SlideShare una empresa de Scribd logo
1 de 41
Descargar para leer sin conexión
Information Privacy
Table of Contents
•   Introduction
•   Technical Implications
•   Impact and Rationales
•   Organizational View
•   Online Data Privacy
•   Information Security
• What is going on?
  – The User Data walls are coming down across
    services.
           » Simplification
           » Unification
           » Services are now features not products
What is Information Privacy???
• Simply put…

  – Information privacy is the relationship between
    collection and dissemination of:
     •    Data
     •   Technology
     •   The public expectation of privacy
     •   Legal and political issues surrounding them
What does privacy mean in society???
• Older Generation: Privacy is about secrecy.
• Younger Generation: Privacy is about control.

  People's relationship with privacy is socially
                  complicated
Identity
• Personally Identifiable Information (PII)
  – Name, IP Address, Face, Fingerprint, Genetic
    Information
• Non-Personally Identifiable Information
  – Behaviors on website
• Information privacy concern exists wherever
  those information is collected or stored in
  digital form or otherwise.
Four Primary Concerns

  – Collection: The very act of data collection. Legal or
    illegal.
  – Unauthorized secondary use
  – Improper access
  – Errors
Double-edged Sword

  – Used carefully under proper safeguards, increase
    public utility trough:
     • Each new service is backed by a database, and that
       database is vulnerable
     • Data makes services better
     • Free is Cheap
     • Shared data makes individual experiences better
  – Abuse can lead to invasion of information privacy.
Technical Implications
Information:
        Content Range
•   Healthcare records
•   Criminal justice investigations and proceedings
•   Financial institutions and transactions
•   Biological traits, such as genetic material
•   Residence and geographic records
•   Invisible Traces of our presence
    –   Data trails
    –   Credit Card Databases
    –   Phone Company Databases
    –   ISP Databases
    –   Relationship Management Database
Web Data Collection
• Personal information-Profile
• Other information
  – Device information
  – Cookies
  – Log information
  – User communications
  – Location data
Devices/Tools
• Hardware
   –   Security tokens :Physical access + PIN
   –   Data Centers /Servers
   –   Biometric Technology
   –   Device Fingerprinting

• Software(Encryption)
   –   GNU Privacy Guard (GPG)
   –   Portable Firefox
   –   Pretty Good Privacy (PGP)
   –   Secure Shell (SSH)
   –   I2P - The Anonymous Network
   –   Tor (anonymity network)
General Cost Items for
                     Information Privacy Management
•   Government/Legal:
     – Bill C-30: Canadian government’s invasive and warrantless online spying scheme $80 million
     – Privacy of bill of right in U.S.: cooperation of many different agencies over years

•   Company:
     –   Data collection
     –   Personnel Costs
     –   Protect users’ data from outside hacking
     –   Expertise to safeguard the service-remote storage service “Cloud”
     –   “Do not track bar” in to Browser: Google and Microsoft

•   Consumer:
     – Time to learn
     – Switch cost between different browser
           •   Limit the ability to correlate behavior
           •   Malicious criminal activity.



           All Costs Related to Scale
Impact & Rationales
Why Do Industries Invest?
•   Provides security for all users
•   Keeps information internal, not external
•   Helps protect against lawsuits
•   Heavy Investments from the
    Healthcare, Military and IT Industries.
Concerns for the Future
• What is considered “private” information
• How to make information more accessible
• How to evolve systems to prevent breaches
Facebook
•   Full Name
•   Birthday
•   Address
•   Photos
•   Education Locations
•   Family Members
How it applies country to country
“No one shall be subjected to arbitrary
interference with his privacy, family, home or
correspondence, nor to attacks upon his honor
and reputation. Everyone has the right to the
protection of the law against such interference
or attacks.”
—Universal Declaration of Human Rights, Article
12
Laws by Countries
• US
  – HIPAA
  – Electronic Communications Privacy Act
  – PATROIT Act
  – The Children’s Online Privacy Protection Act
  – “Safe Harbor”
• European Union
  – Data Protection Directive
  – European Data Protection Regulation
Organizational View
Who enforces the Health Insurance Portability
         and Accountability Act (HIPAA)?
• The Office of E-Health Standards and Services (OESS)
   – Transactions
   – Code Sets
   – National Identifiers (Employer and Provider identifiers)
     regulation




