Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Ann Cavoukian, Ph.D. Information and Privacy Commissioner/Ontario Go Beyond Compliance to Competitive Advantage: Good Privacy is Good Business DaimlerChrysler.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Ann Cavoukian, Ph.D. Information and Privacy Commissioner/Ontario Go Beyond Compliance to Competitive Advantage: Good Privacy is Good Business DaimlerChrysler."— Presentation transcript:

1 1 Ann Cavoukian, Ph.D. Information and Privacy Commissioner/Ontario Go Beyond Compliance to Competitive Advantage: Good Privacy is Good Business DaimlerChrysler AG Data Protection Coordinators Meeting June 23, 2005

2 2 Impetus for Change Growth of Privacy as a Global Issue (EU Directive on Data Protection); Exponential growth of personal data collected, transmitted and exploited; Convergence of growth in bandwidth, sensors, data storage and computing power; Consumer Backlash; heightened consumer expectations.

3 3 And then came 9/11 U.S. Patriot Act and series of anti-terrorism laws introduced; Served to expand powers of surveillance on the part of the state, and reduce judicial oversight.

4 4 The Aftermath It’s business as usual: Clear distinction between public safety and business issues – make no mistake; NO reduction in consumer expectations; Increased value of trusted relationships.

5 5 Consumer Attitudes Business is not a beneficiary of the post-9/11 “Trust Mood” Increased trust in government has not been paralleled by increased trust in business handling of personal information. — Privacy On and Off the Internet: What Consumers Want Harris Interactive, November 2001 Dr. Alan Westin

6 6 Importance of Consumer Trust In the post-9/11 world: –Consumers either as concerned or more concerned about online privacy; –Concerns focused on the business use of personal information, not new government surveillance powers. If consumers have confidence in a company’s privacy practices, consumers are more likely to: –Increase volume of business with company……....91% –Increase frequency of business……………….…...90% –Stop doing business with company if PI misused…83% — Harris/Westin Poll, Nov. 2001 and Feb. 2002

7 7 Information Privacy Defined Information Privacy: Data Protection –Freedom of choice; control; informational self-determination; –Personal control over the collection, use and disclosure of any recorded information about an identifiable individual.

8 8 What Privacy is Not Security  Privacy

9 9 Authentication Data Integrity Confidentiality Non-repudiation Privacy; Data Protection Fair Information Practices Privacy and Security: The Difference Security: Organizational control of information through information systems

10 10 Fair Information Practices: A Brief History OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data; EU Directive on Data Protection; CSA Model Code for the Protection of Personal Information; Canada Personal Information Protection and Electronic Documents Act (PIPEDA).

11 11 Summary of Fair Information Practices FIPs Accountability Identifying Purposes Consent Limiting Collection Limiting Use, Disclosure, Retention Accuracy Safeguards Openness Individual Access Challenging Compliance

12 12 FIPs 1.Accountability for personal information designate an individual(s) accountable for compliance 2.Identifying Purposes purpose of collection must be clear at or before time of collection 3.Consent individual has to give consent to collection, use, disclosure of personal information

13 13 FIPs (Cont’d) 4.Limiting Collection collect only information required for the identified purpose; information shall be collected by fair and lawful means 5.Limiting Use, Disclosure, Retention consent of individual required for all other purposes 6.Accuracy keep information as accurate and up-to-date as necessary for identified purpose 7.Safeguards protection and security required, appropriate to the sensitivity of the information

14 14 FIPs (Cont’d) 8.Openness policies and other information about the management of personal information should be readily available 9.Individual Access upon request, an individual shall be informed of the existence, use and disclosure of his or her personal information and be given access to that information, be able to challenge its accuracy and completeness and have it amended as appropriate 10.Challenging Compliance ability to challenge all practices in accord with the above principles to the accountable body in the organization

15 15 Extension of PIPEDA As of January 1, 2004, the Personal Information Protection and Electronic Documents Act has extended to:  all personal information collected, used or disclosed in the course of commercial activities by provincially regulated organizations;  unless a substantially similar provincial privacy law is in force.

16 16 Provincial Private-Sector Privacy Laws Québec: Act respecting the protection of personal information in the private sector B.C.: Personal Information Protection Act Alberta: Personal Information Protection Act Ontario: Personal Health Information Protection Act

17 17 United States Safe Harbor Privacy Principles: 1.Notice 2.Choice 3.Onward Transfer 4.Security 5.Data Integrity 6.Access 7.Enforcement

18 18 California SB 1386 became effective on July 1, 2003; Essentially, it requires any agency, person or business that owns or licenses computerized “personal information” to disclose any breach of security to California residents whose data has been subject to unauthorized disclosure. SB1386

19 19 United States The Coming Privacy Storm April 2005, 39 bills were pending in 19 states modeled after California’s SB1386; June 2005, eight states have now signed laws that require consumers to be notified if personal information has been subject to a security breach; Although the new laws are similar to California’s SB1386, varying state requirements will likely put pressure on Congress to pass a federal version of SB1386; Legislation is also being considered that would ban the sale of Social Security numbers without the permission of the owner.

