Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy Evaluation Methodology (PEM) v1.0 Overview IDESG Privacy Committee James R. Elste Dr. Stuart Shapiro February 2013.

Published byIvy Fain Modified over 9 years ago

Similar presentations

Presentation on theme: "Privacy Evaluation Methodology (PEM) v1.0 Overview IDESG Privacy Committee James R. Elste Dr. Stuart Shapiro February 2013."— Presentation transcript:

1 Privacy Evaluation Methodology (PEM) v1.0 Overview IDESG Privacy Committee James R. Elste Dr. Stuart Shapiro February 2013

2 IDESG Privacy Committee Privacy Evaluation Methodology: Principles Effectively evaluate privacy issues & risks in IDESG work products and proposals Consistently apply the methodology in an objective, thorough, and fair manner Support the committees and attempt to identify and resolve privacy issues early in the development process Provide multiple opportunities to discuss and resolve issues, prior to issuing a Privacy Review Report Recognizing the significance of raising a formal objection, the Privacy Committee does not intend to lodge objections over immaterial issues or risks.

3 IDESG Privacy Committee Privacy Evaluation Methodology: Rules of Association, Section 2.1.3.1 2.1.3.1.1. The responsibility to develop, maintain, publish and adhere to a consistent evaluation methodology for identifying privacy and identity-related civil liberties risks and issues ("Privacy Evaluation Methodology"). 2.1.3.1.2. The responsibility to proactively communicate with and appoint liaisons to other committees of the plenary to identify and resolve potential privacy concerns during the development of IDESG work products. 2.1.3.1.3. The responsibility to review all IDESG work products prior to approval by the Plenary in a timely manner and issue a Privacy Review Report, consistent with the time frames and procedures enumerated in the Privacy Evaluation Methodology. 2.1.3.1.4. The authority to raise formal objections to IDESG proposals as set forth in Section 5.3.3.2 of these Rules ("Rule 5332") if a proposal fails to overcome shortcomings identified in the Privacy Review Report 3

4 IDESG Privacy Committee Privacy Evaluation Methodology: Implementation

5 IDESG Privacy Committee Privacy Engineering

6 IDESG Privacy Committee Formal Privacy Evaluation

7 IDESG Privacy Committee Report Generation & Review

8 IDESG Privacy Committee Potential Outcomes

9 IDESG Privacy Committee Privacy Evaluation Methodology: Timeframes No Privacy Issues (30 days) Proposals and work products with no privacy issues or risks will be completed within 30 days from the beginning of the Formal Privacy Evaluation Phase. Unresolved Privacy Issues Identified (90 days) Proposals and work products with unresolved privacy issues or risks, identified either in Phase1: Privacy Engineering or Phase2: Formal Privacy Evaluation, will be completed within 90 days from the beginning of the Formal Privacy Evaluation.

10 IDESG Privacy Committee Privacy Evaluation Criteria The most important component of the PEM is the evaluation criteria The evaluation criteria include Fair Information Practice Principles (FIPPs) and defined potential privacy and identity- related civil liberties risks – FIPPs include the FIPPs articulated in the 2011 NSTIC foundational document and the Consumer Privacy Bill of Rights – Potential risks are an adaptation of Solove’s privacy taxonomy These criteria are non-exclusive Not all criteria will be relevant in every instance

11 IDESG Privacy Committee Privacy Evaluation Workbook Three principal components – Characterization – Analysis – Mitigation and compensating controls Broken down by [personally identifiable] information life cycle stage – Collection – Processing – Use – Disclosure – Retention – Destruction

12 IDESG Privacy Committee Privacy Evaluation Workbook: Characterization The characterization section examines in detail the elements of a work product to capture the different dimensions relevant to privacy analysis Actors and Relationships Types of Information Intended Uses Data Flows Legal and Regulatory Requirements

13 IDESG Privacy Committee Privacy Evaluation Workbook: Analysis The analysis section provides a structure to collect comments and observations related to the application of the evaluation criteria FIPPs/CPBR Privacy/Civil Liberties Risks Legal & Regulatory Implications Other privacy issues

14 IDESG Privacy Committee Privacy Evaluation Workbook: Mitigation and Compensating Controls This section provides recommendations for addressing identified privacy problems Acceptance can be a valid resolution Unresolved issues are noted in the report

15 IDESG Privacy Committee Summary Process Workflows – Implementation – Privacy Engineering – Formal Privacy Evaluation Privacy Review Report – Potential Outcomes – Timeframes Privacy Evaluation Criteria & Workbook – Characterization – Analysis – Mitigation and Compensating Controls

16 Questions ??? Thank you for your time and attention.

Download ppt "Privacy Evaluation Methodology (PEM) v1.0 Overview IDESG Privacy Committee James R. Elste Dr. Stuart Shapiro February 2013."

Similar presentations

How to Finish Your Thesis/Dissertation?. Deciding to Go to Graduate School Without a powerful drive, the full-time effort and unflagging perseverance.

How to Finish Your Thesis/Dissertation?. Deciding to Go to Graduate School Without a powerful drive, the full-time effort and unflagging perseverance.
Roadmap for Sourcing Decision Review Board (DRB)

Roadmap for Sourcing Decision Review Board (DRB)
Participation Requirements for a Patient Representative.

Participation Requirements for a Patient Representative.
Review of industry code governance 26 March 2010.

Review of industry code governance 26 March 2010.
© 2007 itSMF USA. All rights reserved. itSMF USA Code of Ethics Overview October 2007.

© 2007 itSMF USA. All rights reserved. itSMF USA Code of Ethics Overview October 2007.
© 2015 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.

© 2015 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
Public Consultation/Participation in an EIA Process EIA requires that, as much as possible, both technical / scientific and value issues be dealt with.

Public Consultation/Participation in an EIA Process EIA requires that, as much as possible, both technical / scientific and value issues be dealt with.
Lesson 10 IT Project & Program Management.

Lesson 10 IT Project & Program Management.
Overview Lesson 10,11 - Software Quality Assurance

Overview Lesson 10,11 - Software Quality Assurance
Current Developments at the PCAOB Ensuring Integrity: 3 rd Annual Auditing Conference at Baruch College December 4, 2008.

Current Developments at the PCAOB Ensuring Integrity: 3 rd Annual Auditing Conference at Baruch College December 4, 2008.
IS Audit Function Knowledge

IS Audit Function Knowledge
Fundamentals of Information Systems, Second Edition

Fundamentals of Information Systems, Second Edition
Pertemuan 11-12 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Pertemuan Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
Opportunities for RAC Participation. Three Part discussion General presentation; Example of oil and gas decision making; and Panel Discussion of RAC involvement.

Opportunities for RAC Participation. Three Part discussion General presentation; Example of oil and gas decision making; and Panel Discussion of RAC involvement.
SAFA- IFAC Regional SMP Forum

SAFA- IFAC Regional SMP Forum
Information Systems Controls for System Reliability -Information Security-

Information Systems Controls for System Reliability -Information Security-
EDUCATOR CERTIFICATION UPDATE Michigan Association of School Personnel Administrators Conference December 3, 2010 Flora L. Jenkins, Director Office of.

EDUCATOR CERTIFICATION UPDATE Michigan Association of School Personnel Administrators Conference December 3, 2010 Flora L. Jenkins, Director Office of.
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
Environmental Impact Assessment Prepared by: Miss Syazwani Mahmad Puzi School of Bioprocess Engineering UniMAP.

Environmental Impact Assessment Prepared by: Miss Syazwani Mahmad Puzi School of Bioprocess Engineering UniMAP.
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Similar presentations

Ads by Google