Privacy Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario The Access.

Information and Privacy Commissioner/Ontario, © 2005 Go Beyond Compliance to Competitive Advantage Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario.

Preserving Privacy in a Security-Centric World Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Canadian Information Processing.

Research Ethics Levels of Measurement. Ethical Issues Include: Anonymity – researcher does not know who participated or is not able to match the response.

Privacy in Ontario Brian Beamish Office of the Information and Privacy Commissioner/Ontario Presentation to Security Canada Central 2002 International.

Biometrics & the Privacy Paradigm: Separating Fact from Fiction Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Security.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

Chapter 10: Electronic Commerce Security. Electronic Commerce, Seventh Annual Edition2 Impact of Security on E-Commerce In 2006 an estimated $913 million.

1 Privacy by Design: Don’t Make Privacy An Afterthought – Build It In Convergence Expo 2005 Calgary, Alberta May 17, 2005 Ann Cavoukian, Ph.D. Information.

Personal Data Privacy and The Internet by Stephen Lau Privacy Commissioner for Personal Data, Hong Kong SAR at the Joint Conference of the OECD, HCOPIL,

Getting to Privacy A Presentation to: Presented by: Mike Gurski.

Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario.

The Privacy Tug of War: Advertisers vs. Consumers Presented by Group F.

Privacy and Encryption The threat of privacy due to the sale of sensitive personal information on the internet Definition of anonymity and how it is abused.

Certificate Authority Security Council (CASC) 2015 Consumer Trust Survey.

Electronic Payment Systems University of Palestine University of Palestine Eng. Wisam Zaqoot Eng. Wisam Zaqoot March 2010 March 2010 ITSS 4201 Internet.

Exposing the Myths, Exploring the Solutions Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Privacy & Security: Seeking the.

What is E-Commerce? Section 8.1. What is E-commerce? E-commerce is the exchange of goods, services, information, or other businesses through electronic.

E-Commerce Barriers in a Networked World Mike Gurski Senior Policy & Technology Advisor Information & Privacy Commission, Ontario Canada CITO October 10.

PKI Issues: The Payment Perspective March 6, 2000 Ann Terwilliger eCommerce Authentication Visa International.

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

The Internet in Education Objectives Introduction Overview –The World Wide Web –Web Page v. Web Site v. Portal Unique and Compelling Characteristics Navigation.

Personal Safety Unit - Level 7. The Internet is not anonymous. Your address, screen name, and password serve as barriers between you and others.

Internet Security for Small & Medium Business Week 6

COMP 6125 An Introduction to Electronic Commerce Session 4: E-Commerce In Developing Countries.

The Privacy Imperative: Go Beyond Compliance to Competitive Advantage Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Cambridge.

The Privacy Payoff: Build Your Business By Building Customer Trust Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Coast.

Virtual Business CREATING A WEB PRESENCE Copyright © Texas Education Agency, All rights reserved.

2015 National BDPA Technology Conference Big Data: Cool, Creepy or Privacy Violation? Arlonda Stevens August 18-22, 2015 Washington, DC.

OHT 11.1 © Marketing Insights Limited 2004 Chapter 9 Analysis and Design EC Security.

Privacy of Home Energy Usage Data Jim Williams June 26, 2012 Jim Williams June 26, 2012.

The Privacy Imperative: Go Beyond Compliance to Competitive Advantage Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Transcend.

The European influence on privacy law and practice Nigel Waters, Pacific Privacy Consulting International Dimension of E-commerce and Cyberspace Regulation.

Getting to the Truth about Privacy & Security Ann Cavoukian Ph.D. Information and Privacy Commissioner/Ontario Privacy & Security: Totally Committed November.

Data Protection Compliance Professor Ian Walden Institute of Computer and Communications Law, Centre for Commercial Law Studies, Queen Mary, University.

Exposing the Myths, Exploring the Solutions Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Privacy & Security: Seeking the.

Initial reflections of the privacy commissioner on Ontario’s draft privacy bill Ann Cavoukian, Ph.D. Information and Privacy Commissioner/Ontario Toronto.

ETHICAL ISSUES SURROUND ELECTRONIC COMMUNICATIONS Unit 3.

Ann Cavoukian, Ph.D. Information and Privacy Commissioner Ontario, Canada Privacy by Design: Integrating Technology into Global Privacy Practices Harvard.

The Privacy Imperative: Go Beyond Compliance to Competitive Advantage Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario IABC.

Location, Location, Location: The Emerging Crisis in Wireless Data Privacy Ari Schwartz & Alan Davidson Center for Democracy and Technology

Section 12.1 Discuss the functions of a Web site Create a feedback form Compare and contrast option buttons and check boxes Section 12.2 Explain the use.

Regulation of Personal Information Sally Brierley & Emma Harvey.

Customer Interface for wuw.com 1.Context. Customer Interface for wuw.com 2. Content Our web-site can be classified as an service-dominant website. 3.

Public Works and Government Services Canada Travaux publics et Services gouvernementaux Canada Brenda Watkins Director Policy and Business Strategies Information.

ECT 455/HCI 513 ECT 4 55/HCI 513 E-Commerce Web Site Engineering Legal Issues.

OBJECTIVES  To understand the concept of Electronic Payment System and its security services.  To bring out solution in the form of applications to.

Go Beyond Compliance to Competitive Advantage: Make Privacy Pay Off Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario IFB Toronto.

Alert against Online Shopping Frauds. Online Shopping A form of electronic commerce whereby consumers directly buy goods or services from a seller over.

