Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Designing a Privacy Management System International Security Trust & Privacy Alliance.

Published byNathan Bennett Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Designing a Privacy Management System International Security Trust & Privacy Alliance."— Presentation transcript:

1 1 Designing a Privacy Management System International Security Trust & Privacy Alliance

2 2 Mr. Private I, system designer and charter member of the ISTPA Framework Committee, has been given a real challenge by one of his customers: Design a total privacy management system for ALL the corporate databases, which receive, hold, and transfer both customer and employee data, and in multiple jurisdictions! WHERE TO BEGIN??? PRIVACY MANAGEMENT

3 3 Personal Information Mr. Private I decided to start at the center of the design challenge: The corporate databases containing the Personal Information. But, from his ISTPA tutorials, he knew that SECURITY was an essential element of privacy management….

4 4 Personal Information SECURITY The system components would need to draw on well-defined SECURITY functions, such as confidentiality, integrity, authentication, and access control. Now, what privacy management services are needed?

5 5 Since privacy deals with life cycle management of PI, I needed to fence off that PI data from the rest of the database…. Personal Information SECURITY

6 6 Looking ahead, I realized that the “fence” created a boundary and that any dialog about PI would have to cross that boundary. I gave it a name: AGENT. Dialog about PI is handled by the AGENT service… Personal Information AGENT SECURITY

7 7 The AGENT will need to interface to the world outside the database and interact with other system elements, so I created an INTERACTION service. Personal Information AGENT INTERACTION SECURITY

8 8 Procedures, best practices, legislation, and jurisdictional mandates will govern the collection, access, and use of PI. A CONTROL service is needed to execute the particular privacy “policy” against the PI database…. Personal Information AGENT INTERACTION CONTROL SECURITY

9 9 Privacy is the proper use of PI throughout its lifecycle, consistent with the permission of the subject and applicable laws/policies. As PI is collected and maintained, an AGREEMENT service is needed to arbitrate with the PI subject for permissible use of the PI…. Personal Information AGENT INTERACTION CONTROL AGREEMENT SECURITY

10 10 Reflect on the concept of “proper use of PI throughout its lifecycle”, which is a core management requirement of the definition of privacy. Subsequent use of PI by other system entities could involve transfer, linking, inference and even re-negotiation of permissions. I added a USAGE service for that purpose…. Personal Information AGENT INTERACTION CONTROL AGREEMENT USAGE SECURITY

11 11 PI is “personal” information about the subject. Since the use of the PI is to be “proper” and “consistent with the permission of the subject and applicable laws/policies”, the subject should be able to access, review, and possibly correct PI about the subject held by another entity. Thus, the ACCESS Service… Personal Information AGENT INTERACTION CONTROL AGREEMENT USAGE ACCESS SECURITY

12 12 Given the assumed value of PI collected in the database, the privacy management system should make every effort itself to check the accuracy of PI at any point in its life cycle. The VALIDATION service does the checking, through the AGENT service. Personal Information AGENT INTERACTION CONTROL AGREEMENT USAGE ACCESS VALIDATION SECURITY

13 13 “Users” should have the proper credentials to use the system. The CERTIFICATION service will manage and check those credentials for any entity involved in processing PI. Personal Information AGENT INTERACTION CONTROL AGREEMENT USAGE ACCESS VALIDATION CERTIFICATION SECURITY

14 14 The privacy management system needs its own “watchdog” to record, maintain, and report any and all relevant events in order to subsequently confirm compliance. For that reason, I added the AUDIT service. Personal Information AGENT INTERACTION CONTROL AGREEMENT USAGE ACCESS VALIDATION CERTIFICATION Audit SECURITY

15 15 What should happen IF the system fails in some aspect of privacy management or violates an accepted tenet of the system? The ENFORCEMENT service handles redress in such cases. Personal Information AGENT INTERACTION CONTROL AGREEMENT USAGE ACCESS VALIDATION CERTIFICATION Audit ENFORCEMENT SECURITY

16 16 PI SUBJECTS will interact with the system, as well as PI REQUESTORS. Personal Information AGENT INTERACTION CONTROL AGREEMENT USAGE ACCESS VALIDATION CERTIFICATION Audit ENFORCEMENT SECURITY SUBJECT REQUESTOR

