Privacy By Design Sample Use Case

Slides:



Advertisements
Similar presentations
Module N° 6 – Prescription/Performance based environment.
Advertisements

Module N° 7 – SSP training programme
Module N° 4 – ICAO SSP framework
Session No. 4 Implementing the State’s Safety Programme Implementing Service Providers SMS
The ANSI/SPARC Architecture of a Database Environment
Chapter 1 Business Driven Technology
Overview What is the National ITS Architecture? User Services
Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.
Privacy By Design Draft Privacy Use Case Template
Vehicle-infrastructure integration: creating co-operative mobility systems and services Hearing EU Parliament, 22 January 2009 Hermann Meyer, CEO.
DR MACIEJ JUNKIERT PRACOWNIA BADAŃ NAD TRADYCJĄ EUROPEJSKĄ Guide for Applicants.
Fluff Matters! Information Governance in an Online Era Lisa Welchman.
EEN [Canada] Forum Shelley Borys Director, Evaluation September 30, 2010 Developing Evaluation Capacity.
Irwin/McGraw-Hill Copyright © 2004 The McGraw-Hill Companies. All Rights reserved Whitten Bentley DittmanSYSTEMS ANALYSIS AND DESIGN METHODS6th Edition.
Centers for IBM e-Business Innovation :: Chicago © 2005 IBM Corporation IBM Project October 2005.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
Irwin/McGraw-Hill Copyright © 2000 The McGraw-Hill Companies. All Rights reserved Whitten Bentley DittmanSYSTEMS ANALYSIS AND DESIGN METHODS5th Edition.
Chapter 2: IS Building Blocks Objectives
Lecture 1: Systems super systems, systems & subsystems SYS366.
System Engineering Instructor: Dr. Jerry Gao. System Engineering Jerry Gao, Ph.D. Jan System Engineering Hierarchy - System Modeling - Information.
Chapter 12 selling overview Section 12.1 The Sales Function
Privacy By Design Sample Use Case Privacy Controls Insurance Application- Vehicle Data.
Internal Auditing and Outsourcing
Consumer Behavior, Market Research
CUI Statistical: Collaborative Efforts of Federal Statistical Agencies Eve Powell-Griner National Center for Health Statistics.
PMRM Overview and Privacy Management Analysis Tools Development John Sabo Gershon Janssen
Metadata: Integral Part of Statistics Canada Quality Framework International Conference on Agriculture Statistics October 22-24, 2007 Marcelle Dion Director.
Bina Nusantara 2 C H A P T E R INFORMATION SYSTEM BUILDING BLOCKS.
OASIS PRIVACY MANAGEMENT REFERENCE MODEL EEMA European e-identity Management Conference Paris, June 2012 John Sabo, CA Technologies Co-Chair, OASIS.
MSF Requirements Envisioning Phase Planning Phase.
WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ Identity and Privacy: the.
INFORMATION SYSTEMS Overview
Virtual Business CREATING A WEB PRESENCE Copyright © Texas Education Agency, All rights reserved.
Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.
Session ID: Session Classification: Dr. Michael Willett OASIS and WillettWorks DSP-R35A General Interest OASIS Privacy Management Reference Model (PMRM)
1 Unit 1 Information for management. 2 Introduction Decision-making is the primary role of the management function. The manager’s decision will depend.
1-1 System Development Process System development process – a set of activities, methods, best practices, deliverables, and automated tools that stakeholders.
Overview Privacy Management Reference Model and Methodology (PMRM) John Sabo Co-Chair, PMRM TC.
Copyright © 2004 The McGraw-Hill Companies. All Rights reserved Whitten Bentley DittmanSYSTEMS ANALYSIS AND DESIGN METHODS6th Edition Irwin/McGraw-Hill.
Customer Interface for wuw.com 1.Context. Customer Interface for wuw.com 2. Content Our web-site can be classified as an service-dominant website. 3.
FEA DRM Management Strategy Presented by : Mary McCaffery, US EPA.
Introduction to Information Security
1 Accounting systems design & evaluation Karen Lau 25 Feb 2002.
Technical Support to SOA Governance E-Government Conference May 1-2, 2008 John Salasin, Ph.D. DARPA
Foundations of Information Systems in Business. System ® System  A system is an interrelated set of business procedures used within one business unit.
Examining Workplace Policies and Practices: Opportunities for Intervention Kristin Olsen Minot, M.S., Philadelphia Health Management Corp. Howard “Chip”
Providing web services to mobile users: The architecture design of an m-service portal Minder Chen - Dongsong Zhang - Lina Zhou Presented by: Juan M. Cubillos.
 CMMI  REQUIREMENT DEVELOPMENT  SPECIFIC AND GENERIC GOALS  SG1: Develop CUSTOMER Requirement  SG2: Develop Product Requirement  SG3: Analyze.
Search Engine Optimization © HiTech Institute. All rights reserved. Slide 1 Click to edit Master title style What is Business Analysis Body of Knowledge?
MSA Orientation – v203a 1 What’s RIGHT with the CMMI?!? Pat O’Toole
PMRM Revision Discussion Slides Illustrations/Figures 1-3 o Model, Methodology, “Scope” options Functions, Mechanisms and “Solutions” Accountability and.
© Tata Consultancy Services ltd.12 June Metadata and Data Standards Levels of Metadata C. Anantaram Innovation Lab.
Business Challenges in the evolution of HOME AUTOMATION (IoT)
1. Scope of Application 2. Use Case Actors Data Flows Touch Points Initial PI 3. PI - at Touch Points In Internal Out 4. PI - Operational Privacy Policies.
1 The XMSF Profile Overlay to the FEDEP Dr. Katherine L. Morse, SAIC Mr. Robert Lutz, JHU APL
Application Of Cloud Computing On Cooperative Supply Chain Management
The Components of Information Systems
Global Anti-Lock Braking System (ABS) Market (2016 – 2022)
The Demand for Audit and Other Assurance Services
Discovering Computers 2010: Living in a Digital World Chapter 14
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Page 1 Fundamentals of Information Systems.
Succeeding as a Systems Analysts
Service Organization Control (SOC)
Information Systems Supports Business processes
Bob Siegel President Privacy Ref, Inc.
The Components of Information Systems
IS4550 Security Policies and Implementation
Information System Building Blocks
COIT 20253: Business Intelligence Using Big Data
Microsoft Data Insights Summit
Presentation transcript:

