Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ann Cavoukian, Ph.D. Information and Privacy Commissioner Ontario Ted Rogers School of Information Technology Management Ryerson University February 24,

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Ann Cavoukian, Ph.D. Information and Privacy Commissioner Ontario Ted Rogers School of Information Technology Management Ryerson University February 24,"— Presentation transcript:

1 Ann Cavoukian, Ph.D. Information and Privacy Commissioner Ontario Ted Rogers School of Information Technology Management Ryerson University February 24, 2011 Will There Be Privacy in the Cloud? … Only if it’s Embedded – by Design: Implications for the Future of Privacy

2 Presentation Outline 1.We Need to Change the Paradigm 2.The Future of Privacy: My Prediction 3.Privacy by Design: The Gold Standard 4.Web 2.0 : Privacy in the Clouds 6.SmartData 7.Conclusions

3 Setting the Stage: We Need to Change the Paradigm

4 If Privacy is to Survive, Things Have to Change

5 The Future of Privacy Change the Paradigm to Positive-Sum, NOT Zero-Sum

6 Positive-Sum Model Change the paradigm from zero-sum to a “positive-sum” model: Create a win-win scenario, not an either/or involving unnecessary trade-offs and false dichotomies

7 The Future of Privacy: My Prediction

8 “The world has less than a decade to make the protection of personal information and online privacy a priority before the concepts are lost forever … online privacy problems will only worsen if governments don’t take a hard stance.” — Commissioner Cavoukian, Ottawa Citizen, August 18, 2010

9 Actual Prediction: Only One Decade Remains “Unless we act now, I predict that privacy, as we know it, will be gone – lost, beyond our grasp, by the year 2020.” — Commissioner Cavoukian, International Conference of Data Protection and Privacy Commissioners, Jerusalem, October 28, 2010.

10 A Decade of Privacy by Design

11 Privacy by Design: The Trilogy of Applications Information Technology Accountable Business Practices Physical Design & Infrastructure

12 Privacy by Design: The 7 Foundational Principles www.ipc.on.ca/images/Resources/7foundationalprinciples.pdf 1.Proactive not Reactive: Preventative, not Remedial; 2.Privacy as the Default setting; 3.Privacy Embedded into Design; 4.Full Functionality: Positive-Sum, not Zero-Sum; 5.End-to-End Security: Full Lifecycle Protection; 6.Visibility and Transparency: Keep it Open; 7.Respect for User Privacy: Keep it User- Centric.

13 www.privacybydesign.ca

14 Embedding Privacy at the Design Stage: The Obvious Route Cost-effective Proactive User-centric It’s all about control – preserving personal control and freedom of choice over one’s data flows

15 Why We Need Privacy by Design Most privacy breaches remain undetected – as regulators, we only see the tip of the iceberg The majority of privacy breaches remain unchallenged, unregulated... unknown Regulatory compliance alone, is unsustainable as the sole model for ensuring the future of privacy

16 Landmark Resolution Passed to Preserve the Future of Privacy By Anna Ohlden – October 29th 2010 - http://www.science20.com/newswire/landmark_resolution_passed_preserve_future_privacy JERUSALEM, October 29, 2010 – A landmark resolution by Ontario's Information and Privacy Commissioner, Dr. Ann Cavoukian, was approved by international Data Protection and Privacy Commissioners in Jerusalem today at their annual conference. The resolution recognizes Commissioner Cavoukian's concept of Privacy by Design - which ensures that privacy is embedded into new technologies and business practices, right from the outset - as an essential component of fundamental privacy protection. Full Article: http://www.science20.com/newswire/landmark_resolution_passed_preserve_future_privacy Adoption of “Privacy by Design” Resolution

17 October 29, 2010 – regulators from around the world gathered at the annual assembly of International Data Protection and Privacy Commissioners in Jerusalem, Israel, and unanimously passed a landmark resolution recognizing Privacy by Design as an essential component of fundamental privacy protection: Encourage the adoption of the principles of PbD as part of an organization’s default mode of operation; Invite Data Protection and Privacy Commissioners to promote PbD, foster the incorporation if its 7 Foundational Principles in privacy policy and legislation in their respective jurisdictions, and encourage research into PbD.

18 Privacy by Design in 2010: Gathering Momentum May – As part of the European Commission’s new European Digital Agenda, Peter Hustinx, the European Data Protection Supervisor, recommended that Privacy by Design be included as a binding principle into data protection legal framework; www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consultation/Opinions/2010/10-03- 19_Trust_Information_Society_EN.pdf October – Regulators from around the world gathered at the annual assembly of International Data Protection and Privacy Commissioners in Jerusalem, Israel, and unanimously passed a landmark Resolution recognizing Privacy by Design as an essential component of fundamental privacy protection; www.privacylaws.com/templates/EnewsPage.aspx?id=1663 December – The U.S. Federal Trade Commission released a major report on protecting consumer privacy in which it recommended that companies adopt a Privacy by Design approach by building privacy protections into their everyday business practices. www.privacybydesign.ca/media-centre/in-the-news/

19 Privacy by Design in 2011 … We’re Just Getting Started January – Washington D.C. think tank, Future of Privacy Forum included Privacy by Design as being “In” – Annual List of Privacy In and Outs – PbD one of the new top positive trends of 2011; www.futureofprivacy.org/2011/01/03/fpfs-first-annual-list-of-privacy-ins-and-outs/ January –World-renown cyber-guru, Don Tapscott, wrote an op-ed stating that, “Cavoukian's Privacy by Design playbook explains how to build privacy protections into everyday business practices. Every business needs to design privacy principles and practices into their operations;” www.theglobeandmail.com/report-on-business/commentary/don-tapscott/social- medias-unexpected-threat/article1854656/ February – Dutch Senate consistently refers to the concept of Privacy by Design while in debate with a panel of experts deliberating on collection, sharing and data protection and privacy; February – Japan’s Ministry of Economy, Trade and Industry translated the Privacy by Design Foundational Principles (on the heels of a Chinese translation), and is now replicating our PbD Ambassador Program in Japan.

20 Web 2.0: Privacy by Design in the Clouds

21

22 From PC to Web 4.0 Radar Networks & Nova Spivack, 2007 – www.radarnetworks.com

23 The 21 st Century Privacy Challenge The Power and Promise of Cloud Computing: Limitless flexibility; Better reliability and security; Enhanced collaboration; Portability; Simpler devices.

24 Is There a Dark Lining in the Cloud? “Is there a dark lining to the cloud?” “Consumers who store data in the cloud risk losing control over their photos, contacts and e-mails. Data is whirling around the world …” “The EU's data protection rules have stood the test of time, but now they need to be modernized to reflect the new technological landscape.” — Viviane Reding, European Commissioner for Justice, Fundamental Rights and Citizenship Is There a Dark Lining in the Cloud?, Wall Street Journal, January 25, 2011.

25 Privacy by Design Meets the Cloud There is both the need and opportunity to engineer privacy, security and trust into new emergent Internet and web architectures: Interoperable identity metasystems; Cloud-based services, platforms and infrastructures; The “Internet of Things;” The programmable web, or “WebOS.”

26 Identity and Privacy Crisis Growing ID requirements pose privacy problems: Fraud and security concerns are inhibiting confidence, trust, and the growth of e-commerce, e-government; Fears of surveillance and excessive collection, use and disclosure of identity information by others are also diminishing confidence and use; Lack of individual user empowerment and control over one’s own personal data is diminishing confidence and use; Function creep, power asymmetries, discrimination, harm. Needed: improved user control, data minimization techniques, architectures of privacy, stronger security, trusted devices and credible assurances.

27 Cloud Technology Building Blocks Open source and proprietary identity software based on open standards; Federated identity; Multiple and partial identities; Data-centred policies; Audit tools.

28 Privacy in the Clouds The 21 st Century Privacy Challenge; Creating a User-Centric Identity Management Infrastructure; Using Technology Building Blocks; A Call to Action. www.ipc.on.ca/images/Resources%5Cprivacyintheclouds.pdf

29 Privacy by Design Meets the Cloud: Current and Future Privacy Challenges Collaborating together to build innovative win-win privacy solutions; The goal is to establish trust in: Data (that travels through the cloud); Personal devices (that interact with cloud-based services); Intelligent software agents; Intermediary service providers.

30 Privacy by Design Meets the Cloud: Outsourcing Cloud computing services present similar privacy challenges to outsourcing: Where is the personal data? Which jurisdiction and laws apply? Who is accountable for the data and its uses? Is there effective oversight? Some things to consider: Minimize personal data and risks wherever possible; Use technological tools; Exercise due diligence; Create and enforce contractual clauses; Develop a crisis management plan; Ensure transparency, notice, education & awareness.

