29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.

Slides:



Advertisements
Similar presentations
Terra Incognita Auditing for Privacy Workshop: Chairman’s Remarks
Advertisements

EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure.
National HIT Agenda and HIE John W. Loonsk, M.D. Director of Interoperability and Standards Office of the National Coordinator Department of Health.
29 July 2007 Association of the Lebanese Software Industry (ALSI) Joe Abi-Aad President of ALSI Lebanon Soft Shore The result of a successful collaboration.
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
WTO - TBT Committee Ana Maria Vallina, PhD Coordination Among Regulatory Bodies: The Chilean Experience Ana Maria Vallina PhD Head of Foreign Trade Department.
1 Enforcement Powers of National Data Protection Authorities and Experience gained of the Data Protection Directive Safe Harbour Conference Washington.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
The Geopolitics of Personal Data and the Governance of Privacy Colin J. Bennett Department of Political Science University of Victoria BC, Canada
Data-Sharing and Governance Consultation ANALYSIS OF RESPONSES.
© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Management for a Global Enterprise.
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
Security Controls – What Works
Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.
The U.S.-E.U. Safe Harbor Framework The U.S.-E.U. Safe Harbor Framework New Developments in Data Flows, Standards, & Compliance Damon Greer U.S. Department.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.
WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ Identity and Privacy: the.
Romanian Court of Accounts years of existence.
PMRM TC Emergency Responder Use Case Draft: 2 Aug 2011.
The European influence on privacy law and practice Nigel Waters, Pacific Privacy Consulting International Dimension of E-commerce and Cyberspace Regulation.
Session ID: Session Classification: Dr. Michael Willett OASIS and WillettWorks DSP-R35A General Interest OASIS Privacy Management Reference Model (PMRM)
EU perspective on occupational health and safety - role and place of unions Károly György Kiev, December December Károly György, MSZOSZ.
Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All SMART GRID ICT: SECURITY, INTEROPERABILITY & NEXT STEPS John O’Neill, Senior Project Manager CSA.
Europe's work in progress: quality of mHealth Pēteris Zilgalvis, J.D., Head of Unit, Health and Well-Being, DG CONNECT Voka Health Community 29 September.
European Data Protection Supervisor Pharmaceutical Regulatory & Compliance Congress, Brussels, 7 June 2007 European Privacy and Data Protection Policy.
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.
Federal Trade Commission U.S. Rules on Privacy and Data Security Organization for International Investment General Counsel Conference October 16, 2009.
1 The ISTPA Privacy Framework John Sabo Manager, Security, Privacy and Trust Initiatives Computer Associates Workshop on the Relationship between Security.
U.S. Department of Education Safeguarding Student Privacy Melanie Muenzer U.S. Department of Education Chief of Staff Office of Planning, Evaluation, and.
1 Designing a Privacy Management System International Security Trust & Privacy Alliance.
Cloud Computing and Standards - A Regulator’s View OASIS International Cloud Symposium 11 October 2011 Steven Johnston, CISSP Senior Security and Technology.
1 Copyright © International Security, Trust & Privacy Alliance -All Rights Reserved Making Privacy Operational International Security, Trust.
Technology Services – National Institute of Standards and Technology Implementing the National Technology Transfer and Advancement Act in the Federal Government.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Daniel Field, Atos Spain Towards the European Open Science Cloud, Heidelberg, 20/01/2016.
Privacy Audit and Privacy Seal Barbara Körffer & Dr. Thomas Probst Independent Centre for Privacy Protection Independent Centre for Privacy ProtectionSchleswig-Holstein.
Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.
Microsoft 365 Get help with regulatory compliance
Ethical questions on the use of big data in official statistics
years of existence.
Analysis of Privacy and Data Protection Laws and Directives
Enforcement and Policy Challenges in Health Information Privacy
Neopay Practical Guides #2 PSD2 (Should I be worried?)
Presentation transcript:

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS CONFERENCE 29e Confrence internationale des commissaires à la protection de la vie prive

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS CONFERENCE 29e Confrence internationale des commissaires à la protection de la vie prive Saying what you do and doing what you say: Arguments and Prospects for an International Privacy Standard Colin J. Bennett Department of Political Science University of Victoria, BC. Robin Bayley Linden Consulting Inc. Victoria, BC.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS CONFERENCE 29e Confrence internationale des commissaires à la protection de la vie prive Why organizations registered to ISO 9001 should have better personal information management Awareness of their operating systems and personal data holdings Staff training Must think through and address regulatory requirements Ability to capitalize on outside expertise, through conformity assessment process

