Presentation is loading. Please wait.

Presentation is loading. Please wait.

It’s Time to Protect Your Privacy, Before it’s Taken Away From You

Published byCecil Jenkins Modified over 7 years ago

Similar presentations

Presentation on theme: "It’s Time to Protect Your Privacy, Before it’s Taken Away From You"— Presentation transcript:

1 It’s Time to Protect Your Privacy, Before it’s Taken Away From You
Ann Cavoukian, Ph.D. Executive Director Privacy and Big Data Institute Ryerson University U of T Senior Alumni Association February 28, 2017

2 Let’s Dispel Some Myths

3 Privacy is not about having something to hide
Privacy ≠ Secrecy Privacy is not about having something to hide

4 Privacy = Control

5 Privacy = Personal Control
User control is critical Freedom of choice Informational self-determination Context is key!

6 Privacy is Essential to Freedom: A Necessary Condition for Societal Prosperity and Well-Being
Innovation, creativity, and the resultant prosperity of a society requires freedom; Privacy is the essence of freedom: Without privacy, individual human rights, property rights and civil liberties – the conceptual engines of innovation and creativity, could not exist in a meaningful manner; Surveillance is the antithesis of privacy: A negative consequence of surveillance is the usurpation of a person’s limited cognitive bandwidth, away from innovation and creativity.

7 The Decade of Privacy by Design

8 Adoption of “Privacy by Design” as an International Standard
Landmark Resolution Passed to Preserve the Future of Privacy By Anna Ohlden – October 29th JERUSALEM, October 29, 2010 – A landmark Resolution by Ontario's Information and Privacy Commissioner, Dr. Ann Cavoukian, was approved by international Data Protection and Privacy Commissioners in Jerusalem today at their annual conference. The resolution recognizes Commissioner Cavoukian's concept of Privacy by Design - which ensures that privacy is embedded into new technologies and business practices, right from the outset - as an essential component of fundamental privacy protection. Full Article:

9 Why We Need Privacy by Design
Most privacy breaches remain undetected – as regulators, we only see the tip of the iceberg The majority of privacy breaches remain unchallenged, unregulated ... unknown Regulatory compliance alone, is unsustainable as the sole model for ensuring the future of privacy

10 Privacy by Design: Proactive in 39 Languages!
English French German Spanish Italian Czech Dutch Estonian Hebrew Hindi Chinese Japanese Arabic 14.Armenian 15.Ukrainian 16.Korean 17.Russian 18.Romanian 19.Portuguese 20.Maltese 21.Greek 22.Macedonian 23.Bulgarian 24. Croatian 25.Polish 26.Turkish 27.Malaysian 28.Indonesian 29.Danish 30.Hungarian 31.Norwegian 32.Serbian 33.Lithuanian 34.Farsi 35.Finnish 36.Albanian 37.Catalan 38. Georgian 39. Afrikaans (pending)

11 replace “vs.” with “and”
Positive-Sum Model: The Power of “And” Change the paradigm from a zero-sum to a “positive-sum” model: Create a win-win scenario, not an either/or (vs.) involving unnecessary trade-offs and false dichotomies … replace “vs.” with “and”

12 Privacy by Design: The 7 Foundational Principles
Proactive not Reactive: Preventative, not Remedial; Privacy as the Default setting; Privacy Embedded into Design; Full Functionality: Positive-Sum, not Zero-Sum; End-to-End Security: Full Lifecycle Protection; Visibility and Transparency: Keep it Open; Respect for User Privacy: Keep it User-Centric.

13 Operationalizing Privacy by Design
9 PbD Application Areas CCTV/Surveillance cameras in mass transit systems; Biometrics used in casinos and gaming facilities; Smart Meters and the Smart Grid; Mobile Communications; Near Field Communications; RFIDs and sensor technologies; Redesigning IP Geolocation; Remote Home Health Care; Big Data and Data Analytics.

14 Cost of Taking the Reactive Approach to Privacy Breaches
Class-Action Lawsuits Damage to One’s Brand Proactive Reactive Loss of Consumer Confidence and Trust 2014 Data Breach Study A U.S. study found that the cost of a data breach was $202 per record; the average cost per operating company was more than $6.6 million per breach. 2008 Annual Study: Cost of a Data Breach, Ponemon Institute, February 2009. Legal liabilities, class action suits; Loss of client confidentiality and trust; Diminution of brand and reputation; Loss of customers, competitive edge; Penalties and fines levied; Costs of crisis management, damage control, review and retrofit of information systems, policies and procedures.