31 Privacy by Design Meets the Cloud: Collaboration PbD solutions for the Cloud require a holistic, interdisciplinary, inclusive and systems engineering approach; IPC is playing a role in bringing together key interests and stakeholders in a consensus-building exercise at all stages of the innovation cycle; IPC has been working with: Leading technology developers and technologists; Industry consortia; Research labs and academics across many disciplines; Privacy and public interest advocates; Standards development bodies; Public policymakers and regulators.

32 IPC Think-Pieces on Various Aspects of Cloud Computing The 7 Privacy-Embedded Laws of Identity (2006); Privacy in the Clouds (2007); F-PIA (2008); Privacy and Government 2.0 (2009); Secure your Gmail! (2009); Modeling the Cloud (joint paper with NEC) (2010).

33 Federated Privacy Impact Assessment (F-PIA) Goals of an F-PIA: Provide an opportunity for members to develop and codify a Federation’s privacy policies; Demonstrate that privacy policies, as defined by members of the Federation, will be met; Demonstrate that an appropriate technological architecture is in place to prevent, to the extent possible, accidental or malicious violations of privacy policies. www.ipc.on.ca/images/Resources/F-PIA_2.pdf

34 A Call to Action Corporate and individual users can explore evolving identity systems and insist that privacy be built in; Seek to implement open standards so that different systems will become truly interoperable; Standards bodies can continue to develop the fundamental standards needed for identity systems, data-centered policies, and privacy-enhancing technologies; Software vendors and website developers can embrace privacy-enhancing technologies, open standards, open identity management systems, and true interoperability.

35 SmartData

36 Identity, Privacy and Security Institute University of Toronto www.ipsi.utoronto.ca IPSI is dedicated to developing new approaches to security that maintain the privacy, freedom and safety of the individual and the broader community Engineering – Mathematics – Computer Sciences – Information Studies

37 The Next Evolution in Data Protection: “SmartData” Developed at IPSI, SmartData represents the future of privacy and greater control of personal information online Intelligent “smart agents” introduced into IT systems virtually – thereby creating “SmartData,” – a new approach to Artificial Intelligence that will revolutionize the field. www.ipc.on.ca/images/Resources/bio-encrypt-chp.pdf

38 Intelligent Agents Intelligent agents will be evolved to: Protect and secure your personal information; Disclose your information only when your personal criteria have been met.

39 Methods of Creating Agents Top-down, rule-based design; Bottom-up “evolutionary design;” The combination of top-down and bottom-up will yield the most dynamic results.

40 Top-Down Design We presently possess insufficient knowledge; In principle, sufficient knowledge may not be possible; Traditional artificial Intelligence (AI) is rule-based – dependent on the intelligence of the programmer; Difficult to program “meaning” into a system; It is unlikely that narrow AI will scale up to AGI – combinatorial explosion.

41 Bottom-up Evolution: The Upside Artificial evolutionary algorithms well established; Uncanny knack of producing powerful solutions to adaptive problems; Solutions may not be understood by humans, nor need to be understood; Evolutionary function akin to the abilities of a “blind watchmaker.”

42 Conclusions Lead with Privacy by Design; Change the paradigm from the dated “zero-sum” to the doubly-enabling “positive-sum;” Deliver both privacy AND security or any other functionality, in an empowering “win-win” paradigm; Build PbD into the Cloud infrastructure; Embed privacy as a core functionality: the future of privacy may depend on it.

43 How to Contact Us Ann Cavoukian, Ph.D. Information & Privacy Commissioner of Ontario 2 Bloor Street East, Suite 1400 Toronto, Ontario, Canada M4W 1A8 Phone: (416) 326-3948 / 1-800-387-0073 Web: www.ipc.on.ca E-mail: info@ipc.on.ca For more information on Privacy by Design, please visit: www.privacybydesign.ca

Download ppt "Ann Cavoukian, Ph.D. Information and Privacy Commissioner Ontario Ted Rogers School of Information Technology Management Ryerson University February 24,"

Similar presentations

Privacy by Design: Big Privacy for Big Data

Privacy by Design: Big Privacy for Big Data
Office of the Information and Privacy Commissioner, Ontario, Canada

Office of the Information and Privacy Commissioner, Ontario, Canada
1 NAESB Data Privacy Task Force February 16, 2011.