• Office for Civil Rights OCR
   – The HIPAA Privacy and Security Rules
HIPPA Secure Hosting for Protected
                Data
• HIPAA Compliance Data Center
  – Stores Protected Health Information (PHI)


• Security Measures
  –   A Virtual or Dedicated Private Firewall Services
  –   Advanced Encryption Standard
  –   SSL Certificates & HTTPS
  –   Remote VPN Access
  –   Disaster Recovery
Information Privacy in Organizations
        Internal Implications
• Information Privacy is:
  – Associated with creative performance
  – Associated with psychological empowerment
  – Context specific




• Control initiatives may undermine employee:
     • Perceptions of fairness and privacy
Organizational Leadership
        C-level executives vs. IT Teams
– There is a measurable understanding gap
   • C-level executives focus on driving the business.
      – Long-Term view
   • IT team is thinking and deploying its resources to
     protect.
      – Near-term view
Business Priorities as Interpreted by IT
What Takes Priority with IT Teams?
Online Data Privacy
Consumer Data
• In 1996 E-commerce revenue in 1996: $600M
• In 2013 E-commerce revenue expected to
  reach 2013: $963B
Expectations
• Consumers should expect reasonable measures:
   – Technical
   – Physical
   – Administrative.




• Privacy Professionals in organizations handle compliance
  with privacy promises

• No such thing as Perfect Privacy, just acceptable levels
  of risk
Govt. Searching Standards
• Constitutional Standard
  – Preventing Unreasonable Search & Seizure
     • 4th Amendment protections
     • Applies to In-House “Data in the home”


• Statutory Standard
  – Jurisprudence Define Legality
     • Warshack vs. USA
     • Applies Out-of-House “Cloud Data”


• Privacy Act
  – Right to see records held about you
Federal Trade Commission
• Federal Trade Commission Principals
  1.   Notice/Awareness
  2.   Choice/Consent
  3.   Access/Participation
  4.   Integrity/Security
  5.   Enforcement/Redress
• Power of “Privacy Audits”
Growth Outpacing Regulation
• The FTC 1st established guidelines in a 1998.




                    SELF-REGULATION IS ESTABLISHED
   “The commission believes that legislation to address online privacy is not
                         appropriate at this time”


   Burden of Privacy Protection largely on the Website
                      User or You!
Information Security
Information Security (cont...)
• Corporate Policy
  – Processes/Policies are needed to encourage responsible information
    handling within organizations

  – Importance of security measures taken to
      ensure customer/employee privacy

  – Example policies:
      • Storing sensitive information on secure
      or disconnected servers
      • Requiring all employees to install
      antivirus or firewall software
Information Security (cont…)
• International Standards
  – Generally Accepted Privacy Principles (GAPP)

  – ISO/IEC 27002
     • IS standard – best practice recommendations for those
       “initiating, implementing, or maintaining Information Security
       Management Systems (ISMS)
         –   Risk Assessment
         –   Security Policy
         –   Asset Management
         –   Physical/Environmental Security
         –   Access Control
         –   Etc.
Breach Cases
2011
• Sony’s PlayStation Network
    – Size: 101 million user accounts
    – Type of Data: name, home and e-mail addresses, login credentials, some credit
      card information
    – Consequence: Identity theft, class-action law-suits

• Epsilon, Alliance Data Systems
    – Size: Unknown; 60 million estimated e-mail addresses
    – Type of Data: e-mail addresses, some names
    – Consequence: Exposed confidential customer lists, loss of business
Breach Cases (Cont…)
2011
• University of South Carolina
   – Size: 31,000
   – Type of Data: names, addresses, health records, financial data, Social
     Security numbers
   – Consequence: Identity theft, loss of business

• RSA Security
   – Size: Unknown
   – Type of Data: "information related to SecurID technology“
   – Consequence: Compromised enterprises and govt. agencies that rely on
     SecurID security technology
Lessons Learned


• Need to have IS policies, procedures, and technologies in place
  to prevent and deal with Information Privacy issues

• Negligence in IS and maintaining PII can have damaging
  effects on the customer and employee relationship
Relationship Management Benefits of
               IS and IP
• Increased usage of online services by existing customers and
  increased number of new customers due to:
   – Fulfillment of the need for privacy of customers (Some customers may
     only use the service if their privacy needs are fulfilled, other may use
     the service more often.)

