Privacy Professional Practice for Computer Science Guest Lecture, 05 March 2007 Philippa Lawson Director, Canadian Internet Policy & Public Interest Clinic.

Slides:



Advertisements
Similar presentations
TECHNO-TONOMY Privacy & Autonomy in a Networked World Learning Module 2: Legislating Privacy: Your Rights.
Advertisements

Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Data Protection Billy Hawkes Data Protection Commissioner Irish Human Rights Commission 20 November 2010.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
Privacy and the Right to Know Grayson Barber, Esq. Grayson Barber, LLC.
The Geopolitics of Personal Data and the Governance of Privacy Colin J. Bennett Department of Political Science University of Victoria BC, Canada
1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,
Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.
CS294-1 Deeply Embedded Networks Privacy Discussion 11/25/03 David Culler University of California, Berkeley.
Privacy in Ontario Brian Beamish Office of the Information and Privacy Commissioner/Ontario Presentation to Security Canada Central 2002 International.
Lecture to Carleton University, Center for European Studies, December 1, 2010.
1 Office of theCommissariat Privacy Commissionerà la protection de of Canadala vie privée du Canada Personal Information Protection and Electronic Documents.
What if my organization conducts business across borders ? Your footnote Privacy and “Personal Information” have different meanings in different countries;
A European View of Privacy Protection John Woulds Director of Operations UK Data Protection Commissioner National Conference on Privacy, Technology & Criminal.
Transborder dataflows Flow of information across national borders Much of this data involves personal information.
Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
A NEW GOVERNANCE PARADIGM: Canadian Privacy Law Developments March 11, 2004 Haliburton, Ontario Canada Volunteerism Initiative Arts Council for Haliburton.
Anglican Province of Canada Privacy Policy. Commitment to Privacy The Privacy Policy, including the Web Privacy Statement, is the Anglican Province of.
Information Privacy Policy in Canada Presented By: Sue Wu.
Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario.
Contemporary Issues in Canadian Health Care Nola M. Ries, MPA, LLM Adjunct Assistant Professor, University of Victoria Research Associate, Health Law Institute,
Personal Data (Privacy) Ordinance Hong Kong Personal Data (Privacy) Ordinance Hong Kong by Stephen Lau Privacy Commissioner for Personal Data Hong Kong.
Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
The employment relationship as the privacy laboratory Elizabeth Denham Information and Privacy Commissioner for B.C. Privacy, Law and the Contemporary.
Forgetting, Non-Forgetting and Quasi-Forgetting: Public Policy and Corporate Practice Colin J. Bennett, Adam Molnar and Christopher Parsons Department.
13 July 2006Susan Joseph Health Privacy It’s My Business Health Records Act 2001 (Vic) eReferral Service Co-ordination System.
6th CACR Information Security Workshop 1st Annual Privacy and Security Workshop (November 10, 2000) Incorporating Privacy into the Security Domain: Issues.
Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.
Privacy: It’s just good business
WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ Identity and Privacy: the.
The Privacy Imperative: Go Beyond Compliance to Competitive Advantage Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Cambridge.
Health research and the protection of personal information rights in international ethics and human rights law Colin M Harper Promoting Health Research.
CSE/ISE 312 Privacy (Part 1). What We Will Cover Privacy risks and principles 4 th Amendment, expectations, and surveillance Business and social sectors.
