Presentation is loading. Please wait.

Presentation is loading. Please wait.

Presentation annotated by Gail Magnuson LLC with permission from www.peterfbrown.comwww.peterfbrown.com Using Information Technologies to Empower and Transform.

Published byValentine Singleton Modified over 8 years ago

Similar presentations

Presentation on theme: "Presentation annotated by Gail Magnuson LLC with permission from www.peterfbrown.comwww.peterfbrown.com Using Information Technologies to Empower and Transform."— Presentation transcript:

1 Presentation annotated by Gail Magnuson LLC with permission from www.peterfbrown.comwww.peterfbrown.com Using Information Technologies to Empower and Transform This presentation supported by Gail Magnuson, President, Gail Magnuson LLC Peter F Brown Independent Consultant The Privacy Management Reference Model and Methodology from OASIS: Using the Privacy Management Reference Model and Methodology to Explore Do Not Track Design Introduction to PMRM IAPP Cleveland KnowledgeNet Presentation Gail A Magnuson, CIPP US President, Gail Magnuson LLC Gail.Magnuson@gmail.com September 2012

2 © Peter F Brown, 2012 All Rights Reserved with annotations provided with permission by Gail Magnuson LLC A Model and a Methodology 2 The model provides a common conceptual framework and vocabulary to help people cooperate across disciplines and organizational boundaries… …and the methodology provides a common set of tasks to achieve a privacy architecture and privacy management analysis

3 © Peter F Brown, 2012 All Rights Reserved with annotations provided with permission by Gail Magnuson LLC The PMRM Model 3

4 © Peter F Brown, 2012 All Rights Reserved with annotations provided with permission by Gail Magnuson LLC The PMRM Methodology 4

5 Presentation annotated by Gail Magnuson LLC with permission from www.peterfbrown.comwww.peterfbrown.com Using Information Technologies to Empower and Transform This presentation supported by Gail Magnuson, President, Gail Magnuson LLC Peter F Brown Independent Consultant The Methodology in Detail

6 © Peter F Brown, 2012 All Rights Reserved with annotations provided with permission by Gail Magnuson LLC Detailed Privacy Analysis 1.High-Level Privacy Analysis and Use Case 6 Scope General Description of Services & Application s Environment Business Use Case Inventory Applicable Requirements Privacy Conforman ce Criteria Impact Assessments Privacy Assessment Preparation Privacy Impact Assessments Privacy Maturity Assessments Compliance Reviews Accountability Model Assessments Application and Business Process DescriptionsApplicable Privacy Policies, Practices, Laws & Regulations

7 © Peter F Brown, 2012 All Rights Reserved with annotations provided with permission by Gail Magnuson LLC Domains 2.Detailed Privacy Use Case Analysis 7 Scope: High-Level Privacy Analysis High-Level Use Case Description Systems Roles & Responsibilities Actors Touch Points Owners Identify all the following:

8 © Peter F Brown, 2012 All Rights Reserved with annotations provided with permission by Gail Magnuson LLC 1 st Party Website Brower(s) or DNT 2.US DNT & EU Cookie Touch Points & Data Flows 8 System a Touch Point System b System c 3 rd Party Websites System d Big Data Vendor(s) System e Browser(s) or DNT System a Touch Point

9 © Peter F Brown, 2012 All Rights Reserved with annotations provided with permission by Gail Magnuson LLC 3.Identify PI and Privacy Controls 9

10 © Peter F Brown, 2012 All Rights Reserved with annotations provided with permission by Gail Magnuson LLC 4.Services Supporting Privacy Controls 10 Privacy Controls are usually stated in the form of a policy declaration or requirement and not in a way that is immediately actionable or implementable. Services provide the ‘bridge’ between requirement and implementation by providing privacy constraints on system-level actions governing the flow of PI between touch points 8 key PMRM Services identified in the initial work: AgreementUsageValidationSecurityCertificationEnforcementInteractionAccess

11 © Peter F Brown, 2012 All Rights Reserved with annotations provided with permission by Gail Magnuson LLC 4.Map Privacy Controls to Services 11 Ag E I Ac U V E U V S C I Incoming PI Internally Generated PI Inherited Privacy Controls Internal Privacy Controls PMRM Services Required Outgoing PI Exported Privacy Controls Ac U V S C I I U V E

12 © Peter F Brown, 2012 All Rights Reserved with annotations provided with permission by Gail Magnuson LLC 4.Map Services to Systems 12 Ag E Ac I U V E U V S C I PMRM Services Used Ac U V S C I Business Processes and Technical Mechanisms Required by System ABCDE BCEF A C D GH CEGH Risk Assessment

13 © Peter F Brown, 2012 All Rights Reserved with annotations provided with permission by Gail Magnuson LLC A Model and a Methodology 13 The model provides a common conceptual framework and vocabulary to help people cooperate across disciplines and organizational boundaries… …and the methodology provides a common set of tasks to achieve a privacy architecture and privacy management analysis

