Presentation on theme: "Office of the Information and Privacy Commissioner, Ontario, Canada"— Presentation transcript:
1 Office of the Information and Privacy Commissioner, Ontario, Canada Presentation OutlinePanel on PrivacyCentre for Information Integrity & Information Systems Assurance, U of Waterloo7th Biennial Research SymposiumOctober 21, 2010Toronto, Ontario
2 Ann Cavoukian, PhD Ontario’s Information and Privacy Commissioner Ensures that government organizations (provincial and municipal) comply with freedom of information and privacy laws in OntarioInvestigates privacy complaints and resolve appeals when the government refuses to grant access to government-held informationConducts research on access and privacy issuesEducates the public and raise awareness about Ontario’s access and privacy laws
3 Privacy DefinedRight of an individual to exercise a measure of control over the collection, use and disclosure of their personal informationDefinition of personally identifiable information (PII) - any information, recorded or otherwise, relating or linked to an identifiable individualPrivacy is contextual / think of privacy as an aspect of CRM (Customer Relationship Management)
4 Security is, however, vital to privacy What privacy is notPrivacy SecuritySecurity is, however, vital to privacy
5 Fair Information Practices Why are you asking?Collection; purpose specificationHow will the information be used?Primary purpose; use limitationAny additional secondary uses?Notice and consent; prohibition against unauthorized disclosureWho will be able to see my information?Restricted access from unauthorized third parties
6 Why We Need Privacy by Design Most privacy breaches remain undetected – as regulators, we only see the tip of the icebergRegulatory compliance alone, is unsustainable as the sole model for ensuring the future of privacy
8 Privacy by Design: The 7 Foundational Principles Proactive not Reactive: Preventative, not Remedial;Privacy as the Default setting;Privacy Embedded into Design;Full Functionality: Positive-Sum, not Zero-Sum;End-to-End Security: Full Lifecycle Protection;Visibility and Transparency: Keep it Open;Respect for User Privacy: Keep it User-Centric.
9 Privacy by Design: The Trilogy of Applications InformationTechnologyAccountableBusiness PracticesPhysical Design& Infrastructure
10 Privacy by Design in 2010: Gathering Momentum May – As part of the European Commission’s new European Digital Agenda, Peter Hustinx, the European Data Protection Supervisor, recommended that Privacy by Design be included as a binding principle into data protection legal framework;ultation/Opinions/2010/ _Trust_Information_Society_EN.pdfOctober – Regulators from around the world gathered at the annual assembly of International Data Protection and Privacy Commissioners in Jerusalem, Israel, and unanimously passed a landmark Resolution recognizing Privacy by Design as an essential component of fundamental privacy protection;December – The U.S. Federal Trade Commission released a major report on protecting consumer privacy in which it recommended that companies adopt a Privacy by Design approach by building privacy protections into their everyday business practices.
11 Embedding Privacy at the Design Stage: The Obvious Route Cost-effectiveProactiveUser-centricIt’s all about control – preserving personal control and freedom of choice over one’s data flows
12 Conclusions Lead with Privacy by Design; Change the paradigm from the dated “zero-sum” to the doubly-enabling “positive-sum;”Deliver both privacy AND security or any other functionality, in an empowering “win-win” paradigm;Embed privacy as a core functionality: the future of the Smart Grid may depend on it!
13 How to Contact UsMichelle Chibba Director of Policy and Special Projects Information & Privacy Commissioner of Ontario 2 Bloor Street East, Suite 1400 Toronto, Ontario, Canada M4W 1A8Phone: (416) /Web:13