Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Data Privacy.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Data Privacy."— Presentation transcript:

1 Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor http://cups.cs.cmu.edu/courses/privpolawtech-fa07/ 1 Data Privacy October 30, 2007

2 Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor http://cups.cs.cmu.edu/courses/privpolawtech-fa07/ 2 k-anonymity “A release provides k-anonymity protection if the information for each person contained in the release cannot be distinguished from at least k-1 individuals whose information also appears in the release.” http://privacy.cs.cmu.edu/people/sweeney/kanonymity.html

3 Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor http://cups.cs.cmu.edu/courses/privpolawtech-fa07/ 3 De-identification and re-identification Simplistic de-identification: remove obvious identifiers Better de-identification: also k-anonymize and/or use statistical confidentiality techniques Re-identification can occur through linking entries within the same database or to entries in external databases

4 Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor http://cups.cs.cmu.edu/courses/privpolawtech-fa07/ 4 Examples When RFID tags are sewn into every garment, how might we use this to identify and track people? What if the tags are partially killed so only the product information is broadcast, not a unique ID? How can a cellular provider identify an anonymous pre-paid cell phone user? Other examples?

5 Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor http://cups.cs.cmu.edu/courses/privpolawtech-fa07/ 5 Techniques for protecting privacy Best No collection of contact information No collection of long term person characteristics k-anonymity with large value of k Good No unique identifiers across databases No common attributes across databases Random identifiers Contact information stored separately from profile or transaction information Collection of long term personal characteristics on a low level of granularity Technically enforced deletion of profile details at regular intervals

Download ppt "Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Data Privacy."

Similar presentations

1 Constraints, Triggers and Active Databases Chapter 9.

1 Constraints, Triggers and Active Databases Chapter 9.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2005 Lorrie Cranor 1 Privacy Authorization Languages.

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2005 Lorrie Cranor 1 Privacy Authorization Languages.
21-1 Last time Database Security  Data Inference  Statistical Inference  Controls against Inference Multilevel Security Databases  Separation  Integrity.

21-1 Last time Database Security  Data Inference  Statistical Inference  Controls against Inference Multilevel Security Databases  Separation  Integrity.
Interaction of RFID Technology and Public Policy Presentation at RFID Privacy MIT 15 TH November 2003 By Rakesh Kumar

Interaction of RFID Technology and Public Policy Presentation at RFID Privacy MIT 15 TH November 2003 By Rakesh Kumar
1 Privacy in Microdata Release Prof. Ravi Sandhu Executive Director and Endowed Chair March 22, 2013 © Ravi Sandhu.

1 Privacy in Microdata Release Prof. Ravi Sandhu Executive Director and Endowed Chair March 22, © Ravi Sandhu.
File Management Chapter 12. File Management A file is a named entity used to save results from a program or provide data to a program. Access control.

File Management Chapter 12. File Management A file is a named entity used to save results from a program or provide data to a program. Access control.
UTEPComputer Science Dept.1 University of Texas at El Paso Privacy in Statistical Databases Dr. Luc Longpré Computer Science Department Spring 2006.

UTEPComputer Science Dept.1 University of Texas at El Paso Privacy in Statistical Databases Dr. Luc Longpré Computer Science Department Spring 2006.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Fair Information.

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Fair Information.
 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.

 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.
Maintenance Modifying the data –Add records –Delete records –Update records Modifying the design –Add fields into tables –Remove fields from a table –Change.

Maintenance Modifying the data –Add records –Delete records –Update records Modifying the design –Add fields into tables –Remove fields from a table –Change.
C MU U sable P rivacy and S ecurity Laboratory 1 Privacy Policy, Law and Technology Engineering Privacy November 6, 2008.

C MU U sable P rivacy and S ecurity Laboratory 1 Privacy Policy, Law and Technology Engineering Privacy November 6, 2008.
Computers and Society Carnegie Mellon University Spring 2007 Cranor/Tongia 1 Privacy Week 6 - February 20,

Computers and Society Carnegie Mellon University Spring 2007 Cranor/Tongia 1 Privacy Week 6 - February 20,
Usable Privacy and Security Carnegie Mellon University Spring 2007 Cranor/Hong 1 Design for Privacy February 20,

Usable Privacy and Security Carnegie Mellon University Spring 2007 Cranor/Hong 1 Design for Privacy February 20,
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Web Privacy.

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Web Privacy.
C MU U sable P rivacy and S ecurity Laboratory 1 Privacy Policy, Law and Technology Data Privacy October 30, 2008.

C MU U sable P rivacy and S ecurity Laboratory 1 Privacy Policy, Law and Technology Data Privacy October 30, 2008.
The Relational Database Model:

The Relational Database Model:
C MU U sable P rivacy and S ecurity Laboratory Philosophical definitions of privacy Lorrie Faith Cranor October 19, 2007.

C MU U sable P rivacy and S ecurity Laboratory Philosophical definitions of privacy Lorrie Faith Cranor October 19, 2007.
Attacks against K-anonymity

Attacks against K-anonymity
Malicious parties may employ (a) structure-based or (b) label-based attacks to re-identify users and thus learn sensitive information about their rating.

Malicious parties may employ (a) structure-based or (b) label-based attacks to re-identify users and thus learn sensitive information about their rating.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Search Engines.

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Search Engines.

Similar presentations

Ads by Google