SlideShare uma empresa Scribd logo

Privacy by Design Seminar - Jan 22, 2015

Transferir como PPT, PDF
Dr. Ann Cavoukian
Dr. Ann Cavoukian

Ryerson’s Privacy and Big Data Institute's inaugural seminar on Privacy by Design (PbD), the revolutionary privacy framework created by Dr. Ann Cavoukian which was unanimously passed as an international privacy standard in 2010 (translated into 37 languages). Dr. Cavoukian is now the Executive Director of the Privacy and Big Data Institute at Ryerson, and formerly served as the Information and Privacy Commissioner of Ontario for three terms. Dr. Cavoukian gave a presentation on Privacy by Design and its application to big data analytics, followed by a Q&A session.

Educação
1 de 61
Ann Cavoukian, Ph.D.Ann Cavoukian, Ph.D. Executive Director Privacy and Big Data Institute Ryerson University Welcome to Privacy and Big Data Analytics – by Design Privacy by Design Seminar January 22, 2015
Presentation Outline 1.Privacy = Personal Control 2.Privacy is Essential to Freedom 3. Lead with Privacy by Design 4.Big Data Analytics 5.Privacy is Good for Business 6.SmartData 7.Concluding Thoughts
Privacy ≠ Secrecy Privacy is not about having something to hide
Privacy = Control
Privacy = Personal Control •User control is critical •Freedom of choice •Informational self-determination Context is key!
Privacy is Essential to Freedom: A Necessary Condition for Societal Prosperity and Well-Being • Innovation, creativity, and the resultant prosperity of a society requires freedom; • Privacy is the essence of freedom: Without privacy, individual human rights, property rights and civil liberties – the conceptual engines of innovation and creativity, could not exist in a meaningful manner; • Surveillance is the antithesis of privacy: A negative consequence of surveillance is the usurpation of a person’s limited cognitive bandwidth, away from innovation and creativity.
The Decade of Privacy by Design
Change the Paradigm to Positive-Sum, NOT Zero-Sum The Future of Privacy: Be Proactive
Landmark Resolution Passed to Preserve the Future of Privacy By Anna Ohlden – October 29th 2010 - http://www.science20.com/newswire/landmark_resolution_passed_preserve_future_privacy JERUSALEM, October 29, 2010 – A landmark Resolution by Ontario's Information and Privacy Commissioner, Dr. Ann Cavoukian, was approved by international Data Protection and Privacy Commissioners in Jerusalem today at their annual conference. The resolution recognizes Commissioner Cavoukian's concept of Privacy by Design - which ensures that privacy is embedded into new technologies and business practices, right from the outset - as an essential component of fundamental privacy protection. Full Article: http://www.science20.com/newswire/landmark_resolution_passed_preserve_future_privacy Adoption of “Privacy by Design” as an International Standard
1. English 2. French 3. German 4. Spanish 5. Italian 6. Czech 7. Dutch 8. Estonian 9. Hebrew 10.Hindi 11.Chinese 12.Japanese 13. Arabic 14. Armenian 15. Ukrainian 16. Korean 17. Russian 18. Romanian 19. Portuguese 20. Maltese 21. Greek 22. Macedonian 23. Bulgarian 24. Croatian 25. Polish 26. Turkish 27. Malaysian 28. Indonesian 29. Danish 30. Hungarian 31. Norwegian 32. Serbian 33. Lithuanian 34. Farsi 35. Finnish 36. Albanian 37. Catalan Privacy by Design: Proactive in 37 Languages!
Privacy by Design’s Greatest Strength – Positive-Sum: The Power of “And” Change the paradigm from the dated zero-sum (win/win) to a “positive-sum” model: Create a win/win scenario, not an either/or (vs.) involving unnecessary trade-offs and false dichotomies … replace “vs.” with “and”
Privacy by Design: The 7 Foundational Principles 1. Proactive not Reactive: Preventative, not Remedial; 2. Privacy as the Default setting; 3. Privacy Embedded into Design; 4. Full Functionality: Positive-Sum, not Zero-Sum; 5. End-to-End Security: Full Lifecycle Protection; 6. Visibility and Transparency: Keep it Open; 7. Respect for User Privacy: Keep it User-Centric.
“Privacy by Design is considered one of the most important concepts by members of the Japanese Information Processing Development Center … We have heard from Japan’s private sector companies that we need to insist on the principle of Positive-Sum, not Zero-Sum and become enlightened with Privacy by Design.” — Tamotsu Nomura, Japan Information Processing Development Center, May 28, 2014 Letter from JIPDEC – May 28, 2014
Operationalizing Privacy by Design 9 PbD Application Areas •CCTV/Surveillance cameras in mass transit systems; •Biometrics used in casinos and gaming facilities; •Smart Meters and the Smart Grid; •Mobile Communications; •Near Field Communications; •RFIDs and sensor technologies; •Redesigning IP Geolocation; •Remote Home Health Care; •Big Data and Data Analytics.
Do NOT focus exclusively on the “uses” of personal data Zero-Sum Prevails: Let’s Change the Paradigm
http://www.privacybydesign.ca/index.php/paper/unintended-consequences-privacy-paternalism/
Privacy Paternalism “ Leaving it up to companies and governments to determine the acceptable secondary uses of personal data is a flawed proposition, that will no doubt lead to greater privacy infraction. If the history of privacy has taught us anything, it is that an individual’s loss of control over their personal data leads to greater privacy abuses, not fewer.” Cavoukian, Dix, and El-Emam
The Veil of Privacy “A regime that only pays attention to use erects a Potemkin Village of privacy. From a distance, it looks sound. But living within it we will find no shelter from the sun or rain.” – Professor Chris Hoofnagle The Potemkinism of Privacy Pragmatism Slate.com http://www.slate.com/articles/technology/future_tense/2014/09/data_use_ regulation_the_libertarian_push_behind_a_new_take_on_privacy.html
Privacy Paternalism “The authors fully agree that accountability should be strengthened, but disagree with the proposal to weaken critical FIPPs and diminishing the role of the individual … Diminishing limits on specified purposes, collection and uses of personal data minimizes rather than strengthens accountability.” Cavoukian, Dix, and El-Emam
OECD Privacy Principles (Fair Information Practices) 1. Collection Limitation 2. Data Quality 3. Purpose Specification 4. Use Limitation 5. Security Safeguards 6. Openness 7. Individual Participation 8. Accountability Revised July, 2013
Big Data
Big Data • 90% of all data was created within the last 2 years; • Big Data analysis and data analytics promise new opportunities to gain valuable insights and benefits – new predictive modes of analysis; • But, it will also enable expanded surveillance, increasing the risk of unauthorized use and disclosure, on a scale previously unimaginable.
First, Comes the Hype
The Hype Phase: • Big Data will rule the world! • Everything else (including privacy) must step aside; • Forget causality; correlation is enough.
Then, the Hype Doesn’t Deliver
Big Data Technology is Not Foolproof “Despite rampant interest from enterprise leaders and often sizeable investments in Big Data technologies, many programs still sputter or fail completely.” — Evanta Leadership Network, May 29, 2014.
Some People are Now Asking: Is Big Data a Big Mistake? • The Big Data that interests many companies is what we might call “found data” – the digital exhaust of web searches, credit card payments and mobiles pinging the nearest phone mast; • Such data sets are cheap to collect relative to their size – a messy collage of data-points, collected for disparate purposes; • But, how good is the data? — www.ft.com April 7, 2014
Big Data is moving from its “inflated expectations” phase to a “trough of disillusionment.” — Gartner Hype Cycle, April, 2014
MIT Big Data Expert Calls for Privacy “MIT Professor Alex Pentland has proposed a ‘New Deal on Data,’ which calls for individuals to own their data and control how it is used and distributed.” — Measuring Idea Flows to Accelerate Innovation, New York Times, April 15, 2014.
“But while big data promise much to scientists, entrepreneurs and governments, they are doomed to disappoint us if we ignore some very familiar statistical lessons. There are a lot of small data problems that occur in big data. They don’t disappear because you’ve got lots of the stuff … they get worse!” — David Spiegelhalter, Winton Professor, Cambridge University — Big data: are we making a big mistake? FT Magazine, March 2014. Quantity Does Not Equal Quality
“Forget Big Data … what is needed is Good Data” — Barrie McKenna, The serious economic cost of Canada's data deficit, Globe and Mail, May 12, 2014
2013 Data Scientists Conference 88% of the Data Scientists surveyed said that consumers should worry about the privacy issues associated with Big Data - JSM 2013 Conference
Context is Key • Performing data analytics on context-free data will only yield correlations (which at times, will be spurious); • By adding context as a feature in the analytics, we may be able to impute causality – which has the potential to be invaluable in our analyses.