Privacy CSC385 Kutztown University Fall 2009 Oskars J. Rieksts.
Data Protection Privacy in the Digital Age: the UN General Assembly Resolution Sophie Kwasny, 16 October th International Conference, Mauritius.
Personal data protection in criminal procedure International collaboration and principle of proportionality LEFIS ROVANIEMI MEETING 19TH 20TH JANUARY 2007.
Case Study: Pharmaceuticals Patrick F. Sullivan, Ph.D. 939 North Graham Avenue, Indianapolis, IN
1 Office of the Privacy Commissioner for Personal Data Hong Kong SAR Tony LAM Deputy Privacy Commissioner for Personal Data Asian Personal Data Privacy.
Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.
The Eighth Asian Bioethics Conference Biotechnology, Culture, and Human Values in Asia and Beyond Confidentiality and Genetic data: Ethical and Legal Rights.
1 VIDEO SURVEILLANCE (public/private areas) TOMÁŠ MIČO The Office for Personal Data Protection of the Slovak Republic.
Initial reflections of the privacy commissioner on Ontario’s draft privacy bill Ann Cavoukian, Ph.D. Information and Privacy Commissioner/Ontario Toronto.
Privacy in computing Material/text on the slides from Chapter 10 Textbook: Pfleeger.
IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.
Europe's work in progress: quality of mHealth Pēteris Zilgalvis, J.D., Head of Unit, Health and Well-Being, DG CONNECT Voka Health Community 29 September.
1 Ethical Issues in Computer Science CSCI 328, Fall 2013 Session 15 Privacy as a Value.
PIPEDA and Receivables Management Robin Gould-Soil Receivables Management Association of Canada November 16, 2011.
BC Public Libraries November, 2008 Privacy Principles.
Privacy and Disclosure Privacy and the Scope of Documentary Disclosure in Proceedings Involving School Boards Bruce Hutchison Genest Murray LLP Toronto.
Data protection and compliance in context 19 November 2007 Stewart Room Partner.
1 Canadian Privacy Policy: Customizing E.U. Standards Remarks by Jennifer Stoddart Privacy Commissioner of Canada Privacy Symposium: Summer 2007 August.
Information Technology & Ethics. Impact The impact of IT on information and communication can be categorized into 4 groups: privacy, accuracy, property,
1 Copyright © International Security, Trust & Privacy Alliance -All Rights Reserved Making Privacy Operational International Security, Trust.
Social Construction of Privacy Cultural considerations Socio-economic differences Real space vs. cyberspace (and its slipperiness) Privacy as a claim,
WHOIS Public safety and data protection requirements.
APEC Privacy Framework “The lack of consumer trust and confidence in the privacy and security of online transactions and information networks is one element.
Social Construction of Privacy Cultural considerations Socio-economic differences Real space vs. cyberspace Privacy as a claim, entitlement, or right Depends.
Privacy Issues - Watch Out! John D.R. Craig ORIMS Professional Development Day March 19, 2013.
Privacy CSC385 Kutztown University Fall 2009 Oskars J. Rieksts.
František Nonnemann Skopje, 9th October 2012 JHA DP aspects related to provision of information about public figures in CZ.
Privacy in the Digital Age: the UN General Assembly Resolution
Privacy and Public Policy Implications of IoT
THE NEW GENERAL DATA PROTECTION REGULATION: A EUROPEAN OR A GLOBAL STANDARD? Bart van der Sloot Senior Researcher Tilburg Institute for Law, Technology,
Data Protection: EU & International
Data Protection & Human Rights
OECD Guidelines Collection Limitation: should be limited to personal data, obtained by lawful and fair means, and (where appropriate) with knowledge and.
ÉDUCALOI: Your starting point for legal education!
Mandatory Breach Reporting (isn’t *that* bad)
IAPP TRUSTe SYMPOSIUM 9-11 JUNE 2004
PRIVACY PRESENTATION TO THE SPRING 2013 CONFERENCE BY HANK MOORLAG
Presentation transcript:

