Getting to Privacy A Presentation to: Presented by: Mike Gurski.
-
Upload
wesley-henderson -
Category
Documents
-
view
215 -
download
1
Transcript of Getting to Privacy A Presentation to: Presented by: Mike Gurski.
![Page 1: Getting to Privacy A Presentation to: Presented by: Mike Gurski.](https://reader030.fdocuments.net/reader030/viewer/2022032705/56649da95503460f94a95dfa/html5/thumbnails/1.jpg)
Getting to Privacy
A Presentation to:
Presented by:
Mike Gurski
![Page 2: Getting to Privacy A Presentation to: Presented by: Mike Gurski.](https://reader030.fdocuments.net/reader030/viewer/2022032705/56649da95503460f94a95dfa/html5/thumbnails/2.jpg)
Agenda
• Background on IPC
• Privacy why’s and what’s
• Online Risks (Offline too)
• Online Privacy– Tasks– Tools
• P3P
![Page 3: Getting to Privacy A Presentation to: Presented by: Mike Gurski.](https://reader030.fdocuments.net/reader030/viewer/2022032705/56649da95503460f94a95dfa/html5/thumbnails/3.jpg)
Information & Privacy Commission/Ontario• established in 1988• independent review of government
decisions and practices concerning access and privacy
• resolve appeals, • investigate privacy complaints, • ensure compliance with the Acts, • research access and privacy issues and• educate the public about these laws.
![Page 4: Getting to Privacy A Presentation to: Presented by: Mike Gurski.](https://reader030.fdocuments.net/reader030/viewer/2022032705/56649da95503460f94a95dfa/html5/thumbnails/4.jpg)
What’s Drives the Privacy Issue?• Large organizations disconnected
from clients, gathering detailed data• Increasing amounts of personal data,
held, consolidated, used • New privacy invasive technologies• Application of a technology paradigm
geared to manufactured goods on humans
![Page 5: Getting to Privacy A Presentation to: Presented by: Mike Gurski.](https://reader030.fdocuments.net/reader030/viewer/2022032705/56649da95503460f94a95dfa/html5/thumbnails/5.jpg)
Privacy & Security: the Difference
Security Privacy
![Page 6: Getting to Privacy A Presentation to: Presented by: Mike Gurski.](https://reader030.fdocuments.net/reader030/viewer/2022032705/56649da95503460f94a95dfa/html5/thumbnails/6.jpg)
Privacy & Data Security
AuthenticationData IntegrityConfidentialityNon-Repudiation
Privacy > Data SecurityPrivacy = Data Security + Data Protection (FIP)
Personal ControlInformational Self-determinationInformed Consent
![Page 7: Getting to Privacy A Presentation to: Presented by: Mike Gurski.](https://reader030.fdocuments.net/reader030/viewer/2022032705/56649da95503460f94a95dfa/html5/thumbnails/7.jpg)
Privacy Defined
• Informational Privacy: The protection and control of any recorded information about an identifiable individual.
![Page 8: Getting to Privacy A Presentation to: Presented by: Mike Gurski.](https://reader030.fdocuments.net/reader030/viewer/2022032705/56649da95503460f94a95dfa/html5/thumbnails/8.jpg)
Some Headlines
• Stealing cards easy as Web Browsing– Jan 14, 2000 NSNBC
• Vast online credit card theft revealed: Hacker hides 485,000 stolen cards on US government computer– March 20, 2000 MSNBC
• CD Universe 300,000 cards hijacked.
![Page 9: Getting to Privacy A Presentation to: Presented by: Mike Gurski.](https://reader030.fdocuments.net/reader030/viewer/2022032705/56649da95503460f94a95dfa/html5/thumbnails/9.jpg)
Some more Headlines
• The Illusion of Privacy– National Post, Dec. 14, 1999
• Woman’s one-way trip on information highway– Toronto Star March 23, 2000
• Web sites can follow a trail of your data, recording every move– Ottawa Citizen, Jan. 18, 2000
![Page 10: Getting to Privacy A Presentation to: Presented by: Mike Gurski.](https://reader030.fdocuments.net/reader030/viewer/2022032705/56649da95503460f94a95dfa/html5/thumbnails/10.jpg)
Online Risks
• Web Bugs
• Web Cookies…Cookie Synchronization
• Double Clicks
• Malicious code
• Viruses
![Page 11: Getting to Privacy A Presentation to: Presented by: Mike Gurski.](https://reader030.fdocuments.net/reader030/viewer/2022032705/56649da95503460f94a95dfa/html5/thumbnails/11.jpg)
More Online Risks
• Unauthorized Access
• Snooping
• Spoofing
• Identity Theft
![Page 12: Getting to Privacy A Presentation to: Presented by: Mike Gurski.](https://reader030.fdocuments.net/reader030/viewer/2022032705/56649da95503460f94a95dfa/html5/thumbnails/12.jpg)
Remedies
• Become Privacy Literate– Know the Laws
• International
• National
• Provincial
– Visit the Web Sites– Read the Books and Articles
![Page 13: Getting to Privacy A Presentation to: Presented by: Mike Gurski.](https://reader030.fdocuments.net/reader030/viewer/2022032705/56649da95503460f94a95dfa/html5/thumbnails/13.jpg)
Privacy Literacy
• Why are you asking?