Privacy By Design Sample Use Case Insurance Application- Vehicle Data

Use Case Template Development Map (Five Stages) Use Case Title Category Description Regulatory and Business Policies Privacy Controls Functional Services Applications Data Subjects Domains Domain Owners Roles Data Flows Touch Points Systems Products PI/PII

Use Case Development Stage One Use Case Title Acme Insurance Company Vehicle Data Tracking for Reduced Premiums  

Use Case Development Stage One 2. Category of Use Case: “Mobile-Vehicular”     

Use Case Development Stage One    3. General description of the Use Case: The Acme Insurance Company in Toronto, Canada, offers customers the opportunity to enroll in a program to have specific vehicular data automatically transmitted from their vehicle to the company. With data subject consent and agreement with the privacy policies associated with this program, Acme will establish a communication link to the vehicle manufacturer, located in Bruges, and receive specific vehicle data relevant to driving behaviors, including speed, location, trip frequency and duration, miles driven, and safety function deployments such as ABS activation. These data flows are integrated with Acme’s backend systems, which include algorithms for calculating driving patterns related to driving behaviors and risk of accidents. In exchange, the Acme Insurance Company offers a program of increasing reductions in the customer’s premiums for driving patterns indicative of good driving behaviors and reduced accident risk. Local insurance agents have access to summary information related to their customer driving patterns.  

Use Case Development - Stage One   [Description highlights] customers may enroll in a program to have specific vehicular data automatically transmitted from their vehicle to Acme to assess driving behaviors In return, Acme Insurance offers yearly reductions in the customer’s premiums for driving patterns indicative of good driving behaviors and reduced accident risk with data subject consent and agreement with privacy policies, the company opens a communication link to the vehicle manufacturer for that customer’s vehicle data data includes speed, location, time/date, trip frequency and duration, miles driven, safety function deployments such as ABS activation Insurance company backend systems use algorithms to infer driving patterns indicative of driving behaviors, accident risk Local insurance agents have access to summary driving information for their customers the insurance company and manufacturer are located in different countries

Use Case Development Stage Two 4. Application(s) associated with Use Case (Relevant applications and products where personal information is communicated, created, processed, stored or deleted): Vehicle’s Internal Communications Application (Vehicle Data Collection and Communication to Vehicle Manufacturer) Vehicle Manufacturer Backend Data Collection Application Insurance Company’s Data Collection and Analysis App Insurance Company’s Customer Facing Web Portal Insurance Company’s Agent Portal

Use Case Development Stage Two 5. Data subject(s) associated with Use Case (Include any data subjects associated with any of the applications in the use case) The registered Insured person associated with the vehicle VIN Other drivers designated by the vehicle owner

Use Case Development Stage Two 6. Domain Owners, Domains and Roles associated with Use Case – Definitions: Domain Owner - the Participant responsible for ensuring that privacy controls and functional services are managed in business processes and technical systems within a given domain Domain - both physical areas (such as a customer site or home) and logical areas (such as a wide-area network or cloud computing environment) that are subject to the control of a particular domain owner Roles - the roles and responsibilities assigned to specific Participants and Systems within a specific privacy domain  

Use Case Development Stage Two 6. Domain Owners, Domains and Roles associated with Use Case - continued Domain 1: Hudson Motor Company’s Vehicle Communications Data Center, Vehicle Owner’s Web Portal and Backend Data Collection Application Domain 1 Owner: VP, Vehicle Manufacturer’s Vehicle Communication and Data Division Role: Application design, development, content, testing, integration testing with external systems, and adherence to corporate security and privacy policies; management of raw datasets of vehicle information.  

