5. 5
What is Privacy?
Privacy
/ˈprīvəsē/
Definedin Generally AcceptedPrivacyPrinciples (GAPP)as
“therightsandobligationsofindividualsandorganizationswithrespect tothecollection, use, retention,disclosure, and disposal of
personal information.”
16. 16
PrivacyRegulations
Sweden, TheDataAct, a nationaldataprotectionlaw wentinto effectin
1974
India is passinga comprehensivedataprotectionbill that
includeGDPR-likerequirements
Finland's Data ProtectionAct
Japanimplementschangesto domesticlegislationto strengthen
privacy protectionin thecountry
Brazil passinga comprehensivedataprotectionregulation
similarto GDPR
1970, Germany passedthe firstnationaldataprotection
law, firstdataprotectionlaw in the world
TheNew York PrivacyAct wasintroducedin 2019
Source:Forrester
CCPA'simpact is expectedto beglobal
(12+ %), given California'sstatusasthe
fifth largestglobal economy
GDPR'simpactis expectedtobeglobal
19. 19
How Many Privacy Laws Are You Complying With?
Source:IAPP
GeneralDataProtectionRegulation(EU) 2016/679(GDPR)isaregulationin EU lawondataprotectionandprivacyintheEuropeanUnion(EU)
andtheEuropeanEconomic Area(EEA). ItalsoaddressesthetransferofpersonaldataoutsidetheEU and EEA areas.
CaliforniaConsumerPrivacyAct ( CCPA)isabill thatenhancesprivacyrightsandconsumerprotectionforresidents
ofCalifornia,UnitedStates.
By Region
22. 22
Failureto Comply . . .
What are the Consequences ?
• Companies liable fora fine ofup tofourper cent (4%) oftheir global turnover with a maximum fine of~$25Million USD. This is for non-compliance with no
data breach!
• The principles ofprotection should apply toany information concerning an identified or identifiable person.
• To determine whether a person is identifiable, account should betaken of allthe means likely reasonably to beused either by the controller orby any
other person toidentify the individual.
• Theprinciples of dataprotection should notapplytodata rendered anonymous in such a way that the datasubject is no longer identifiable.
Why What How
23. 23
GDPR — Data ProtectionPrinciples(Article5)
• Personal data shall beprocessed lawfully, fairly and in a transparent mannerinrelation to the data subject
• Collected for specified, explicit and legitimate purposes only
• Adequate, relevant and limited to what is necessary in relation to thepurposes for which theyareprocessed (‘data minimization’)
• Accurateand, wherenecessary, kept up to date, erased or rectified without delay
• Kept ina form whichpermits identification of data subjects for nolonger than is necessary for thepurposes for which the personal data
are processed
• Processed in a mannerthat ensures appropriate security of the personal data
88Pages(99Articles) of Detailed DataProtectionRequirements
24. 24
GDPR under "Schrems II" – Lacking “Additional Safeguards”
https://www.jdsupra.com/legalnews/navigating-eu-data-transfers-effects-of-8348955/
X
• InMarch2021,the Bavarian DPA found therewas an unlawfultransfer
of personal data from a Germancontroller to the e-mail marketing
service Mailchimp inthe U.S.
• Failedtoassess whetheranysupplementarymeasures wereneededin
relationtothetransferofpersonaldatatoMailchimp.
• InApril 2021,the PortugueseDPA ordered a public authority to suspend
all transfers of personal data to the U.S. and other thirdcountries.
• Cloudflarewereinsufficienttoprotectthedata(which includedreligiousand
healthdata),andthepartiesdid notimplementany supplementarymeasures
toprovideadequateprotectionforthedata.
• Suspend thetransferofdatatotheU.S. oranyotherthirdcountry without
firstestablishingadequateprotectionforthedata.
25. 25
GDPR under "SchremsII“ – France,March2021
• Notransfer of data but nevertheless a risk of access byU.S. authorities because the EU-based processor is a subsidiaryof a U.S. company.