20 20 ISF Highlights Damage Done by Privacy Breaches The Information Security Forum reported that a company’s privacy breaches can cause major damage to brand and reputation: –25% of companies surveyed experienced some adverse publicity due to privacy; –1 in 10 had experienced civil litigation, lost business or broken contracts; –Robust privacy policies and staff training were viewed as keys to avoiding privacy problems. — The Information Security Forum, July 7, 2004

21 21 Distrust and Profitability Distrust can have a potentially devastating impact on profitability: 45% of respondents said there is at least one retail business that they trusted at one time, but no longer trust; 94% said they spent less money with that company, resulting in an average 87% decrease in spending by that group. — Yankelovich Study, June 2004

22 22 The Business Case “Our research shows that 80% of our customers would walk away if we mishandled their personal information.” — CPO, Royal Bank of Canada, 2003 “Nearly 90% of online consumers want the right to control how their personal information is used after it is collected.” — Forrester Research, 2003

23 23 The Bottom Line Privacy should be viewed as a business issue, not a compliance issue

24 24 Privacy Issues in the Automobile Industry

25 25 Automotive Tracking Technologies While both of these technologies can represent greater safety and security to drivers, they also hold the potential for violations of privacy. Event Data Recorders or “Black Boxes”; Telematics Systems;

26 26 “Black Boxes” Currently, there are an estimated 25 to 40 million automobiles in North America equipped with event data recorders or “Black Boxes;” Black boxes can record such information as speed, braking, sharp accelerations and decelerations and even seat-belt use; The ACLU has stated that motorists do not necessarily know their vehicles are equipped with EDRs, and that represents a considerable risk of privacy invasion; California AB 213 – “Black Box” law.

27 27 Telematics In 2001, there were 2.5 million vehicles in the U.S. that were telematics-enabled; By 2006, that number will grow 21million vehicles – totaling 30 million vehicles worldwide; — Maya Software Technologies Ltd, Automotive Telematics, 2001 Industry analysts believe that telematic systems will become a standard feature in passenger vehicles by the end of this decade. — IT Facts - February 17, 2005

28 28 The Future of Telematics  The US National Transportation Safety Board and the National Highway Traffic Safety Administration have recommended that all vehicles sold in the U.S. should eventually be equipped with telematics devices;  The European Commission has proposed that by 2009, all new cars sold in the EU be equipped with a telematics unit consisting of a GPS device and a mobile communication unit. — ZDNet, March 29, 2005.

29 29 Expanding Applications Means More Data Collection Telematics service providers will soon be faced with collecting and storing more and more personal information about subscribers because of expanding applications. Original uses: Vehicle tracking; anti-theft; information services; emergency services; and vehicle operations. Present and future uses: Mobile phones; PDAs; Email; Fax; Teleconferencing; DVD Players; and onboard personal computers.

30 30 Telematics and Privacy What hangs in the balance? Location anonymity: Driver is traceable and susceptible to covert surveillance; Control: Consensual use versus passive participation over what private/personal information is collected, stored, processed and provided to other parties; Information: Privacy and security of information being transmitted requires sufficient encryption; Risk of inaccurate information being aggregated.

31 31 Privacy Concerns 2003, the FBI ordered a telematics company to covertly turn a suspect’s onboard navigation system into a de facto wiretap; The company challenged the FBI’s order; The Ninth Circuit Court of Appeals ruled in favour of the company but also stated that while it was not permissible to alter the use of a telematics device when it interfered with the car's emergency features, it was lawful to use such systems for surveillance where it did not interfere unreasonably with the operation of the device. - The Company v. U.S.A. decision, No. 02-15635 (9th Cir. Nov. 18, 2003)

32 32 Privacy Concerns (Cont’d) Car Rentals Auto Insurance Pay-as-you-drive Road Safety

33 33 Consumer Awareness Despite now being installed by manufacturers for more than a decade, two thirds of car buyers have no idea that “Black Boxes” are installed in their cars, or even what they do; When informed of their existence, vehicle owners reacted with similar attitudes; "It's like having a government agent driving around in the back seat of your car.“ — Insurance Research Council, Public Attitude Monitor, 2002

34 34 Consumer Preferences Fewer than one-quarter of respondents favoured having a mileage data recorder installed in their vehicle to allow their insurance company to verify the distance actually driven; Fewer than half of respondents favoured using data from “black boxes” to investigate or determine fault in accidents. — Insurance Research Council, Public Attitude Monitor, 2002

35 35 Privacy, Security and Choice Competitive Advantage The relationship between the service provider and the subscriber regarding their personal information will become a key factor for the success of telematics and its applications; “Understanding and managing privacy and security concerns are critical for consumer acceptance of telematics… players must agree and make it very clear that the customer "owns“ his or her data and then provide a system that allows customers to choose whether to share that data...” — David Huber, Product Development Manager, Progressive Group, April 2005

36 36 A Privacy Policy for Automotive Telematics Three key areas: 1.Choice 2.Notice 3.Access

37 37 Make Privacy a Corporate Priority An effective privacy program needs to be integrated into the corporate culture; It is essential that privacy protection become a corporate priority throughout all levels of the organization; Senior Management and Board of Directors’ commitment is critical.