   – Increased public image and trust (especially if the privacy friendly
     attitude is advertised)

   – Competitive advantage (if the competition doesn't have a similar offer)

   – Increased customer retention (Customers appreciate the privacy
     enhancing functions of the service and don't like the idea of not finding
     them with competing services.)
Questions?

Más contenido relacionado

La actualidad más candente

Information Privacy
Information PrivacyInformation Privacy
Information Privacyimehreenx
 
Data protection and privacy
Data protection and privacyData protection and privacy
Data protection and privacyhimanshu jain
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
Online privacy & security
Online privacy & securityOnline privacy & security
Online privacy & securityPriyab Satoshi
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy IntroductionG Prachi
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness TrainingRandy Bowman
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practicesamiable_indian
 
Privacy issues and internet privacy
Privacy issues and internet privacyPrivacy issues and internet privacy
Privacy issues and internet privacyvinyas87
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityjayashri kolekar
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protectionsp_krishna
 
Information privacy and Security
Information privacy and SecurityInformation privacy and Security
Information privacy and SecurityAnuMarySunny
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to securityDhani Ahmad
 
“Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation “Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation tomasztopa
 
Awareness Training on Information Security
Awareness Training on Information SecurityAwareness Training on Information Security
Awareness Training on Information SecurityKen Holmes
 
Cyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptxCyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptxDinesh582831
 
Chapter 1 powerpoint
Chapter 1 powerpointChapter 1 powerpoint
Chapter 1 powerpointstanbridge
 
Computer Security Presentation
Computer Security PresentationComputer Security Presentation
Computer Security PresentationPraphullaShrestha1
 

La actualidad más candente (20)

Information Privacy
Information PrivacyInformation Privacy
Information Privacy
 
Data protection and privacy
Data protection and privacyData protection and privacy
Data protection and privacy
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data Security
 
Online privacy & security
Online privacy & securityOnline privacy & security
Online privacy & security
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy Introduction
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness Training
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practices
 
Privacy issues and internet privacy
Privacy issues and internet privacyPrivacy issues and internet privacy
Privacy issues and internet privacy
 
Privacy in simple
Privacy in simplePrivacy in simple
Privacy in simple
 
Privacy and Data Protection
Privacy and Data ProtectionPrivacy and Data Protection
Privacy and Data Protection
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protection
 
Information privacy and Security
Information privacy and SecurityInformation privacy and Security
Information privacy and Security
 
Overview of Information Security & Privacy
Overview of Information Security & PrivacyOverview of Information Security & Privacy
Overview of Information Security & Privacy
 
Chapter2 the need to security
Chapter2 the need to securityChapter2 the need to security
Chapter2 the need to security
 
“Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation “Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation
 
Awareness Training on Information Security
Awareness Training on Information SecurityAwareness Training on Information Security
Awareness Training on Information Security
 
Cyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptxCyber Security Awareness Program.pptx
Cyber Security Awareness Program.pptx
 
Chapter 1 powerpoint
Chapter 1 powerpointChapter 1 powerpoint
Chapter 1 powerpoint
 
Computer Security Presentation
Computer Security PresentationComputer Security Presentation
Computer Security Presentation
 

Similar a Presentation on Information Privacy

74 x9019 bea legal slides short form ged12.12.16
74 x9019 bea legal slides short form ged12.12.1674 x9019 bea legal slides short form ged12.12.16
74 x9019 bea legal slides short form ged12.12.16Glenn E. Davis
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11pdewitte
 
Don't let them take a byte
Don't let them take a byteDon't let them take a byte
Don't let them take a bytelgcdcpas
 
2011 hildebrandt institute cio forum data privacy and security presentation...
2011 hildebrandt institute cio forum   data privacy and security presentation...2011 hildebrandt institute cio forum   data privacy and security presentation...
2011 hildebrandt institute cio forum data privacy and security presentation...David Cunningham
 
DPA seminar presentation
DPA seminar presentationDPA seminar presentation
DPA seminar presentationRodonoghue72
 
Ethics and Politics of Big Data
Ethics and Politics of Big DataEthics and Politics of Big Data
Ethics and Politics of Big Datarobkitchin
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation Technology Society Nepal
 