• Thehostingofhealthdatabya company boundbyU.S.lawwasincompatiblewiththeGDPRunder"SchremsII" andviolatedtheprovisionsoftheGDPR, due ontheone hand,
tothepossibilityofatransfertotheU.S.ofthedatacollectedby Doctolibthroughitsprocessor,andontheotherhand,evenin theabsenceofdatatransfer,totheriskofaccess
requestsbyU.S.authoritiestotheprocessor,AWS.
• Thecourtnotedforthepurposesofhostingitsdata, Doctolibuses theservicesoftheLuxemburg company AWSSarl,thedataishostedin datacenterslocatedin France
and inGermany, andthecontractconcludedbetweenDoctolibandAWS Sarldoesnotprovideforthetransferof datatotheU.S.
• However,becauseitisasubsidiaryofacompany under U.S.law,thecourtconsideredAWS Sarlin Luxemburgmay besubject toaccess requestsby U.S. authoritiesin the
frameworkofU.S.monitoringprogramsbasedonArticle702oftheForeignIntelligenceSurveillanceAct orExecutive Order12333.
• Thelevel of protection offered was sufficient due to the manysafeguards
https://iapp.org/news/a/why-this-french-court-decision-has-far-reaching-consequences-for-many-businesses/
26. 26
https://iapp.org/news/a/why-this-french-court-decision-has-far-
reaching-consequences-for-many-businesses/
GDPR under"SchremsII"
Legal safeguards:
• AWS Sarlguarantees in its contract with Doctolib, a French company, that it will
challenge anygeneral access request froma public authority.
Technical safeguards:
• Technically the data hosted byAWS Sarlis encrypted.
• AWS Sarl,a Luxembourg registeredcompany.
• The key is held by a trusted thirdpartyin France, not by AWS.
Other guarantees taken:
• No health data.
• Thedatahostedrelatesonlyto the identificationof individualsforthepurposeof making
appointments.
• Data is deleted after three months.
Doctolib
AWS Sarl
AWS will challenge any general
access request from a public
authority
27. 27
Big Data Protection with GranularFieldLevel Protection for Google
Cloud Protectionthroughout the lifecycleof data in Hadoop
BigData Protectortokenizes or
encryptssensitivedata fields
Enterprise
Policies
Policiesmaybe managedon-
premorGoogleCloudPlatform
(GCP)
PolicyEnforcementPoint
Protecteddatafields
U
Separation of Duties
EncryptionKeyManagem.
Security Officer
30. 30
Organizations needs to look at how the datawas captured,whois accountable for it, where it islocated and who has
access.
Data Flow MappingUnder GDPR
• If there is not already a documented workflow in place in yourorganization,it can be worthwhile for a team tobe sent out toidentify how the data
is being gathered.
• This willenable you tosee how your data flow is different from reality and what needs tobedone
Source:BigID
36. 36
The CCPA Effect
California Privacy Rights Act (CPRA)
1. On November 3, 2020, Californians voted to approve Proposition 24, a ballot measure
that creates the California Privacy Rights Act (CPRA).
2. The CPRA amends and expands the California Consumer Privacy Act (CCPA).
3. Most of the CPRA’s substantive provisions will not take effect until January 1, 2023,
providing covered businesses with two years of valuable ramp-up time.
4. Notably, however, the CPRA’s expansion of the “Right to Know” impacts personal
information (PI) collected during the ramp-up period, on or after January 1, 2022.
