Big Data + Smart City = Weak Privacy + Weak Security?
|
|
- Sheryl Gordon
- 8 years ago
- Views:
Transcription
1 Big Data + Smart City = Weak Privacy + Weak Security? Professor John Bacon-Shone Director, Social Sciences Research Centre The University of Hong Kong
2 Benefits and Risks Is it an inevitable consequence of wanting the significant benefits of a Smart City and Big Data analysis that we must accept weak privacy and security? Who should be responsible for ensuring that this does not happen, if this does not involve data with a direct personal identifier? How should we maximise the benefits while also minimizing the risks? It is important to recognise that many big data and smart city enthusiasts assume that anonymity or consent solves all the problems other than cost
3 Broad Context: Constitutional Rights HK Basic Law: Article 29 The homes and other premises of Hong Kong residents shall be inviolable. Arbitrary or unlawful search of, or intrusion into, a resident's home or other premises shall be prohibited. Question: e.g. are smart meters an arbitrary intrusion into a resident s home, if the monopoly electricity provider installs it without consent?
4 Specific Context: Data Protection Principles HK PDPO (like most EU DP laws) DPP1: lawful and fair collection where data subjects are informed of the purpose for which data are collected & used, which must be directly related to function of data user; DPP3: personal data used for purpose originally collected or directly related purpose, unless have prior consent DPP4: all practicable steps to ensure personal data are protected against unauthorized or accidental access, processing or erasure. Questions: how to obtain consent, protect against use for unrelated purposes and against unauthorised access?
5 Risk Risk has two components: chance of an outcome and consequences of the outcome, so we need to examine the possible outcomes that could have bad consequences
6 Relevance: Smart meters Fine grained energy consumption data in households allows sophisticated prediction of household (and individual) behaviour that relates to energy use, including working hours, medical needs, media consumption, when the house is empty etc. even if the identity of the individual is unknown
7 Relevance: Smart cars: Fine grained location and time data means knowing where you are at all times, assuming car is linked with a person. Self-driving cars may even be externally controlled.
8 Relevance: Smart phones: Fine grained location and time means knowing where you are at all times and possible linkage with your activity, given all the sensors on the phone including microphone, camera etc.
9 Meter Risk Outcome 1 Direct misuse of personal data collected by the smart meter operator, such as manipulation of charging rates (think of Amazon experiment that manipulated prices based on previous customer behaviour), such as raising prices when that household is most likely to consume electricity (break in favourite TV show or when come home from work) does not require identification.
10 Meter Risk Outcome 2 Sale of personal data collected from households to third parties (think of the Octopus case) such as appliance providers, home insurers etc. Arguable consumer benefit, e.g. seems you need a new electrical appliance as your fridge consumes too much electricity. Does not require identification.
11 Meter Risk Outcome 3 Breach of security, allowing unauthorised use of personal data, such as when best to burgle because there is probably nobody at home (based on power consumption). Does not require identification but does require address.
12 Meter Risk Outcome 4 Use by law enforcement would it be justified to profile likely marijuana growers, or people keeping their public rental flat unoccupied, running an untaxed business, running a brothel, using incandescent bulbs if they become outlawed? Would they need a warrant to obtain the information? Would they be able to search data looking for possible illegal behaviour or must they have good reason in advance?
13 Car Risk Outcome 1 Breach of security, allowing car jackers to identify when an expensive car is stationary for a long period in a remote location, hence easily stolen - does not require identification of the owner!
