Download presentation
Published byJesse Bates Modified over 11 years ago
1
Office of the Information and Privacy Commissioner, Ontario, Canada
Presentation Outline Panel on Privacy Centre for Information Integrity & Information Systems Assurance, U of Waterloo 7th Biennial Research Symposium October 21, 2010 Toronto, Ontario
2
Ann Cavoukian, PhD Ontario’s Information and Privacy Commissioner
Ensures that government organizations (provincial and municipal) comply with freedom of information and privacy laws in Ontario Investigates privacy complaints and resolve appeals when the government refuses to grant access to government-held information Conducts research on access and privacy issues Educates the public and raise awareness about Ontario’s access and privacy laws
3
Privacy Defined Right of an individual to exercise a measure of control over the collection, use and disclosure of their personal information Definition of personally identifiable information (PII) - any information, recorded or otherwise, relating or linked to an identifiable individual Privacy is contextual / think of privacy as an aspect of CRM (Customer Relationship Management)
4
Security is, however, vital to privacy
What privacy is not Privacy Security Security is, however, vital to privacy
5
Fair Information Practices
Why are you asking? Collection; purpose specification How will the information be used? Primary purpose; use limitation Any additional secondary uses? Notice and consent; prohibition against unauthorized disclosure Who will be able to see my information? Restricted access from unauthorized third parties
6
Why We Need Privacy by Design
Most privacy breaches remain undetected – as regulators, we only see the tip of the iceberg Regulatory compliance alone, is unsustainable as the sole model for ensuring the future of privacy
8
Privacy by Design: The 7 Foundational Principles
Proactive not Reactive: Preventative, not Remedial; Privacy as the Default setting; Privacy Embedded into Design; Full Functionality: Positive-Sum, not Zero-Sum; End-to-End Security: Full Lifecycle Protection; Visibility and Transparency: Keep it Open; Respect for User Privacy: Keep it User-Centric.
9
Privacy by Design: The Trilogy of Applications
Information Technology Accountable Business Practices Physical Design & Infrastructure
10
Privacy by Design in 2010: Gathering Momentum
May – As part of the European Commission’s new European Digital Agenda, Peter Hustinx, the European Data Protection Supervisor, recommended that Privacy by Design be included as a binding principle into data protection legal framework; ultation/Opinions/2010/ _Trust_Information_Society_EN.pdf October – Regulators from around the world gathered at the annual assembly of International Data Protection and Privacy Commissioners in Jerusalem, Israel, and unanimously passed a landmark Resolution recognizing Privacy by Design as an essential component of fundamental privacy protection; December – The U.S. Federal Trade Commission released a major report on protecting consumer privacy in which it recommended that companies adopt a Privacy by Design approach by building privacy protections into their everyday business practices.
11
Embedding Privacy at the Design Stage: The Obvious Route
Cost-effective Proactive User-centric It’s all about control – preserving personal control and freedom of choice over one’s data flows
12
Conclusions Lead with Privacy by Design;
Change the paradigm from the dated “zero-sum” to the doubly-enabling “positive-sum;” Deliver both privacy AND security or any other functionality, in an empowering “win-win” paradigm; Embed privacy as a core functionality: the future of the Smart Grid may depend on it!
13
How to Contact Us Michelle Chibba Director of Policy and Special Projects Information & Privacy Commissioner of Ontario 2 Bloor Street East, Suite 1400 Toronto, Ontario, Canada M4W 1A8 Phone: (416) / Web: 13
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.