Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy by Design: Big Privacy for Big Data

Published byEmily Cole Modified over 10 years ago

Similar presentations

Presentation on theme: "Privacy by Design: Big Privacy for Big Data"— Presentation transcript:

1 Privacy by Design: Big Privacy for Big Data
2013 Digital Odyssey: Big Data, Small World Ontario Library IT Association Toronto, Canada June 7, 2013

2 Overview Introduction to IPC Privacy 101
Challenges to Privacy in the Age of Big Data Privacy by Design Big Privacy for Big Data

3 Ann Cavoukian, PhD Ontario’s Information and Privacy Commissioner
Ensure that government organizations (provincial and municipal) comply with freedom of information and privacy laws in Ontario Investigate privacy complaints and resolve appeals when the government refuses to grant access to government-held information Conduct research on and raise awareness of emerging privacy & access to information issues 3

4 IPC Philosophy: 3 C’s Consultation: by keeping open lines of communication Co-operation: rather than confrontation in resolving complaints Collaboration: through working together to find solutions

5 Privacy 101 Information privacy refers to the right or ability of individuals to exercise control over the collection, use and disclosure by others of their personal information Personally-identifiable information (“PII”) can be biographical, biological, genealogical, historical, transactional, locational, relational, computational, vocational or reputational, and is the stuff that makes up our modern identity Personal information must be managed responsibly. When it is not, accountability is undermined and confidence in our evolving information society is eroded.

6 From PC to Web 4.0: Challenges to Privacy in the Age of Big Data
Radar Networks & Nova Spivack, 2007

7 Wireless and Mobile: Beware of Unintended Consequences
7

8 Source: www.sciencedaily.com/releases/2013/03/130327132547.htm
- Source:

9 “We need to be more deliberate (about privacy)
“We need to be more deliberate (about privacy). A lot of information-age architecture is about data: what is collected, who controls it, and how it is used. Data is the lifeblood of the information age, but much of it is very personal. We need to design systems that limit unnecessary data collection, give individuals control over their data, and limit the ability of those in power to use that data for mass surveillance.” (Bruce Schneier, IEEE Security & Privacy January/February 2009 )

10

11 Data Assets = Data Risks and Liabilities Threats to Privacy

12 Data Privacy requires Good Data Security but Good Data Security ≠ Privacy

13 Why We Need Privacy by Design
Most privacy breaches remain undetected – as regulators, we only see the tip of the iceberg The majority of privacy breaches remain unchallenged, unregulated ... unknown Regulatory compliance alone, is unsustainable as the sole model for ensuring the future of privacy

14 Privacy by Design: The 7 Foundational Principles
Proactive not Reactive: Preventative, not Remedial Privacy as the Default Privacy Embedded into Design Full Functionality: Positive-Sum, not Zero-Sum End-to-End Security: Full Lifecycle Protection Visibility and Transparency: Keep it Open Respect for User Privacy: Keep it User-Centric

15 Privacy by Design Security Purpose Specification Data Minimization
FIPPs Security End to End Lifecycle Protection Purpose Specification Data Minimization Privacy as the Default (Setting) Consent, Accuracy, Access Respect for User Privacy Accountability, Openness, Compliance Openness & Transparency Proactive Not Reaction; Preventative Not Remedial Privacy Embedded into Design Full Functionality – Positive-Sum, not Zero-Sum

16 Privacy by Design www.privacybydesign.ca Information Technology
Accountable Business Practices Physical Design & Infrastructure

17

18 De-identification – Data Minimization
Restoring the value of de-identification; Challenges in re-identifying de-identified information; The implications of including de-identified information under privacy legislation; Rejecting the zero-sum paradigm; Conducting re-identification risk assessment.

19 Data Co-management Data accountability Data minimization Data security
In the Web 2.0 era, information may very well “want to be free” but not necessarily personal information! Data accountability Data minimization Data security Data access The Big Idea: Data co-management – Citizen participation in the care and management of his/her own personal data held by others throughout the data life cycle

20 PERSONAL DATA ECOSYSTEM (PERSONAL DATA VAULT/PERSONAL DATA PLATFORM)

21 UI Design Concepts: Transparency & Trust
Context – think of the device as well as the context for how the information will be treated Awareness – does the user know that privacy policies exist and that they can exercise choice Discoverability – ease of finding relevant privacy policies & ease of acting on available privacy settings Comprehension - consider if users can understand the privacy policies & privacy settings to be able to make an informed decision

22 Privacy by Design in the Age of Big Data and Sensemaking Systems
Ability of analytical tools to process & make sense of extremely large sets of structured and unstructured data New class of analytic capability where the data finds the data and the relevance finds the user Increase in accuracy of data – context reduces ambiguity Accumulation of bad data = smarter system As data store increases, context is enhanced = faster results Requires Big Privacy!