15 Letter from JIPDEC – May 28, 2014
“Privacy by Design is considered one of the most important concepts by members of the Japanese Information Processing Development Center … We have heard from Japan’s private sector companies that we need to insist on the principle of Positive-Sum, not Zero-Sum and become enlightened with Privacy by Design.” — Tamotsu Nomura, Japan Information Processing Development Center, May 28, 2014

16 GDPR General Data Protection Regulation
Strengthens and unifies data protection for individuals within the European Union Gives citizens control over their personal data and simplifies regulations across the EU by unifying regulations Proposed – January 25th 2012 Passed - December 17, 2015 Adoption – Spring 2016 Enforcement – Spring 2018

17 E.U. General Data Protection Regulation
The language of “Privacy/Data Protection by Design” and “Privacy as the Default” will now be appearing for the first time in a privacy statute, that was recently passed in the E.U. Privacy by Design Data Protection by Design Privacy as the Default

18 The Similarities Between PbD and the GDPR
“Developed by former Ont. Information & Privacy Commissioner, Ann Cavoukian, Privacy by Design has had a large influence on security experts, policy markers, and regulators … The EU likes PbD … it’s referenced heavily in Article 25, and in many other places in the new regulation. It’s not too much of a stretch to say that if you implement PbD, you’ve mastered the GDPR.” Information Age September 24, 2015

19 How Can you Protect your Privacy?
When you provide your information for a particular purpose, ask if they will restrict their use of it to that purpose alone; Ask how they protect / secure your information; Don’t give out your postal code or phone number Check your privacy settings on social media; Use apps that support end to end encryption Where possible use VPNs or TOR, especially on insecure networks (coffee shops) Use search engines like DuckDuckGo, that don’t track your searches

20 Internet of Things (IoT)

21 Internet of Things: Three Broad Categories
1) Wearable Computing: Everyday objects i.e. Google glass, Apple watch, Nymi Band 2) Quantified Self: Record information about one’s habits, lifestyle and activities i.e. Fitness and sleep trackers 3) Home Automation: Computer controlled thermostats, light bulbs, smart meters, the smart grid, etc.

22 Remote Healthcare Monitoring and Wearable Devices: Privacy Risks
Third party monitoring removes control of one’s information from the individual involved; The nature of the devices may make it more difficult to obtain consent before data collection begins; Specific instances of data collection may not seem important on their own, but when aggregated, they can create a comprehensive picture of a person that may be extremely harmful to the individuals involved, especially in the hands of unauthorized third parties.

23 EU Article 29 Working Party
Recommendations on the Internet of Things: Make privacy the default setting … follow Privacy by Design; Delete all raw data after processing; Respect a user’s self-determination over their own data, and seek consent in a user-friendly way; Be transparent about how a user’s data is being used; When sensors are continuously collecting one’s personal data, remind users of this surveillance activity; Ensure that data published to social platforms remain private, by default; Users should not be penalized for failing to consent; Data should be De-Identified, except when necessary.

24 Privacy Commissioners Declaration
36th Int’l Conference of Data Protection and Privacy Commissioners The value of Internet of Things (IoT) is not only in the devices, but in the services that arise from their use; Connectivity is ubiquitous: it is the joint responsibility of all actors to ensure trust in connected systems : Transparency is Key; Protection should begin from the moment the data is collected: “Privacy by Design should be the key selling point of innovative technologies” Strong, active and constructive debate is necessary to overcome the huge challenges presented by the developers of IoT.

25 FTC has expressed concerns over Wearable Devices
The U.S. Federal Trade Commission (FTC) has expressed concerns with the risks associated with the Health Information collected by the newly released Apple Watch and HealthKit platform; Data stored in mobile health apps are not covered by HIPAA; FTC found that 12 mobile health and fitness app developers were sharing user information with 76 different parties; The FTC would like to ensure that developers have the necessary safeguards to protect personal health information.