005. Ethics, Privacy and Security
005. Ethics, Privacy and Security005. Ethics, Privacy and Security
005. Ethics, Privacy and SecurityArianto Muditomo
 
Privacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be TellingPrivacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be TellingSecurity Innovation
 
Privacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be TellingPrivacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be TellingRebecca Leitch
 
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...Financial Poise
 
Kevin Wharram Security Summit
Kevin Wharram Security SummitKevin Wharram Security Summit
Kevin Wharram Security SummitKevin Wharram
 
Cyber Security - ASGFOA
Cyber Security - ASGFOACyber Security - ASGFOA
Cyber Security - ASGFOAPeter Henley
 
Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1Asad Zaman
 
Session4807.ppt
Session4807.pptSession4807.ppt
Session4807.ppttalkaton
 
Hivos and Responsible Data
Hivos and Responsible DataHivos and Responsible Data
Hivos and Responsible DataTom Walker
 
E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course T...
E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course T...E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course T...
E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course T...Cengage Learning
 
CBC GDPR The Physics
CBC GDPR The PhysicsCBC GDPR The Physics
CBC GDPR The PhysicsJason Chapman
 
The privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analyticsThe privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analyticsDan Michaluk
 

Similar a Presentation on Information Privacy (20)

74 x9019 bea legal slides short form ged12.12.16
74 x9019 bea legal slides short form ged12.12.1674 x9019 bea legal slides short form ged12.12.16
74 x9019 bea legal slides short form ged12.12.16
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11
 
Don't let them take a byte
Don't let them take a byteDon't let them take a byte
Don't let them take a byte
 
2011 hildebrandt institute cio forum data privacy and security presentation...
2011 hildebrandt institute cio forum   data privacy and security presentation...2011 hildebrandt institute cio forum   data privacy and security presentation...
2011 hildebrandt institute cio forum data privacy and security presentation...
 
DPA seminar presentation
DPA seminar presentationDPA seminar presentation
DPA seminar presentation
 
Ethics and Politics of Big Data
Ethics and Politics of Big DataEthics and Politics of Big Data
Ethics and Politics of Big Data
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & process
 
005. Ethics, Privacy and Security
005. Ethics, Privacy and Security005. Ethics, Privacy and Security
005. Ethics, Privacy and Security
 
Chapter 3
Chapter 3Chapter 3
Chapter 3
 
Privacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be TellingPrivacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be Telling
 
Privacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be TellingPrivacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be Telling
 
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
CYBER SECURITY and DATA PRIVACY 2022_How to Build and Implement your Company'...
 
Kevin Wharram Security Summit
Kevin Wharram Security SummitKevin Wharram Security Summit
Kevin Wharram Security Summit
 
Cyber Security - ASGFOA
Cyber Security - ASGFOACyber Security - ASGFOA
Cyber Security - ASGFOA
 
Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1Multi-faceted Cyber Security v1
Multi-faceted Cyber Security v1
 
Session4807.ppt
Session4807.pptSession4807.ppt
Session4807.ppt
 
Hivos and Responsible Data
Hivos and Responsible DataHivos and Responsible Data
Hivos and Responsible Data
 
E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course T...
E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course T...E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course T...
E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course T...
 
CBC GDPR The Physics
CBC GDPR The PhysicsCBC GDPR The Physics
CBC GDPR The Physics
 
The privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analyticsThe privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analytics
 

Último

Young adult book quiz by SJU quizzers.ppt
Young adult book quiz by SJU quizzers.pptYoung adult book quiz by SJU quizzers.ppt
Young adult book quiz by SJU quizzers.pptSJU Quizzers
 
"Quest for Knowledge: An Exciting Journey Through 40 Brain-Bending Questions ...
"Quest for Knowledge: An Exciting Journey Through 40 Brain-Bending Questions ..."Quest for Knowledge: An Exciting Journey Through 40 Brain-Bending Questions ...
"Quest for Knowledge: An Exciting Journey Through 40 Brain-Bending Questions ...RAGHURAMYC
 
Holi:: "The Festival of Colors in India"
Holi:: "The Festival of Colors in India"Holi:: "The Festival of Colors in India"
Holi:: "The Festival of Colors in India"IdolsArts
 
