Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 The ISTPA Privacy Framework John Sabo Manager, Security, Privacy and Trust Initiatives Computer Associates Workshop on the Relationship between Security.

Published byAnnabelle Lindsey Modified over 9 years ago

Similar presentations

Presentation on theme: "1 The ISTPA Privacy Framework John Sabo Manager, Security, Privacy and Trust Initiatives Computer Associates Workshop on the Relationship between Security."— Presentation transcript:

1 1 The ISTPA Privacy Framework John Sabo Manager, Security, Privacy and Trust Initiatives Computer Associates Workshop on the Relationship between Security and Privacy Pittsburgh, PA May 30, 2002 ISTPA Framework Copyright © 1999-2002 International Security, Trust & Privacy Alliance All Rights Reserved

2 2 What Is ISTPA? ISTPA is a not-for-profit global alliance of organizations addressing  issues related to security, privacy and trust from a consumer, technology and business perspective  Not a privacy advocacy organization ISTPA’s focus is on the protection of personal information (PI).

3 3 ISTPA Member Companies AMD American Express Arthur Anderson, LLP Bennett Gold, Chartered Accountants BITS Carnegie Mellon University Computer Associates Critical Path CYVA Research Corp Dealing Technology EWA IIT GemPlus GSR Consulting Intel Intelytics, Inc. International Systems Security Engineering Association JP Morgan/ Chase Motorola NCR OneName Corporation Persona Ponoi Corporation Sec2Wireless TRUSTe Vanguard Integrity Professionals W. Scott Blackmer Wave Systems, Inc YouPowered Zero-Knowledge Systems

4 4 ISTPA’s Internal Organization Board and Executive Director Self-Managed Four working groups:  Framework  Proof of Concept  Legal and Regulatory Requirements  Outreach 2-3 meetings annually plus WG meetings/teleconferences

5 5 ISTPA’s Privacy Perspective New technologies and business models provide benefits for consumers, citizens, business, government. Privacy and security risks accompany their use Sound privacy policies, architectures and implementations will support business value and achieve consumer trust.

6 6 How ISTPA Is Addressing Privacy Challenges Constructing an open, policy-neutral Framework for designing, constructing, and evaluating privacy architectures, technologies and tools to meet business and consumer needs Mapping legal, policy, and business requirements into the Framework Sponsoring objective privacy research on usability, manageability, cost of implementing privacy technologies

7 7 Multiple Expressions of Privacy Policy and Rules OECD Privacy Principles Fair Information Practices U.S.- E.U. Safe Harbor Agreement U.S. Federal Trade Commission Legislation…  U.S. Privacy Act  European Union Data Directive  Gramm Leach Bliley (GLB)  C6 in Canada  HIPAA

8 8 The Challenge of Integrated Privacy Solutions Interrelationships among polices, practices and rules are not intuitive Critical architectural components are missing or only implicit  the consumer  “agency”  interfaces No clarity in privacy- security relationship No linkages to operational policy and technical implementations

9 9 Why a Privacy Framework ? A coherent analytical model is needed to foster development of data protection products, services and trusted implementations. Networked trust systems require interoperability - - privacy requirements must be supported across jurisdictional, business, and consumer boundaries. A framework of privacy services can serve as a solution-neutral methodology and tool for policymakers, business managers, developers, auditors and regulators, and consumers

10 10 Other Major Projects  Johns Hopkins University research project to address usability, cost, manageability, trust of privacy technologies  Carnegie Mellon University “Digital Privacy Handbook”-- synthesizes technical standards, regulatory and legal privacy requirements by jurisdiction and existing technologies an analytical tool for the development of more mature and sophisticated capabilities in privacy management Michael Willett: The Privacy Framework structure is still evolving; your input and suggestions are welcome. The Framework Project is actively validating the Framework with Use Cases. Michael Willett: The Privacy Framework structure is still evolving; your input and suggestions are welcome. The Framework Project is actively validating the Framework with Use Cases.

11 11 Additional Information www.istpa.org John Sabo john.t.sabo@ca.com

Download ppt "1 The ISTPA Privacy Framework John Sabo Manager, Security, Privacy and Trust Initiatives Computer Associates Workshop on the Relationship between Security."