Privacy Professional Practice for Computer Science Guest Lecture, 05 March 2007 Philippa Lawson Director, Canadian Internet Policy & Public Interest Clinic

Why Privacy? essential to human: –dignity –autonomy –freedom –democracy underpins relations of mutual trust & confidence, healthy social fabric

Aspects of Privacy Physical/territorial privacy Freedom from surveillance Freedom from monitoring/interception of private communications Freedom from collection, use and disclosure of personal information (“informational privacy”; “data protection”)

Challenges to Privacy New technologies: –photography, tape-recording (late 1880s) –video cameras; cell phone cameras –geo-locational devices –computers: data collection, storage, manipulation/analytics –internet: clickstream data; e-transactions, search engines –digital rights management systems –spyware, rootkits, keystroke loggers –intelligent sensor devices

Challenges to Privacy “The electronic computer is to individual privacy what the machine gun was to the horse cavalry” Scheflin and Opton, The Mind Manipulators: A Non-Fiction Account (1978)

Challenges to Privacy Practices: –data collection/mining; “dataveillance” commoditization of personal information electronic transactions (data trails) –workplace screening & monitoring –single number identifiers (easy linking) ID cards, smart cards –weak authentication ID theft/fraud

Fair Information Principles OECD Guidelines on the Protection of Privacy and Transborder Flows of Data (1980) UN: Guidelines Concerning Computerized Personal Data Files (1990) Council of Europe: Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (1980) Convention 108 EU: Directive on the Protection of Personal Data with regard to the Processing of Personal Data and the Free Movement of such Data (1990) Directive 95/46/EC

OECD Guidelines Collection Limitation Data Quality Purpose Specification Use Limitation Security Safeguards Openness Individual Participation Accountability

Cdn. Initiatives 1975: Quebec Charter of Human Rights & Freedoms –“every person has a right to respect for his private life” 1982: Canadian Charter of Rights and Freedoms 1980s: Public sector privacy laws 1990s: CSA Model Privacy Code –based on Fair Information Principles (FIPs) –adopted as formal standard in 1996 –incorporated into federal law: PIPEDA 1994: Quebec private sector law 2001: Federal private sector law 2004: Alta, B.C. private sector laws

Privacy Commissioners Federal + some provincial –Ontario, B.C., Alberta Public sector vs. private sector Ombuds vs. binding powers Role as educators, advocates, watchdogs, dispute resolvers, reporters…

Charter of Rights s.7: “Everyone has the right to life, liberty, and security of the person and the right not to be deprived thereof except in accordance with the principles of fundamental justice” –emerging privacy right s.8: “Everyone has the right to be secure against unreasonable search or seizure” –protects an individual’s “reasonable expectation of privacy” (usually in criminal law context) s.1: Rights are subject to “such reasonable limits as can be justified in a free and democratic society”

Public Sector legislation Federal: Privacy Act Provincial: –Ontario Freedom of Information and Protection of Privacy Act (“FIPPA”) –similar statutes in other provinces

Private Sector Legislation PIPEDA –federally regulated –interprovincial or international data flows –where no “substantially similar” provincial law –applies to “organizations” in the course of “commercial activities” Quebec, Alberta, B.C. laws –provincially regulated, in those provinces –cover non commercial activities as well

PIPEDA Purpose: –balancing individual’s “right of privacy” with “[legitimate] need of organizations” Protects: –“personal information” = “information about an identifiable individual”

PIPEDA: Principles 1.Accountability 2.Identifying Purposes 3.Consent 4.Limiting Collection 5.Limiting Use, Disclosure and Retention 6.Accuracy 7.Safeguards 8.Openness 9.Individual Access 10.Challenging Compliance 11. Limiting Purposes

Consent may be explicit or implicit –implied consent situationally obvious; consumer would agree if asked no need to confirm via opt-in or opt-out process –express (opt in) consent most reliable; must use for sensitive data or where consumer would reasonably expect –opt out consent less reliable; OK for non-sensitive data/uses; proper notice is essential

Effectiveness of Laws? CIPPIC, Compliance with Canadian Data Protection Laws: Are Retailers Measuring Up? (May 2006) –

Other Initiatives Canadian Principles for Electronic Authentication (2004) –“….the collection, use and disclosure of personal information in the context of authentication should be minimized.” applies to designers as well as those using authentication mechanisms

Other Initiatives “7 Laws of Identity” –by Kim Cameron, endorsed by Ont.IPC User control and consent Minimal disclosure for a constrained use Justifiable parties (“need to know” access) Directed identity (protection and accountability) Pluralism of operators and technologies Human integration (user understanding) Consistent experience across contexts