26 Pew Research Internet Project
Public Perceptions of Privacy and Security in the Post-Snowden Era: November 2014 There is widespread concern about surveillance by government and business: 91% of adults agree that consumers have lost control over their personal information; 80% of social network users are concerned about third parties accessing their data; 80% of adults agree that Americans should be concerned about government surveillance;

27 The Online “Privacy Lie” Is Unraveling
Joseph Turow and Michael Hennessy, University of Pennsylvania Nora Draper, University of New Hampshire “A large majority of web users are not at all happy … they feel powerless to stop their data being harvested and used by marketers.” 91% disagree that “If companies give me a discount, it is a fair exchange for them to collect information about me without my knowing.” June 6, 2015 TechCrunch

28 2014 Survey of Canadians on Privacy Office of the Privacy Commissioner of Canada
90% of Canadians expressed concern about the protection of their privacy; 78% feel at least somewhat likely that their privacy may be breached by someone using their Credit/Debit Card or stealing their identity; 70% of Canadians are concerned about the use of genetic testing for non-medical purposes; 73% feel they have less protection of their personal information than ten years ago; 60% have little expectation of privacy because there are so many ways it can be compromised.

29 Servant or spy? Law enforcement, privacy advocates grapple with brave new world of AI assistants
“AI assistants are creating thorny legal and privacy questions that legal and cybersecurity experts are scrambling to understand. Because virtual assistants rely on microphones that … may be continuously recording and sending information, that trove of information creates a delicate balance between law enforcement requests, corporate strategy and individual privacy rights.” CNBC January 8, 2017

30 Servant or spy? Law enforcement, privacy advocates grapple with brave new world of AI assistants (cont’d) “Among the various types of microphone-enabled devices, each has different privacy implications that consumers should understand,” “Connected technology may make our homes smaller — but it comes at the cost of privacy and could even set consumers on a collision course with law enforcement.” Fortune January 9, 2017

31 Amazon Echo’s Alexa Went Dollhouse Crazy
“Owners complained that their voice-activated devices set off on an inadvertent shopping spree.” “The misfires are attributable to Amazon's decision to enable voice purchasing by default on Echo devices, even though they do not distinguish between different people.” “Customers have the option to add parental controls, including a four-digit code to authorize purchases.” Fortune January 9, 2017

32 Amazon’s Echo Hears Everything You Say, And Police Want To Listen
“From the moment consumers started buying voice-activated “smart hub” speaker devices like Amazon Echo and Google Home, it was only a matter of time before police began taking advantage of the millions of homes that now contain always-on, internet-connected microphones.” Joshua Kopstein Vocativ.com December 28, 2016

33 I have seen the future: Alexa controls everything
“Amazon's AI aide goes from humble home assistant to all-encompassing presence built into every gadget we own. From fridges, to cars, to smartwatches, and even robots, Alexa has quickly become the voice assistant du jour.” “Alexa is rapidly becoming the voice of the so-called Internet of Things” Mark Walton arstechnica Januar 9, 2017

34 Concluding Thoughts Privacy risks are best managed by proactively embedding the principles of Privacy by Design – prevent the harm from arising – avoid the data breach; Focus on prevention: It is much easier and far more cost-effective to build in privacy, up-front, rather than after-the-fact; Abandon zero-sum thinking – embrace doubly-enabling systems: Big Data and Big Privacy: Yes, we can; Get smart – lead with Privacy – by Design, not privacy by chance or, worse, Privacy by Disaster!

35 Contact Information Ann Cavoukian, Ph.D. Executive Director Privacy and Big Data Institute Ryerson University 285 Victoria Street Toronto, Ontario M5B 2K3 Phone: (416) ext. 3138 twitter.com/AnnCavoukian

Download ppt "It’s Time to Protect Your Privacy, Before it’s Taken Away From You"

Similar presentations

Privacy by Design: Big Privacy for Big Data

Privacy by Design: Big Privacy for Big Data
Office of the Information and Privacy Commissioner, Ontario, Canada

Office of the Information and Privacy Commissioner, Ontario, Canada
Ann Cavoukian, Ph.D. Executive Director Privacy and Big Data Institute Ryerson University Embed Privacy, By Design into IT and Engineering … Welcome to.