Similar presentations

Data Privacy and Security in the Cloud Presented by Robert J. Scott Managing Partner Scott & Scott, LLP www.ScottandScottllp.com.

Data Privacy and Security in the Cloud Presented by Robert J. Scott Managing Partner Scott & Scott, LLP
The Benefits and Challenges of Implementation of Basel II in Europe José María Roldán | 27 Sept 2005.

The Benefits and Challenges of Implementation of Basel II in Europe José María Roldán | 27 Sept 2005.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
IBM’s Transformation to a Services Company and the Growth of Digital Trade Michael DiPaula-Coyle IBM Governmental Programs.

IBM’s Transformation to a Services Company and the Growth of Digital Trade Michael DiPaula-Coyle IBM Governmental Programs.
Engineering Medical Information Systems

Engineering Medical Information Systems
Www.cloudsecurityalliance.org Copyright © 2011 Cloud Security Alliance Trusted Cloud Initiative Work Group Session.

Copyright © 2011 Cloud Security Alliance Trusted Cloud Initiative Work Group Session.
Identity Federation Rules and Process Linda Elliott President, PingID Network Electronic Authentication Partnership Washington, DC February 12, 2004.

Identity Federation Rules and Process Linda Elliott President, PingID Network Electronic Authentication Partnership Washington, DC February 12, 2004.
In Harmony, In the Cloud: Harmonizing Data Protection Rules In a Cross-Border World Steve Mutkoski Worldwide Director Policy Microsoft Corporation.

In Harmony, In the Cloud: Harmonizing Data Protection Rules In a Cross-Border World Steve Mutkoski Worldwide Director Policy Microsoft Corporation.
Private Sector Perspectives on Federal Financial Systems Modernization and Shared Services.

Private Sector Perspectives on Federal Financial Systems Modernization and Shared Services.
Evaluating public RTD interventions: A performance audit perspective from the EU European Court of Auditors American Evaluation Society, Portland, 3 November.

Evaluating public RTD interventions: A performance audit perspective from the EU European Court of Auditors American Evaluation Society, Portland, 3 November.
EInfrastructures (Internet and Grids) US Resource Centers Perspective: implementation and execution challenges Alan Blatecky Executive Director SDSC.

EInfrastructures (Internet and Grids) US Resource Centers Perspective: implementation and execution challenges Alan Blatecky Executive Director SDSC.
Phone: (919) 573-6132 Fax: (919) 677-8470 21CFR Part 11 FDA Public Meeting Comments Presented by: M. Rita.

Phone: (919) Fax: (919) CFR Part 11 FDA Public Meeting Comments Presented by: M. Rita.
Brief Synopsis of Computer Security Standards. Tenets of Information Systems Security Confidentiality Integrity Availability Over the years, standards.

Brief Synopsis of Computer Security Standards. Tenets of Information Systems Security Confidentiality Integrity Availability Over the years, standards.
© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Management for a Global Enterprise.

© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Management for a Global Enterprise.
1 Copyright © 2010 M. E. Kabay. All rights reserved. Security Audits, Standards, & Inspections CSH5 Chapter 54 “Security Audits, Standards and Inspections”

1 Copyright © 2010 M. E. Kabay. All rights reserved. Security Audits, Standards, & Inspections CSH5 Chapter 54 “Security Audits, Standards and Inspections”
S5-1 © 2001 Carnegie Mellon University OCTAVE SM Process 5 Identify Key Components Software Engineering Institute Carnegie Mellon University Pittsburgh,

S5-1 © 2001 Carnegie Mellon University OCTAVE SM Process 5 Identify Key Components Software Engineering Institute Carnegie Mellon University Pittsburgh,
Keystone Technology Plan Presentation to Chesapeake Bay Program Information Management Subcommittee May 19, 2004 Nancie L. Imler Chief Information Officer.

Keystone Technology Plan Presentation to Chesapeake Bay Program Information Management Subcommittee May 19, 2004 Nancie L. Imler Chief Information Officer.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
BUSINESS & HUMAN RIGHTS UniCredit on its sustainability path: understanding and managing the financial sector’s responsibilities in terms of human rights”

BUSINESS & HUMAN RIGHTS UniCredit on its sustainability path: understanding and managing the financial sector’s responsibilities in terms of human rights”
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Similar presentations

Ads by Google