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS CONFERENCE 29e Confrence internationale des commissaires à la protection de la vie prive Requirements of a Privacy Management Standard Translation of Fair Information Principles into language and format of standards Provision of guidance for implementing the principles in organizations Appropriate conformity assessment tools for business size and data sensitivity Audit guide Accreditation system for privacy auditors

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS CONFERENCE 29e Confrence internationale des commissaires à la protection de la vie prive Overlap between quality management and data protection Transparency of policy and purpose Procedures for interaction with data subjects –Complaints resolution –Access and correction requests –Consent provision and withdrawal Personal data management procedures –Data security –Data quality –Data retention

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS CONFERENCE 29e Confrence internationale des commissaires à la protection de la vie prive Motivations for adoption of privacy standards Through Educational and Regulatory Powers of Data Protection Authorities Through Desire for Competitive Advantage Through Referencing the Standard in Contracts

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS CONFERENCE 29e Confrence internationale des commissaires à la protection de la vie prive Initiatives for Privacy Management Standardization National Standards Bodies –Canadian Standards Association (CSA) –American National Standards Institute (ANSI) International Standardization Organization (ISO) –Work of JTC-1 of ISO and International Electro-Technical Commission (IEC) European Committee for Standardization/Information Society Standardization System (CEN/ISSS) International Security, Trust, and Privacy Alliance (ISTPA).

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS CONFERENCE 29e Confrence internationale des commissaires à la protection de la vie prive Standards Briefing John Hopkinson ISSPCS-Prac CISSP ISP CDRP Security Strategist, EWA /IIT President ISSEA Chair CAC-JTC1/TCIT

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS CONFERENCE 29e Confrence internationale des commissaires à la protection de la vie prive ISO/IEC JTC 1 JTC 1 is unique –It is a hybrid of both ISO and IEC –30% of customers are other standards developers –It produces Base Standards –It must always assume the worst case Has been developing standards related to Privacy for the last 7 to 10 years

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS CONFERENCE 29e Confrence internationale des commissaires à la protection de la vie prive ISO/IEC JTC 1/SC 17 Concerned with privacy related to card technology applications Includes data on smart & optical cards Not currently reviewing standards for privacy The chair authored two Privacy Impact assessments for advanced card technologies

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS CONFERENCE 29e Confrence internationale des commissaires à la protection de la vie prive ISO/IEC JTC 1/SC 27 Created a new WG for Privacy, projects on –A Privacy Framework –A Privacy Reference Architecture –Privacy infrastructures –Anonymity and credentials –Specific Privacy Enhancing Technologies (PETs) –Privacy Engineering

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS CONFERENCE 29e Confrence internationale des commissaires à la protection de la vie prive ISO/IEC JTC 1/SC 31 Develops standards for RFID Is starting to consider Privacy Added the Kill bit function to the ISO/IEC standard Memory blocks include password protection

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS CONFERENCE 29e Confrence internationale des commissaires à la protection de la vie prive ISO/IEC JTC 1/SC 32 Standards for data mgt and interchange including e- commerce Deal with e-Business, Metadata, Database Languages, & SQL Multimedia & Application Packages Recognizes individual as a sub-type of Person, have rights which e-Business standards must support

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS CONFERENCE 29e Confrence internationale des commissaires à la protection de la vie prive ISO/IEC JTC 1/SC 36 Standards of Learning, Education & Training Support for legal requirements Surveying members for specifics of National requirements Most important standard –ISO/IEC Individualized Adaptability and Accessibility in e-Learning, Education and Training

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS CONFERENCE 29e Confrence internationale des commissaires à la protection de la vie prive ISO/IEC JTC 1/SC 37 Develop standards for Biometrics Has started to consider Privacy Working on –Cross-Jurisdictional and Societal Aspects of Implementation of Biometric Technologies –Guide to the Accessibility, Privacy and Health and Safety Issues in the deployment of Biometric Systems for Commercial Application

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS CONFERENCE 29e Confrence internationale des commissaires à la protection de la vie prive Other Standards Development Several Consortia are active, including –ISSEA –ISTPA –OASIS –OMG –W3C Likely several others

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS CONFERENCE 29e Confrence internationale des commissaires à la protection de la vie prive Canadian Privacy Standardization Strategy 21 & 22 Feb 2007; OPC, CSA, SCC, CGSB Privacy Standardization Roadmap What is available & What is needed Workshop Report +, Special Needs, Conformance, sharing Best Practices,Timing critical, Engagement

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS CONFERENCE 29e Confrence internationale des commissaires à la protection de la vie prive ISSUES ISO/IEC JTC 1 and others A lack of coordination of Privacy activities No real focal point for Privacy work Lack harmonized privacy principles Need Privacy community & technical standards cooperation

