Presentation is loading. Please wait.

Presentation is loading. Please wait.

Getting to Privacy A Presentation to: Presented by: Mike Gurski.

Similar presentations


Presentation on theme: "Getting to Privacy A Presentation to: Presented by: Mike Gurski."— Presentation transcript:

1 Getting to Privacy A Presentation to: Presented by: Mike Gurski

2 Agenda Background on IPC Privacy why’s and what’s Online Risks (Offline too) Online Privacy –Tasks –Tools P3P

3 Information & Privacy Commission/Ontario established in 1988 independent review of government decisions and practices concerning access and privacy resolve appeals, investigate privacy complaints, ensure compliance with the Acts, research access and privacy issues and educate the public about these laws.

4 What’s Drives the Privacy Issue? Large organizations disconnected from clients, gathering detailed data Increasing amounts of personal data, held, consolidated, used New privacy invasive technologies Application of a technology paradigm geared to manufactured goods on humans

5 Privacy & Security: the Difference Security  Privacy

6 Privacy & Data Security Authentication Data Integrity Confidentiality Non-Repudiation Privacy > Data SecurityPrivacy = Data Security + Data Protection (FIP) Personal Control Informational Self-determination Informed Consent

7 Privacy Defined Informational Privacy: The protection and control of any recorded information about an identifiable individual.

8 Some Headlines Stealing cards easy as Web Browsing –Jan 14, 2000 NSNBC Vast online credit card theft revealed: Hacker hides 485,000 stolen cards on US government computer –March 20, 2000 MSNBC CD Universe 300,000 cards hijacked.

9 Some more Headlines The Illusion of Privacy –National Post, Dec. 14, 1999 Woman’s one-way trip on information highway –Toronto Star March 23, 2000 Web sites can follow a trail of your data, recording every move –Ottawa Citizen, Jan. 18, 2000

10 Online Risks Web Bugs Web Cookies…Cookie Synchronization Double Clicks Malicious code Viruses

11 More Online Risks Unauthorized Access Snooping Spoofing Identity Theft

12 Remedies Become Privacy Literate –Know the Laws International National Provincial –Visit the Web Sites –Read the Books and Articles

13 Privacy Literacy Why are you asking? collection; purpose specification How will my information be used? primary purpose; use limitation Who will be able to see my information? restricted access; third parties Will there be any secondary uses? notice and consent; unauthorized disclosure

14 Who Has What Laws: E.U. Canada United States Other Countries

15 Current Global Environment E.U. Directive on Data Protection OECD Guidelines on E-Commerce C.S.A. Model Code for the Protection of Personal Information Canada’s Personal Information Protection and Electronic Document Act (Bill C-6) Principles for Consumer Protection in Electronic Commerce- A Canadian Framework U.S. Safe Harbor Proposal

16 Canadian Online Privacy Context Bill C-6: Personal Information Protection and Electronic Documents Act

17 The Canadian Privacy Legislative Framework Purpose: –support E-commerce strategy, –enable business with Europe, and –domestically to ensure Canadians feel secure in delving into e-commerce

18 Bill C-6 & CSA Model Codes: The Ten Commandments Accountability for personal information and shall designate an individual(s) accountable for compliance of principle Identifying Purposes purpose of collection must be clear and done at or before time of collection Consent individual has to give consent to collection, use, disclosure of personal information

19 The Ten Commandments Limiting Collection collect only information required for the identified purpose and information shall be collected by fair and lawful means Limiting Use, Disclosure, Retention consent of individual required for other purposes Accuracy keep as accurate and up-to-date as necessary for identified purpose Safeguards protection and security required appropriate to the sensitivity of the information

20 The Ten Commandments Openness policies and information about the management of personal information should be readily available Individual Access upon request, an individual shall be informed of the existence, use and disclosure of her personal information and be given access to that information, challenge its accuracy and completeness and have it amended as appropriate Challenging Compliance ability to challenge all practices in accord with the above principles to the accountable body in the organization.

21 European Union (E.U.) Directive on Data Protection Non-E.U. countries must be able to meet the test of having an ‘adequate level of data protection’. The absence of private sector privacy protection will serve as a non-economic trade barrier with E.U. and Asia/Pacific-Rim countries.

22 U.S. Proposed Safe Harbor Privacy Principles Notice Choice Onward Transfer Security Data Integrity Reasonable Access Enforcement

23 Other Jurisdictions Australia to introduce legislation in the first sittings of 2000 to strengthen self-regulatory privacy protection in the private sector. Asian countries, have developed or are currently developing laws in an effort to promote electronic commerce. Self-regulation is currently the policy promoted by the governments of Japan, and Singapore.

24 Other Jurisdictions “Many countries in the [South East] region have either adopted comprehensive [privacy]laws or are currently in the process. Hong Kong and New Zealand already have comprehensive acts in force. Taiwan’s act covers the public sector and eight areas of the private sector. The governments of Thailand, Malaysia and India are all currently developing comprehensive data protection legislation”. http://www.pco.org.hk/conproceed.html

25 More Remedies Tasks –Follow Ben Franklin’s Key Steps Be discreet Leave your SIN at home Go unlisted and non-published for your phone Get a P.O. Box

26 More Tasks Check out a Web’s Privacy Policy Never provide personal information –over the phone, –to unfamiliar web sites –to clerks (be positive and insistent) Get encrypted

27 Online Tools www.kburra.com (cookie control)www.kburra.com www.esafe.com ( security sandbox, personal firewall, antivirus)www.esafe.com www.ipc.on.ca (e-mail encryption made easy)www.ipc.on.ca www.zeroknowledge.com (pseudonymisers)www.zeroknowledge.com www.iprivacy.com (secure financial transactions)www.iprivacy.com –Marit@koehntopp.deMarit@koehntopp.de

28 Privacy Resources www.ipc.on.ca www.privacytimes.com www.epic.org/privacy/tools.html

29 P3P: A Proactive Approach Platform for Privacy Preferences –Consumer sets his/her privacy preference –Web sites set their privacy policy –P3P built into Browsers and Web sites –Allows consumer to be more informed and choose whether or not to proceed into a Web site

30 P3P: the June 21 Interop Invitation for your company to participate. www.w3c.org http://www.w3.org/P3P/interophttp://www.w3.org/P3P/ Interested? Contact Lorrie Faith Cranor: lorrie@research.att.com

31 How to Contact Us Dr. Ann Cavoukian Ph. D. Commissioner, Information & Privacy Commission Ontario, Canada, M5S 2V1 Phone: 1-416-326-3333 Web: www.ipc.on.ca E-mail: Info.ipc.on.ca Mike Gurski: mgurski@ipc.on.ca


Download ppt "Getting to Privacy A Presentation to: Presented by: Mike Gurski."

Similar presentations


Ads by Google