23 PbD Features for Next-generation Sensemaking Systems
Full attribution: preserve record metadata; do not allow merge/purge processing Data tethering: any changes to records must apply across the information sharing ecosystem in real-time Analytics on anonymized data: anonymize data at source prior to transfer; utilize homomorphic encryption Tamper-resistant audit logs: every user search logged, even database administrator False negative favoring methods: trust but verify Self-correcting false positives: reverse earlier assertions real-time and scaled Information transfer accounting: capture data flows for discovery by individual

24 Patience, Persistence and Faith: The Chronicles of a Crusader
“Your identity is your most valuable possession. Protect it. And if anything goes wrong, use your powers.” Helen (aka Elastigirl) The Incredibles Disney/Pixar 2004 Privacy by Design NOT Privacy by Disaster!

25 How to Contact Us Michelle Chibba, Director, Policy and Special Projects Information and Privacy Commissioner’s Office of Ontario 2 Bloor Street East, Suite 1400 Toronto, Ontario, Canada M4W 1A8 Phone: (416) / Web:

Download ppt "Privacy by Design: Big Privacy for Big Data"

Similar presentations

Office of the Information and Privacy Commissioner, Ontario, Canada

Office of the Information and Privacy Commissioner, Ontario, Canada
IMPS Information Management and Policy Services Information Services Directorate A briefing for all University staff November 2004 New Information Legislation.

IMPS Information Management and Policy Services Information Services Directorate A briefing for all University staff November 2004 New Information Legislation.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
Presentation by Priyanka Sawarkar

Presentation by Priyanka Sawarkar
Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.

Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.
Innovation and the Privacy Advantage Jennifer Stoddart, Privacy Commissioner of Canada August 25, 2010 Institute of Public Administration of Canada 62.

Innovation and the Privacy Advantage Jennifer Stoddart, Privacy Commissioner of Canada August 25, 2010 Institute of Public Administration of Canada 62.
© 2007 IBM Corporation Enterprise Content Management Integrating Content, Process, and Connectivity for Competitive Advantage Malcolm Holden October 2007.

© 2007 IBM Corporation Enterprise Content Management Integrating Content, Process, and Connectivity for Competitive Advantage Malcolm Holden October 2007.
Big Data - Ethical Data Use Kimberlin Cranford. Ethical Use in the Era of Big Data  Landscape has Changed  Attitudes about Big Data  PII, Anonymous,

Big Data - Ethical Data Use Kimberlin Cranford. Ethical Use in the Era of Big Data  Landscape has Changed  Attitudes about Big Data  PII, Anonymous,
PHIPA: The Year in Review Moderator: Debra Grant Panelists: Pam Slaughter Eric Holowaty Eric Holowaty Ron Heslegrave Ron Heslegrave PHIPA Summit: A Balancing.

PHIPA: The Year in Review Moderator: Debra Grant Panelists: Pam Slaughter Eric Holowaty Eric Holowaty Ron Heslegrave Ron Heslegrave PHIPA Summit: A Balancing.
NIST Big Data Public Working Group Security and Privacy Subgroup Presentation September 30, 2013 Arnab Roy, Fujitsu Akhil Manchanda, GE Nancy Landreville,

NIST Big Data Public Working Group Security and Privacy Subgroup Presentation September 30, 2013 Arnab Roy, Fujitsu Akhil Manchanda, GE Nancy Landreville,
1 Opening the Door: Access to Government Information A primer for Media Students Mohawk College Sept. 18, 2002 Bob Spence Communications Co-ordinator Office.

1 Opening the Door: Access to Government Information A primer for Media Students Mohawk College Sept. 18, 2002 Bob Spence Communications Co-ordinator Office.
PIPA PRESENTATION PERSONAL INFORMATION PROTECTION ACT.

PIPA PRESENTATION PERSONAL INFORMATION PROTECTION ACT.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
Securing North America’s Power Grid Dr. Ann Cavoukian, Ontario information and privacy commissioner Mark Fabro CISSP, CISM, President and Chief Security.

Securing North America’s Power Grid Dr. Ann Cavoukian, Ontario information and privacy commissioner Mark Fabro CISSP, CISM, President and Chief Security.
Www.ipc.on.ca Personal Health Information Protection Act: The Role of the IPC Information & Privacy Commissioner/Ontario Toronto, Ontario October 20, 2004.

Personal Health Information Protection Act: The Role of the IPC Information & Privacy Commissioner/Ontario Toronto, Ontario October 20, 2004.
CABA Forum: Privacy and Trust Wednesday, April 2, 2014 Washington DC CONNECTED HOME TRACK - HOW WILL ORGANIZATIONS MEET CONSUMER DEMANDS FOR PRIVACY AND.

CABA Forum: Privacy and Trust Wednesday, April 2, 2014 Washington DC CONNECTED HOME TRACK - HOW WILL ORGANIZATIONS MEET CONSUMER DEMANDS FOR PRIVACY AND.
Privacy No matter how exemplary your life is, there are things you want to keep to yourself © 2004, Lawrence Snyder.

Privacy No matter how exemplary your life is, there are things you want to keep to yourself © 2004, Lawrence Snyder.
PRIVACY COMPLIANCE An Introduction to Privacy Privacy Training.

PRIVACY COMPLIANCE An Introduction to Privacy Privacy Training.

Similar presentations

Ads by Google