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS CONFERENCE 29e Confrence internationale des commissaires à la protection de la vie prive Making Privacy Operational Updating the ISTPA Privacy Framework John T. Sabo President, International Security Trust and Privacy Alliance (ISTPA) Director Global Government Relations CA, Inc.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS CONFERENCE What is the ISTPA? The International Security, Trust, and Privacy Alliance (ISTPA), founded in 1999, is a global alliance of companies, institutions and technology providers working together to clarify and resolve existing and evolving issues related to security, trust, and privacy. ISTPAs focus is on the protection of personal information (PI) See ISTPA

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS CONFERENCE 29e Confrence internationale des commissaires à la protection de la vie prive Privacy Reality: Complex, Challenging Industry Global Laws Regulations Evolving nature and concepts of Privacy Technology Standards Information Society National Security Digital Economy Forces Rapid Change

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS CONFERENCE 29e Confrence internationale des commissaires à la protection de la vie prive Global Privacy Laws and Policies – Wide Variance OECD Privacy Principles Fair Information Practices CSA Model Code U.S. Privacy Act EU Data Directive HIPAA APEC Privacy Framework

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS CONFERENCE ISTPAs Perspective on Privacy Operational - Solution Focus – Migrate to privacy engineering discipline – Privacy framework supporting full privacy lifecycle – Not a policy framework – rather this is a technical framework for business processes and supporting IT systems Platform for multidisciplinary collaboration Must address variations in law and policies Industry Specific Use Cases ISTPA

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS CONFERENCE 29e Confrence internationale des commissaires à la protection de la vie prive ISTPA Framework v 1.1 Concepts An open, policy configurable set of collaborating services and capabilities used to guide the analysis, design and implementation and assessment of privacy solutions and infrastructure An architectural approach that provides a template usable by IT architects and program managers to develop interoperable applications

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS CONFERENCE 29e Confrence internationale des commissaires à la protection de la vie prive ISTPA Privacy v 1.1 Framework Services Control – policy – data management Certification – credentials, trusted processes Interaction - manages data/preferences/notice Negotiation – of agreements, rules, privileges Agent – software that carries out processes Usage – data use, aggregation, anonymization Audit – independent, verifiable accountability Validation - checks accuracy of PI Enforcement – including redress for violations Access - subject correct/update PI

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS CONFERENCE 29e Confrence internationale des commissaires à la protection de la vie prive ISTPA Framework Submitted as ISO Publicly Available Specification Submitted by ISSEA (International Systems Security Engineering Association) in October Balloting was to close December 11, 2004 Caused significant discussion, including Privacy Technology Study Group under ISO JTC-1 Withdrawal requested November 22, 2004 for additional work

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS CONFERENCE 29e Confrence internationale des commissaires à la protection de la vie prive Recent Work: Analysis of Privacy Principles: Making Privacy Operational Select representative global privacy laws & directives Analyze disparate language, definitions and expressed requirements Parse expressed requirements into working set of privacy principles Cross-map and derive common and unique requirements

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS CONFERENCE 29e Confrence internationale des commissaires à la protection de la vie prive Selected Laws, Directives, Codes The Privacy Act of 1974 (U.S.) OECD Privacy Guidelines UN Guidelines EU Data Protection Directive Canadian Standards Association Model Code Health Insurance Portability and Accountability Act (HIPAA) US FTC Fair Information Practice Principles US-EU Safe Harbor Privacy Principles Australian Privacy Act Japan Personal Information Protection Act APEC Privacy Framework California Security Breach Bill

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS CONFERENCE 29e Confrence internationale des commissaires à la protection de la vie prive Derived Core Privacy Principles Accountability Notice Consent Collection Limitation Use Limitation Disclosure Access & Correction Security/Safeguards Data Quality Enforcement Openness Additionally: Anonymity Data Flow Sensitivity

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS CONFERENCE 29e Confrence internationale des commissaires à la protection de la vie prive Example: Notice Principle Includes: definition of the personal information collected its use (purpose specification) its disclosure to parties within or external to the entity practices associated with the maintenance and protection of the information options available to the data subject regarding the collectors privacy practices changes made to policies or practices information provided to data subject at designated times and under designated circumstances

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS CONFERENCE 29e Confrence internationale des commissaires à la protection de la vie prive Next Steps: Path to ISTPA Privacy Framework v 2.0 Use Analysis study to evaluate existing Framework – full document available online Analysis being used by external organizations Complete expansion of Framework functions, including function labeling Continue collaboration with ISSEA on security mapping Continue development of Master Toolset project to make Framework more accessible and usable Expected draft v 2.0: 2008

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS CONFERENCE 29e Confrence internationale des commissaires à la protection de la vie prive Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.