Use Case Development Stage Two 6. Domain Owners, Domains and Roles associated with Use Case - continued Domain 2: Acme Insurance Customer Vehicle Data Communications and Processing Application Domain Owner: VP for Customer Vehicle Support Programs Role: Application concept and specifications, content, production certification, communication with external systems, and adherence to corporate security and privacy policies; management of sub-sets of vehicle information associated with operation of the vehicle, including date/time of operation, location, speed, braking data, airbag deployment….  

Use Case Development Stage Two 6. Domain Owners, Domains and Roles associated with Use Case - continued Domain 3: Acme Insurance Software Development Group Domain Owner: CTO Role: Application design, software development, testing, integration testing, production certification, communication with external systems, and adherence to corporate security and privacy policies; management of live test data associated with operation of the vehicle, including date/time of operation, location, speed, braking data, airbag deployment….  

Use Case Development Stage Two 6. Domain Owners, Domains and Roles associated with Use Case - continued Domain 4: Insurance Company Customer Portal Domain Owner: VP for Customer Vehicle Support Programs Role: Application concept and specifications, content, production certification, communication with external systems, and adherence to corporate security and privacy policies; management of individual customer preferences, consent information, additional vehicle operators, and driving information  

Use Case Development Stage Two 6. Domain Owners, Domains and Roles associated with Use Case - continued Domain 5: Insurance Company Analytics Processing System for Vehicle Data Domain Owner: VP for Advanced Analytics Role: Schema and analytics design, software development and testing, data processing, data storage, data disposition, reports and files output to Customer Profile Department; management of driving evaluation assessment data derived from system-based algorithms  

Use Case Development Stage Two 6. Domain Owners, Domains and Roles associated with Use Case - continued Domain 6: Customer Profile Department Domain Owner: Director, Customer Profile Department Role: Review of files and driving profiles received from Analytics, interface with insurance agents servicing customers, review of automated decision recommendations requiring further analysis’ management of summary assessment information  

Use Case Development Stage Two 6. Domain Owners, Domains and Roles associated with Use Case - continued Domain 7: Local Insurance Agent Domain Owner: EVP for Regional Sales Role: Review of files and summary driving profiles received from Analytics, interface with customers, explanation of summary assessment information  

Use Case Development Stage Three 7. Systems supporting the Use Case applications (System - a collection of components organized to accomplish a specific function or set of functions having a relationship to operational privacy management) Insurance Customer Web Portal (customer interface) Insurance Vehicle Data Processing System (“VDPS”) Vehicle Manufacturer Data Management/Communication System (“Up-Star”) ….

Use Case Development Stage Three 8. PI and PII covered by the Use Case (The PI and PII collected, created, communicated, processed, stored or deleted within privacy domains or systems, applications or products) Registered driver name, Account Number, VIN Registered driver contact information linked vehicle operational data Linked vehicle time and location data linked evaluation assessment and summary information [Note: per domain, system, application or product depending on level of use case analysis]

Use Case Development Stage Four 9. Data Flows and Touch Points Linking Domains or Systems Touch points - the points of intersection of data flows with privacy domains or systems within privacy domains Data flows – data exchanges carrying PI and privacy policies among domains in the use case

Use Case Development Stage Four 9. Data Flows and Touch Points Linking Domains or Systems – Hudson Motor Company Communications Division Hudson Motors Vehicle Backend Data Operations Vehicle Web Portal Vehicle Communications System

Use Case Development Stage Four Acme Insurance Customer Vehicle Programs Customer Profile Dept. Analytics Domain Customer Portal Software Development Group Data Communications Local Agent portal 9. Data Flows and Touch Points Linking Domains or Systems - Acme Insurance Company

Use Case Development Stage Four 9. Data Flows and Touch Points Linking Domain Clusters Communications Division Hudson Motors Vehicle Backend Data Operations Vehicle Web Portal Vehicle Communications System Acme Insurance Customer Vehicle Programs Customer Profile Dept. Analytics Domain Customer Portal Software Development Group Data Communications Local Agent portal

Use Case Development Stage 5 10. Legal, regulatory and /or business policies governing PI and PII in the Use Case (The policies and regulatory requirements governing privacy conformance within use case domains or systems and links to their sources) Government(s) regulations Vehicle Manufacturer privacy policies Telecom Carrier privacy policies Insurance Company privacy policies Data Subject Consent preferences Specific policies governing apps (e.g., “Data Communications to Manufacturer” Links to policies …. http://acmeinsurancegroupinc.biz/vehicle privacy/ http://HudsonCarCompany.biz/privacy_vehicle….

Use Case Development Stage 5 11. Privacy controls required within the Use Case Control - a process designed to provide reasonable assurance regarding the achievement of stated objectives  [Note: to be developed against specific domain, system, or applications as required by internal governance policies and regulations]

Use Case Development Stage 5 12. Functional Services Necessary to Support Privacy Controls Service - a collection of related functions and mechanisms that operate for a specified purpose  

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.