38 38 Final Thought “Anyone today who thinks the privacy issue has peaked is greatly mistaken…we are in the early stages of a sweeping change in attitudes that will fuel political battles and put once-routine business practices under the microscope.” Forrester Research, March 5, 2001

39 39 How to Contact Us Commissioner Ann Cavoukian Information & Privacy Commissioner/Ontario 2 Bloor Street East, Suite 1400 Toronto, Ontario M4W 1A8 Phone: (416) 326-3333 Web: www.ipc.on.ca E-mail: commissioner@ipc.on.ca

Download ppt "1 Ann Cavoukian, Ph.D. Information and Privacy Commissioner/Ontario Go Beyond Compliance to Competitive Advantage: Good Privacy is Good Business DaimlerChrysler."

Similar presentations

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.

HIPAA: An Overview of Transaction, Privacy and Security Regulations Training for Providers and Staff.
Www.ipc.on.ca National Security in a Post-9/11 World: The Rise of Surveillance, … the Demise of Privacy? Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario.

National Security in a Post-9/11 World: The Rise of Surveillance, … the Demise of Privacy? Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario.
1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,

1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,
Mark S. Hayes – Blake, Cassels & Graydon LLP Privacy and Security – Some Observations Mark S. Hayes, Blake, Cassels & Graydon LLP 7th CACR Privacy and.

Mark S. Hayes – Blake, Cassels & Graydon LLP Privacy and Security – Some Observations Mark S. Hayes, Blake, Cassels & Graydon LLP 7th CACR Privacy and.
Www.ipc.on.ca The Privacy Imperative: Go Beyond Compliance to Competitive Advantage Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Bell.

The Privacy Imperative: Go Beyond Compliance to Competitive Advantage Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Bell.
© 2003 IBM Corporation Privacy 12 th CACR Workshop Yim Y. Chan Chief Privacy Officer & CIO IBM Canada Ltd. w3.ibm.com/Privacy.

© 2003 IBM Corporation Privacy 12 th CACR Workshop Yim Y. Chan Chief Privacy Officer & CIO IBM Canada Ltd. w3.ibm.com/Privacy.
Seamless Customer Experience: What Will It Take? Offering Security and Privacy Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario The Access.

Seamless Customer Experience: What Will It Take? Offering Security and Privacy Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario The Access.
Information and Privacy Commissioner/Ontario, © 2005 Go Beyond Compliance to Competitive Advantage Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario.

Information and Privacy Commissioner/Ontario, © 2005 Go Beyond Compliance to Competitive Advantage Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario.
Www.ipc.on.ca How Privacy Could Affect the Future Roll-Out of RFIDs: Take Note Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Symposium.

How Privacy Could Affect the Future Roll-Out of RFIDs: Take Note Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Symposium.
Www.ipc.on.ca Preserving Privacy in a Security-Centric World Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Canadian Information Processing.

Preserving Privacy in a Security-Centric World Ann Cavoukian, Ph.D. Information & Privacy Commissioner/Ontario Canadian Information Processing.
Privacy in Ontario Brian Beamish Office of the Information and Privacy Commissioner/Ontario Presentation to Security Canada Central 2002 International.

Privacy in Ontario Brian Beamish Office of the Information and Privacy Commissioner/Ontario Presentation to Security Canada Central 2002 International.
The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.

The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.
1 Privacy by Design: Don’t Make Privacy An Afterthought – Build It In Convergence Expo 2005 Calgary, Alberta May 17, 2005 Ann Cavoukian, Ph.D. Information.

1 Privacy by Design: Don’t Make Privacy An Afterthought – Build It In Convergence Expo 2005 Calgary, Alberta May 17, 2005 Ann Cavoukian, Ph.D. Information.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.

HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
Per Anders Eriksson

Per Anders Eriksson
Transborder dataflows Flow of information across national borders Much of this data involves personal information.

Transborder dataflows Flow of information across national borders Much of this data involves personal information.
Getting to Privacy A Presentation to: Presented by: Mike Gurski.

Getting to Privacy A Presentation to: Presented by: Mike Gurski.
Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario.

Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario.
Information Commissioner’s Office: data protection Judith Jones Senior Policy Officer Strategic Liaison – public security 16 November 2011.

Information Commissioner’s Office: data protection Judith Jones Senior Policy Officer Strategic Liaison – public security 16 November 2011.

Similar presentations

Ads by Google