Taylor Swift quiz( with answers) by SJU quizzers
Taylor Swift quiz( with answers) by SJU quizzersTaylor Swift quiz( with answers) by SJU quizzers
Taylor Swift quiz( with answers) by SJU quizzersSJU Quizzers
 
Carowinds 2024: Thrills, Spills & Surprises
Carowinds 2024: Thrills, Spills & SurprisesCarowinds 2024: Thrills, Spills & Surprises
Carowinds 2024: Thrills, Spills & Surprisescarawinds99
 
Inside Look: Brooke Monk's Exclusive OnlyFans Content Production
Inside Look: Brooke Monk's Exclusive OnlyFans Content ProductionInside Look: Brooke Monk's Exclusive OnlyFans Content Production
Inside Look: Brooke Monk's Exclusive OnlyFans Content Productionget joys
 
5 Moments of Everyday Self-Loathing That Perfectly Describe Your Life
5 Moments of Everyday Self-Loathing That Perfectly Describe Your Life5 Moments of Everyday Self-Loathing That Perfectly Describe Your Life
5 Moments of Everyday Self-Loathing That Perfectly Describe Your LifeSalty Vixen Stories & More
 

Último (7)

Young adult book quiz by SJU quizzers.ppt
Young adult book quiz by SJU quizzers.pptYoung adult book quiz by SJU quizzers.ppt
Young adult book quiz by SJU quizzers.ppt
 
"Quest for Knowledge: An Exciting Journey Through 40 Brain-Bending Questions ...
"Quest for Knowledge: An Exciting Journey Through 40 Brain-Bending Questions ..."Quest for Knowledge: An Exciting Journey Through 40 Brain-Bending Questions ...
"Quest for Knowledge: An Exciting Journey Through 40 Brain-Bending Questions ...
 
Holi:: "The Festival of Colors in India"
Holi:: "The Festival of Colors in India"Holi:: "The Festival of Colors in India"
Holi:: "The Festival of Colors in India"
 
Taylor Swift quiz( with answers) by SJU quizzers
Taylor Swift quiz( with answers) by SJU quizzersTaylor Swift quiz( with answers) by SJU quizzers
Taylor Swift quiz( with answers) by SJU quizzers
 
Carowinds 2024: Thrills, Spills & Surprises
Carowinds 2024: Thrills, Spills & SurprisesCarowinds 2024: Thrills, Spills & Surprises
Carowinds 2024: Thrills, Spills & Surprises
 
Inside Look: Brooke Monk's Exclusive OnlyFans Content Production
Inside Look: Brooke Monk's Exclusive OnlyFans Content ProductionInside Look: Brooke Monk's Exclusive OnlyFans Content Production
Inside Look: Brooke Monk's Exclusive OnlyFans Content Production
 
5 Moments of Everyday Self-Loathing That Perfectly Describe Your Life
5 Moments of Everyday Self-Loathing That Perfectly Describe Your Life5 Moments of Everyday Self-Loathing That Perfectly Describe Your Life
5 Moments of Everyday Self-Loathing That Perfectly Describe Your Life
 

