Privacy by Design Flashcards Preview

Information Systems > Privacy by Design > Flashcards

Flashcards in Privacy by Design Deck (18)
Loading flashcards...
1

Define privacy

informed consent

Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others.

2

How is privacy good for business?

  • consumer trust and confidence
  • customer loyalty 
  • brand reputation
  • competitive advantage

3

Why design with privacy in mind?

Because retroactively adding privacy measures is much more expensive and complicated.

 

4

Privacy can be thought of as a set of trade-offs...

  • privacy vs security 
  • privacy vs business goals
  • privacy vs functionality

5

Why has privacy become such a big issue lately?

Because there is business in data collection.

  • data more valuable; advertising
  • better data analysis
    • faster processing
    • smart algorithms
    • data aggregators 
  • cheaper sensors = more installed
  • more input sources = more data

 

6

Benefits of data collection

  • Know your customer and build a profile
  • Offer personalised products, services, “experiences”
  • Lower advertising costs
  • Increase revenue through targeted offers
  • Predict trends
  • Enforce profit-enhancing price discrimination

7

Sources of online data & offline data

data aggregators can do this job for you

online

  • IP address, cookies, click-stream data, deep packet inspection
  • Tracking across many web sites or advertising networks
  • Personal information from social media sites

offline

  • credit histories
  • retail data
  • health histories
  • electoral register

8

What are data aggregators?

Collect and process by data (e.g. Dunn Humby, Choicepoint).

9

The Issue of Privacy

Privacy intrusion has become easy, with cheaper sensors, being installed everywhere, smart algorithms and tracking technology everywhere.

Using only a few observations, user’s routines are easily identified. 

The user is unaware of that scope.

10

Purpose of the CPO 

  • Chief Privacy Officer
  • senior level executive 
  • responsible for managing the risks and business impacts of privacy laws and policies
  • created to respond to both consumer concern over the use of personal information, including medical data and financial information, and laws and regulations

11

The 7 Privacy Principles

1. Think ahead — Proactive not Reactive

  • Clear commitment at the highest levels
  • Employ methods to recognise poor privacy design
  • Anticipate poor privacy practices and outcomes before they affect your business

2.   Privacy as the default setting

  • Personal data automatically protected
  • No action required

3.   Privacy by Design

  • Embedded in the design of IT systems and business processes
  • Delivered without diminishing functionality

4.   Full functionality – positive sum

  • It is possible to have privacy AND achieve other business benefits

5.   Full life-cycle, end-to-end security

  • Privacy and security must be embedded from start to finish
  • Securely retained
  • Securely destroyed

6.   Visibility and transparency

  • Assure all stakeholders that you are operating to stated promises and objectives
  • Offer independent verification
  • Trust but verify

7.   Respect for user privacy 

  • Keep it user-centric
  • Strong privacy defaults
  • Appropriate notice
  • User-friendly options

12

Best defence against privacy attacks:

Don’t collect personally identifying data.

13

Outline privacy in the development cycle (6 steps)

  1. Make a privacy requirement
  2. Indentify flows of personally identifiable information 
  3. Develop specific privacy requirements
  4. Incorporate privacy requirements into design
  5. Test/confirm
  6. Repeat

14

(Some) Recommendations 

  • Only information necessary to conduct the company’s business should be collected.
  • Consent should be sought for each use or disclosure of their information.
  • Consumers should not be forced into a choice between privacy and energy efficiency / conservation.

15

Privacy Enhancing Technologies (PET) aim to...

  • Minimise data user data 
  • Give power to individuals over their data

16

Privacy management tools

 

Business to Consumer:

  • Increase transparency
    • public privacy policies and data practices
  • Personal data brokers - user controls data
  • DuckDuckGo (Extension) - checks encryptions, tracker, privacy policy
  • Terms of Service Checker (tosback.org)
  • P3P (Public for Privacy Preferences Project)
    • User configures browser with acceptable policy
    • Business states its policies
    • Negotiation at the point of handing over data
    • FAILED

 

For enterprises:

  • (Automated) Privacy Impact Assessment (PIA)
  • Privacy education and awareness training
  • Automated data incident management 

17

Privacy protection tools

Anonymising Tools

  • Protects identity
  • Hides identifying information (IP address, email, etc.)
  • Anonymous emailers like Hushmail or Mixminion III
  • Tor browser
  • Blockchain
  • Adding Noise to Aggregated Date / Differential Privacy 
    • Ensuring no single person makes too much difference to the results
    • Rather than publicly publishing actual anonymised dataset, aggregate data first (count things up).
    • Add random noise to help cover up the difference they do make

18

Privacy Case Study

Potential Benefits

  • Improved reliability of power; less outages; automatic rerouting
  • Flexibile in adding new power sources
  • Prioritises green power sources
  • Over-the-air software updates
  • Decentralisation reduces vulnerability to terrorist attacks and natural disasters
  • Improved load management, energy storage and demand-response options
  • Economical for utility provider and customer

Possible Privacy Invasion

  • Daily routines can be identified
    • (e.g., household size, security alarm activation, TV duration, breakfast time)
  • Spoofing (front-end unsecure)
  • Information leakage: data communication, storage secure, website interface secure?

Data from smart appliances

  • Risk area #1 — Smart meter to grid
    • Might send out incorrect data that causes grid disturbance

  • Risk area #2 — Guardianship
    • Excessive data collection
    • May be sold to third parties
    • Leaks from smart meter
  • Risk area #3 — Websites
    • Leaks from cloud or website

Addressing the Risks: Separate the data

  • Grid: manage the power network
  • Distribution: billing, demand management
  • Customer: home devices

Solutions for Billing 

  • Business needs: aggregated monthly readings would be sufficient for billing.
  • Utility provider only sees encrypted and aggregated readings once per month.
  • Householder can see the more detailed/non-aggregated data produced by the meter, kept local.

Solutions for Network Management 

  • Business needs:
    • High frequency readings from multiple households can be aggregated, thereby securing privacy.
    • Enable utility companies to predict energy needs.
  • Profiles of individual devices could still be provided (e.g. air-conditioning units)
  • Size of group should be chosen carefully to avoid accidental re-identification