Privacy by Design Maureen H Falconer Sr Guidance & Promotions Manager Building a Successful...
-
Upload
carl-estes -
Category
Documents
-
view
215 -
download
0
Transcript of Privacy by Design Maureen H Falconer Sr Guidance & Promotions Manager Building a Successful...
![Page 1: Privacy by Design Maureen H Falconer Sr Guidance & Promotions Manager Building a Successful Information Sharing Partnership: Privacy by Design 13 August.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cc05503460f94987079/html5/thumbnails/1.jpg)
Privacy by Design
Maureen H Falconer
Sr Guidance & Promotions Manager
Building a Successful Information Sharing Partnership: Privacy by Design 13 August 2009
![Page 2: Privacy by Design Maureen H Falconer Sr Guidance & Promotions Manager Building a Successful Information Sharing Partnership: Privacy by Design 13 August.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cc05503460f94987079/html5/thumbnails/2.jpg)
Information Commissioner’s Office
• Regulatory Authority– DPA, PECR; FoI; EIR
• Role of the Regional Offices– Cardiff, Belfast, Edinburgh
– Enquiries– Stakeholder engagement– Input Scottish dimension to ICO
![Page 3: Privacy by Design Maureen H Falconer Sr Guidance & Promotions Manager Building a Successful Information Sharing Partnership: Privacy by Design 13 August.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cc05503460f94987079/html5/thumbnails/3.jpg)
Privacy by Design?
![Page 4: Privacy by Design Maureen H Falconer Sr Guidance & Promotions Manager Building a Successful Information Sharing Partnership: Privacy by Design 13 August.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cc05503460f94987079/html5/thumbnails/4.jpg)
Privacy by Design: Context
• Recognised gap in development and adoption of privacy-friendly systems;
• Lack of public trust and confidence;
• Report launch – Nov’ ’08;
• Ensure ‘privacy’ is always on the agenda;
• Privacy and data protection compliance designed into systems at the outset.
![Page 5: Privacy by Design Maureen H Falconer Sr Guidance & Promotions Manager Building a Successful Information Sharing Partnership: Privacy by Design 13 August.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cc05503460f94987079/html5/thumbnails/5.jpg)
Privacy by Design: Defining Privacy
Webster’s Dictionary:
Privacy is:
The quality or state of being hidden from, or undisturbed by, the observation or
activities of other persons and freedom from undesirable intrusions.
![Page 6: Privacy by Design Maureen H Falconer Sr Guidance & Promotions Manager Building a Successful Information Sharing Partnership: Privacy by Design 13 August.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cc05503460f94987079/html5/thumbnails/6.jpg)
Privacy by Design: Why do a PIA?• To identify privacy risks to individuals;• To identify privacy and DP compliance liabilities
for your organisation;• To protect your reputation. • To instil public trust and confidence in your
organisation;• To avoid expensive, inadequate “bolt- on”
solutions;• To inform your communications strategy;• Enlightened self-interest!
![Page 7: Privacy by Design Maureen H Falconer Sr Guidance & Promotions Manager Building a Successful Information Sharing Partnership: Privacy by Design 13 August.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cc05503460f94987079/html5/thumbnails/7.jpg)
Privacy by Design: When to do a PIA?At the start, when:
– the project is being designed;– you know what you want to do;– you know how you want to do it; and– you know who else is involved...
…but certainly before:– decisions are set in stone;– you have procured systems;– you have signed contracts; and– while you can still change your mind!
![Page 8: Privacy by Design Maureen H Falconer Sr Guidance & Promotions Manager Building a Successful Information Sharing Partnership: Privacy by Design 13 August.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cc05503460f94987079/html5/thumbnails/8.jpg)
Privacy by Design: How to do a PIA?• Initial assessment
• Full-scale PIA
• Small-scale PIA
• Privacy law compliance check
• Data protection compliance check
• Review and redo!
![Page 9: Privacy by Design Maureen H Falconer Sr Guidance & Promotions Manager Building a Successful Information Sharing Partnership: Privacy by Design 13 August.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cc05503460f94987079/html5/thumbnails/9.jpg)
Privacy by Design: Initial Assessment• Prepare a project outline
• Identify stakeholders
• Look at other PIAs
• Look at studies on the technology and processes
• Decide the appropriate level of assessment
![Page 10: Privacy by Design Maureen H Falconer Sr Guidance & Promotions Manager Building a Successful Information Sharing Partnership: Privacy by Design 13 August.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cc05503460f94987079/html5/thumbnails/10.jpg)
Privacy by Design: Full-scale PIA
5 Phases:– Preliminary work– Preparation– Consultation/analysis– Conclusions– Review
![Page 11: Privacy by Design Maureen H Falconer Sr Guidance & Promotions Manager Building a Successful Information Sharing Partnership: Privacy by Design 13 August.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cc05503460f94987079/html5/thumbnails/11.jpg)
Privacy by Design: Small-scale PIA
5 Phases: (less formal)– Preliminary work (more specific)– Preparation (just as important!)– Consultation/analysis (less exhaustive)– Conclusions (part of a process)– Review
![Page 12: Privacy by Design Maureen H Falconer Sr Guidance & Promotions Manager Building a Successful Information Sharing Partnership: Privacy by Design 13 August.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cc05503460f94987079/html5/thumbnails/12.jpg)
Privacy by Design: Compliance
Privacy Law:– Vires– HRA; PECR; Law of Confidence– Statutory prohibitions
Data Protection:– DP Principles– Schedule Conditions– Exemptions
![Page 13: Privacy by Design Maureen H Falconer Sr Guidance & Promotions Manager Building a Successful Information Sharing Partnership: Privacy by Design 13 August.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cc05503460f94987079/html5/thumbnails/13.jpg)
Privacy by Design: Key Points
• The PIA is a process to consider privacy risk;
• It may not be appropriate in all cases;
• It can be incorporated into the organisation’s current risk strategy or it can be stand-alone;
• New and more manageable guidance!!
![Page 14: Privacy by Design Maureen H Falconer Sr Guidance & Promotions Manager Building a Successful Information Sharing Partnership: Privacy by Design 13 August.](https://reader030.fdocuments.net/reader030/viewer/2022032517/56649cc05503460f94987079/html5/thumbnails/14.jpg)
www.ico.gov.uk
93-95 Hanover Street93-95 Hanover StreetEdinburghEdinburghEH2 1DJEH2 1DJ
[email protected]@ico.gsi.gov.uk0131 301 50710131 301 5071