Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Designing a Privacy Management System International Security Trust & Privacy Alliance.

Similar presentations


Presentation on theme: "1 Designing a Privacy Management System International Security Trust & Privacy Alliance."— Presentation transcript:

1 1 Designing a Privacy Management System International Security Trust & Privacy Alliance

2 2 Mr. Private I, system designer and charter member of the ISTPA Framework Committee, has been given a real challenge by one of his customers: Design a total privacy management system for ALL the corporate databases, which receive, hold, and transfer both customer and employee data, and in multiple jurisdictions! WHERE TO BEGIN??? PRIVACY MANAGEMENT

3 3 Personal Information Mr. Private I decided to start at the center of the design challenge: The corporate databases containing the Personal Information. But, from his ISTPA tutorials, he knew that SECURITY was an essential element of privacy management….

4 4 Personal Information SECURITY The system components would need to draw on well-defined SECURITY functions, such as confidentiality, integrity, authentication, and access control. Now, what privacy management services are needed?

5 5 Since privacy deals with life cycle management of PI, I needed to fence off that PI data from the rest of the database…. Personal Information SECURITY

6 6 Looking ahead, I realized that the “fence” created a boundary and that any dialog about PI would have to cross that boundary. I gave it a name: AGENT. Dialog about PI is handled by the AGENT service… Personal Information AGENT SECURITY

7 7 The AGENT will need to interface to the world outside the database and interact with other system elements, so I created an INTERACTION service. Personal Information AGENT INTERACTION SECURITY

8 8 Procedures, best practices, legislation, and jurisdictional mandates will govern the collection, access, and use of PI. A CONTROL service is needed to execute the particular privacy “policy” against the PI database…. Personal Information AGENT INTERACTION CONTROL SECURITY

9 9 Privacy is the proper use of PI throughout its lifecycle, consistent with the permission of the subject and applicable laws/policies. As PI is collected and maintained, an AGREEMENT service is needed to arbitrate with the PI subject for permissible use of the PI…. Personal Information AGENT INTERACTION CONTROL AGREEMENT SECURITY

10 10 Reflect on the concept of “proper use of PI throughout its lifecycle”, which is a core management requirement of the definition of privacy. Subsequent use of PI by other system entities could involve transfer, linking, inference and even re-negotiation of permissions. I added a USAGE service for that purpose…. Personal Information AGENT INTERACTION CONTROL AGREEMENT USAGE SECURITY

11 11 PI is “personal” information about the subject. Since the use of the PI is to be “proper” and “consistent with the permission of the subject and applicable laws/policies”, the subject should be able to access, review, and possibly correct PI about the subject held by another entity. Thus, the ACCESS Service… Personal Information AGENT INTERACTION CONTROL AGREEMENT USAGE ACCESS SECURITY

12 12 Given the assumed value of PI collected in the database, the privacy management system should make every effort itself to check the accuracy of PI at any point in its life cycle. The VALIDATION service does the checking, through the AGENT service. Personal Information AGENT INTERACTION CONTROL AGREEMENT USAGE ACCESS VALIDATION SECURITY

13 13 “Users” should have the proper credentials to use the system. The CERTIFICATION service will manage and check those credentials for any entity involved in processing PI. Personal Information AGENT INTERACTION CONTROL AGREEMENT USAGE ACCESS VALIDATION CERTIFICATION SECURITY

14 14 The privacy management system needs its own “watchdog” to record, maintain, and report any and all relevant events in order to subsequently confirm compliance. For that reason, I added the AUDIT service. Personal Information AGENT INTERACTION CONTROL AGREEMENT USAGE ACCESS VALIDATION CERTIFICATION Audit SECURITY

15 15 What should happen IF the system fails in some aspect of privacy management or violates an accepted tenet of the system? The ENFORCEMENT service handles redress in such cases. Personal Information AGENT INTERACTION CONTROL AGREEMENT USAGE ACCESS VALIDATION CERTIFICATION Audit ENFORCEMENT SECURITY

16 16 PI SUBJECTS will interact with the system, as well as PI REQUESTORS. Personal Information AGENT INTERACTION CONTROL AGREEMENT USAGE ACCESS VALIDATION CERTIFICATION Audit ENFORCEMENT SECURITY SUBJECT REQUESTOR

17 17 WHEW! Mr Private I needed a rest after all that design. I had identified 10 privacy SERVICES, but how did they work together to create an operational privacy management system? I needed to experiment with a few Use Cases… Personal Information AGENT INTERACTION CONTROL AGREEMENT USAGE ACCESS VALIDATION CERTIFICATION Audit ENFORCEMENT SECURITY SUBJECTREQUESTOR

18 18 I started simple: Consider an employer application like Payroll that requests certain PI from an employee… Personal Information AGENT INTERACTION CONTROL AGREEMENT USAGE ACCESS VALIDATION CERTIFICATION Audit ENFORCEMENT SECURITY SUBJECTREQUESTOR

19 19 Through the employer AGENT and INTERACTION, a NOTICE of the purpose and use of the requested PI is presented to the SUBJECT. The PI, together with the permissible purpose/use, is submitted for VALIDATION, then stored in the PI database by CONTROL. Through CONTROL, PI is shared with the REQUESTOR. Personal Information AGENT INTERACTION CONTROL AGREEMENT USAGE ACCESS VALIDATION CERTIFICATION Audit ENFORCEMENT SECURITY SUBJECTREQUESTOR NOTICE PI

20 20 (ADDITIONAL USE CASES…) Personal Information AGENT INTERACTION CONTROL AGREEMENT USAGE ACCESS VALIDATION CERTIFICATION Audit ENFORCEMENT SECURITY SUBJECTREQUESTOR


Download ppt "1 Designing a Privacy Management System International Security Trust & Privacy Alliance."

Similar presentations


Ads by Google