Presentation is loading. Please wait.

Presentation is loading. Please wait.

Richard Purcell Corporate Privacy Officer Microsoft Corporation

Published byHoward Foster Modified over 5 years ago

Similar presentations

Presentation on theme: "Richard Purcell Corporate Privacy Officer Microsoft Corporation"— Presentation transcript:

1 Richard Purcell Corporate Privacy Officer Microsoft Corporation
Trustworthy Computing: Privacy, Security & Usability HIPAA – Summit West II Coordinating Security & Privacy Richard Purcell Corporate Privacy Officer Microsoft Corporation

2 Microsoft Corporation
What is Privacy? It’s about me Who I am, where I am, what I do It’s about being in control I control who gets access Let me be the judge about use It’s about being left alone Don’t bug me It’s about respect Like I said, don’t bug me 11/9/2018 Microsoft Corporation

3 What is the Value of My Information?
For me: Defines WHO I am as an individual Defines WHAT I do and WANT Defines WHERE I am and WHEN For others: In emergencies, it’s critical In communities, it’s important In business, it’s convenient In some cases, I’d rather be invisible Most importantly – it’s empowering! 11/9/2018 Microsoft Corporation

4 When Information is Critical
Don’t expect any privacy Emergencies like 911 Identify-based services, like passports Use of others’ resources as employees Legal actions like taxes and divorce Law enforcement like stop signs 11/9/2018 Microsoft Corporation

5 When Information is Important
Financial dealings like bank and credit accounts Job applications like resumes and references Airline travel Medical services Contracted services Government protections 11/9/2018 Microsoft Corporation

6 When Information is Convenient
Business transactions like catalog purchases Local/national directories like phone books and church directories Retail sales like tailored clothing Personal preferences like nutritional requirements 11/9/2018 Microsoft Corporation

7 Microsoft Corporation
This is Easy, Right? Nope – it’s way complicated Privacy requires Security, but not too much Security doesn’t require privacy at all Gov’ts compel information … …and promises to reveal it, too! No one really can agree on what privacy means No one-size-fits-all formula 11/9/2018 Microsoft Corporation

8 Microsoft Corporation
How Hard Could It Be? Do you want your government to know about you? To tax me to the max? Rather not! Public services? OK! Protective services? Darned right! 11/9/2018 Microsoft Corporation

9 Microsoft Corporation
Keep this Stuff Secure! Different kinds of data require different protections Name & address – some, but not a lot Shopping behaviors – a bit more Finances – a lot Health – quite a lot Political, sexual, racial – lots & lots Configuring security can be quite complicated Data types and potentials uses (and abuses) are the key 11/9/2018 Microsoft Corporation

10 Oh, yeah, Make it Easy for Me to Use, Too!
High security means high difficulty That’s the point – security makes it hard to get to the data If it’s hard for someone else to get to my data, then it’s hard for me to get to it, too Base Points: Recognition is not enough Authentication is often required Authorization has to be based on verified identity 11/9/2018 Microsoft Corporation

11 Microsoft Corporation
This Really is Hard Privacy is very personal Who can decide what is the right balance for everyone? Governments have to be intrusive, and provide open access, too Really hard balance, particularly for the judiciary Business cannot succeed without customer trust More clear today then ever before 11/9/2018 Microsoft Corporation

12 Microsoft Corporation
The Elements of Trust Data Protection Privacy Security Control of Information Control of Devices Choice re: Content Goal: empower people 11/9/2018 Microsoft Corporation

13 A Trust Taxonomy Goals Means Execution
Availability At advertised levels Suitability Features fit function Integrity Against data loss or alteration Privacy Use & Access authorized by end-user Reputation System and provider brand Security Resists unauthorized access Quality Performance criteria Dev Practices Methods, philosophy Operations Guidelines and benchmarks Business Practices Business model Policies Laws, regulations, standards, norms Intent Management assertions Risks What undermines intent, causes liability Implementation Steps to deliver intent Evidence Audit mechanisms

14 A Trust Scorecard: 120 Grades

15 Passport Anxiety: Will My Data Be Safe?
Goal: Privacy Means: Security Risk: unauthorized access to the user’s data

16 TCI Process for Privacy
Privacy Directive 100+ page policy documentation Privacy Checklist Training module required for all staff Privacy Health Index Assessment tool required for targeted product, systems, and services managers Scorecard – you can’t manage what you can’t measure 11/9/2018 Microsoft Corporation

17 Microsoft Corporation
Thank You! 11/9/2018 Microsoft Corporation

Download ppt "Richard Purcell Corporate Privacy Officer Microsoft Corporation"

Similar presentations

How You Can Identify Abuse and Help Older Adults at Risk.

How You Can Identify Abuse and Help Older Adults at Risk.
1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.

1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.

Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.
The 10 Deadly Sins of Information Security Management

The 10 Deadly Sins of Information Security Management
Brian Markham Director, DIT Compliance and Risk Services May 1, 2014

Brian Markham Director, DIT Compliance and Risk Services May 1, 2014
David L. Wasley Office of the President University of California Maybe it’s not PKI … Musings on the business case for PKI EDUCAUSEEDUCAUSE PKI Summit.

David L. Wasley Office of the President University of California Maybe it’s not PKI … Musings on the business case for PKI EDUCAUSEEDUCAUSE PKI Summit.
Internet eCommerce 101 Or, how to enjoy your summer... profitably Or.

Internet eCommerce 101 Or, how to enjoy your summer... profitably Or.
HIPAA Privacy & Security EVMS Health Services 2004 Training.

HIPAA Privacy & Security EVMS Health Services 2004 Training.
© by Seclarity Inc. 2005, Slide: 1 Seclarity, Inc. 11705 Lightfall Court Columbia, MD 21044 A Blumberg Capital, Valley Ventures and Intel Capital Funded.

© by Seclarity Inc. 2005, Slide: 1 Seclarity, Inc Lightfall Court Columbia, MD A Blumberg Capital, Valley Ventures and Intel Capital Funded.
1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.

1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.
Basic Persuasion Skills in Employee Ownership Corey Rosen National Center for Employee Ownerships.

Basic Persuasion Skills in Employee Ownership Corey Rosen National Center for Employee Ownerships.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.

“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
1 General Awareness Training Security Awareness Module 1 Overview and Requirements.

1 General Awareness Training Security Awareness Module 1 Overview and Requirements.
FORESEC Academy FORESEC Academy Security Essentials (II)

FORESEC Academy FORESEC Academy Security Essentials (II)
POSITIONING STATEMENT For people who operate shared computers with Genuine Windows XP, the Shared Computer Toolkit is an affordable, integrated, and easy-to-use.

POSITIONING STATEMENT For people who operate shared computers with Genuine Windows XP, the Shared Computer Toolkit is an affordable, integrated, and easy-to-use.
1 Secure Commonwealth Panel Health and Medical Subpanel Debbie Condrey - Chief Information Officer Virginia Department of Health December 16, 2013 Virginia.

1 Secure Commonwealth Panel Health and Medical Subpanel Debbie Condrey - Chief Information Officer Virginia Department of Health December 16, 2013 Virginia.
Establishing a Digital Identity Martin Roe - Director of Technology, Royal Mail ViaCode.

Establishing a Digital Identity Martin Roe - Director of Technology, Royal Mail ViaCode.
April 14, 2003- A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.

April 14, A Watershed Date in HIPAA Privacy Compliance: Where Should You Be in HIPAA Security Compliance and How to Get There… John Parmigiani National.

Similar presentations

Ads by Google