Privacy - Engineering

Privacy - Engineering

Privacy Professional Practice for Computer Science Guest Lecture, 05 March 2007 Philippa Lawson Director, Canadian Internet Policy & Public Interest Clinic www.cippic.ca Why Privacy? essential to human: dignity autonomy freedom democracy

underpins relations of mutual trust & confidence, healthy social fabric Aspects of Privacy Physical/territorial privacy Freedom from surveillance Freedom from monitoring/interception of private communications Freedom from collection, use and disclosure of personal information (informational privacy; data protection)

Challenges to Privacy New technologies: photography, tape-recording (late 1880s)

video cameras; cell phone cameras geo-locational devices computers: data collection, storage, manipulation/ analytics internet: clickstream data; e-transactions, search engines digital rights management systems spyware, rootkits, keystroke loggers intelligent sensor devices Challenges to Privacy The electronic computer is to individual privacy what the machine gun was to

the horse cavalry Scheflin and Opton, The Mind Manipulators: A Non-Fiction Account (1978) Challenges to Privacy Practices: data collection/mining; dataveillance commoditization of personal information electronic transactions (data trails) workplace screening & monitoring single number identifiers (easy linking) ID cards, smart cards

weak authentication ID theft/fraud Fair Information Principles OECD Guidelines on the Protection of Privacy and Transborder Flows of Data (1980) www.oecd.org UN: Guidelines Concerning Computerized Personal Data Files (1990) www.ohchr.org

Council of Europe: Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (1980) Convention 108 EU: Directive on the Protection of Personal Data with regard to the Processing of Personal Data and the Free Movement of such Data (1990) Directive 95/46/EC OECD Guidelines

Collection Limitation Data Quality Purpose Specification Use Limitation Security Safeguards Openness

Individual Participation Accountability Cdn. Initiatives 1975: Quebec Charter of Human Rights & Freedoms every person has a right to respect for his private life 1982: Canadian Charter of Rights and Freedoms 1980s: Public sector privacy laws 1990s: CSA Model Privacy Code based on Fair Information Principles (FIPs) adopted as formal standard in 1996 incorporated into federal law: PIPEDA

1994: Quebec private sector law 2001: Federal private sector law 2004: Alta, B.C. private sector laws Privacy Commissioners Federal + some provincial Ontario, B.C., Alberta Public sector vs. private sector Ombuds vs. binding powers Role as educators, advocates, watchdogs, dispute resolvers, reporters

Charter of Rights s.7: Everyone has the right to life, liberty, and security of the person and the right not to be deprived thereof except in accordance with the principles of fundamental justice emerging privacy right s.8: Everyone has the right to be secure against unreasonable search or seizure protects an individuals reasonable expectation of privacy (usually in criminal law context)

s.1: Rights are subject to such reasonable limits as can be justified in a free and democratic society Public Sector legislation Federal: Privacy Act Provincial: Ontario Freedom of Information and Protection of Privacy Act (FIPPA) similar statutes in other provinces Private Sector Legislation PIPEDA

federally regulated interprovincial or international data flows where no substantially similar provincial law applies to organizations in the course of commercial activities Quebec, Alberta, B.C. laws provincially regulated, in those provinces cover non commercial activities as well

PIPEDA Purpose: balancing individuals right of privacy with [legitimate] need of organizations Protects: personal information = information about an identifiable individual PIPEDA: Principles 1. Accountability 2. Identifying

Purposes 3. Consent 4. Limiting Collection 5. Limiting Use, Disclosure and Retention 6. Accuracy 7. Safeguards 8. Openness 9. Individual Access 10. Challenging Compliance