17 17 WHEW! Mr Private I needed a rest after all that design. I had identified 10 privacy SERVICES, but how did they work together to create an operational privacy management system? I needed to experiment with a few Use Cases… Personal Information AGENT INTERACTION CONTROL AGREEMENT USAGE ACCESS VALIDATION CERTIFICATION Audit ENFORCEMENT SECURITY SUBJECTREQUESTOR

18 18 I started simple: Consider an employer application like Payroll that requests certain PI from an employee… Personal Information AGENT INTERACTION CONTROL AGREEMENT USAGE ACCESS VALIDATION CERTIFICATION Audit ENFORCEMENT SECURITY SUBJECTREQUESTOR

19 19 Through the employer AGENT and INTERACTION, a NOTICE of the purpose and use of the requested PI is presented to the SUBJECT. The PI, together with the permissible purpose/use, is submitted for VALIDATION, then stored in the PI database by CONTROL. Through CONTROL, PI is shared with the REQUESTOR. Personal Information AGENT INTERACTION CONTROL AGREEMENT USAGE ACCESS VALIDATION CERTIFICATION Audit ENFORCEMENT SECURITY SUBJECTREQUESTOR NOTICE PI

20 20 (ADDITIONAL USE CASES…) Personal Information AGENT INTERACTION CONTROL AGREEMENT USAGE ACCESS VALIDATION CERTIFICATION Audit ENFORCEMENT SECURITY SUBJECTREQUESTOR

Download ppt "1 Designing a Privacy Management System International Security Trust & Privacy Alliance."

Similar presentations

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
The Challenges of CORBA Security It is important to understand that [CORBAsecurity] is only a (powerful) security toolbox and not the solution to all security.

The Challenges of CORBA Security It is important to understand that [CORBAsecurity] is only a (powerful) security toolbox and not the solution to all security.
Operating System Security

Operating System Security
What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.

What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.
The Islamic University of Gaza

The Islamic University of Gaza
Opening Presentation of Notary Reqs 8/5/2004 Tobias Gondrom.

Opening Presentation of Notary Reqs 8/5/2004 Tobias Gondrom.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.

ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.

1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.
11 3 / 12 CHAPTER Databases MIS105 Lec14 Irfan Ahmed Ilyas.

11 3 / 12 CHAPTER Databases MIS105 Lec14 Irfan Ahmed Ilyas.
Chapter 7 Database Auditing Models

Chapter 7 Database Auditing Models
The Trusted Digital Repositories Checklist Government Records and Archives Aspects Dr Stephen Ellis Assistant Director – General Government.

The Trusted Digital Repositories Checklist Government Records and Archives Aspects Dr Stephen Ellis Assistant Director – General Government.
SystematicSystematic process that translates quality policy into measurable objectives and requirements, and lays down a sequence of steps for realizing.

SystematicSystematic process that translates quality policy into measurable objectives and requirements, and lays down a sequence of steps for realizing.
DEED WorkForce Center Reception and Resource Area Certification Program Module 2 Unit 1b: WorkForce Center System II Learning Objectives III.

DEED WorkForce Center Reception and Resource Area Certification Program Module 2 Unit 1b: WorkForce Center System II Learning Objectives III.
Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,

Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,
Chapter 7 Database Auditing Models

Chapter 7 Database Auditing Models
Privacy By Design Sample Use Case Privacy Controls Insurance Application- Vehicle Data.

Privacy By Design Sample Use Case Privacy Controls Insurance Application- Vehicle Data.
Management Information Systems

Management Information Systems
1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public.

1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public.
OASIS PRIVACY MANAGEMENT REFERENCE MODEL EEMA European e-identity Management Conference Paris, 12-13 June 2012 John Sabo, CA Technologies Co-Chair, OASIS.

OASIS PRIVACY MANAGEMENT REFERENCE MODEL EEMA European e-identity Management Conference Paris, June 2012 John Sabo, CA Technologies Co-Chair, OASIS.

Similar presentations

Ads by Google