Privacy & Confidentiality in Internet Research Jeffrey M. Cohen, Ph.D. Associate Dean, Responsible Conduct of Research Weill Medical College of Cornell.

Fred Carter Senior Policy & Technology Advisor Information and Privacy Commissioner Ontario, Canada MISA Ontario Cloud Computing Transformation Workshop.

PRIVACY, LAW & ETHICS MBA 563. Source: eMarketing eXcellence Chaffey et al. BH Overview: Establishing trust and confidence in the online world.

Chapter 6 Managing E-Service Quality What is E-Service Quality? Why it Matters How to Improve It JW:sel#5.

1 Privacy Lessons from Other Industries Chris Zoladz, CIPP, Vice President, Information Protection Marriott International, President, International Association.

Thank you for your interest in our presentation This presentation is aimed to give you an insight into the ecommerce market, the benefits, how to avoid.

Consumer Economics Chapter 11

HIPAA Privacy and Security Update - 5 Years After Implementation

Presentation transcript:

Privacy by Design: Building Trust into Technology Ann Cavoukian, Ph.D. Information and Privacy Commissioner/Ontario 1 st Annual Privacy & Security Conference Centre for Applied Cryptographic Research Toronto November 10, 2000

Privacy: The Key to the New Economy Call it the economics of privacy. The cost of privacy violation to potential economic growth is rising… Unless privacy is protected soon, the revolutionary potential of the Internet may never be realized… The invasion of privacy may turn out to be the greatest menace to the New Economy. Business Week, March 16, 1998

Privacy & E-Commerce  “Rate of growth of online spending declined in 1999, although total spending was up, the average number of dollars spent per Internet user was down.”  “Major reason for decline in spending growth: concerns about privacy and trust.”  “15% of e-consumers dropped out based on 1997/98 data, only 50% returned in 1999.” Wharton Forum on Electronic Commerce

E-commerce Survey Statistics 1999  Total value of online sales in Canada was only 0.2% of total operating revenues  Total value of online sales in the United States was only 0.6% of total sales in the 4 th quarter of 1999 Statistics Canada (August, 2000)

Recent Survey Results  90% of people surveyed said privacy was the most important issue for e-commerce to address;  79% don’t use web sites which require personal information; 42% fabricate information;  Consumers generally wary of releasing phone number, address and credit card number over the Internet. Yankelovich Partners (August, 2000)

Consequences of Mishandling Privacy  Intel Pentium III –processor serial number controversy –pressure from privacy groups forced Intel to disable the feature: the default is now “off” not “on”  Microsoft HotMail – password protection faulty  CD Universe –300,000 credit card numbers stolen

Recent Class Action Lawsuits  DoubleClick –an Internet ad agency, facing lawsuits filed by 15 individuals and a class action suit, for violating privacy and using deceptive business practices  America Online (Netscape) –Netscape facing a federal class action suit claiming it violates the federal Electronic Communications Privacy Act by tracking the type of files a user is accessing through its SmartDownload software

Falsifying Information on the Web  42.1% have falsified information at one time or another when asked to register at a Web site  70% walk away when asked for personally identifying information (10 th WWW User Survey, October 1998)

Security  Privacy

Security Plus Privacy Security authentication data-integrity confidentiality non-repudiation privacy, data protection (Fair Information Practices)

Fair Information Practices The Basics: Think “Use”  identify the primary purpose - then only collect what you need to achieve that purpose  secondary purposes - don’t use the information collected for any other purpose (without explicit consent)

Fair Information Practices  purpose specification  collection limitation  use limitation  openness and transparency  right of access and correction  data quality and security  independent oversight

Canadian & American Privacy Initiatives  E.U. Directive on Data Protection  C.S.A. Model Code for the Protection of Personal Information  Canada’s Personal Information Protection and Electronic Document Act (Bill C-6)  U.S. Safe Harbor Arrangement

Technology and Privacy  “The most effective means to counter technology’s erosion of privacy is technology itself.” Alan Greenspan, Federal Reserve Chairman  “A technology should reveal no more information than is necessary…it should be built to be the least revealing system possible.” Dr. Lawrence Lessig, Harvard, September 1999

Crypto is not Enough… New cryptographic protocols have created a vast design space. Along one edge of this space lie the traditional technologies for creating personally identifiable records. Along the opposite edge lie technologies of anonymity… Between these two extremes lie numerous other possibilities. …[But in order] for these technologies to fulfill their promise, they must be integrated with the larger institutional world, including business models, regulatory systems, contractual language, and social customs. Phillip Agre, The Architecture of Identity 1999

Privacy Enhancing Technologies  What are PETs –Anonymisers, pseudonomisers, intermediaries  Their Strengths – tools to protect personal information  Their Limitations – usually individual responses to an existing architecture – sometimes someone still has your personal information

Building in Privacy  Build in privacy – right up front, into the design specifications  Minimize the collection and routine use of personally identifiable information – use aggregate or coded information if possible  Wherever possible, encrypt personal information  Assess the risk to privacy; be proactive; conduct a privacy impact assessment

Where to Start? 3 things you can do right now:  If you don’t have a privacy policy, develop one that is simple, clear and concise  Your privacy policy should be prominently posted, both online and in offline publications  Develop a culture of privacy in your organization  Get consent – at a minimum, offer the ability to opt-out of secondary uses such as unwanted marketing pitches or unsolicited s  Remember the 3 C’s: choice, consent and control

How to Contact Us Ann Cavoukian, Ph.D. Commissioner 80 Bloor Street West, Suite 1700 Toronto, Ontario Canada M5S 2V1 Phone: (416) Web: