Presentation is loading. Please wait.

Presentation is loading. Please wait.

Crowdsourcing Privacy Risk Assessment An Interactive Model for Evaluating and Comparing Privacy Systems.

Published byRussell Powers Modified over 9 years ago

Similar presentations

Presentation on theme: "Crowdsourcing Privacy Risk Assessment An Interactive Model for Evaluating and Comparing Privacy Systems."— Presentation transcript:

1 Crowdsourcing Privacy Risk Assessment An Interactive Model for Evaluating and Comparing Privacy Systems

2 Provide an interactive display for stakeholders (including individual users, entire companies, or governments) to better understand their privacy considerations and options. Allow stakeholders to quickly see the relative strengths and weaknesses of a variety of privacy systems so that they can make privacy-related choices Enable a high degree of customization to meet the wide variety of stakeholder needs Objectives

3 Definitions

4 Stakeholder A user of the model who selects inputs and manipulates the model System Owners, Developers, and Engineers An Organization's Legal and Policy Teams Product and Project Management Teams Government Agencies Consumers

5 Privacy Systems Any organization, service, process, or program that handles personally identifying information (PII) and affects individual privacy Facebook Uber Amazon Web Services Google Drive Apple iOS Bank of America United States Government Government of the People’s Republic of China Walmart BlueCross BlueShield

6 Fair Information Practice Principles (FIPPs) The widely accepted framework of defining principles to be used in the evaluation of Privacy Systems 1. Transparency (T): systems should be transparent and notify individuals regarding collection, use, dissemination, and maintenance of personally identifiable information (PII). 2. Individual Participation (IP): Systems should involve the individual in the process of using PII and, to the extent practicable, seek individual consent for the collection, use, dissemination, and maintenance of PII. Systems should also provide mechanisms for appropriate access, correction, and redress regarding use of PII. 3. Purpose Specification (PS): Systems should specifically articulate the authority that permits the collection of PII and specifically articulate the purpose or purposes for which the PII is intended to be used. 4. Data Minimization (DM): Systems should only collect PII that is directly relevant and necessary to accomplish the specified purpose(s) and only retain PII for as long as is necessary to fulfill the specified purpose(s). 5. Use Limitation (UL): Systems should use PII solely for the purpose(s) specified in the notice. Sharing PII should be for a purpose compatible with the purpose for which the PII was collected. 6. Data Quality and Integrity (DQI): Systems should, to the extent practicable, ensure that PII is accurate, relevant, timely, and complete. 7. Security (S): Systems should protect PII (in all media) through appropriate security safeguards against risks such as loss, unauthorized access or use, destruction, modification, or unintended or inappropriate disclosure. 8. Accountability and Auditing (AA): Systems should be accountable for complying with these principles, providing training to all employees and contractors who use PII, and auditing the actual use of PII to demonstrate compliance with these principles and all applicable privacy protection requirements. Adapted from “Appendix A – Fair Information Practice Principles (FIPPs)” of the National Strategy for Trusted Identities in Cyberspace, (April 2011) https://www.whitehouse.gov/sites/default/files/rss_viewer/NSTICstrategy_041511.pdf

7 Transparency 1.Methods of Notification > Privacy Policy 2.Methods of Notification > Popup 3.Methods of Notification > Email 4.Frequency of Notification > Time Dependent 5.Frequency of Notification > Usage Dependent 6.Frequency of Notification > Data Type Dependent Individual Participation 1.Consent > Frequency of Consent > Time Dependent 2.Consent > Frequency of Consent > Usage Dependent 3.Consent > Frequency of Consent > Data Type Dependent 4.Consent > Options > Opt-in 5.Consent > Options > Opt-out 6.Consent > Difficulty > Timely 7.Consent > Difficulty > Inexpensive 8.Access > Frequency of Access > Time Dependent 9.Access > Frequency of Access > Data Type Dependent 10.Access > Actions Permitted > View 11.Access > Actions Permitted > Download 12.Access > Difficulty > Timely 13.Access > Difficulty > Inexpensive 14.Access > Difficulty > Instructions Provided 15.Redress > Actions Permitted > Dispute 16.Redress > Actions Permitted > Correct 17.Redress > Actions Permitted > Update 18.Redress > Actions Permitted > Delete 19.Redress > Difficulty > Timely 20.Redress > Difficulty > Inexpensive 21.Redress > Difficulty > Instructions provided Purpose Specification 1.Authority Granter > None 2.Authority Granter > Data Subject 3.Authority Granter > Law 4.Types of Purpose > Provide Services 5.Types of Purpose > Market/advertise 6.Types of Purpose > Profile/analytics 7.Articulation Method for Authority / Purpose > Privacy Policy 8.Articulation Method for Authority / Purpose > Popup 9.Articulation Method for Authority / Purpose > Email 10.Frequency of Articulation > Time Dependent 11.Frequency of Articulation > Usage Dependent 12.Frequency of Articulation > Data Type Dependent Data Minimization 1.Types of Data Collected > Public > Written Posts 2.Types of Data Collected > Personal > Multimedia > Photos 3.Types of Data Collected > Personal > Multimedia > Video 4.Types of Data Collected > Personal > Multimedia > Audio 5.Types of Data Collected > Personal > Contact > Email 6.Types of Data Collected > Personal > Contact > Postal Address 7.Types of Data Collected > Personal > Contact > Phone Number 8.Types of Data Collected > Private > Demographics > Age 9.Types of Data Collected > Private > Demographics > Race 10.Types of Data Collected > Private > Demographics > Gender 11.Types of Data Collected > Sensitive > Activities 12.Types of Data Collected > Sensitive > Purchase History 13.Types of Data Collected > Sensitive > Location 14.Types of Data Collected > Highly Sensitive > Financial 15.Types of Data Collected > Highly Sensitive > Health 16.Types of Data Collected > Highly Sensitive > SSN 17.Sources of Data > Manual > Data Subject 18.Sources of Data > Manual > Other Data Subjects 19.Sources of Data > Automatic > Cookies 20.Sources of Data > Automatic > Pixels 21.Sources of Data > Automatic > Metadata Use Limitation 1.General > Provide Services to DS 2.General > Communicate with DS 3.General > Enable DS Customization 4.Security > Improve Services 5.Security > Diagnostics/Troubleshooting 6.Commercial > Marketing 7.Analytical > Profiling 8.Sharing > Recipient > Affiliated Companies 9.Sharing > Recipient > Third Party > General 10.Sharing > Recipient > Third Party > Security 11.Sharing > Recipient > Third Party > Commercial 12.Sharing > Recipient > Third Party > Analytical 13.Sharing > Recipient > Third Party > Government 14.Sharing > Geography > Local 15.Sharing > Geography > National 16.Sharing > Geography > Regional 17.Sharing > Geography > International Data Quality and Integrity 1.Storage > Location 2.Storage > Duration 3.Management > Retrieval 4.Management > Duplication 5.Management > Backup Security 1.Loss Prevention 2.Unauthorized Access / Use 3.Destruction 4.Modification 5.Unintended Disclosure > Breach Notification 6.Compliance Accountability and Auditing 1.Complying 2.Training > Data Protection Officer appointed 3.Auditing > Mechanisms in place 4.Auditing > Frequency of Auditing 5.Auditing > Internal or External Auditor System Practices The actions and policies of a Privacy System All identified System Practices used by the model are listed below. Despite the attempt to identify highly specific System Practices to produce a comprehensive evaluation of each FIPP, there are other System Practices that may not be included. Alternatively, certain users of the model may conclude that some of the included System Practices should be removed. The model recognizes that the process of evaluating FIPPs is highly qualitative and seeks to leverage a crowdsourcing methodology as a way to overcome this obstacle. User input regarding which System Practices should be included or excluded (that is, crowdsourcing the System Practices) is a key feature of this model; a user can choose as many or as few System Practices to include as they want.

8 System Practices The actions and policies of a Privacy System Transparency 1.Methods of Notification > Privacy Policy 2.Methods of Notification > Popup 3.Methods of Notification > Email 4.Frequency of Notification > Time Dependent 5.Frequency of Notification > Usage Dependent 6.Frequency of Notification > Data Type Dependent Methodology for Identifying System Practices: System Practices were identified based on the language used to define each FIPP: For example, the language defining the Transparency FIPP focused on notifying individuals. Using this keyword, the question: “what is notifying a function of?” was asked to identify measurement variables. This led to the identification of “Methods of Notification” and “Frequency of Notification” as two variables that could be used to measure notifying. (“Notifying is a function of the methods used to notify and the frequency with which notification is given.“). A high level of granularity was sought to ensure a comprehensive evaluation of the FIPP: With regards to the Transparency FIPP, rather than just evaluating “Methods” and “Frequency” in general, they were further subdivided to provide more specific evaluation criteria. To accomplish this, similar questions were again asked: “what is Methods a function of?” and “what is Frequency a function of?” This led to the identification of different methods of notification (notification in Privacy Policies, in Popups, or in Emails) as well as different frequencies of notification (based on time, usage of data, or type of data). This high level of granularity ensures that the FIPP is evaluated based on a wide range of specific criteria, rather than just a few general ones.

9 Magnitude Chosen and assigned to a System Practice by the User to quantify the privacy intrusion or protection of each System Practice MagnitudeMeaning 1System Practice is highly intrusive of privacy 2 System Practice is moderately intrusive of privacy 3 System Practice has little overall intrusion into or protection of privacy 4System Practice moderately protects privacy 5System Practice highly protects privacy

10 Example Privacy System: Facebook FIPPFIPP Privacy Score Transparency3.67 Individual Participation3.19 Purpose Specification1.67 Data Minimization1.95 Use Limitation2.24 Data Quality and Integrity3.80 Security1.67 Accountability and Auditing3.40 Average of FIPP Privacy Scores2.70 Privacy SystemSystem Privacy Score Facebook 2.70 Google... Privacy Scores A FIPP Privacy Score is a computation that evaluates an individual FIPP within a single Privacy System. Therefore, a single Privacy System will have eight FIPP Privacy Scores– one for each FIPP. FIPP Privacy Scores assess categories of similar System Practices. Using FIPP Privacy Scores to first assess categories, rather than jumping right to an overall assessment of the Privacy System, helps identify more specific strengths and weaknesses of the system.For instance, an overall assessment might not highlight the fact that a Privacy System is strong in Data Minimization but weak in Use Limitation. In contrast, first assessing the individual FIPPs would highlight that difference. A System Privacy Score is a computation that evaluates all the FIPP Privacy Scores of a single Privacy System. Therefore, a single Privacy System will have one System Privacy Score. System Privacy Scores can be used to compare different Privacy Systems.

11 The Model

12 Transparency Individual Participation Purpose Specification Data Minimization Use Limitation Data Quality and Integrity Security Accountability and Auditing Fair Information Privacy Principles (FIPP) System Practices (for selected FIPP) Transparency 1.Methods of Notification: Privacy Policy 2.Methods of Notification: Popup 3.Methods of Notification: Email 4.Frequency of Notification: Time Dependent 5.Frequency of Notification: Usage Dependent 6.Frequency of Notification: Data Type Dependent Individual Participation 1.Consent...Access... 2.Redress... Purpose Specification 1.Authority Granter... 2.... Data Minimization... Use Limitation... Data Quality and Integrity... Security... Accountability and Auditing... Privacy Systems Magnitude: 1.00 - 5.00 Magnitude (input for each System Practice) Compute a function of the Magnitudes assigned to the System Practices of the selected FIPP. FIPP Privacy Score System Privacy Score select FIPP select System Practice compute FIPP Privacy Score another System Practice? compute System Privacy Score select System Yes No input Magnitude another FIPP? Yes No Compute a function of all the FIPP Privacy Scores that were computed for the selected System. Facebook Uber Amazon Web Services Google Drive Apple iOS Bank of America U.S. Government P.R.C. Government Walmart BlueCross BlueShield Not All System Practices are Shown

13 Example

14 select FIPP select System Practice compute FIPP Privacy Score compute System Privacy Score select System No input Magnitude another FIPP? Yes No another System Practice? Yes

15 select FIPP select System Practice compute FIPP Privacy Score compute System Privacy Score System: Facebook No input Magnitude another FIPP? Yes No Facebook another System Practice? Yes

16 System: Facebook Transparency FIPP: Transparency select System Practice No another FIPP? Yes No another System Practice? Yes input Magnitude compute FIPP Privacy Score compute System Privacy Score

17 Facebook Transparency System Practice 1. Methods of Notification: Privacy Policy System: Facebook FIPP: Transparency No another FIPP? No another System Practice? Yes System Practice: 1. Methods of Notification: Privacy Policy input Magnitude compute FIPP Privacy Score compute System Privacy Score

18 FIPP: Transparency System: Facebook No Magnitude: 3.00 another FIPP? Yes No another System Practice? Yes System Practice: 1. Methods of Notification: Privacy Policy Facebook Transparency System PracticeMagnitude 1. Methods of Notification: Privacy Policy 3.00 compute FIPP Privacy Score compute System Privacy Score

19 FIPP: Transparency System: Facebook No another FIPP? Yes No another System Practice? Yes select System Practice input Magnitude Facebook Transparency System PracticeMagnitude 1. Methods of Notification: Privacy Policy 3.00 compute FIPP Privacy Score compute System Privacy Score

20 FIPP: Transparency System Practice: 2. Methods of Notification: Popup System: Facebook No Magnitude: 5.00 another FIPP? Yes No Yes another System Practice? Facebook Transparency System PracticeMagnitude 1. Methods of Notification: Privacy Policy 3.00 2. Methods of Notification: Popup5.00 compute FIPP Privacy Score compute System Privacy Score

21 FIPP: Transparency another System Practice? System: Facebook Yes No another FIPP? Yes No select System Practice input Magnitude Facebook Transparency System PracticeMagnitude 1. Methods of Notification: Privacy Policy 3.00 2. Methods of Notification: Popup5.00 compute FIPP Privacy Score compute System Privacy Score

22 FIPP: Transparency System Practice: 3. Methods of Notification: Email System: Facebook No Magnitude: 4.00 another FIPP? Yes No Yes another System Practice? Facebook Transparency System PracticeMagnitude 1. Methods of Notification: Privacy Policy 3.00 2. Methods of Notification: Popup5.00 3. Methods of Notification: Email4.00 compute FIPP Privacy Score compute System Privacy Score

23 FIPP: Transparency System: Facebook Yes No another FIPP? Yes No another System Practice? select System Practice input Magnitude Facebook Transparency System PracticeMagnitude 1. Methods of Notification: Privacy Policy 3.00 2. Methods of Notification: Popup5.00 3. Methods of Notification: Email4.00 compute FIPP Privacy Score compute System Privacy Score

24 FIPP: Transparency System Practice: 4. Frequency of Notification: Time Dependent System: Facebook No Magnitude: 3.00 another FIPP? Yes No Yes another System Practice? Facebook Transparency System PracticeMagnitude 1. Methods of Notification: Privacy Policy 3.00 2. Methods of Notification: Popup5.00 3. Methods of Notification: Email4.00 4. Frequency of Notification: Time Dependent 3.00 compute FIPP Privacy Score compute System Privacy Score

25 FIPP: Transparency System: Facebook Yes No another FIPP? Yes No another System Practice? select System Practice input Magnitude compute FIPP Privacy Score Facebook Transparency System PracticeMagnitude 1. Methods of Notification: Privacy Policy 3.00 2. Methods of Notification: Popup5.00 3. Methods of Notification: Email4.00 4. Frequency of Notification: Time Dependent 3.00 compute System Privacy Score

26 FIPP: Transparency System Practice: 5. Frequency of Notification: Usage Dependent System: Facebook No Magnitude: 5.00 another FIPP? Yes No Yes another System Practice? Facebook Transparency System PracticeMagnitude 1. Methods of Notification: Privacy Policy 3.00 2. Methods of Notification: Popup5.00 3. Methods of Notification: Email4.00 4. Frequency of Notification: Time Dependent 3.00 5. Frequency of Notification: Usage Dependent 5.00 compute FIPP Privacy Score compute System Privacy Score

27 FIPP: Transparency System: Facebook Yes No another FIPP? Yes No another System Practice? select System Practice input Magnitude Facebook Transparency System PracticeMagnitude 1. Methods of Notification: Privacy Policy 3.00 2. Methods of Notification: Popup5.00 3. Methods of Notification: Email4.00 4. Frequency of Notification: Time Dependent 3.00 5. Frequency of Notification: Usage Dependent 5.00 compute FIPP Privacy Score compute System Privacy Score

28 FIPP: Transparency System Practice: 6. Frequency of Notification: Data Type Dependent System: Facebook Magnitude: 2.00 another FIPP? Yes No Yes No another System Practice? Facebook Transparency System PracticeMagnitude 1. Methods of Notification: Privacy Policy 3.00 2. Methods of Notification: Popup5.00 3. Methods of Notification: Email4.00 4. Frequency of Notification: Time Dependent 3.00 5. Frequency of Notification: Usage Dependent 5.00 6. Frequency of Notification: Data Type Dependent 2.00 compute FIPP Privacy Score compute System Privacy Score

29 FIPP: Transparency System: Facebook No Magnitude: 2.00 another FIPP? Yes No Yes another System Practice? System Practice: 6. Frequency of Notification: Data Type Dependent Facebook Transparency System PracticeMagnitude 1. Methods of Notification: Privacy Policy 3.00 2. Methods of Notification: Popup5.00 3. Methods of Notification: Email4.00 4. Frequency of Notification: Time Dependent 3.00 5. Frequency of Notification: Usage Dependent 5.00 6. Frequency of Notification: Data Type Dependent 2.00 compute FIPP Privacy Score compute System Privacy Score

30 FIPP: Transparency System: Facebook Magnitude: 2.00 another FIPP? Yes No Yes compute FIPP Privacy Score System Practice: 6. Frequency of Notification: Data Type Dependent No another System Practice? Facebook Transparency System PracticeMagnitude 1. Methods of Notification: Privacy Policy 3.00 2. Methods of Notification: Popup5.00 3. Methods of Notification: Email4.00 4. Frequency of Notification: Time Dependent 3.00 5. Frequency of Notification: Usage Dependent 5.00 6. Frequency of Notification: Data Type Dependent 2.00 compute System Privacy Score

31 FIPP: Transparency System: Facebook Magnitude: 2.00 another FIPP? Yes No Yes System Practice: 6. Frequency of Notification: Data Type Dependent No another System Practice? FIPP Privacy Score: 3.67 Facebook Transparency System PracticeMagnitude 1. Methods of Notification: Privacy Policy 3.00 2. Methods of Notification: Popup5.00 3. Methods of Notification: Email4.00 4. Frequency of Notification: Time Dependent 3.00 5. Frequency of Notification: Usage Dependent 5.00 6. Frequency of Notification: Data Type Dependent 2.00 FIPP Privacy Score3.67 compute System Privacy Score

32 compute System Privacy Score System: Facebook another FIPP? Yes No Yes another System Practice? No select FIPP compute FIPP Privacy Score input Magnitude select System Practice Facebook (Summary of FIPP Privacy Scores) FIPPFIPP Privacy Score Transparency3.67

33 FIPP: Individual Participation System: Facebook another FIPP? Yes No Yes No input Magnitude select System Practice another System Practice? Facebook Individual Participation System PracticeMagnitude compute System Privacy Score compute FIPP Privacy Score

34 Facebook Individual Participation System PracticeMagnitude... FIPP Privacy Score3.19 FIPP: Individual Participation compute System Privacy Score System: Facebook another FIPP? Yes No Yes No FIPP Privacy Score: 3.19 input Magnitude select System Practice another System Practice?

35 System: Facebook another FIPP? Yes No Yes another System Practice? No select FIPP select System Practice Facebook FIPPFIPP Privacy Score Transparency3.67 Individual Participation3.19 Facebook (Summary of FIPP Privacy Scores) input Magnitude compute System Privacy Score compute FIPP Privacy Score

36 input Magnitude System: Facebook another FIPP? Yes No Yes another System Practice? No select FIPP select System Practice Facebook (Summary of FIPP Privacy Score) FIPPFIPP Privacy Score Transparency3.67 Individual Participation3.19 Purpose Specification1.67 Data Minimization1.95 Use Limitation2.24 Data Quality and Integrity3.80 Security1.67 Accountability and Auditing3.40 compute System Privacy Score compute FIPP Privacy Score

37 System: Facebook another FIPP? Yes No Yes another System Practice? No select FIPP select System Practice Facebook (Summary of FIPP Privacy Score) FIPPFIPP Privacy Score Transparency3.67 Individual Participation3.19 Purpose Specification1.67 Data Minimization1.95 Use Limitation2.24 Data Quality and Integrity3.80 Security1.67 Accountability and Auditing3.40 input Magnitude compute System Privacy Score compute FIPP Privacy Score