1 NAESB Data Privacy Task Force February 16, 2011.
A strategy for a Secure Information Society –

A strategy for a Secure Information Society –
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY.
Innovation and the Privacy Advantage Jennifer Stoddart, Privacy Commissioner of Canada August 25, 2010 Institute of Public Administration of Canada 62.

Innovation and the Privacy Advantage Jennifer Stoddart, Privacy Commissioner of Canada August 25, 2010 Institute of Public Administration of Canada 62.
Cyber Security and Data Protection Presented by Mrs Drudeisha Madhub (Data Protection Commissioner ) Tel:+230 201 36 04 Helpdesk:+230.

Cyber Security and Data Protection Presented by Mrs Drudeisha Madhub (Data Protection Commissioner ) Tel: Helpdesk:+230.
In Harmony, In the Cloud: Harmonizing Data Protection Rules In a Cross-Border World Steve Mutkoski Worldwide Director Policy Microsoft Corporation.

In Harmony, In the Cloud: Harmonizing Data Protection Rules In a Cross-Border World Steve Mutkoski Worldwide Director Policy Microsoft Corporation.
Ann Cavoukian, Ph.D. Executive Director Privacy and Big Data Institute Ryerson University Embed Privacy, By Design into IT and Engineering … Welcome to.

Ann Cavoukian, Ph.D. Executive Director Privacy and Big Data Institute Ryerson University Embed Privacy, By Design into IT and Engineering … Welcome to.
Improving Cybersecurity Through Research & Innovation Dr. Steve Purser Head of Technical Competence Department European Network and Information Security.

Improving Cybersecurity Through Research & Innovation Dr. Steve Purser Head of Technical Competence Department European Network and Information Security.
Securing North America’s Power Grid Dr. Ann Cavoukian, Ontario information and privacy commissioner Mark Fabro CISSP, CISM, President and Chief Security.

Securing North America’s Power Grid Dr. Ann Cavoukian, Ontario information and privacy commissioner Mark Fabro CISSP, CISM, President and Chief Security.
© 2003 IBM Corporation www.ibm.com/security/privacy Preparing for Privacy Society of Internet Professionals January 19, 2004 Nigel Brown Senior Privacy.

© 2003 IBM Corporation Preparing for Privacy Society of Internet Professionals January 19, 2004 Nigel Brown Senior Privacy.
Www.mobilevce.com © 2005 Mobile VCE Securing the Future: Device & Service Security Stephen Hope, FT R&D UK Ltd on behalf of Nigel Jefferies, Vodafone Chair.

© 2005 Mobile VCE Securing the Future: Device & Service Security Stephen Hope, FT R&D UK Ltd on behalf of Nigel Jefferies, Vodafone Chair.
This project is partially funded by the European Union’s Seventh Framework Programme: FP7-ICT-2013-10 and Grant agreement no: 610650 REPUBLIC OF SLOVENIA.

This project is partially funded by the European Union’s Seventh Framework Programme: FP7-ICT and Grant agreement no: REPUBLIC OF SLOVENIA.
WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.

WHY CHOOSE CEO-PE?  We employ International Association of Privacy Professionals (IAPP) Certified and Health Insurance Portability & Accountability Act.
P3P: Platform for Privacy Preferences Charlin Lu Sensitive Information in a Wired World November 11, 2003.

P3P: Platform for Privacy Preferences Charlin Lu Sensitive Information in a Wired World November 11, 2003.
Privacy in Ontario Brian Beamish Office of the Information and Privacy Commissioner/Ontario Presentation to Security Canada Central 2002 International.

Privacy in Ontario Brian Beamish Office of the Information and Privacy Commissioner/Ontario Presentation to Security Canada Central 2002 International.
IETF Plenary Monday 25 July 2011 Quebec City, Canada Privacy: A Regulator’s Perspective Fred Carter Senior Policy & Technology Advisor IPC/O.

IETF Plenary Monday 25 July 2011 Quebec City, Canada Privacy: A Regulator’s Perspective Fred Carter Senior Policy & Technology Advisor IPC/O.
Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario.

Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario.
SmartPrivacy for the Smart Grid Catherine Thompson Office of the Information and Privacy Commissioner Ontario, Canada Practical Smart Grid Security (SG-11)

SmartPrivacy for the Smart Grid Catherine Thompson Office of the Information and Privacy Commissioner Ontario, Canada Practical Smart Grid Security (SG-11)

Similar presentations

Ads by Google