• collection; purpose specification
• How will my information be used?
• primary purpose; use limitation
• Who will be able to see my information?• restricted access; third parties
• Will there be any secondary uses?
• notice and consent; unauthorized disclosure
![Page 14: Getting to Privacy A Presentation to: Presented by: Mike Gurski.](https://reader030.fdocuments.net/reader030/viewer/2022032705/56649da95503460f94a95dfa/html5/thumbnails/14.jpg)
Who Has What Laws:
E.U.
Canada
United States
Other Countries
![Page 15: Getting to Privacy A Presentation to: Presented by: Mike Gurski.](https://reader030.fdocuments.net/reader030/viewer/2022032705/56649da95503460f94a95dfa/html5/thumbnails/15.jpg)
Current Global Environment
• E.U. Directive on Data Protection
• OECD Guidelines on E-Commerce
• C.S.A. Model Code for the Protection of Personal Information• Canada’s Personal Information Protection and Electronic Document Act (Bill C-6)
• Principles for Consumer Protection in Electronic Commerce- A Canadian Framework
• U.S. Safe Harbor Proposal
![Page 16: Getting to Privacy A Presentation to: Presented by: Mike Gurski.](https://reader030.fdocuments.net/reader030/viewer/2022032705/56649da95503460f94a95dfa/html5/thumbnails/16.jpg)
Canadian Online Privacy Context• Bill C-6: Personal Information
Protection and Electronic Documents Act
![Page 17: Getting to Privacy A Presentation to: Presented by: Mike Gurski.](https://reader030.fdocuments.net/reader030/viewer/2022032705/56649da95503460f94a95dfa/html5/thumbnails/17.jpg)
The Canadian Privacy Legislative Framework• Purpose:
– support E-commerce strategy, – enable business with Europe, and– domestically to ensure Canadians feel
secure in delving into e-commerce
![Page 18: Getting to Privacy A Presentation to: Presented by: Mike Gurski.](https://reader030.fdocuments.net/reader030/viewer/2022032705/56649da95503460f94a95dfa/html5/thumbnails/18.jpg)
Bill C-6 & CSA Model Codes: The Ten Commandments• Accountability
• for personal information and shall designate an individual(s) accountable for compliance of principle
• Identifying Purposes• purpose of collection must be clear and done at or
before time of collection
• Consent• individual has to give consent to collection, use,
disclosure of personal information
![Page 19: Getting to Privacy A Presentation to: Presented by: Mike Gurski.](https://reader030.fdocuments.net/reader030/viewer/2022032705/56649da95503460f94a95dfa/html5/thumbnails/19.jpg)
The Ten Commandments
• Limiting Collection• collect only information required for the identified
purpose and information shall be collected by fair and lawful means
• Limiting Use, Disclosure, Retention• consent of individual required for other purposes
• Accuracy• keep as accurate and up-to-date as necessary for
identified purpose
• Safeguards• protection and security required appropriate to the
sensitivity of the information
![Page 20: Getting to Privacy A Presentation to: Presented by: Mike Gurski.](https://reader030.fdocuments.net/reader030/viewer/2022032705/56649da95503460f94a95dfa/html5/thumbnails/20.jpg)
The Ten Commandments
• Openness• policies and information about the management of
personal information should be readily available
• Individual Access• upon request, an individual shall be informed of the
existence, use and disclosure of her personal information and be given access to that information, challenge its accuracy and completeness and have it amended as appropriate
• Challenging Compliance• ability to challenge all practices in accord with the
above principles to the accountable body in the organization.
![Page 21: Getting to Privacy A Presentation to: Presented by: Mike Gurski.](https://reader030.fdocuments.net/reader030/viewer/2022032705/56649da95503460f94a95dfa/html5/thumbnails/21.jpg)
European Union (E.U.)Directive on Data Protection
• Non-E.U. countries must be able to meet the test of having an ‘adequate level of data protection’.
• The absence of private sector privacy protection will serve as a non-economic trade barrier with E.U. and Asia/Pacific-Rim countries.