See https://en.wikipedia.org/wiki/2020_California_Proposition_24
38. 38
PrivacyStandards
11Published InternationalPrivacyStandards(ISO)
Techniques
Management
Cloud
Framework
Impact
Requirements
Process
20889 IS Privacyenhancingde-identificationterminologyandclassificationoftechniques
27701 IS Securitytechniques-ExtensiontoISO/IEC27001 andISO/IEC 27002 forprivacyinformationmanagement -Requirementsand
guidelines
27018 IS CodeofpracticeforprotectionofPIIinpubliccloudsacting as PIIprocessors
29100 IS Privacyframework
29101 IS Privacyarchitectureframework
29134 IS GuidelinesforPrivacyimpactassessment
29190 IS Privacycapabilityassessmentmodel
29191 IS Requirementsforpartiallyanonymous,partiallyunlinkableauthentication
29151 IS CodeofPracticeforPIIProtection
19608 TSGuidancefordevelopingsecurityandprivacyfunctionalrequirementsbasedon15408
27550 TRPrivacyengineeringforsystemlifecycleprocesses
39. 39
Different Data Protection Techniques
Data Store
DynamicMasking
2-way 1-way
FormatPreserving Computingonencrypteddata FormatPreserving
Tokenization
FormatPreserving
Encryption
(FPE)
HomomorphicEncryption
(HE)
Hashing
Static
Masking
DifferentialPrivacy
(DP)
K-anonymityModel
Random Algorithmic NoiseAdded
Fast Slow VerySlow Fast Fast
Fastest
ClearText
SyntheticData
Derivation
Fast
Anonymization
Of Attributes
Pseudonymization
Of Identifiers
40. 40
Example of Use-Cases & DataPrivacy Techniques
40
Vault-less tokenization Masking
Vault-less tokenization
Gateway
CallCenterApplication
PaymentApplication
Payment Data
Policy,Tokenization,Encryptionand
Keys
Salesforce
Payment
Network
SecurityOfficer
Data Warehouse
AnalyticsApplication
PI* Data
PI* Data
DifferentialPrivacy
AndK-anonymity
Dev/testSystems
PI* Data
VotingApplication
ElectionData
MicrosoftElectionGuard
42. 42
Randomized Tokenization
Data Store
DynamicMasking
2-way
FormatPreserving Computingonencrypteddata
Tokenization
FormatPreserving
Encryption
(FPE)
HomomorphicEncryption
(HE)
Random Algorithmic
Fast Slow VerySlow
Fastest
ClearText
Pseudonymization
Of Identifiers
Quantum Computers?
• Quantum computers and other strong
computers can break algorithms and patterns
in encrypted data.
• We can instead use random numbers to secure
sensitive data.
• Random numbers are not based on an
algorithm or pattern that computers can break.
Tech giants are building their own machines and
speeding to make them available to the world as a
cloud computing service. In the competition: IBM,
Google, Microsoft, Intel, Amazon, IonQ, Quantum
Circuits, Rigetti Computing
45. 45
Original Data
Fully Synthetic Data
Partially Synthetic Data
Artificially generated
new data points
Artificially generated
new data points
Synthetic Data
46. 46
6 Differential PrivacyModels
In differential privacy,the
concern is about privacyas
the relative difference in the
result whether aspecific
individual or entity is
includedin the input or
excluded
Random Differential Privacy
Probabilistic Differential Privacy
Concentrated Differential
Privacy
Approximate Differential Privacy
Computational Differential
Privacy
Multiparty Differential Privacy
Noiseisverylow.
Usedinpractice.
Moreusefulanalysiscanbeperformed.
Well-studied.
Widelyused
Canensuretheprivacyofindividualcontributions.
Aggregationisperformedlocally.
Strongdegreeofprotection.
Highaccuracy
Apuremodelprovidesprotectionevenagainstattackers withunlimitedcomputationalpower.
Canleadtounlikelyoutputs.
Tailoredtolargenumbersofcomputations.
47. 47
Area Timing Focus Comments Use Case: Bank
Requirements Short Internal requirements International regulations
Cloud Short Machine Learning Startwithbasic ML trainingand inference on sensitivedata in cloud
Competition Short Competitive advantage MLand NLP-powered servicescan give banks a competitiveedge
Data
Short Encrypted data Important
Long Synthetic data Computing cost?
Analytics
Medium AML/KYC Whatare otherLarge banks doing?
Short Analytics Initial focus
Short Operational on encrypted data Computing on sensitivedata tothe cloud. Trade-offswithperformance, protection and utility?