Privacy Breeds Innovation: It Does NOT Stifle It! • The argument that privacy stifles innovation reflects a dated, zero-sum mindset; • The notion that privacy must be sacrificed for innovation is a false win/lose dichotomy, consisting of unnecessary trade-offs; • The opposite is true – privacy drives innovation – it forces innovators to think creatively to find solutions that will serve multiple functionalities; • We need to abandon zero-sum thinking and adopt a positive-sum paradigm where both innovation and privacy may be achieved – we need a new playbook!
Privacy by Design and the Internet Engineering Task Force (IETF) “The concept of Privacy by Design has gotten a lot of attention over the past few years and within the IETF we have tried to investigate how we can consider privacy in the design of protocols and architectural designs in a more systematic way.” — Privacy Considerations for Internet Protocols, Internet Engineering Task Force (IETF), www.ietf.org
Carnegie Mellon University – Privacy By Design •Master's degree program for privacy engineers to be offered by Carnegie Mellon University, School of Computer Science; •The Master of Science in Information Technology-Privacy (MSIT-Privacy) is a 12-month program that began in the fall of 2013; •The program will emphasize the concept of Privacy by Design, in which safeguards are incorporated into the design of systems and products from the very beginning of the development process.
OASIS Technical Committee – Privacy by Design for Software Engineers • Commissioner Cavoukian and Professor Jutla are the Co-Chairs of a new technical committee (TC) of OASIS “PbD-SE (software engineers) TC;” • The purpose of PbD-SE is to provide PbD governance and documentation for software engineers; and • The PbD standards developed will pave the way for software engineers to code for Privacy, by Design.
OASIS and Privacy by Design • 2014 – the OASIS PbD-SE Technical Committee (TC) approved the Privacy by Design Documentation for Software Engineers Version 1.0 as a Committee Specification Draft (CSD), and the Annex Guide to Privacy by Design Documentation for Software Engineers Version 1.0 as a Committee Note Draft (CND); • This vote represents a milestone for the PbD-SE TC, acknowledging the substantial progress that has been made over the last year; • The PbD-SE TC will undertake another review cycle before submitting the CSD and CND to public review.
— Commissioner Cavoukian “Privacy is just as Big as Big Data. The tools exist to systemically protect personal information and bring about the benefits of Big Data. Together we can ensure that Big Data and ‘Big Privacy’ can both be accomplished to enable win-win scenario.”
“There are considerable risks in abandoning de-identification efforts, including the fact that individuals and organizations may simply cease disclosing de- identified information for secondary purposes, even those seen to be in the public interest.” — Commissioner Cavoukian
Privacy and Security by Design
Proposed Approach to Internet of Things Data Security 1. Security by Design – Build security into devices from the outset; 1. Data Minimization – Data which isn’t collected can’t fall into the wrong hands; 1. Notice and choice for unexpected uses – Consumers should be given clear, simple notices of how their data will be used, along with a consent mechanism. Edith Ramirez – US FTC chairwoman CES 2015
Privacy is Good for Business
Consumer Choice and Privacy • There is a strong competitive advantage for businesses to invest in good data privacy and security practices; • “A significant portion of the population is becoming concerned about identity theft, and it is influencing their purchasing decisions.” — Rena Mears, Deloitte & Touche, Survey Reports An Increase in ID Theft and Decrease in Consumer Confidence.
The Bottom Line Privacy should be viewed as a business issue, not a compliance issue Think strategically and transform privacy into a competitive business advantage
Cost of Taking the Reactive Approach to Privacy Breaches Proactive Reactive Class-Action Lawsuits Damage to One’s Brand Loss of Consumer Confidence and Trust
First “Privacy Marketplace” at the International Consumer Electronics Show in Vegas “ Privacy is a hot issue right now. It’s on everyone’s radar … Consumers asking about privacy – that was the big takeaway. These companies in the privacy marketplace, in large part aren’t advocates. They’re entrepreneurs looking to capitalize on market opportunity. They expect a larger privacy marketplace next year and for brands to incorporate “privacy” into their marketing… Anyone, everyone, can understand the need for privacy.” Victor Cocchia CEO, Vysk Speaking at CES: Jan, 2015
Success in the Future will Require Positive-Sum Paradigms 1. Big Data and privacy are not mutually exclusive: • Data is one of the most valuable assets of any organization ; • Privacy is about personally identifiable information; • Consumer demands are creating additional pressures; 2. Proactive privacy drives innovation: • It is entirely possible to achieve privacy in the Big Data era, while also using data analytics to unlock new insights and innovations to move an organization forward; 3. Innovation and privacy: You can have it all: • Organizations will continue to apply data analytics to Big Data in order to advance their strategic goals and better serve their customers. — Commissioner Cavoukian, Using Privacy by Design to achieve Big Data Innovation Without Compromising Privacy
Let’s Banish Zero-Sum!
SmartData: Privacy by Design 2.0 Context is Key
The Next Evolution in Data Protection: “SmartData” Developed by Dr. George Tomko, at the Identity, Privacy and Security Institute, University of Toronto, SmartData represents privacy in the future with greater control of personal information. Intelligent “smart agents” to be introduced into IT systems virtually – thereby creating “SmartData,” – a new approach to Artificial Intelligence, bottom-up, that will contextualize the field of AI .
SmartData: It’s All About User Control It’s All About Context: •Evolving virtual cognitive agents that can act as your proxy to protect your personally identifiable data; Intelligent agents will be evolved to: •Protect and secure your personal information; •Disclose your information only when your personal criteria for release have been met; •Put the user firmly in control – Big Privacy, Radical Control!
Methods of Creating Intelligent Agents • Top-down, rule-based design (traditional AI); • Bottom-up “evolutionary robotics design;” • The combination of a top-down and bottom-up hybrid will yield the most dynamic results.
Southern Ontario Smart Computing Innovation Platform (SOSCIP) “SOSCIP is a groundbreaking research collaboration involving seven leading southern Ontario universities, IBM Canada, and small- and medium-sized enterprises (SMEs) across the province.” Ryerson’s Privacy & Big Data Institute proposal involving SmartData received SOSCIP approval to explore the feasibility of privacy-protective monitoring of health-related outbreaks, using a foundation of intelligent virtual agents as envisioned in SmartData.
A New Approach: Applying Privacy by Design to Surveillance
“As long as the threat of terrorism exists and the global conditions that instantiate those threats continue, effective measures will be needed to counteract terrorism. At the same time, in order for a free and open society to function properly, privacy and civil liberties must be strongly protected.” Privacy-Protective Surveillance
• A new system of surveillance, which enables effective counter-terrorism measures to be pursued – in a privacy-protective manner; • The underlying technology builds on Artificial Intelligence, advances in cryptography involving Homomorphic Encryption, and Probabilistic Graphical Models (involving Bayesian Networks). Introducing PPS: Privacy-Protective Surveillance
Summary of PPS Privacy Protective Surveillance is a positive-sum, “win-win” alternative to current counter-terrorism surveillance systems. It incorporates two primary objectives in its design: 1.An AI system consisting of feature detection that scans the Web and related databases using a “blind-sight” procedure to detect digital evidence relating to potentially suspicious terrorist activity by some, without infringing on the privacy of unrelated individuals; 2.A technological infrastructure to ensure that any personally identifying information (“PII”) on unsuspected individuals is not collected and, in those associated with targeted activity, encrypted PII will only be divulged with judicial authorization (a warrant issued by the court).
Concluding Thoughts • Privacy risks are best managed by proactively embedding the principles of Privacy by Design – prevent the harm from arising – avoid the data breach; • Focus on prevention: It is much easier and far more cost-effective to build in privacy, up-front, rather than after-the-fact; • Abandon zero-sum thinking – embrace doubly-enabling systems: Big Data and Big Privacy; • Get smart – lead with Privacy – by Design, not privacy by chance or, worse, Privacy by Disaster!
Contact Information Ann Cavoukian, Ph.D.Ann Cavoukian, Ph.D. Executive Director Privacy and Big Data Institute Ryerson University 285 Victoria Street Toronto, Ontario M5B 2K3 Phone: (416) 979-5000 ext. 3138 ann.cavoukian@ryerson.ca ann.cavoukian@ ryerson.ca twitter.com/Pri acyBigData

Recomendados

Dwyer "Privacy by Design: Can It Work?"
Dwyer "Privacy by Design: Can It Work?"Dwyer "Privacy by Design: Can It Work?"
Dwyer "Privacy by Design: Can It Work?"
Cathy Dwyer
 
The Myth of Zero-Risk Solutions; The Benefits of Privacy by Design
The Myth of Zero-Risk Solutions; The Benefits of Privacy by DesignThe Myth of Zero-Risk Solutions; The Benefits of Privacy by Design
The Myth of Zero-Risk Solutions; The Benefits of Privacy by Design
Dr. Ann Cavoukian
 
Privacy and Security by Design
Privacy and Security by DesignPrivacy and Security by Design
Privacy and Security by Design
Unisys Corporation
 
Privacy by design
Privacy by designPrivacy by design
Privacy by design
blogzilla
 
Privacy by Design: White Papaer
Privacy by Design: White PapaerPrivacy by Design: White Papaer
Privacy by Design: White Papaer
Kristyn Greenwood
 
Privacy by design for startups: legal and technology
Privacy by design for startups: legal and technologyPrivacy by design for startups: legal and technology
Privacy by design for startups: legal and technology
Ishay Tentser
 
Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...
Peter Procházka
 
Towards Privacy by Design. Key issues to unlock science.
Towards Privacy by Design. Key issues to unlock science.Towards Privacy by Design. Key issues to unlock science.
Towards Privacy by Design. Key issues to unlock science.
Marlon Domingus
 

Recomendados

Dwyer "Privacy by Design: Can It Work?"
Dwyer "Privacy by Design: Can It Work?"Dwyer "Privacy by Design: Can It Work?"
Dwyer "Privacy by Design: Can It Work?"
Cathy Dwyer
 
The Myth of Zero-Risk Solutions; The Benefits of Privacy by Design
The Myth of Zero-Risk Solutions; The Benefits of Privacy by DesignThe Myth of Zero-Risk Solutions; The Benefits of Privacy by Design
The Myth of Zero-Risk Solutions; The Benefits of Privacy by Design
Dr. Ann Cavoukian
 
Privacy and Security by Design
Privacy and Security by DesignPrivacy and Security by Design
Privacy and Security by Design
Unisys Corporation
 
Privacy by design
Privacy by designPrivacy by design
Privacy by design
blogzilla
 
Privacy by Design: White Papaer
Privacy by Design: White PapaerPrivacy by Design: White Papaer
Privacy by Design: White Papaer
Kristyn Greenwood
 
Privacy by design for startups: legal and technology
Privacy by design for startups: legal and technologyPrivacy by design for startups: legal and technology
Privacy by design for startups: legal and technology
Ishay Tentser
 
Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...
Peter Procházka
 
Towards Privacy by Design. Key issues to unlock science.
Towards Privacy by Design. Key issues to unlock science.Towards Privacy by Design. Key issues to unlock science.
Towards Privacy by Design. Key issues to unlock science.
Marlon Domingus
 
Privacy by design for peerlyst meetup
Privacy by design for peerlyst meetupPrivacy by design for peerlyst meetup
Privacy by design for peerlyst meetup
Ishay Tentser
 
Privacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the artPrivacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the art
James Mulhern
 
Mobile Solutions and Privacy – Not One at the Expense of the Other
Mobile Solutions and Privacy – Not One at the Expense of the Other Mobile Solutions and Privacy – Not One at the Expense of the Other
Mobile Solutions and Privacy – Not One at the Expense of the Other
bradley_g
 
FINAL presentationMay2016
FINAL presentationMay2016FINAL presentationMay2016
FINAL presentationMay2016
Melissa Krasnow
 
Enlightened Privacy – by Design for a Smarter Grid
Enlightened Privacy – by Design for a Smarter GridEnlightened Privacy – by Design for a Smarter Grid
Enlightened Privacy – by Design for a Smarter Grid
bradley_g
 
Privacy by Design as a system design strategy - EIC 2019
Privacy by Design as a system design strategy - EIC 2019 Privacy by Design as a system design strategy - EIC 2019
Privacy by Design as a system design strategy - EIC 2019
Sagara Gunathunga
 
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
kevintsmith
 
Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!
Praveenkumar Hosangadi
 
Big data security the perfect storm
Big data security the perfect stormBig data security the perfect storm
Big data security the perfect storm
Ulf Mattsson
 
Avoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by DesignAvoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by Design
bradley_g
 
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis
 
The REAL Impact of Big Data on Privacy
The REAL Impact of Big Data on PrivacyThe REAL Impact of Big Data on Privacy
The REAL Impact of Big Data on Privacy
Claudiu Popa
 
Big Data & Privacy
Big Data & PrivacyBig Data & Privacy
Big Data & Privacy
Abzetdin Adamov
 
Scrubbing Your Active Directory Squeaky Clean
Scrubbing Your Active Directory Squeaky CleanScrubbing Your Active Directory Squeaky Clean
Scrubbing Your Active Directory Squeaky Clean
NetIQ
 
MISA Cloud Workshop_ ipc privacy in the cloud
MISA Cloud Workshop_ ipc privacy in the cloudMISA Cloud Workshop_ ipc privacy in the cloud
MISA Cloud Workshop_ ipc privacy in the cloud
MISA Ontario Cloud SIG
 