Presentation on Information Privacy

  • 2. Table of Contents • Introduction • Technical Implications • Impact and Rationales • Organizational View • Online Data Privacy • Information Security
  • 3. • What is going on? – The User Data walls are coming down across services. » Simplification » Unification » Services are now features not products
  • 4. What is Information Privacy???
  • 5. • Simply put… – Information privacy is the relationship between collection and dissemination of: • Data • Technology • The public expectation of privacy • Legal and political issues surrounding them
  • 6. What does privacy mean in society??? • Older Generation: Privacy is about secrecy. • Younger Generation: Privacy is about control. People's relationship with privacy is socially complicated
  • 7. Identity • Personally Identifiable Information (PII) – Name, IP Address, Face, Fingerprint, Genetic Information • Non-Personally Identifiable Information – Behaviors on website • Information privacy concern exists wherever those information is collected or stored in digital form or otherwise.
  • 8. Four Primary Concerns – Collection: The very act of data collection. Legal or illegal. – Unauthorized secondary use – Improper access – Errors
  • 9. Double-edged Sword – Used carefully under proper safeguards, increase public utility trough: • Each new service is backed by a database, and that database is vulnerable • Data makes services better • Free is Cheap • Shared data makes individual experiences better – Abuse can lead to invasion of information privacy.
  • 11. Information: Content Range • Healthcare records • Criminal justice investigations and proceedings • Financial institutions and transactions • Biological traits, such as genetic material • Residence and geographic records • Invisible Traces of our presence – Data trails – Credit Card Databases – Phone Company Databases – ISP Databases – Relationship Management Database
  • 12. Web Data Collection • Personal information-Profile • Other information – Device information – Cookies – Log information – User communications – Location data
  • 13. Devices/Tools • Hardware – Security tokens :Physical access + PIN – Data Centers /Servers – Biometric Technology – Device Fingerprinting • Software(Encryption) – GNU Privacy Guard (GPG) – Portable Firefox – Pretty Good Privacy (PGP) – Secure Shell (SSH) – I2P - The Anonymous Network – Tor (anonymity network)
  • 14. General Cost Items for Information Privacy Management • Government/Legal: – Bill C-30: Canadian government’s invasive and warrantless online spying scheme $80 million – Privacy of bill of right in U.S.: cooperation of many different agencies over years • Company: – Data collection – Personnel Costs – Protect users’ data from outside hacking – Expertise to safeguard the service-remote storage service “Cloud” – “Do not track bar” in to Browser: Google and Microsoft • Consumer: – Time to learn – Switch cost between different browser • Limit the ability to correlate behavior • Malicious criminal activity. All Costs Related to Scale
  • 16. Why Do Industries Invest? • Provides security for all users • Keeps information internal, not external • Helps protect against lawsuits • Heavy Investments from the Healthcare, Military and IT Industries.
  • 17. Concerns for the Future • What is considered “private” information • How to make information more accessible • How to evolve systems to prevent breaches
  • 18. Facebook • Full Name • Birthday • Address • Photos • Education Locations • Family Members
  • 19. How it applies country to country “No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honor and reputation. Everyone has the right to the protection of the law against such interference or attacks.” —Universal Declaration of Human Rights, Article 12
  • 20. Laws by Countries • US – HIPAA – Electronic Communications Privacy Act – PATROIT Act – The Children’s Online Privacy Protection Act – “Safe Harbor” • European Union – Data Protection Directive – European Data Protection Regulation
  • 22. Who enforces the Health Insurance Portability and Accountability Act (HIPAA)? • The Office of E-Health Standards and Services (OESS) – Transactions – Code Sets – National Identifiers (Employer and Provider identifiers) regulation • Office for Civil Rights OCR – The HIPAA Privacy and Security Rules
  • 23. HIPPA Secure Hosting for Protected Data • HIPAA Compliance Data Center – Stores Protected Health Information (PHI) • Security Measures – A Virtual or Dedicated Private Firewall Services – Advanced Encryption Standard – SSL Certificates & HTTPS – Remote VPN Access – Disaster Recovery
  • 24. Information Privacy in Organizations Internal Implications • Information Privacy is: – Associated with creative performance – Associated with psychological empowerment – Context specific • Control initiatives may undermine employee: • Perceptions of fairness and privacy
  • 25. Organizational Leadership C-level executives vs. IT Teams – There is a measurable understanding gap • C-level executives focus on driving the business. – Long-Term view • IT team is thinking and deploying its resources to protect. – Near-term view
  • 26. Business Priorities as Interpreted by IT
  • 27. What Takes Priority with IT Teams?
  • 29. Consumer Data • In 1996 E-commerce revenue in 1996: $600M • In 2013 E-commerce revenue expected to reach 2013: $963B
  • 30. Expectations • Consumers should expect reasonable measures: – Technical – Physical – Administrative. • Privacy Professionals in organizations handle compliance with privacy promises • No such thing as Perfect Privacy, just acceptable levels of risk
  • 31. Govt. Searching Standards • Constitutional Standard – Preventing Unreasonable Search & Seizure • 4th Amendment protections • Applies to In-House “Data in the home” • Statutory Standard – Jurisprudence Define Legality • Warshack vs. USA • Applies Out-of-House “Cloud Data” • Privacy Act – Right to see records held about you
  • 32. Federal Trade Commission • Federal Trade Commission Principals 1. Notice/Awareness 2. Choice/Consent 3. Access/Participation 4. Integrity/Security 5. Enforcement/Redress • Power of “Privacy Audits”
  • 33. Growth Outpacing Regulation • The FTC 1st established guidelines in a 1998. SELF-REGULATION IS ESTABLISHED “The commission believes that legislation to address online privacy is not appropriate at this time” Burden of Privacy Protection largely on the Website User or You!
  • 35. Information Security (cont...) • Corporate Policy – Processes/Policies are needed to encourage responsible information handling within organizations – Importance of security measures taken to ensure customer/employee privacy – Example policies: • Storing sensitive information on secure or disconnected servers • Requiring all employees to install antivirus or firewall software
  • 36. Information Security (cont…) • International Standards – Generally Accepted Privacy Principles (GAPP) – ISO/IEC 27002 • IS standard – best practice recommendations for those “initiating, implementing, or maintaining Information Security Management Systems (ISMS) – Risk Assessment – Security Policy – Asset Management – Physical/Environmental Security – Access Control – Etc.
  • 37. Breach Cases 2011 • Sony’s PlayStation Network – Size: 101 million user accounts – Type of Data: name, home and e-mail addresses, login credentials, some credit card information – Consequence: Identity theft, class-action law-suits • Epsilon, Alliance Data Systems – Size: Unknown; 60 million estimated e-mail addresses – Type of Data: e-mail addresses, some names – Consequence: Exposed confidential customer lists, loss of business
  • 38. Breach Cases (Cont…) 2011 • University of South Carolina – Size: 31,000 – Type of Data: names, addresses, health records, financial data, Social Security numbers – Consequence: Identity theft, loss of business • RSA Security – Size: Unknown – Type of Data: "information related to SecurID technology“ – Consequence: Compromised enterprises and govt. agencies that rely on SecurID security technology
  • 39. Lessons Learned • Need to have IS policies, procedures, and technologies in place to prevent and deal with Information Privacy issues • Negligence in IS and maintaining PII can have damaging effects on the customer and employee relationship
  • 40. Relationship Management Benefits of IS and IP • Increased usage of online services by existing customers and increased number of new customers due to: – Fulfillment of the need for privacy of customers (Some customers may only use the service if their privacy needs are fulfilled, other may use the service more often.) – Increased public image and trust (especially if the privacy friendly attitude is advertised) – Competitive advantage (if the competition doesn't have a similar offer) – Increased customer retention (Customers appreciate the privacy enhancing functions of the service and don't like the idea of not finding them with competing services.)