![Page 22: Getting to Privacy A Presentation to: Presented by: Mike Gurski.](https://reader030.fdocuments.net/reader030/viewer/2022032705/56649da95503460f94a95dfa/html5/thumbnails/22.jpg)
U.S. Proposed Safe Harbor Privacy Principles• Notice
• Choice
• Onward Transfer
• Security
• Data Integrity
• Reasonable Access
• Enforcement
![Page 23: Getting to Privacy A Presentation to: Presented by: Mike Gurski.](https://reader030.fdocuments.net/reader030/viewer/2022032705/56649da95503460f94a95dfa/html5/thumbnails/23.jpg)
Other Jurisdictions
• Australia to introduce legislation in the first sittings of 2000 to strengthen self-regulatory privacy protection in the private sector.
• Asian countries, have developed or are currently developing laws in an effort to promote electronic commerce.
• Self-regulation is currently the policy promoted by the governments of Japan, and Singapore.
•
![Page 24: Getting to Privacy A Presentation to: Presented by: Mike Gurski.](https://reader030.fdocuments.net/reader030/viewer/2022032705/56649da95503460f94a95dfa/html5/thumbnails/24.jpg)
Other Jurisdictions
• “Many countries in the [South East] region have either adopted comprehensive [privacy]laws or are currently in the process. Hong Kong and New Zealand already have comprehensive acts in force. Taiwan’s act covers the public sector and eight areas of the private sector. The governments of Thailand, Malaysia and India are all currently developing comprehensive data protection legislation”. http://www.pco.org.hk/conproceed.html
![Page 25: Getting to Privacy A Presentation to: Presented by: Mike Gurski.](https://reader030.fdocuments.net/reader030/viewer/2022032705/56649da95503460f94a95dfa/html5/thumbnails/25.jpg)
More Remedies
• Tasks– Follow Ben Franklin’s Key Steps
• Be discreet
• Leave your SIN at home
• Go unlisted and non-published for your phone
• Get a P.O. Box
![Page 26: Getting to Privacy A Presentation to: Presented by: Mike Gurski.](https://reader030.fdocuments.net/reader030/viewer/2022032705/56649da95503460f94a95dfa/html5/thumbnails/26.jpg)
More Tasks
• Check out a Web’s Privacy Policy
• Never provide personal information– over the phone,– to unfamiliar web sites– to clerks (be positive and insistent)
• Get encrypted
![Page 27: Getting to Privacy A Presentation to: Presented by: Mike Gurski.](https://reader030.fdocuments.net/reader030/viewer/2022032705/56649da95503460f94a95dfa/html5/thumbnails/27.jpg)
Online Tools
• www.kburra.com (cookie control)• www.esafe.com ( security sandbox, personal
firewall, antivirus)• www.ipc.on.ca (e-mail encryption made
easy)• www.zeroknowledge.com (pseudonymisers)• www.iprivacy.com (secure financial
transactions)– [email protected]
![Page 28: Getting to Privacy A Presentation to: Presented by: Mike Gurski.](https://reader030.fdocuments.net/reader030/viewer/2022032705/56649da95503460f94a95dfa/html5/thumbnails/28.jpg)
Privacy Resources
• www.ipc.on.ca
• www.privacytimes.com
• www.epic.org/privacy/tools.html
![Page 29: Getting to Privacy A Presentation to: Presented by: Mike Gurski.](https://reader030.fdocuments.net/reader030/viewer/2022032705/56649da95503460f94a95dfa/html5/thumbnails/29.jpg)
P3P: A Proactive Approach• Platform for Privacy Preferences
– Consumer sets his/her privacy preference
– Web sites set their privacy policy– P3P built into Browsers and Web sites– Allows consumer to be more informed
and choose whether or not to proceed into a Web site
![Page 30: Getting to Privacy A Presentation to: Presented by: Mike Gurski.](https://reader030.fdocuments.net/reader030/viewer/2022032705/56649da95503460f94a95dfa/html5/thumbnails/30.jpg)
P3P: the June 21 Interop
• Invitation for your company to participate.
• www.w3c.org
• http://www.w3.org/P3P/interop
• Interested? Contact Lorrie Faith Cranor: [email protected]
![Page 31: Getting to Privacy A Presentation to: Presented by: Mike Gurski.](https://reader030.fdocuments.net/reader030/viewer/2022032705/56649da95503460f94a95dfa/html5/thumbnails/31.jpg)
How to Contact Us
Dr. Ann Cavoukian Ph. D.Commissioner,Information & Privacy CommissionOntario, Canada, M5S 2V1Phone: 1-416-326-3333 Web: www.ipc.on.caE-mail: Info.ipc.on.ca Mike Gurski: [email protected]