Download presentation
Presentation is loading. Please wait.
Published byBetty Darlene Wells Modified over 8 years ago
1
Getting to the Truth about Privacy & Security Ann Cavoukian Ph.D. Information and Privacy Commissioner/Ontario Privacy & Security: Totally Committed November 7, 2002 Toronto
2
The Privacy/Security Relationship Privacy relates to personal control over one’s personal information Security relates to organizational control over information These represent two overlapping, but distinct activities
3
Security Privacy Security Privacy What Privacy is Not
4
The Foundation for Information Security The rights of data users or their surrogates Functions: –Authentication –Authorization –Confidentiality –Data Integrity –Non-repudiation –Availability
5
The Foundation: Fair Information Practices Accountability Identifying Purposes Consent Limiting Collection Limiting Use, Disclosure, Retention Accuracy Safeguards Openness Individual Access Challenging Compliance
6
Privacy & Security: A Visual
7
The Security/Privacy Dilemma
8
Privacy is more than Policy The misconception: –Privacy is essentially a policy issue while security is a technology issue –PIA’s can avoid the technology design and implementation components as long as they identify the risks and privacy issues
9
Privacy/Policy, Security/Technology Privacy is essentially a policy issue Security is a technology issue Oh yeah? What about:
10
Most Individuals Don’t Care About Privacy The misconception: “What's the point of regulating Internet privacy? Consumers sure don't care.” The Privacy Hoax Eric Goldman The Privacy Hoax Eric Goldman, Forbes10.14.02
11
Wrong: They do Care It doesn’t take much for people to get really concerned about a company’s…privacy practices. Johnathan Gaw, IDC Corp. March 29, 2001
12
Well, maybe they care, but it’s not my responsibility. Who’s responsibility is it? –CEO? –IM/IT? –Line managers? –3 rd Party Contractors? –Front-line staff? –Vendors/Consultants?
13
PRIVACY VS. BRAND VALUE CAN $679 M PRIVACY VS. SHAREHOLDER VALUE CAN $979 M Privacy Brand Valuation Privacy Value vs. Overall Value Privacy accounts for an estimated 14% of overall Brand Value, and 7% of overall Shareholder Value,
14
It’s not me, it’s the other guy The misconception: –It is up to the application suppliers to provide appropriate safeguards as part of their products and services
15
We Don’t Need a CPO The misconception: –Things are just fine, we don’t need a CPO –OK, things could be better, so give the job to the Chief Security Officer
16
Privacy is Primarily a Public Relations Exercise The misconception: –If we have a privacy policy we are home free. –We have a privacy policy now – we’ll get to the details next quarter.
17
Conclusion In order to address privacy effectively, you need to clear your mind of the misconceptions Privacy and security are both essential, they’re just not the same.
18
How to Contact Us Ann Cavoukian Ph.D. Information & Privacy Commissioner/Ontario 80 Bloor Street West, Suite 1700 Toronto, Ontario M5S 2V1 Phone: (416) 326-3333 E-mail: commissioner@ipc.on.ca www.ipc.on.ca Web:www.ipc.on.ca
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.