14 Presentation annotated by Gail Magnuson LLC with permission from www.peterfbrown.comwww.peterfbrown.com The OASIS Privacy Management Reference Model and Methodology Introduction to PMRM ► peter@peterfbrown.com ► www.peterfbrown.com ► PensivePeter.wordpress.com ► @PensivePeter PMRM Draft Specification: http://docs.oasis-open.org/pmrm/PMRM/v1.0/csd01/PMRM-v1.0-csd01.doc PMRM Committee Home Page: http://www.oasis-open.org/committees/pmrm USAToday EU Cookie Law Overview with Chris Wolf Interview : http://content.usatoday.com/communities/technologylive/post/2011/09/europe-taking-much- stricter-stance-on-do-not-track-rules/1#.UFiEBrJlR5U

Download ppt "Presentation annotated by Gail Magnuson LLC with permission from www.peterfbrown.comwww.peterfbrown.com Using Information Technologies to Empower and Transform."

Similar presentations

Organizational Governance

Organizational Governance
Copyright 1997-2001 The Info-Tech Research Group Inc. All Rights Reserved. D1-1 by James M. Dutcher Strategic IT Planning & Governance Creation H I G H.

Copyright The Info-Tech Research Group Inc. All Rights Reserved. D1-1 by James M. Dutcher Strategic IT Planning & Governance Creation H I G H.
Privacy By Design Draft Privacy Use Case Template

Privacy By Design Draft Privacy Use Case Template
Energy Proposal for a Council Directive amending Directive 2009/71/EURATOM establishing a Community framework for the nuclear safety of nuclear installations.

Energy Proposal for a Council Directive amending Directive 2009/71/EURATOM establishing a Community framework for the nuclear safety of nuclear installations.
Environment case Episode 3 - CAATS II Final Dissemination Event Brussels, 13 & 14 Oct 2009 Hellen Foster, Jarlath Molloy NATS, Imperial College London.

Environment case Episode 3 - CAATS II Final Dissemination Event Brussels, 13 & 14 Oct 2009 Hellen Foster, Jarlath Molloy NATS, Imperial College London.
Audit Committee in Albania Legal framework Law 9226 /2006 “On banks in Republic of Albania” Law 9901/2008 “On entrepreneurs and commercial companies” Corporate.

Audit Committee in Albania Legal framework Law 9226 /2006 “On banks in Republic of Albania” Law 9901/2008 “On entrepreneurs and commercial companies” Corporate.
TRAC / TDR ICPSR 2012. Trustworthy Digital Repositories.

TRAC / TDR ICPSR Trustworthy Digital Repositories.
A Transformational Government Framework – why now? Peter F Brown Independent Consultant Chairman of Board of Directors, OASIS.

A Transformational Government Framework – why now? Peter F Brown Independent Consultant Chairman of Board of Directors, OASIS.
Knowledge Acquisitioning. Definition The transfer and transformation of potential problem solving expertise from some knowledge source to a program.

Knowledge Acquisitioning. Definition The transfer and transformation of potential problem solving expertise from some knowledge source to a program.
MIE2009 Good Evaluation Practice Workshop Pirkko Nykanen 1 Guidelines for Good Evaluation Practices in Health Informatics - A shared networked initiative.

MIE2009 Good Evaluation Practice Workshop Pirkko Nykanen 1 Guidelines for Good Evaluation Practices in Health Informatics - A shared networked initiative.
Privacy By Design Sample Use Case Privacy Controls Insurance Application- Vehicle Data.

Privacy By Design Sample Use Case Privacy Controls Insurance Application- Vehicle Data.
What is Business Analysis Planning & Monitoring?

What is Business Analysis Planning & Monitoring?
SecureAware Building an Information Security Management System.

SecureAware Building an Information Security Management System.
Initial slides for Layered Service Architecture

Initial slides for Layered Service Architecture
OASIS PRIVACY MANAGEMENT REFERENCE MODEL EEMA European e-identity Management Conference Paris, 12-13 June 2012 John Sabo, CA Technologies Co-Chair, OASIS.

OASIS PRIVACY MANAGEMENT REFERENCE MODEL EEMA European e-identity Management Conference Paris, June 2012 John Sabo, CA Technologies Co-Chair, OASIS.
Successfully Managing Change To Realise STP Adam Stern Ibacas Consultancy Ltd.

Successfully Managing Change To Realise STP Adam Stern Ibacas Consultancy Ltd.
The MAES pilot study on Natural Capital Accounting (NCA)

The MAES pilot study on Natural Capital Accounting (NCA)
Internal Auditing & Management Control ACCT 620 Otto Chang Professor of Accounting.

Internal Auditing & Management Control ACCT 620 Otto Chang Professor of Accounting.
In the context of ITS Business models Frank Berkers MSc +31 6 109 687 93 August, 2008.

In the context of ITS Business models Frank Berkers MSc August, 2008.
Www.peterfbrown.com Using Information Technologies to Empower and Transform Peter F Brown Independent Consultant Proposals regarding methodology and process.

Using Information Technologies to Empower and Transform Peter F Brown Independent Consultant Proposals regarding methodology and process.

Similar presentations

Ads by Google