11. Limiting Purposes Consent may be explicit or implicit implied consent situationally obvious; consumer would agree if asked no need to confirm via opt-in or opt-out process express (opt in) consent most reliable; must use for sensitive data or where consumer would reasonably expect opt out consent

less reliable; OK for non-sensitive data/uses; proper notice is essential Effectiveness of Laws? CIPPIC, Compliance with Canadian Data Protection Laws: Are Retailers Measuring Up? (May 2006) www.cippic.ca Other Initiatives Canadian Principles for Electronic Authentication (2004) .the collection, use and disclosure of

personal information in the context of authentication should be minimized. applies to designers as well as those using authentication mechanisms Other Initiatives 7 Laws of Identity by Kim Cameron, endorsed by Ont.IPC

User control and consent Minimal disclosure for a constrained use Justifiable parties (need to know access) Directed identity (protection and accountability) Pluralism of operators and technologies Human integration (user understanding) Consistent experience across contexts www.cippic.ca

Recently Viewed Presentations

  • STATISTIAR Tumaenje rezultata Obrada podataka Unos podataka Prikupljanje

    STATISTIAR Tumaenje rezultata Obrada podataka Unos podataka Prikupljanje

    STATISTIČAR Tumačenje rezultata Obrada podataka Unos podataka Prikupljanje podataka Planiranje istraživanja * Slučajni uzorak - daje veliku vjerojatnost reprezentativnog uzorka (često preskupo ili nemoguće) Sistematski - oblik slučajnog uzorka - ima smisla samo ako je lista sastavljena bez smislenog sustava...
  • Welcome to the Fifth Annual ICAN Liberty Mutual

    Welcome to the Fifth Annual ICAN Liberty Mutual

    Research services seeking to expedite clinical trials enrollment and compassionate use requests for drugs available outside the context of clinical trials.. Specialized . advocacy services, working to integrate the patient voice along with the patient advocate voice into the biopharmaceutical...
  • Bright Ideas? Ultraviolet Radiation, Weather, and the ...

    Bright Ideas? Ultraviolet Radiation, Weather, and the ...

    Bright Ideas? Ultraviolet Radiation, Weather, and the Seasonality of Invasive Bacterial Disease in North America David N. Fisman, MD MPH FRCP(C) Medical Epidemiologist, Ontario Public Health Laboratory Scientist, Research Institute of the Hospital for Sick Children TIBDN Research Day, Mt....
  • University of Pennsylvania Department of Electrical and Systems

    University of Pennsylvania Department of Electrical and Systems

    The PIN diode under test is connected across two terminals from a passive LC circuit. The output of an AC signal generator is fed to the system and amplified by the High Power Amplifier. Then the amplified signal excites the...
  • Diapositiva 1 - Overblog

    Diapositiva 1 - Overblog

    Laurent SCHWEBEL. Il trouva la mort à 52 ans, sauvagement poignardé à Buenos-Aires, le 8 février 2012 pour lui voler son appareil photo. Né en Alsace en 1959, il travaillait en tant que géologue, spécialiste de la nature. Diaporama sonorisé...
  • Topic 2.1 Cell Theory - mrsgreenbiology

    Topic 2.1 Cell Theory - mrsgreenbiology

    2.1.1 Outline the cell theory. 2.1.2 Discuss the evidence for the cell theory. 2.1.3 State that unicellular organisms carry out all the functions of life. 2.1.4 Compare the relative sizes of molecules, cell membrane thickness, viruses, bacteria, organelles and cells,...
  • Linear Programming Another "Sledgehammer" in our toolkit Many

    Linear Programming Another "Sledgehammer" in our toolkit Many

    The Next Neighbor. Now we can do the next basic solution by setting the current non-basic variables to 0: x = (9, 0, 0, 21, 6, 0) It is the new origin with . x. 2. x. 3. and x....
  • Creating 3D Geological Maps Using Sketch Up

    Creating 3D Geological Maps Using Sketch Up

    Creating 3D Geological Maps Using Sketch Up Jaime Toro Department of Geology and Geography West Virginia University On the Cutting Edge - Professional Development for Geoscience Faculty Teaching with New Geoscience Tools: Visualizations, Models, and Online Data