Industry Short Industry dialog Workinggroups instandard bodies (ANSI X9, Cloud Security Alliance,Homomorphic Encryption Org)
Model Short Encrypted model Important
Pilot
Short Experimentation Whatare otherLarge banks doing?
Short ScotiaBankCase Study QuerysolutionforAML/KYC
Proven Medium Fastfollower Whatare some proven solutions?
Quantum
Short Homomorphic Encryption post-
Lattice-basedcryptography isa promising post-quantumcryptography family,both in termsof foundational propertiesaswell as itsapplicationto both traditionaland homomorphic
encryption
Medium Quantum Plan forquantum safealgorithms
Long Quantum Plan forquantum MLalgorithms
Sharing Short Secure Multi-partyComputing (SMPC)
Withoutrevealingtheir ownprivateinputsand outputs. Encrypteddata and encryptionkeys never comingledwilecomputationon the encrypted dataisoccurringor an encryption key is
splitintoshares
Solutions
Short Vendor positioning
Nonlinear MLregressionneeded? LinearRegressionisone of the fundamental supervised-ML. Linearand non-linearcreditscoring by combininglogisticregressionand support vector
machines
Short Frameworkintegration Important
3rd Party Long 3rd party integration Miningfirst
TrainingML
Long Federated learning Complicated
Long TEE Emerging
48. 48
Data Protection Techniques:Deploying On-premisesand Clouds
Privacy enhancing data de-identification terminology
and classification of technique
DataWarehouse Centralized Distributed On-premises PublicCloud PrivateCloud
De-identification
techniques
Tokenization
Vault-basedtokenization Y Y
Vault-lesstokenization Y Y Y Y Y Y
Cryptographic Tools
Format preservingencryption Y Y Y Y Y
Homomorphic encryption Y Y Y
Suppression techniques
Masking Y Y Y Y Y Y
Hashing Y Y Y Y Y Y
Formalprivacy
measurementmodels
DifferentialPrivacy
ServerModel Y Y Y Y Y Y
LocalModel Y Y Y Y Y Y
K-anonymity model
L-diversity Y Y Y Y Y Y
T-closeness Y Y Y Y Y Y
49. 49
Example of Cross Border Data-centric Securityusing tokenization
SecurityOfficer
• ProtectingPersonally Identifiable Information (PII), includingnames,
addresses,phone,email, policyand accountnumbers
• Compliance with EU CrossBorderDataProtectionLaws
• UtilizingDataTokenization, andcentralizedpolicy, key management,
auditing,and reporting
Data
Warehouse
Completepolicy-enforcedde-
identificationofsensitivedata
acrossall bankentities
DataSources
AustrianData
GermanData
OtherSource
Data
Austrian
Data
German
Data
Other
Source
Data
56. 56
Protection of Data in AWS S3 with Separation of Duties
Protect data before
landing
Enterprise
Policies
Appsusingde-identified
data
Sensitivedatastreams
Enterprise
on-prem
Data lifted to S3 is
protected before use
S3
SecurityOfficer
• Applications can use de-identified
data ordata in the clear based on
policies
• Protection ofdata in AWS S3 before
landing in a S3 bucket
PolicyEnforcementPoint(PEP)
Separation of Duties
EncryptionKeyManagement
57. 57
Multi-Cloud Considerations
Source:Securosis,2019
Consistency
• Mostfirmsarequitefamiliarwiththeiron-premises encryptionand key
managementsystems,sotheyoftenprefertoleveragethe same tooland
skills across multipleclouds.
• Firmsoftenadopta “best of breed”cloud approach.
Trust
• Some customerssimplydo nottrusttheirvendors.
Vendor Lock-in and Migration
• A commonconcern is vendorlock-in, andan inabilitytomigratetoanothercloud
serviceprovider.
• Some nativecloudencryptionsystemsdo not allow customer keys to move outside
the system, andcloudencryptionsystemsare basedonproprietaryinterfaces.
• Thegoal is to maintainprotection regardless of where data resides, moving between
cloud vendors.
Cloud Gateway
Google Cloud AWS Cloud Azure Cloud