1 Information and Data Privacy: An Indian Perspective  Why is this important? Public concern about privacy.  Considerable concern in developed countries.

Slides:

Advertisements

Similar presentations

Data Protection Law In India iPleaders and Intelligent Legal Risk management LLP.

Advertisements

CcTLD Meetings Rome 2004 WHOIS & Data Privacy Jean-Christophe Vignes Registry Liaison Manager.

The Gathering Cloud computing - Legal considerations David Goodbrand, Partner 28 February 2013 Aberdeen Edinburgh Glasgow.

Greg Lamb. Introduction It is clear that we as consumers and entrepreneurs cannot expect complete privacy when discussing business matters. However… There.

Security Controls – What Works

 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.

Developing a Records & Information Retention & Disposition Program:

Managing Data Resources

1 Pertemuan 7 Points of Exposure Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.

Genetics & Privacy By Karen Gately, Bill Lupin, Laura Kim and Maria Bagdasarian.

Syr Johnathan Duncan. GIS What is GIS? Geography is information about the earth's surface and the objects found on it, as well as a framework for organizing.

ICAICT202A - Work and communicate effectively in an IT environment

What if my organization conducts business across borders ? Your footnote Privacy and “Personal Information” have different meanings in different countries;

Contemporary Issues in Canadian Health Care Nola M. Ries, MPA, LLM Adjunct Assistant Professor, University of Victoria Research Associate, Health Law Institute,

Privacy in Computing Legal & Ethical Issues in Computer …Security Information Security Management …and Security Controls Week-9.

Personal Data (Privacy) Ordinance Hong Kong Personal Data (Privacy) Ordinance Hong Kong by Stephen Lau Privacy Commissioner for Personal Data Hong Kong.

Operational Data Tools Chapter Eight. Copyright © Houghton Mifflin Company. All rights reserved.8–28–2 Chapter Eight Learning Objectives To learn database.

Dealing with confidential research information and consent agreements in research Louise Corti Associate Director UK Data Archive University of Glamorgan.

Practical Information Management

1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public.

Chapter 11 Databases. 11 Chapter 11: Databases2 Chapter Contents  Section A: File and Database Concepts  Section B: Data Management Tools  Section.

Computer and Internet privacy University of Palestine University of Palestine Eng. Wisam Zaqoot Eng. Wisam Zaqoot Feb 2010 Feb 2010 ITSS 4201 Internet.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

The Data Protection Act 1998 The Eight Principles.

7-Oct-15 Threat on personal data Let the user be aware Privacy and protection.

Privacy, Quality and Electronic Health Information Royal New Zealand College of GPs Quality Forum 14 February 2009 Sebastian Morgan-Lynch

Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.

The Eighth Asian Bioethics Conference Biotechnology, Culture, and Human Values in Asia and Beyond Confidentiality and Genetic data: Ethical and Legal Rights.

Privacy BBA361 Business Ethics and Corporate Governance Lecture 4 Department of Business Administration Chapter 6, “Ethics and the Conduct of Business”,John.

Managing Data Against Insider Threats Dr. John D. Johnson, CISSP.

1 Privacy Preserving Data Mining Haiqin Yang Extracted from a ppt “Secure Multiparty Computation and Privacy” Added “Privacy Preserving SVM”

ETHICS, POLICY & SECURITY ISSUES

POSTAL CONFERENCE 25 th – 27 th February 2015 Nairobi, Kenya By Yvonne UMUTONI Chairperson of EACO Working Group 9 (Quality of Service and Consumer Affairs)

IT Strategy for Business © Oxford University Press 2008 All rights reserved Chapter 12 IT Security Strategies.

An Introduction to the Privacy Act Privacy Act 1993 Promotes and protects individual privacy Is concerned with the privacy of information about people.

Data Protection: Workplace, Health and Safety. Employers’ responsibilities Employer obliged to provide safe place of work. Health and Safety Act 2004.

Human Rights Act, Privacy in the context of auditing Phil Huggins Chief Technologist, IRM PLC

James Fox Shane Stuart Danny Deselle Matt Baldwin Acceptable Use Policies.

TOP 10 TECHNOLOGY INITIATIVES Robert G Parker July 12, 2013.

PHDSC Privacy, Security, and Data Sharing Committee Letter to Governors.

Objectives  Legislation:  Understand that implementation of legislation will impact on procedures within an organisation.  Describe.

Security Methods for Statistical Databases. Introduction  Statistical Databases containing medical information are often used for research  Some of.

Pat Tyrrell Vale Atlantic Associates 5 June 2009AFCEA TechNet.

Computer Laws Data Protection Act 1998 Computer Misuse Act 1990.