Csa privacy by design & gdpr austin chambers 11-4-17
Csa privacy by design & gdpr austin chambers 11-4-17Csa privacy by design & gdpr austin chambers 11-4-17
Csa privacy by design & gdpr austin chambers 11-4-17
Trish McGinity, CCSK
 
Building A Cloud-Ready Security Program
Building A Cloud-Ready Security ProgramBuilding A Cloud-Ready Security Program
Building A Cloud-Ready Security Program
NetIQ
 
Security First: What it is and What it Means for Your Business
Security First: What it is and What it Means for Your BusinessSecurity First: What it is and What it Means for Your Business
Security First: What it is and What it Means for Your Business
Georgian
 
Information security in big data -privacy and data mining
Information security in big data -privacy and data miningInformation security in big data -privacy and data mining
Information security in big data -privacy and data mining
harithavijay94
 
PhD and Post PhD Network Security Visualization Research
PhD and Post PhD Network Security Visualization ResearchPhD and Post PhD Network Security Visualization Research
PhD and Post PhD Network Security Visualization Research
Kulsoom Abdullah
 
Malcolm Crompton, IIS Partners Irish Future Internet Forum - Socioeconomics
Malcolm Crompton, IIS Partners Irish Future Internet Forum - SocioeconomicsMalcolm Crompton, IIS Partners Irish Future Internet Forum - Socioeconomics
Malcolm Crompton, IIS Partners Irish Future Internet Forum - Socioeconomics
Irish Future Internet Forum
 
Say Good-Bye to Zero-Sum: Say Hello to Privacy and Marketing, by Design
Say Good-Bye to Zero-Sum: Say Hello to Privacy and Marketing, by DesignSay Good-Bye to Zero-Sum: Say Hello to Privacy and Marketing, by Design
Say Good-Bye to Zero-Sum: Say Hello to Privacy and Marketing, by Design
bradley_g
 

Mais conteúdo relacionado

Mais procurados

FINAL presentationMay2016
FINAL presentationMay2016FINAL presentationMay2016
FINAL presentationMay2016
Melissa Krasnow
 
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
kevintsmith
 
Big data security the perfect storm
Big data security the perfect stormBig data security the perfect storm
Big data security the perfect storm
Ulf Mattsson
 
Big Data & Privacy
Big Data & PrivacyBig Data & Privacy
Big Data & Privacy
Abzetdin Adamov
 
MISA Cloud Workshop_ ipc privacy in the cloud
MISA Cloud Workshop_ ipc privacy in the cloudMISA Cloud Workshop_ ipc privacy in the cloud
MISA Cloud Workshop_ ipc privacy in the cloud
MISA Ontario Cloud SIG
 

Mais procurados (20)

Privacy by design for peerlyst meetup
Privacy by design for peerlyst meetupPrivacy by design for peerlyst meetup
Privacy by design for peerlyst meetup
 
Privacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the artPrivacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the art
 
Mobile Solutions and Privacy – Not One at the Expense of the Other
Mobile Solutions and Privacy – Not One at the Expense of the Other Mobile Solutions and Privacy – Not One at the Expense of the Other
Mobile Solutions and Privacy – Not One at the Expense of the Other
 
FINAL presentationMay2016
FINAL presentationMay2016FINAL presentationMay2016
FINAL presentationMay2016
 
Enlightened Privacy – by Design for a Smarter Grid
Enlightened Privacy – by Design for a Smarter GridEnlightened Privacy – by Design for a Smarter Grid
Enlightened Privacy – by Design for a Smarter Grid
 
Privacy by Design as a system design strategy - EIC 2019
Privacy by Design as a system design strategy - EIC 2019 Privacy by Design as a system design strategy - EIC 2019
Privacy by Design as a system design strategy - EIC 2019
 
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
 
Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!
 
Big data security the perfect storm
Big data security the perfect stormBig data security the perfect storm
Big data security the perfect storm
 
Avoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by DesignAvoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by Design
 
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
 
The REAL Impact of Big Data on Privacy
The REAL Impact of Big Data on PrivacyThe REAL Impact of Big Data on Privacy
The REAL Impact of Big Data on Privacy
 
Big Data & Privacy
Big Data & PrivacyBig Data & Privacy
Big Data & Privacy
 
Scrubbing Your Active Directory Squeaky Clean
Scrubbing Your Active Directory Squeaky CleanScrubbing Your Active Directory Squeaky Clean
Scrubbing Your Active Directory Squeaky Clean
 
MISA Cloud Workshop_ ipc privacy in the cloud
MISA Cloud Workshop_ ipc privacy in the cloudMISA Cloud Workshop_ ipc privacy in the cloud
MISA Cloud Workshop_ ipc privacy in the cloud
 
Csa privacy by design & gdpr austin chambers 11-4-17
Csa privacy by design & gdpr austin chambers 11-4-17Csa privacy by design & gdpr austin chambers 11-4-17
Csa privacy by design & gdpr austin chambers 11-4-17
 
Building A Cloud-Ready Security Program
Building A Cloud-Ready Security ProgramBuilding A Cloud-Ready Security Program
Building A Cloud-Ready Security Program
 
Security First: What it is and What it Means for Your Business
Security First: What it is and What it Means for Your BusinessSecurity First: What it is and What it Means for Your Business
Security First: What it is and What it Means for Your Business
 
Information security in big data -privacy and data mining
Information security in big data -privacy and data miningInformation security in big data -privacy and data mining
Information security in big data -privacy and data mining
 
PhD and Post PhD Network Security Visualization Research
PhD and Post PhD Network Security Visualization ResearchPhD and Post PhD Network Security Visualization Research
PhD and Post PhD Network Security Visualization Research
 

Semelhante a Privacy by Design Seminar - Jan 22, 2015

Feroot Smart Technology Privacy Summit: Privacy, Facial Recognition & Intelli...
Feroot Smart Technology Privacy Summit: Privacy, Facial Recognition & Intelli...Feroot Smart Technology Privacy Summit: Privacy, Facial Recognition & Intelli...
Feroot Smart Technology Privacy Summit: Privacy, Facial Recognition & Intelli...
Feroot
 
On Internet of Everything and Personalization. Talk in INTEROP 2014
On Internet of Everything and Personalization. Talk in INTEROP 2014On Internet of Everything and Personalization. Talk in INTEROP 2014
On Internet of Everything and Personalization. Talk in INTEROP 2014
Opher Etzion
 
Big data-and-creativity v.1
Big data-and-creativity v.1Big data-and-creativity v.1
Big data-and-creativity v.1
Kim Flintoff
 

Semelhante a Privacy by Design Seminar - Jan 22, 2015 (20)

Malcolm Crompton, IIS Partners Irish Future Internet Forum - Socioeconomics
Malcolm Crompton, IIS Partners Irish Future Internet Forum - SocioeconomicsMalcolm Crompton, IIS Partners Irish Future Internet Forum - Socioeconomics
Malcolm Crompton, IIS Partners Irish Future Internet Forum - Socioeconomics
 
Say Good-Bye to Zero-Sum: Say Hello to Privacy and Marketing, by Design
Say Good-Bye to Zero-Sum: Say Hello to Privacy and Marketing, by DesignSay Good-Bye to Zero-Sum: Say Hello to Privacy and Marketing, by Design
Say Good-Bye to Zero-Sum: Say Hello to Privacy and Marketing, by Design
 
From Law to Code: Translating Legal Principles into Digital Rules
From Law to Code: Translating Legal Principles into Digital RulesFrom Law to Code: Translating Legal Principles into Digital Rules
From Law to Code: Translating Legal Principles into Digital Rules
 
Innovation series 112318
Innovation series 112318Innovation series 112318
Innovation series 112318
 
Putting data science into perspective
Putting data science into perspectivePutting data science into perspective
Putting data science into perspective
 
Feroot Smart Technology Privacy Summit: Privacy, Facial Recognition & Intelli...
Feroot Smart Technology Privacy Summit: Privacy, Facial Recognition & Intelli...Feroot Smart Technology Privacy Summit: Privacy, Facial Recognition & Intelli...
Feroot Smart Technology Privacy Summit: Privacy, Facial Recognition & Intelli...
 
