Privacy by Design Flashcards Preview

Information Systems > Privacy by Design > Flashcards

Flashcards in Privacy by Design Deck (18)
Loading flashcards...

Define privacy

informed consent

Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others.


How is privacy good for business?

  • consumer trust and confidence
  • customer loyalty 
  • brand reputation
  • competitive advantage


Why design with privacy in mind?

Because retroactively adding privacy measures is much more expensive and complicated.



Privacy can be thought of as a set of trade-offs...

  • privacy vs security 
  • privacy vs business goals
  • privacy vs functionality


Why has privacy become such a big issue lately?

Because there is business in data collection.

  • data more valuable; advertising
  • better data analysis
    • faster processing
    • smart algorithms
    • data aggregators 
  • cheaper sensors = more installed
  • more input sources = more data



Benefits of data collection

  • Know your customer and build a profile
  • Offer personalised products, services, “experiences”
  • Lower advertising costs
  • Increase revenue through targeted offers
  • Predict trends
  • Enforce profit-enhancing price discrimination


Sources of online data & offline data

data aggregators can do this job for you


  • IP address, cookies, click-stream data, deep packet inspection
  • Tracking across many web sites or advertising networks
  • Personal information from social media sites


  • credit histories
  • retail data
  • health histories
  • electoral register


What are data aggregators?

Collect and process by data (e.g. Dunn Humby, Choicepoint).


The Issue of Privacy

Privacy intrusion has become easy, with cheaper sensors, being installed everywhere, smart algorithms and tracking technology everywhere.

Using only a few observations, user’s routines are easily identified. 

The user is unaware of that scope.


Purpose of the CPO 

  • Chief Privacy Officer
  • senior level executive 
  • responsible for managing the risks and business impacts of privacy laws and policies
  • created to respond to both consumer concern over the use of personal information, including medical data and financial information, and laws and regulations


The 7 Privacy Principles

1. Think ahead — Proactive not Reactive

  • Clear commitment at the highest levels
  • Employ methods to recognise poor privacy design
  • Anticipate poor privacy practices and outcomes before they affect your business

2.   Privacy as the default setting

  • Personal data automatically protected
  • No action required

3.   Privacy by Design

  • Embedded in the design of IT systems and business processes
  • Delivered without diminishing functionality

4.   Full functionality – positive sum

  • It is possible to have privacy AND achieve other business benefits

5.   Full life-cycle, end-to-end security

  • Privacy and security must be embedded from start to finish
  • Securely retained
  • Securely destroyed

6.   Visibility and transparency

  • Assure all stakeholders that you are operating to stated promises and objectives
  • Offer independent verification
  • Trust but verify

7.   Respect for user privacy 

  • Keep it user-centric
  • Strong privacy defaults
  • Appropriate notice
  • User-friendly options


Best defence against privacy attacks:

Don’t collect personally identifying data.


Outline privacy in the development cycle (6 steps)

  1. Make a privacy requirement
  2. Indentify flows of personally identifiable information 
  3. Develop specific privacy requirements
  4. Incorporate privacy requirements into design
  5. Test/confirm
  6. Repeat


(Some) Recommendations 

  • Only information necessary to conduct the company’s business should be collected.
  • Consent should be sought for each use or disclosure of their information.
  • Consumers should not be forced into a choice between privacy and energy efficiency / conservation.


Privacy Enhancing Technologies (PET) aim to...

  • Minimise data user data 
  • Give power to individuals over their data


Privacy management tools


Business to Consumer:

  • Increase transparency
    • public privacy policies and data practices
  • Personal data brokers - user controls data
  • DuckDuckGo (Extension) - checks encryptions, tracker, privacy policy
  • Terms of Service Checker (
  • P3P (Public for Privacy Preferences Project)
    • User configures browser with acceptable policy
    • Business states its policies
    • Negotiation at the point of handing over data
    • FAILED


For enterprises:

  • (Automated) Privacy Impact Assessment (PIA)
  • Privacy education and awareness training
  • Automated data incident management 


Privacy protection tools

Anonymising Tools

  • Protects identity
  • Hides identifying information (IP address, email, etc.)
  • Anonymous emailers like Hushmail or Mixminion III
  • Tor browser
  • Blockchain
  • Adding Noise to Aggregated Date / Differential Privacy 
    • Ensuring no single person makes too much difference to the results
    • Rather than publicly publishing actual anonymised dataset, aggregate data first (count things up).
    • Add random noise to help cover up the difference they do make


Privacy Case Study

Potential Benefits

  • Improved reliability of power; less outages; automatic rerouting
  • Flexibile in adding new power sources
  • Prioritises green power sources
  • Over-the-air software updates
  • Decentralisation reduces vulnerability to terrorist attacks and natural disasters
  • Improved load management, energy storage and demand-response options
  • Economical for utility provider and customer

Possible Privacy Invasion

  • Daily routines can be identified
    • (e.g., household size, security alarm activation, TV duration, breakfast time)
  • Spoofing (front-end unsecure)
  • Information leakage: data communication, storage secure, website interface secure?

Data from smart appliances

  • Risk area #1 — Smart meter to grid
    • Might send out incorrect data that causes grid disturbance

  • Risk area #2 — Guardianship
    • Excessive data collection
    • May be sold to third parties
    • Leaks from smart meter
  • Risk area #3 — Websites
    • Leaks from cloud or website

Addressing the Risks: Separate the data

  • Grid: manage the power network
  • Distribution: billing, demand management
  • Customer: home devices

Solutions for Billing 

  • Business needs: aggregated monthly readings would be sufficient for billing.
  • Utility provider only sees encrypted and aggregated readings once per month.
  • Householder can see the more detailed/non-aggregated data produced by the meter, kept local.

Solutions for Network Management 

  • Business needs:
    • High frequency readings from multiple households can be aggregated, thereby securing privacy.
    • Enable utility companies to predict energy needs.
  • Profiles of individual devices could still be provided (e.g. air-conditioning units)
  • Size of group should be chosen carefully to avoid accidental re-identification