ERP and Related Technologies

Chapter 16 – Technological Development Technological Development Employees, managers and organisations, as well as the population in general, take for.

Big Data Analytics: An Ethical Question Leah Korganowski COMP 607 – Fall 2015.

Presented by Ms. Teki Akuetteh LLM (IT and Telecom Law) 16/07/2013Data Protection Act, 2012: A call for Action1.

1 HIPAA’s Impact on Depository Financial Institutions 2 nd National Medical Banking Institute Rick Morrison, CEO Remettra, Inc.

Information Security and Privacy in HRIS

Health Insurance – Trends in Claim Handling

Mirjana Boshnjak Skopje, 20 to 22 September 2017

Privacy principles Individual written policies

Data Sharing, Storage, & Consent

IS4680 Security Auditing for Compliance

Service Organization Control (SOC)

Trends in my profession, Information Technology

GENERAL DATA PROTECTION REGULATION (GDPR)

Data Sharing, Storage, & Consent

CONFIDENTIALITY, INTEGRITY, LEGAL INTERCEPTION

The Public Sector Equality Duty

Other Sources of Information

American Health Information Management Association

Exchange and Sharing of Economic Data

Introduction to Health Privacy

The Public Sector Equality Duty

INFORMATION SYSTEMS IN ORGANIZATIONS

Confidentiality in the Workplace

Getting Ready For GDPR Simon Marks Director

Presentation transcript:

1 Information and Data Privacy: An Indian Perspective  Why is this important? Public concern about privacy.  Considerable concern in developed countries on the issue of using a customer’s personal information or data for intrusive and malicious purposes.  Not much importance in developing countries like India because of lack of awareness and also perceptions differ.  Concept of privacy is different in different countries and cultures.

2 Introduction  Recent advances in Data Mining enable extraction of patterns about consumers based on data that is available freely on the web  Extracting meaningful and useful knowledge from consumer data is necessary to serve the consumer better, offer better services and also in some cases for security purposes  Also fraught with the risk of infringing on the consumer’s individual privacy as ‘confidential’ information about a customer may be used to discriminate against him/her.

3 Objective  Review current privacy problems  Analyze the existing or stated privacy policies of some leading companies in India in the telecom, banking and insurance sectors to see if they agree and if not what are the significant differences.  Introduce the concept of Privacy Preserving Data Mining (PPDM) and describe the main approaches.  Come up with a framework to suggest which PPDM method may be applied in which domain.

4 Key Findings Sector\Comp- pany AirtelVodafoneReliance TelecomPolicy exists Only company that emphasizes on the issue of sharing customers’ information outside India. Applicability of Indian privacy policies or laws in other countries where the data may be stored is a complex matter. Can have security implications.

5 Key Findings(Cont.) Sector Company ICICIHDFCState Bank of India (SBI) BankingPolicy exists May use private data to protect bank's interest Does not allow sharing customers confidential information unless required by law Only bank to have a clear policy on how to limit access to customer information by their employees

6 Key Findings(Cont.) Sector Company LICICICI LombardHDFC-SL InsurancePolicy exists May collect unnamed statistics which do not personally identify the user. Reserves right to perform statistical analyses but will provide only aggregated data from these analyses to third parties Log files are analyzed so that individual user is not identified. All companies can share aggregate data and overall trends without revealing individual identity HDFC_SL retains the right to share aggegated non- personally identifiable information with third parties.

7 Key Recommendations Recommendations Sector TelecomData Transformation /randomization under PPDM approach BankingSecure Multiparty computaion under PPDM related methods InsuranceVertically partitioning the Data followed by a simple Data transformation

8 Recommendation Justifications  In the Telecom domain companies primarily collect personal data on calling patterns and conduct surveys for planning. Customers would give share more accurate information if they knew their privacy would be protected, therefore Data transformation/randomization is proposed.  In Banking sector different parties wish to share results on joint data owned by different parties and so secure multiparty computation is suggested.

9 Recommendation Justifications(Cont.)  In insurance sector one has to deal with sensitive information like private health records.  It is crucial that the personal data identifying an individual uniquely, their medical history and DNA sequences (if available) are stored such that they can not be brought together by a common user.  Vertical partitioning of the data followed by a simple transformation of the private data is therefore suggested.

10 Conclusion  Policies on Information sharing are inconsistent across domains and across companies  Personal information is not always separated from public information  Policy makers in telecom, banking and insurance should be aware of privacy breaches as a result of data mining on publicly available data and therefore possible misuses.  Use of PPDM methods as suggested in appropriate domains will ensure benefits of data mining to reach the consumer without the associated pitfalls