Date post: | 26-Mar-2015 |
Category: |
Documents |
Upload: | jesse-bates |
View: | 215 times |
Download: | 3 times |
Office of the Information and Privacy Commissioner, Ontario, Canada
Panel on PrivacyCentre for Information Integrity & Information Systems
Assurance, U of Waterloo7th Biennial Research Symposium
October 21, 2010Toronto, Ontario
Ann Cavoukian, PhDOntario’s Information and Privacy Commissioner
• Ensures that government organizations (provincial and municipal) comply with freedom of information and privacy laws in Ontario
• Investigates privacy complaints and resolve appeals when the government refuses to grant access to government-held information
• Conducts research on access and privacy issues
• Educates the public and raise awareness about Ontario’s access and privacy laws
Privacy Defined
• Right of an individual to exercise a measure of control over the collection, use and disclosure of their personal information
• Definition of personally identifiable information (PII) - any information, recorded or otherwise, relating or linked to an identifiable individual
• Privacy is contextual / think of privacy as an aspect of CRM (Customer Relationship Management)
What privacy is not
Privacy Security
Security is, however, vital to privacy
Fair Information Practices
• Why are you asking?– Collection; purpose specification
• How will the information be used?– Primary purpose; use limitation
• Any additional secondary uses?– Notice and consent; prohibition against unauthorized
disclosure
• Who will be able to see my information?– Restricted access from unauthorized third parties
Why We Need Privacy by Design
Most privacy breaches remain undetected – as regulators, we only see the tip of the iceberg
Regulatory compliance alone, is unsustainable as the sole model for ensuring the future of
privacy
Privacy by Design:The 7 Foundational Principles
www.ipc.on.ca/images/Resources/7foundationalprinciples.pdf
1. Proactive not Reactive: Preventative, not Remedial;
2. Privacy as the Default setting;
3. Privacy Embedded into Design;
4. Full Functionality: Positive-Sum, not Zero-Sum;
5. End-to-End Security: Full Lifecycle
Protection;
6. Visibility and Transparency: Keep it Open;
7. Respect for User Privacy: Keep it User-Centric.
Privacy by Design:The Trilogy of Applications
Information Technology
Accountable Business Practices
Physical Design & Infrastructure
Privacy by Design in 2010:Gathering Momentum
• May – As part of the European Commission’s new European Digital Agenda, Peter Hustinx, the European Data Protection Supervisor, recommended that Privacy by Design be included as a binding principle into data protection legal framework;
www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consultation/Opinions/2010/10-03-19_Trust_Information_Society_EN.pdf
• October – Regulators from around the world gathered at the annual assembly of International Data Protection and Privacy Commissioners in Jerusalem, Israel, and unanimously passed a landmark Resolution recognizing Privacy by Design as an essential component of fundamental privacy protection;
www.privacylaws.com/templates/EnewsPage.aspx?id=1663
• December – The U.S. Federal Trade Commission released a major report on protecting consumer privacy in which it recommended that companies adopt a Privacy by Design approach by building privacy protections into their everyday business practices.
www.privacybydesign.ca/media-centre/in-the-news/
Embedding Privacy at the Design Stage:The Obvious Route
• Cost-effective
• Proactive
• User-centric
• It’s all about control – preserving personal control and freedom of choice over one’s data flows
Conclusions
• Lead with Privacy by Design;
• Change the paradigm from the dated “zero-sum” to the doubly-enabling “positive-sum;”
• Deliver both privacy AND security or any other functionality, in an empowering “win-win” paradigm;
• Embed privacy as a core functionality: the future of the Smart Grid may depend on it!
How to Contact Us
Michelle Chibba Director of Policy and Special ProjectsInformation & Privacy Commissioner of Ontario2 Bloor Street East, Suite 1400Toronto, Ontario, Canada M4W 1A8
Phone: (416) 326-3333 / 1-800-387-0073Web: www.ipc.on.caE-mail: [email protected]