TLabs - deutsche telekom
TLabs - deutsche telekomTLabs - deutsche telekom
TLabs - deutsche telekom
 
On Internet of Everything and Personalization. Talk in INTEROP 2014
On Internet of Everything and Personalization. Talk in INTEROP 2014On Internet of Everything and Personalization. Talk in INTEROP 2014
On Internet of Everything and Personalization. Talk in INTEROP 2014
 
A Case for Expectation Informed Design - Full
A Case for Expectation Informed Design - FullA Case for Expectation Informed Design - Full
A Case for Expectation Informed Design - Full
 
UN Global Pulse Privacy Framing
UN Global Pulse Privacy FramingUN Global Pulse Privacy Framing
UN Global Pulse Privacy Framing
 
Longhash - the end game of blockchain
Longhash - the end game of blockchainLonghash - the end game of blockchain
Longhash - the end game of blockchain
 
Longhash the end game of blockchain
Longhash the end game of blockchainLonghash the end game of blockchain
Longhash the end game of blockchain
 
Spotlight on Technology 2017
Spotlight on Technology 2017Spotlight on Technology 2017
Spotlight on Technology 2017
 
Introduction to Exponentials Insights 2016
Introduction to Exponentials Insights 2016Introduction to Exponentials Insights 2016
Introduction to Exponentials Insights 2016
 
Accessible Privacy and Security
Accessible Privacy and SecurityAccessible Privacy and Security
Accessible Privacy and Security
 
Security Analytics Beyond Cyber
Security Analytics Beyond CyberSecurity Analytics Beyond Cyber
Security Analytics Beyond Cyber
 
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins
 
Jan 2017 Submission to AG Re: Metadata use in civil proceedings
Jan 2017 Submission to AG Re: Metadata use in civil proceedingsJan 2017 Submission to AG Re: Metadata use in civil proceedings
Jan 2017 Submission to AG Re: Metadata use in civil proceedings
 
Big data-and-creativity v.1
Big data-and-creativity v.1Big data-and-creativity v.1
Big data-and-creativity v.1
 
e-SIDES workshop at BDV Meet-Up, Sofia 14/05/2018
e-SIDES workshop at BDV Meet-Up, Sofia 14/05/2018e-SIDES workshop at BDV Meet-Up, Sofia 14/05/2018
e-SIDES workshop at BDV Meet-Up, Sofia 14/05/2018
 

Último

Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
negromaestrong
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
heathfieldcps1
 

Último (20)

Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docx
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-IIFood Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
 

