Presentation on theme: "Office of the Information and Privacy Commissioner, Ontario, Canada Panel on Privacy Centre for Information Integrity & Information Systems Assurance,"— Presentation transcript:
Office of the Information and Privacy Commissioner, Ontario, Canada Panel on Privacy Centre for Information Integrity & Information Systems Assurance, U of Waterloo 7 th Biennial Research Symposium October 21, 2010 Toronto, Ontario
Ann Cavoukian, PhD Ontarios Information and Privacy Commissioner Ensures that government organizations (provincial and municipal) comply with freedom of information and privacy laws in Ontario Investigates privacy complaints and resolve appeals when the government refuses to grant access to government-held information Conducts research on access and privacy issues Educates the public and raise awareness about Ontarios access and privacy laws
Privacy Defined Right of an individual to exercise a measure of control over the collection, use and disclosure of their personal information Definition of personally identifiable information (PII) - any information, recorded or otherwise, relating or linked to an identifiable individual Privacy is contextual / think of privacy as an aspect of CRM (Customer Relationship Management)
What privacy is not Privacy Security Security is, however, vital to privacy
Fair Information Practices Why are you asking? –Collection; purpose specification How will the information be used? –Primary purpose; use limitation Any additional secondary uses? –Notice and consent; prohibition against unauthorized disclosure Who will be able to see my information? –Restricted access from unauthorized third parties
Why We Need Privacy by Design Most privacy breaches remain undetected – as regulators, we only see the tip of the iceberg Regulatory compliance alone, is unsustainable as the sole model for ensuring the future of privacy
Privacy by Design: The 7 Foundational Principles 1.Proactive not Reactive: Preventative, not Remedial; 2.Privacy as the Default setting; 3.Privacy Embedded into Design; 4.Full Functionality: Positive-Sum, not Zero-Sum; 5.End-to-End Security: Full Lifecycle Protection; 6.Visibility and Transparency: Keep it Open; 7.Respect for User Privacy: Keep it User-Centric.
Privacy by Design: The Trilogy of Applications Information Technology Accountable Business Practices Physical Design & Infrastructure
Privacy by Design in 2010: Gathering Momentum May – As part of the European Commissions new European Digital Agenda, Peter Hustinx, the European Data Protection Supervisor, recommended that Privacy by Design be included as a binding principle into data protection legal framework; ultation/Opinions/2010/ _Trust_Information_Society_EN.pdf October – Regulators from around the world gathered at the annual assembly of International Data Protection and Privacy Commissioners in Jerusalem, Israel, and unanimously passed a landmark Resolution recognizing Privacy by Design as an essential component of fundamental privacy protection; December – The U.S. Federal Trade Commission released a major report on protecting consumer privacy in which it recommended that companies adopt a Privacy by Design approach by building privacy protections into their everyday business practices.
Embedding Privacy at the Design Stage: The Obvious Route Cost-effective Proactive User-centric Its all about control – preserving personal control and freedom of choice over ones data flows
Conclusions Lead with Privacy by Design; Change the paradigm from the dated zero-sum to the doubly-enabling positive-sum; Deliver both privacy AND security or any other functionality, in an empowering win-win paradigm; Embed privacy as a core functionality: the future of the Smart Grid may depend on it!
How to Contact Us Michelle Chibba Director of Policy and Special Projects Information & Privacy Commissioner of Ontario 2 Bloor Street East, Suite 1400 Toronto, Ontario, Canada M4W 1A8 Phone: (416) / Web: