Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2007 The MITRE Corporation. MITRE Privacy Practice W3C Government Linked Data Working Group Michael Aisenberg, Esq. 29 June 2011 Predicate for Privacy.

Published byLaurel Wilkinson Modified over 8 years ago

Similar presentations

Presentation on theme: "© 2007 The MITRE Corporation. MITRE Privacy Practice W3C Government Linked Data Working Group Michael Aisenberg, Esq. 29 June 2011 Predicate for Privacy."— Presentation transcript:

1 © 2007 The MITRE Corporation. MITRE Privacy Practice W3C Government Linked Data Working Group Michael Aisenberg, Esq. 29 June 2011 Predicate for Privacy : Overview of Privacy considerations in Linked Data Environment

2 © 2007 The MITRE Corporation. MITRE Privacy Practice Privacy Primer 1: What is Privacy ?

3 © 2007 The MITRE Corporation. MITRE Privacy Practice Privacy Primer 2: Policy Framework n OECD: “Fair Information Practice Principles” n EU: Data Protection Directive: citizens “own” their PII –Data Protection Authority n U.S.: Distinguish Obligations by Identity of Collector of Data –Government: Privacy Act of 1974, 1976, 2002 Amendments n Privacy and Security: FISMA n All data collections “Systems of Records” –Special treatment of individuals’ data in sectors n Children: COPPA n Health Information: HIPAA n Banking/Financial Service Information: Sarbanes/Oxley n Global presence of U.S. collectors: EU Safe Harbor Agreement n Duty of custodial control by collector –“Data Breech” legislation

4 © 2007 The MITRE Corporation. MITRE Privacy Practice Privacy Primer 3: When do Privacy Act obligations apply ? 4

5 © 2007 The MITRE Corporation. MITRE Privacy Practice Privacy Primer 4:Core Privacy Principles* (Based on Fair Information Practices, foundation for the Privacy Act of 1974) PRINCIPLEMEANS Notice Provide clear information to subject about the agency’s collection and intended use of PII Choice Provide individuals with the ability to consent to the collection and use of their PII Limitation Ensure that minimal necessary PII is collected, used, disclosed, and retained for stated purposes Accuracy Ensure that individuals are treated fairly, based on PII that is correct Access and Redress Provide individuals with the ability to review the PII held about them, correct it, and challenge agency’s compliance with stated privacy practices Security Protect systems against inappropriate access and data disclosure and poor integrity of PII 5 *Based on information at http://www.ftc.gov/reports/privacy3/fairinfo.shtm

6 © 2007 The MITRE Corporation. MITRE Privacy Practice Background Information/Deeper Dive

7 © 2007 The MITRE Corporation. MITRE Privacy Practice Privacy Issues (1): Policy n Scope of consent –Consistency between avowed purpose as disclosed to subject and actual use –Use beyond scope as disclosed n Problem areas: ­Law enforcement ­Intelligence/counter-terrorism ­Minimization: least data necessary to accomplish agency’s purpose n “Routine uses” –Recognized, permissible “exceptions” to disclosed intended use n Share with congress, OMB: program oversight, often anonymized n Law enforcement/intelligence: by law, need NOT be disclosed if for specific investigation of an individual ­Grey area: routine sharing with LE/Intel for analytical, statistical purposes –The “exception” which threatens to consume the Rule….

8 © 2007 The MITRE Corporation. MITRE Privacy Practice Privacy Issues (2): Architecture

9 © 2007 The MITRE Corporation. MITRE Privacy Practice Emerging approaches to Controlling Data ”collection abuse” n Technical capacity to identify subjects of collection; e.g. n Meta tagging of ALL PII data fields ? n “Record locator” identifier for each collected record ? n Other options ? n System Design: Precursor: Common lexicon/uniform structure for data fields, critical PII data elements: n E.g. Name, D-O-B, Country of Birth/Citizenship/Origin n Cheat-sheet/template for foreign passports, other credential systems (ICAO badges) n How to enforce multi-laterally ? ­Rely on multi-jurisdictional vendors (e.g.—IBM, Siemens, Barclays) n Deployment Candor: What are the intended uses of data: what does agency REALLY intend to do with the data ? –Data matching systems; TTIC –Why ? Accurate “scope” information in required disclosures and informed consent to be obtained from subjects ?

Download ppt "© 2007 The MITRE Corporation. MITRE Privacy Practice W3C Government Linked Data Working Group Michael Aisenberg, Esq. 29 June 2011 Predicate for Privacy."

Similar presentations

PRIVACY ACT OF 1974 OVERVIEW. FAIR INFORMATION PRACTICES The Privacy Act is primarily concerned with fair information practices. The Privacy Act is primarily.

PRIVACY ACT OF 1974 OVERVIEW. FAIR INFORMATION PRACTICES The Privacy Act is primarily concerned with fair information practices. The Privacy Act is primarily.
EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure.

EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
AN OVERVIEW OF DATA PROTECTION LAW IN THE GCC NICK OCONNELL, Senior Associate – TMT JUNE 2013.

AN OVERVIEW OF DATA PROTECTION LAW IN THE GCC NICK OCONNELL, Senior Associate – TMT JUNE 2013.
NCVHS: Privacy and Confidentiality Leslie P. Francis, Ph.D., J.D. Distinguished Professor of Law and Philosophy Alfred C. Emery Professor of Law University.

NCVHS: Privacy and Confidentiality Leslie P. Francis, Ph.D., J.D. Distinguished Professor of Law and Philosophy Alfred C. Emery Professor of Law University.
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
IS3350 Security Issues in Legal Context

IS3350 Security Issues in Legal Context
The Geopolitics of Personal Data and the Governance of Privacy Colin J. Bennett Department of Political Science University of Victoria BC, Canada www.colinbennett.ca.

The Geopolitics of Personal Data and the Governance of Privacy Colin J. Bennett Department of Political Science University of Victoria BC, Canada
The Internet industry’s privacy seal program Silicon Valley Web Guild.

The Internet industry’s privacy seal program Silicon Valley Web Guild.
1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,

1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,
On Privacy-aware Information Lifecycle Management (ILM) in Enterprises: Setting the Context Marco Casassa Mont Hewlett-Packard.

On Privacy-aware Information Lifecycle Management (ILM) in Enterprises: Setting the Context Marco Casassa Mont Hewlett-Packard.
FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.

FAMILY EDUCATIONAL RIGHTS AND PRIVACY ACT Electronic Signatures This work is the intellectual property of the author. Permission is granted for this material.
Per Anders Eriksson

Per Anders Eriksson
Transborder dataflows Flow of information across national borders Much of this data involves personal information.

Transborder dataflows Flow of information across national borders Much of this data involves personal information.
Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Anglican Province of Canada Privacy Policy. Commitment to Privacy The Privacy Policy, including the Web Privacy Statement, is the Anglican Province of.

Anglican Province of Canada Privacy Policy. Commitment to Privacy The Privacy Policy, including the Web Privacy Statement, is the Anglican Province of.
Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario.

Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario.
“Privacy Implications of RFID Technology in Health Care Settings” Marc Rotenberg President EPIC Dept. of Health & Human Services Washington, DC 11 January.

“Privacy Implications of RFID Technology in Health Care Settings” Marc Rotenberg President EPIC Dept. of Health & Human Services Washington, DC 11 January.
Sharing Low-Income Customer Information Water & Energy Utilities LIOB Meeting - January 2009 Seaneen M Wilson Division of Water & Audits.

Sharing Low-Income Customer Information Water & Energy Utilities LIOB Meeting - January 2009 Seaneen M Wilson Division of Water & Audits.
6th CACR Information Security Workshop 1st Annual Privacy and Security Workshop (November 10, 2000) Incorporating Privacy into the Security Domain: Issues.

6th CACR Information Security Workshop 1st Annual Privacy and Security Workshop (November 10, 2000) Incorporating Privacy into the Security Domain: Issues.

Similar presentations

Ads by Google