38 System: Facebook Yes No select System Practice another System Practice? Yes select FIPP Facebook (Summary of FIPP Privacy Score) FIPPFIPP Privacy Score Transparency3.67 Individual Participation3.19 Purpose Specification1.67 Data Minimization1.95 Use Limitation2.24 Data Quality and Integrity3.80 Security1.67 Accountability and Auditing3.40 System Privacy Score2.70 another FIPP? No System Privacy Score: 2.70 input Magnitude compute FIPP Privacy Score

39 select System Yes No compute FIPP Privacy Score input Magnitude select System Practice another System Practice? Yes select FIPP another FIPP? No compute System Privacy Score another System?

40 select System Yes No select System Practice another System Practice? Yes select FIPP another FIPP? No Yes another System? compute FIPP Privacy Score input Magnitude compute System Privacy Score

41 select System Yes No select System Practice another System Practice? Yes select FIPP another FIPP? No Yes another System? compute FIPP Privacy Score input Magnitude compute System Privacy Score

42 System: Google Yes No select System Practice another System Practice? Yes select FIPP another FIPP? No Yes another System? compute FIPP Privacy Score input Magnitude compute System Privacy Score

43 System: Google Yes No select System Practice another System Practice? Yes select FIPP another FIPP? No Yes another System? compute FIPP Privacy Score input Magnitude compute System Privacy Score COMPARISON CHART SystemSystem Privacy Score Facebook2.70 Google...

44 Details

45 Functions FIPP Privacy Score To compute a System Privacy Score, an average (or other function) of all the FIPP Privacy Scores for that System is taken. System Privacy Score To compute a FIPP Privacy Score, an average (or other function) of all the Magnitudes assigned to the System Practices of the selected FIPP is taken.

46 2. FIPP Data Entry 3. System Practices1. System and User 4. Magnitudes

47 References NSTIC Appendix A - Fair Information Practice Principles Privacy Online: A Report to Congress (Federal Trade Commission, 1998) NIST Special Publication 800-53r4, Appendix J “Records, Computers and the Rights of Citizens” (US Department of Health, Education and Welfare,1973) US Privacy Act of 1974 NIST Privacy Engineering Objectives and Risk Model Discussion Draft NIST 8062: Privacy Risk Management for Federal Information Systems

Download ppt "Crowdsourcing Privacy Risk Assessment An Interactive Model for Evaluating and Comparing Privacy Systems."

Similar presentations

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
NAU HIPAA Awareness Training

NAU HIPAA Awareness Training
CHAPTER 4 E-ENVIRONMENT

CHAPTER 4 E-ENVIRONMENT
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Silicon Valley Apps for Kids Meetup Laura D. Berger October 22, 2012 The views expressed herein are those of the speaker, and do not represent the views.

Silicon Valley Apps for Kids Meetup Laura D. Berger October 22, 2012 The views expressed herein are those of the speaker, and do not represent the views.
Data Protection.

Data Protection.
Data-Sharing and Governance Consultation ANALYSIS OF RESPONSES.

Data-Sharing and Governance Consultation ANALYSIS OF RESPONSES.
Auditing Computer Systems

Auditing Computer Systems
The Islamic University of Gaza

The Islamic University of Gaza
Security Controls – What Works

Security Controls – What Works
Www.oaic.gov.au Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Data Privacy: Third Parties, Vendors, & Nonprofits Baron Rodriguez (PTAC), Michael Hawes (DoED), & Mike Tassey (PTAC)

Data Privacy: Third Parties, Vendors, & Nonprofits Baron Rodriguez (PTAC), Michael Hawes (DoED), & Mike Tassey (PTAC)
Property of Common Sense Privacy - all rights reserved 01875340890 THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.
Network security policy: best practices

Network security policy: best practices
Per Anders Eriksson

Per Anders Eriksson
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview

Data Protection Overview
Why Information Governance….instead of Records & Information Management? Angela Fares, RHIA, CRM, CISA, CGEIT, CRISC, CISM 817.352.4929 or

Why Information Governance….instead of Records & Information Management? Angela Fares, RHIA, CRM, CISA, CGEIT, CRISC, CISM or
Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 5: Security Controls.

Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 5: Security Controls.

Similar presentations

Ads by Google