Privacy by Design Seminar - Jan 22, 2015

  • 1. Ann Cavoukian, Ph.D.Ann Cavoukian, Ph.D. Executive Director Privacy and Big Data Institute Ryerson University Welcome to Privacy and Big Data Analytics – by Design Privacy by Design Seminar January 22, 2015
  • 2. Presentation Outline 1.Privacy = Personal Control 2.Privacy is Essential to Freedom 3. Lead with Privacy by Design 4.Big Data Analytics 5.Privacy is Good for Business 6.SmartData 7.Concluding Thoughts
  • 3. Privacy ≠ Secrecy Privacy is not about having something to hide
  • 5. Privacy = Personal Control •User control is critical •Freedom of choice •Informational self-determination Context is key!
  • 6. Privacy is Essential to Freedom: A Necessary Condition for Societal Prosperity and Well-Being • Innovation, creativity, and the resultant prosperity of a society requires freedom; • Privacy is the essence of freedom: Without privacy, individual human rights, property rights and civil liberties – the conceptual engines of innovation and creativity, could not exist in a meaningful manner; • Surveillance is the antithesis of privacy: A negative consequence of surveillance is the usurpation of a person’s limited cognitive bandwidth, away from innovation and creativity.
  • 7. The Decade of Privacy by Design
  • 8. Change the Paradigm to Positive-Sum, NOT Zero-Sum The Future of Privacy: Be Proactive
  • 9. Landmark Resolution Passed to Preserve the Future of Privacy By Anna Ohlden – October 29th 2010 - http://www.science20.com/newswire/landmark_resolution_passed_preserve_future_privacy JERUSALEM, October 29, 2010 – A landmark Resolution by Ontario's Information and Privacy Commissioner, Dr. Ann Cavoukian, was approved by international Data Protection and Privacy Commissioners in Jerusalem today at their annual conference. The resolution recognizes Commissioner Cavoukian's concept of Privacy by Design - which ensures that privacy is embedded into new technologies and business practices, right from the outset - as an essential component of fundamental privacy protection. Full Article: http://www.science20.com/newswire/landmark_resolution_passed_preserve_future_privacy Adoption of “Privacy by Design” as an International Standard
  • 10. 1. English 2. French 3. German 4. Spanish 5. Italian 6. Czech 7. Dutch 8. Estonian 9. Hebrew 10.Hindi 11.Chinese 12.Japanese 13. Arabic 14. Armenian 15. Ukrainian 16. Korean 17. Russian 18. Romanian 19. Portuguese 20. Maltese 21. Greek 22. Macedonian 23. Bulgarian 24. Croatian 25. Polish 26. Turkish 27. Malaysian 28. Indonesian 29. Danish 30. Hungarian 31. Norwegian 32. Serbian 33. Lithuanian 34. Farsi 35. Finnish 36. Albanian 37. Catalan Privacy by Design: Proactive in 37 Languages!
  • 11. Privacy by Design’s Greatest Strength – Positive-Sum: The Power of “And” Change the paradigm from the dated zero-sum (win/win) to a “positive-sum” model: Create a win/win scenario, not an either/or (vs.) involving unnecessary trade-offs and false dichotomies … replace “vs.” with “and”
  • 12. Privacy by Design: The 7 Foundational Principles 1. Proactive not Reactive: Preventative, not Remedial; 2. Privacy as the Default setting; 3. Privacy Embedded into Design; 4. Full Functionality: Positive-Sum, not Zero-Sum; 5. End-to-End Security: Full Lifecycle Protection; 6. Visibility and Transparency: Keep it Open; 7. Respect for User Privacy: Keep it User-Centric.
  • 13. “Privacy by Design is considered one of the most important concepts by members of the Japanese Information Processing Development Center … We have heard from Japan’s private sector companies that we need to insist on the principle of Positive-Sum, not Zero-Sum and become enlightened with Privacy by Design.” — Tamotsu Nomura, Japan Information Processing Development Center, May 28, 2014 Letter from JIPDEC – May 28, 2014
  • 14. Operationalizing Privacy by Design 9 PbD Application Areas •CCTV/Surveillance cameras in mass transit systems; •Biometrics used in casinos and gaming facilities; •Smart Meters and the Smart Grid; •Mobile Communications; •Near Field Communications; •RFIDs and sensor technologies; •Redesigning IP Geolocation; •Remote Home Health Care; •Big Data and Data Analytics.
  • 15. Do NOT focus exclusively on the “uses” of personal data Zero-Sum Prevails: Let’s Change the Paradigm
  • 17. Privacy Paternalism “ Leaving it up to companies and governments to determine the acceptable secondary uses of personal data is a flawed proposition, that will no doubt lead to greater privacy infraction. If the history of privacy has taught us anything, it is that an individual’s loss of control over their personal data leads to greater privacy abuses, not fewer.” Cavoukian, Dix, and El-Emam
  • 18. The Veil of Privacy “A regime that only pays attention to use erects a Potemkin Village of privacy. From a distance, it looks sound. But living within it we will find no shelter from the sun or rain.” – Professor Chris Hoofnagle The Potemkinism of Privacy Pragmatism Slate.com http://www.slate.com/articles/technology/future_tense/2014/09/data_use_ regulation_the_libertarian_push_behind_a_new_take_on_privacy.html
  • 19. Privacy Paternalism “The authors fully agree that accountability should be strengthened, but disagree with the proposal to weaken critical FIPPs and diminishing the role of the individual … Diminishing limits on specified purposes, collection and uses of personal data minimizes rather than strengthens accountability.” Cavoukian, Dix, and El-Emam
  • 20. OECD Privacy Principles (Fair Information Practices) 1. Collection Limitation 2. Data Quality 3. Purpose Specification 4. Use Limitation 5. Security Safeguards 6. Openness 7. Individual Participation 8. Accountability Revised July, 2013
  • 22. Big Data • 90% of all data was created within the last 2 years; • Big Data analysis and data analytics promise new opportunities to gain valuable insights and benefits – new predictive modes of analysis; • But, it will also enable expanded surveillance, increasing the risk of unauthorized use and disclosure, on a scale previously unimaginable.
  • 24. The Hype Phase: • Big Data will rule the world! • Everything else (including privacy) must step aside; • Forget causality; correlation is enough.
  • 26. Big Data Technology is Not Foolproof “Despite rampant interest from enterprise leaders and often sizeable investments in Big Data technologies, many programs still sputter or fail completely.” — Evanta Leadership Network, May 29, 2014.
  • 27. Some People are Now Asking: Is Big Data a Big Mistake? • The Big Data that interests many companies is what we might call “found data” – the digital exhaust of web searches, credit card payments and mobiles pinging the nearest phone mast; • Such data sets are cheap to collect relative to their size – a messy collage of data-points, collected for disparate purposes; • But, how good is the data? — www.ft.com April 7, 2014
  • 28. Big Data is moving from its “inflated expectations” phase to a “trough of disillusionment.” — Gartner Hype Cycle, April, 2014
  • 29. MIT Big Data Expert Calls for Privacy “MIT Professor Alex Pentland has proposed a ‘New Deal on Data,’ which calls for individuals to own their data and control how it is used and distributed.” — Measuring Idea Flows to Accelerate Innovation, New York Times, April 15, 2014.
  • 30. “But while big data promise much to scientists, entrepreneurs and governments, they are doomed to disappoint us if we ignore some very familiar statistical lessons. There are a lot of small data problems that occur in big data. They don’t disappear because you’ve got lots of the stuff … they get worse!” — David Spiegelhalter, Winton Professor, Cambridge University — Big data: are we making a big mistake? FT Magazine, March 2014. Quantity Does Not Equal Quality
  • 31. “Forget Big Data … what is needed is Good Data” — Barrie McKenna, The serious economic cost of Canada's data deficit, Globe and Mail, May 12, 2014
  • 32. 2013 Data Scientists Conference 88% of the Data Scientists surveyed said that consumers should worry about the privacy issues associated with Big Data - JSM 2013 Conference
  • 33. Context is Key • Performing data analytics on context-free data will only yield correlations (which at times, will be spurious); • By adding context as a feature in the analytics, we may be able to impute causality – which has the potential to be invaluable in our analyses.
  • 34. Privacy Breeds Innovation: It Does NOT Stifle It! • The argument that privacy stifles innovation reflects a dated, zero-sum mindset; • The notion that privacy must be sacrificed for innovation is a false win/lose dichotomy, consisting of unnecessary trade-offs; • The opposite is true – privacy drives innovation – it forces innovators to think creatively to find solutions that will serve multiple functionalities; • We need to abandon zero-sum thinking and adopt a positive-sum paradigm where both innovation and privacy may be achieved – we need a new playbook!