Notas del editor

  1. Google will combine user data from service like YouTube, Gmail and Google Search and create a single merged profile for each user of its service. A way to attract more users? Effective on Mar 1st, 201270 policies into one
  2. Just say it is viewed differently under different contexts and is hard to define.. Computational, Content, and Structural Views… Next slide
  3.  In other words, the only reason privacy exists in the first place is because it was too much trouble for anyone to bother monitoring everything they would otherwise want to. There’s no innate right to privacy, it’s just that no one could be arsed to deprive you of it. Setting aside my understanding of economics, this was a relatively jarring perspective for me (I’m a lot more accustomed to hearing privacy described as a right) and it gave me pause for thought.
  4. Free is Cheap: Data collection makes services free due to Add Revenue and this is a Plus for end users.Talk about why abuse is bad for the public utility
  5. Important content informations
  6. Compare more FB and Google with Infogrphic
  7. protected health information (PHI) are now stored and hosted online in accordance to HIPAA hosting standards
  8. The survey of 718 IT and IT security practitioners in the United States—more than half of whom report directly to the CIO—determined that the number one reason senior management funded data protection efforts was “the need to comply with regulations, laws, and other mandates” followed closely by “response to a recent data breach” (a response likely necessitated by a regulation). At the very bottom of the justification list is “protect the company’s good reputation.”http://www.datacenterjournal.com/it/business-first-thinking-for-it-security/
  9.  Here, IT’s top answer is intellectual property (IP). Customer, employee and consumer information (PII) occupy the bottom of the list.
  10. Viacom vs. Google
  11. Constitutional Standard:requires search warrant/ and “probable cause”.Statutory Standard: Police only need a court orderWarshackvs USA: First Case to attempt to establish constitutional protections for ISPPrivacy Act: Right to see rteccords from federal governemrnt