Ann Cavoukian, Ph.D. Executive Director Privacy and Big Data Institute Ryerson University Embed Privacy, By Design into IT and Engineering … Welcome to.
Securing North America’s Power Grid Dr. Ann Cavoukian, Ontario information and privacy commissioner Mark Fabro CISSP, CISM, President and Chief Security.

Securing North America’s Power Grid Dr. Ann Cavoukian, Ontario information and privacy commissioner Mark Fabro CISSP, CISM, President and Chief Security.
A European View of Privacy Protection John Woulds Director of Operations UK Data Protection Commissioner National Conference on Privacy, Technology & Criminal.

A European View of Privacy Protection John Woulds Director of Operations UK Data Protection Commissioner National Conference on Privacy, Technology & Criminal.
Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario.

Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario.
Www.ipc.on.ca Exposing the Myths, Exploring the Solutions Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Privacy & Security: Seeking the.

Exposing the Myths, Exploring the Solutions Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Privacy & Security: Seeking the.
Ann Cavoukian, Ph.D. Ann Cavoukian, Ph.D. Executive Director Privacy and Big Data Institute Ryerson University Information Technology Law Spring Forum.

Ann Cavoukian, Ph.D. Ann Cavoukian, Ph.D. Executive Director Privacy and Big Data Institute Ryerson University Information Technology Law Spring Forum.
Eric J. Pritchard One Liberty Place, 46 th Floor 1650 Market Street Philadelphia, Pennsylvania (215) 496-7241

Eric J. Pritchard One Liberty Place, 46 th Floor 1650 Market Street Philadelphia, Pennsylvania (215)
2015 National BDPA Technology Conference Big Data: Cool, Creepy or Privacy Violation? Arlonda Stevens August 18-22, 2015 Washington, DC.

2015 National BDPA Technology Conference Big Data: Cool, Creepy or Privacy Violation? Arlonda Stevens August 18-22, 2015 Washington, DC.
Smart Machines, Smart Privacy: Rules of the Road and Challenges Ahead The views expressed are those of the speaker and not necessarily those of the FTC.

Smart Machines, Smart Privacy: Rules of the Road and Challenges Ahead The views expressed are those of the speaker and not necessarily those of the FTC.
Lecture 17 Page 1 CS 236 Online Network Privacy Mostly issues of preserving privacy of data flowing through network Start with encryption –With good encryption,

Lecture 17 Page 1 CS 236 Online Network Privacy Mostly issues of preserving privacy of data flowing through network Start with encryption –With good encryption,
IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.

IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.
Europe's work in progress: quality of mHealth Pēteris Zilgalvis, J.D., Head of Unit, Health and Well-Being, DG CONNECT Voka Health Community 29 September.

Europe's work in progress: quality of mHealth Pēteris Zilgalvis, J.D., Head of Unit, Health and Well-Being, DG CONNECT Voka Health Community 29 September.
Location, Location, Location: The Emerging Crisis in Wireless Data Privacy Ari Schwartz & Alan Davidson Center for Democracy and Technology

Location, Location, Location: The Emerging Crisis in Wireless Data Privacy Ari Schwartz & Alan Davidson Center for Democracy and Technology
The Framework for Privacy Policies in the UK: Is telling people what information is gathered about them part of the framework? Does it need to be? Emma.

The Framework for Privacy Policies in the UK: Is telling people what information is gathered about them part of the framework? Does it need to be? Emma.
The Internet of Things and Consumer Protection

The Internet of Things and Consumer Protection
Fred Carter Senior Policy & Technology Advisor Information and Privacy Commissioner Ontario, Canada MISA Ontario Cloud Computing Transformation Workshop.

Fred Carter Senior Policy & Technology Advisor Information and Privacy Commissioner Ontario, Canada MISA Ontario Cloud Computing Transformation Workshop.
© Allen & Overy 2015 1 1 April 2015 Katia Manhaeve - Catherine Di Lorenzo The Internet of Things.

© Allen & Overy April 2015 Katia Manhaeve - Catherine Di Lorenzo The Internet of Things.
Privacy, data protection and connected cars Lilian Edwards, Professor of Internet Law University of Strathclyde Researcher in Residence, Digital Catapult.

Privacy, data protection and connected cars Lilian Edwards, Professor of Internet Law University of Strathclyde Researcher in Residence, Digital Catapult.

Similar presentations

Ads by Google