  • 35. Privacy by Design and the Internet Engineering Task Force (IETF) “The concept of Privacy by Design has gotten a lot of attention over the past few years and within the IETF we have tried to investigate how we can consider privacy in the design of protocols and architectural designs in a more systematic way.” — Privacy Considerations for Internet Protocols, Internet Engineering Task Force (IETF), www.ietf.org
  • 36. Carnegie Mellon University – Privacy By Design •Master's degree program for privacy engineers to be offered by Carnegie Mellon University, School of Computer Science; •The Master of Science in Information Technology-Privacy (MSIT-Privacy) is a 12-month program that began in the fall of 2013; •The program will emphasize the concept of Privacy by Design, in which safeguards are incorporated into the design of systems and products from the very beginning of the development process.
  • 37. OASIS Technical Committee – Privacy by Design for Software Engineers • Commissioner Cavoukian and Professor Jutla are the Co-Chairs of a new technical committee (TC) of OASIS “PbD-SE (software engineers) TC;” • The purpose of PbD-SE is to provide PbD governance and documentation for software engineers; and • The PbD standards developed will pave the way for software engineers to code for Privacy, by Design.
  • 38. OASIS and Privacy by Design • 2014 – the OASIS PbD-SE Technical Committee (TC) approved the Privacy by Design Documentation for Software Engineers Version 1.0 as a Committee Specification Draft (CSD), and the Annex Guide to Privacy by Design Documentation for Software Engineers Version 1.0 as a Committee Note Draft (CND); • This vote represents a milestone for the PbD-SE TC, acknowledging the substantial progress that has been made over the last year; • The PbD-SE TC will undertake another review cycle before submitting the CSD and CND to public review.
  • 39.
  • 40. — Commissioner Cavoukian “Privacy is just as Big as Big Data. The tools exist to systemically protect personal information and bring about the benefits of Big Data. Together we can ensure that Big Data and ‘Big Privacy’ can both be accomplished to enable win-win scenario.”
  • 41. “There are considerable risks in abandoning de-identification efforts, including the fact that individuals and organizations may simply cease disclosing de- identified information for secondary purposes, even those seen to be in the public interest.” — Commissioner Cavoukian
  • 42. Privacy and Security by Design
  • 43. Proposed Approach to Internet of Things Data Security 1. Security by Design – Build security into devices from the outset; 1. Data Minimization – Data which isn’t collected can’t fall into the wrong hands; 1. Notice and choice for unexpected uses – Consumers should be given clear, simple notices of how their data will be used, along with a consent mechanism. Edith Ramirez – US FTC chairwoman CES 2015
  • 45. Consumer Choice and Privacy • There is a strong competitive advantage for businesses to invest in good data privacy and security practices; • “A significant portion of the population is becoming concerned about identity theft, and it is influencing their purchasing decisions.” — Rena Mears, Deloitte & Touche, Survey Reports An Increase in ID Theft and Decrease in Consumer Confidence.
  • 46. The Bottom Line Privacy should be viewed as a business issue, not a compliance issue Think strategically and transform privacy into a competitive business advantage
  • 47. Cost of Taking the Reactive Approach to Privacy Breaches Proactive Reactive Class-Action Lawsuits Damage to One’s Brand Loss of Consumer Confidence and Trust
  • 48. First “Privacy Marketplace” at the International Consumer Electronics Show in Vegas “ Privacy is a hot issue right now. It’s on everyone’s radar … Consumers asking about privacy – that was the big takeaway. These companies in the privacy marketplace, in large part aren’t advocates. They’re entrepreneurs looking to capitalize on market opportunity. They expect a larger privacy marketplace next year and for brands to incorporate “privacy” into their marketing… Anyone, everyone, can understand the need for privacy.” Victor Cocchia CEO, Vysk Speaking at CES: Jan, 2015
  • 49. Success in the Future will Require Positive-Sum Paradigms 1. Big Data and privacy are not mutually exclusive: • Data is one of the most valuable assets of any organization ; • Privacy is about personally identifiable information; • Consumer demands are creating additional pressures; 2. Proactive privacy drives innovation: • It is entirely possible to achieve privacy in the Big Data era, while also using data analytics to unlock new insights and innovations to move an organization forward; 3. Innovation and privacy: You can have it all: • Organizations will continue to apply data analytics to Big Data in order to advance their strategic goals and better serve their customers. — Commissioner Cavoukian, Using Privacy by Design to achieve Big Data Innovation Without Compromising Privacy
  • 51. SmartData: Privacy by Design 2.0 Context is Key
  • 52. The Next Evolution in Data Protection: “SmartData” Developed by Dr. George Tomko, at the Identity, Privacy and Security Institute, University of Toronto, SmartData represents privacy in the future with greater control of personal information. Intelligent “smart agents” to be introduced into IT systems virtually – thereby creating “SmartData,” – a new approach to Artificial Intelligence, bottom-up, that will contextualize the field of AI .
  • 53. SmartData: It’s All About User Control It’s All About Context: •Evolving virtual cognitive agents that can act as your proxy to protect your personally identifiable data; Intelligent agents will be evolved to: •Protect and secure your personal information; •Disclose your information only when your personal criteria for release have been met; •Put the user firmly in control – Big Privacy, Radical Control!
  • 54. Methods of Creating Intelligent Agents • Top-down, rule-based design (traditional AI); • Bottom-up “evolutionary robotics design;” • The combination of a top-down and bottom-up hybrid will yield the most dynamic results.
  • 55. Southern Ontario Smart Computing Innovation Platform (SOSCIP) “SOSCIP is a groundbreaking research collaboration involving seven leading southern Ontario universities, IBM Canada, and small- and medium-sized enterprises (SMEs) across the province.” Ryerson’s Privacy & Big Data Institute proposal involving SmartData received SOSCIP approval to explore the feasibility of privacy-protective monitoring of health-related outbreaks, using a foundation of intelligent virtual agents as envisioned in SmartData.
  • 56. A New Approach: Applying Privacy by Design to Surveillance
  • 57. “As long as the threat of terrorism exists and the global conditions that instantiate those threats continue, effective measures will be needed to counteract terrorism. At the same time, in order for a free and open society to function properly, privacy and civil liberties must be strongly protected.” Privacy-Protective Surveillance
  • 58. • A new system of surveillance, which enables effective counter-terrorism measures to be pursued – in a privacy-protective manner; • The underlying technology builds on Artificial Intelligence, advances in cryptography involving Homomorphic Encryption, and Probabilistic Graphical Models (involving Bayesian Networks). Introducing PPS: Privacy-Protective Surveillance
  • 59. Summary of PPS Privacy Protective Surveillance is a positive-sum, “win-win” alternative to current counter-terrorism surveillance systems. It incorporates two primary objectives in its design: 1.An AI system consisting of feature detection that scans the Web and related databases using a “blind-sight” procedure to detect digital evidence relating to potentially suspicious terrorist activity by some, without infringing on the privacy of unrelated individuals; 2.A technological infrastructure to ensure that any personally identifying information (“PII”) on unsuspected individuals is not collected and, in those associated with targeted activity, encrypted PII will only be divulged with judicial authorization (a warrant issued by the court).
  • 60. Concluding Thoughts • Privacy risks are best managed by proactively embedding the principles of Privacy by Design – prevent the harm from arising – avoid the data breach; • Focus on prevention: It is much easier and far more cost-effective to build in privacy, up-front, rather than after-the-fact; • Abandon zero-sum thinking – embrace doubly-enabling systems: Big Data and Big Privacy; • Get smart – lead with Privacy – by Design, not privacy by chance or, worse, Privacy by Disaster!
  • 61. Contact Information Ann Cavoukian, Ph.D.Ann Cavoukian, Ph.D. Executive Director Privacy and Big Data Institute Ryerson University 285 Victoria Street Toronto, Ontario M5B 2K3 Phone: (416) 979-5000 ext. 3138 ann.cavoukian@ryerson.ca ann.cavoukian@ ryerson.ca twitter.com/Pri acyBigData

