Download presentation
Presentation is loading. Please wait.
Published byHerbert Hancock Modified over 8 years ago
1
Robert Guerra Director, CryptoRights Foundation Implementing Privacy Implementing Privacy: Rules of the Game for Developers Mac-Crypto Conference on Macintosh Cryptography & Internet Commerce January 29, 2001
2
Overview The Basics: Info-Privacy Principles General Trends: Global Privacy Law Getting Specific: Medical Privacy
3
The Basics: Information Privacy Principles
4
Information Privacy Principles [1] Accountability of Data Maintainer Purpose for Data Collection Consent for Data Collection Limits on Data Collection Limits on Storage, Use & Disclosure
5
Accuracy of Information Safeguards Openness of Policies & Practices User Access & Challenges Compliance & Auditing Information Privacy Principles [2]
6
General Trends: Global Privacy Law
7
World: Privacy Law Trends Countries around the world are: –Adopting comprehensive laws to protect privacy –Basing them on OECD and Council of Europe models
8
EU: Standardizing Privacy EU Privacy Directive prevents unauthorized transmission of personal info to any country that does not adequately protect privacy. Encourages countries to adopt strong privacy legislation and standardize privacy policy across borders.
9
Canada: Personal Privacy 1983 Privacy Act –Protection for information held by Govt. –Covers ~110 Federal Departments 2000 Personal Information Protection and Electronic Documents Act.
10
USA: Financial Privacy 1978: Right to Financial Privacy Act 1991: Telephone Consumer Protection Act 1992: Fair Credit Reporting Act 1996: Electronic Fund Transfer Act 1999: Gramm-Leach-Biley Act (Title V) 2000: Safe Harbour Principles (E.U./1998)
11
Getting Specific: Medical Privacy Regulations “The Only Crypto that Survives is Medical Crypto.”
12
USA: the HIPAA $tandard 1996 Health Insurance Portability & Accountability Act Improves efficiency of healthcare delivery by standardizing electronic data interchange. Protects health data confidentiality and security by setting and enforcing standards. All Healthcare organizations are affected. Covers all personally identifiable health info in electronic form. Includes paper records and oral communications.
13
Regulatory Comparisons
14
Regulatory Criteria [1] Access Controlling access and limiting patient info display. Backup Secure backups to prevent medical data loss. Unique ID Every patient or practicioner is unique like all the others. Logoff Automated signoff after period of inactivity. Audits Capture a historical record of medical data use.
15
Regulatory Criteria [2] eSignatures & Chart Signing Replacing paper-based signatures. Tracking patient-practicioner interactions. Encryption Protecting, hiding and transmitting confidential records. Patient Access Patients should can see their chart and know who’s looked. Sensitive Info Patient data disclosure control & perfect forward secrecy. Locking Data Original entries cannot be altered or deleted.
16
Regulatory Comparison criteria:
17
“I’m a privacy-rights person… the marketplace can function without sacrificing the privacy of individuals.” – George “Dubya” Bush (Business Week, 5 June 2000)
18
CryptoRights Foundation http://CryptoRights.org Mac-Crypto Conference on Macintosh Cryptography & Internet Commerce January 29, 2001 Robert Guerra Robert @ CryptoRights.org
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.