Notas do Editor

  1. Privacy = Personal Freedom
  2. Privacy is Essential to Freedom And we will be releasing our 3rd paper in our trilogy on Dig Data with Deloitte in the spring!
  3. Privacy by Design
  4. Jerusalem Resolution I first developed the concept of “Privacy by Design” in the 90s, as a response to the growing threats to online privacy that were beginning to emerge; “Privacy by Design” seeks to build in privacy – up front, right into the design specifications; into the architecture; embed privacy into the technology used – bake it in; Data minimization is key: minimize the routine collection and use of personally identifiable information – use encrypted or coded information whenever possible; Use privacy-enhancing technologies (PETs) plus where possible: give people maximum control over their own data. Landmark Resolution Passed to Preserve - JERUSALEM, October 29, 2010 – A landmark Resolution by Ontario's Information and Privacy Commissioner, Dr. Ann Cavoukian, was approved by international Data Protection and Privacy Commissioners in Jerusalem today at their annual conference. The resolution recognizes Commissioner Cavoukian's concept of Privacy by Design - which ensures that privacy is embedded into new technologies and business practices, right from the outset - as an essential component of fundamental privacy protection.
  5. PbD in 37 Languages
  6. 7 Foundational Principles
  7. Letter from JIPDEC A Positive-Sum (or “win-win” or “non zero-sum”) paradigm, by contrast, describes a concept or situation in which participants can all gain or suffer together. That is, the sum of gains and losses by the participants are always more or less than what they began with, depending on their choices and behaviour. If privacy and security are not a ‘zero-sum game’, and if we need to ensure strong security and strong privacy what are we left with? We can’t leave privacy to policies and procedures alone, as that ignores the reality of the systems in which so much personal information resides. We can’t focus on security alone, as I talked about earlier. There isn’t a balance to be sought. What is required is a WIN-WIN situation, in which strong privacy policies mutually reinforce a strong security focus. “We need better options for securing the Internet. Instead of looking primarily for top-down government intervention, we can enlist the operators and users themselves.” — Jonathan Zittrain, Freedom and Anonymity: Keeping the Internet Open, Scientific American, February 24, 2011
  8. Operationalizing PbD Proactive not Reactive; Preventative not Remedial Privacy as the Default Privacy Embedded into Design Full Functionality: Positive-Sum, not Zero-Sum End-to-End Lifecycle Protection Visibility and Transparency Respect for User Privacy
  9. 7 Foundational Principles
  10. Big Data
  11. Big Data
  12. Big Data – Honeymoon Phase
  13. Big Data – Honeymoon Phase
  14. Honeymoon Ends
  15. Big Data Technology is Not Foolproof
  16. Is Big Data A Mistake? “In the afterglow of Big Data’s buzz, many organizations are finding that successful programs require much more than simply plugging data into a program.” Evanta Leadership Network, May 29, 2014
  17. Gartner Hype Cycle As with so many buzzwords, Big Data is a vague term, often thrown around as a selling point. Distributed platforms like Hadoop enable data to be spread across multiple servers.
  18. MIT – Alex Pentland “… as we learn that it cant yet do what it advocates claim. Once we appreciate its limits, however, we’ll more clearly see its benefits.”
  19. Quantity Does Not Equal Quality Today, Mr. Pentland is a computational social scientist at the Massachusetts Institute of Technology and director of the Human Dynamics research group at the M.I.T. Media Lab, for decades. Also serves as an adviser to the World Economic Forum. QUOTES — Professor Lawrence Lessig, Harvard Law School “A technology should reveal no more information than is necessary … it should be built to be the least revealing system possible.” “We are not debating whether to move into a world where data are collected, used, and sold. We already live in that world. Given that we are here, how can we ensure that at least some control is granted to those whom these data are about? I advocate a property regime not because of the sanctity of property as an ideal, but because of its utility in serving a different but quite important ideal.” “A Property Regime protects both those who value their privacy more…and those who value it less.”
  20. Good Data – Not Big Data 4 Popular Big Data Claims: Data analysis produces uncannily accurate results; Every single data point can be captured, making old statistical sampling techniques obsolete; It is passé to fret about what causes what, because statistical correlation tells us what we need to know; Scientific or statistical models aren’t needed because, to quote “The End of Theory”, a provocative essay published in Wired in 2008, “with enough data, the numbers speak for themselves.” — Tim Harford, Big data: are we making a big mistake? FT Magazine, March 2014
  21. Context is Key
  22. Privacy Does NOT Stifle Innovation
  23. PbD and IETF I’d like to clear up a common misconception that privacy somehow stifles innovation.   In fact, protecting privacy demands the highest level of innovation.   For the last two years, I have called on all innovators and inventors to enlist technology to help protect our privacy well into the future.   In the midst of today’s unprecedented explosion of information technology and the privacy challenges that come with it, we will need innovators to come up with the solutions we need to protect privacy.   And, if one requires proof then I need only to point to PbD which has stimulated innovative solutions in privacy protection across a wide field of industries from biometrics to health care to energy – in addition to many more discussed at length in this Annual Report.   Further, more organizations than ever operationalized the Principles of PbD in 2012 which also helped to put to rest the myth that privacy stifles innovation.
  24. Carnegie Mellon – Masters in Privacy Engineering “We have started to shed more light on privacy in the IETF by organizing a privacy workshop to solicit input from the technically minded privacy community, to create an IETF privacy directorate, and to start the work on a number of documents to offer more guidance to engineers.”
  25. OASIS
  26. More from OASIS Professor Jutla is the winner of the prestigious U.S. World Technology Award (IT Software – Individual 2009) and is recognized for her innovative work with long-term significance on the evolving technological landscape as well as the transcendent imperative of privacy protection. Data-Centric architecture – functioning architecture must revolve around the permissible uses of data.
  27. IPC Big Data Papers
  28. June 10 - IPC/Deloitte Big Data Paper This paper demonstrates how privacy and responsibility can be advanced in this new age of Big Data analytics: “Context Actualizing” The big change is Big Data. More specifically, how organizations will leverage Big Data analytics to maximize these growing information assets — driven by their deep interest to maximize their resources and better compete in the market. While organizations have practical incentives to make the most of their ever-growing observation space (the data they have access to), they also have a pressing need to embed in these systems enhanced privacy protections. We outline in this paper just such an example — how an advanced Big Data sensemaking technology was, from the ground up, engineered with privacy-enhancing features. Some of these features are so critical to accuracy that the team decided they should be mandatory — so deeply baked-in they cannot be turned off.
  29. IPC – ITIF Paper
  30. Big Data Innovation
  31. Consumer Choice and Privacy
  32. The Bottom Line – Privacy Not Compliance Issue From June, 2005.
  33. Costs of Privacy Breach
  34. SmartData
  35. Next Evolution – SmartData
  36. SmartData – User Control The concept of SmartData was developed at IPSI – it proposes that intelligent or “smart agents” be introduced into IT systems virtually – thereby creating “SmartData,” a new approach to AI (Artificial intelligence) that will revolutionize the field
  37. Methods of Creating Intelligent Agents It’s All About Context Top-down, rule-based systems (used in traditional AI) cannot adapt to differing contexts; SmartData is all about context and evolving virtual agents that can “learn” to adapt to a variety of situations; Evolving agents that can act as your proxy for the protection of your personal information, in a variety of contexts, is the ultimate goal of SmartData. Consistent purpose Compatible with primary purpose?
  38. New Approach - PPS Top-Down Design We presently possess insufficient knowledge; In principle, sufficient knowledge may not be possible; Traditional artificial Intelligence (AI) is rule-based – dependent on the intelligence of the programmer; Difficult to program “meaning” into a system; It is unlikely that narrow AI will scale up to AGI – combinatorial explosion.
  39. IPC - PPS Paper “The Communications Security Establishment Commissioner, the Honourable Robert Décary, recently tabled a report in Parliament stating that he had no concern with the majority of activities of Canada's Communications Security Establishment (CSEC – the Canadian equivalent to the NSA). However, a small number of records suggested the possibility that some of CSEC’s activities may have been directed at Canadians, contrary to law. A number of CSEC records relating to these activities were unclear or incomplete and Commissioner Décary was unable to reach a definitive conclusion about compliance or non-compliance with the law.”
  40. Introducing PPS Above all, privacy, as the ability of law-abiding individuals to control the collection, use, and disclosure of personal information about themselves – referred to at times as informational self-determination, must be protected. A special thank you to Bill Binney!
  41. Summary of PPS Privacy-Protective Surveillance (PPS) begins with a system of feature detection: intelligent virtual agents, programmed to search databases to detect “significant” information related to potential terrorist activities; (the features/events to be searched for must be identified by intelligence experts in the field); Any personal information associated with significant features or events detected after a search will be encrypted; No personally identifiable information will remain in plain text; A system of public key encryption will be used to encrypt the data, using the court’s public key. A warrant will be required to decrypt the data. Homomorphic Encryption A form of encryption that allows computations to be carried out on encrypted data, leading to encrypted results; “Homomorphic” describes the transformation of one dataset into another, while preserving relationships between data elements in both sets; Homomorphic encryption allows you to make computations or engage in data analytics on encrypted values – data you cannot “read” because it is not in plain text, therefore inaccessible; May also be used to link two or more databases without the disclosure of any unique identifiers – positive-sum – win/win; Privacy by Design.
  42. Concluding Thoughts PPS only collects data considered to be “significant,” as mapped out by intelligence experts; “Significant” data is defined as events or features believed to be related to suspicious activity; All personally identifiable information related to significant data will be encrypted; Data analytics and queries will only be performed on encrypted data in cypher space; If an interesting result is obtained, a more targeted request for the raw data that pertains to those results may be made through the courts – a warrant will be required to decrypt the data.
  43. How to Contact Us