14 Phone Risk Outcome 1 Use by law enforcement meeting of many political activists. Would they need a warrant to obtain the information? Would they be able to search data looking for possible illegal behaviour or must they have good reason? Arguably does not need identification of individuals, just that they are intending to visit a specific location at a specific time
15 Other Risk Outcomes There are certainly other consequences not considered here the key point is that there certainly are possible outcomes with privacy impact, so a thorough privacy/security impact assessment is essential, indeed privacy & security must be part of the design process
16 Chances of the Outcomes? Clearly the chances can be minimized through: Well designed security system (e.g. all connections encrypted, 2 factor authentication, full audit trails) to minimise risk of personal data leakage during transfer from home to service supplier, transfer from supplier to consumer and inside service supplier Suitable regulation by regulators of service provider, privacy and law enforcement surveillance to address transfer at systems level and response to any leakage or unauthorised transfer
17 Existing laws sufficient? Certainly not without a data protection law, but what if you have a data protection law? Still insufficient, because personal data requires a direct personal identifier and much of this data may not have a direct personal identifier or may be shared (e.g. household data, pictures of a group of people etc.). A robber would not care about knowing your name, just whether your car and house are easy targets. A seller only requires knowing that an individual wants to buy, not their identity.
18 Big data problems? Need to address ability to link to an individual (possible without knowing their identity) if there are possible decisions or outcomes that may disadvantage the individuals. For example, postal codes + age and gender is sufficient to re-identify in most countries, but reidentification may not be that obvious or transparent may not even know who holds the data
19 Big data problems (more)? If I know you need or want very much to buy an item, I may be able to take advantage of that information in a discriminatory way. Think again about the case of the pregnant teenager identified by big data what if Target realised that she had not made her pregnancy public and offered her anonymous deliveries at a higher price is that a problem?
20 Public Opinion? Role of public opinion? It is difficult for the general public to assess consequences of new processes Public opinion is essential in understanding how well communication works, but of little value in designing new processes, unless they are a stakeholder group who understand the issues well or have had them explained well (e.g. through deliberative polling).
21 Lessons from elsewhere? Debate often polarised between technologists and business people who see real benefits and privacy activists and those distrustful of government who fear misuse of the data (or even reject for irrational reasons such as wireless devices causing health risks). Consent must mean a free and fully informed choice, without unfair consequences.
22 Mitigation of the risks? Some possible mitigation strategies? Discussion?
23 Some possible risk outcomes Direct misuse of personal data collected by the smart meter operator, such as manipulation of charging rates Sales of personal data Breach of security Use by law enforcement
24 Some possible mitigation strategies Consumer protection safeguards to guard against negative decisions, e.g. customers charged more when using smart meters Privacy impact assessment that is not limited to direct identifiers, but focuses on individual consequences Security assessment of entire system Access restrictions for law enforcement
25 More possible mitigation strategies Explicit consent for third party access to identifiable or re-identifiable meter data Data breach notification New crypto solutions which, even with smart meters, break the link of individual households with time of consumption, thanks to grouping of households and purchasing energy tickets.
26 Thank you!
Guidance for Data Users on the Collection and Use of Personal Data through the Internet 1
Guidance for Data Users on the Collection and Use of Personal Data through the Internet Introduction Operating online businesses or services, whether by commercial enterprises, non-government organisations
More informationPrivacy Challenges in the Internet of Things (IoT) a European Perspective
Privacy Challenges in the Internet of Things (IoT) a European Perspective Alicja Gniewek, PhD Student Interdisciplinary Centre for Security, Reliability and Trust Weicker Building, Université du Luxembourg
More informationGuidance on the Use of Portable Storage Devices 1
Guidance on the Use of Portable Storage Devices Introduction Portable storage devices ( PSDs ) such as USB flash memories or drives, notebook computers or backup tapes provide a convenient means to store
More information(a) the kind of data and the harm that could result if any of those things should occur;
Cloud Computing This information leaflet aims to advise organisations on the factors they should take into account in considering engaging cloud computing. It explains the relevance of the Personal Data
More informationInvestigation Report: HKA Holidays Limited Leaked Customers Personal Data through the Mobile Application TravelBud
Published under Section 48(2) of the Personal Data (Privacy) Ordinance (Cap. 486) Investigation Report: HKA Holidays Limited Leaked Customers Personal Data through the Mobile Application TravelBud Report
More information1. Understanding Big Data
Big Data and its Real Impact on Your Security & Privacy Framework: A Pragmatic Overview Erik Luysterborg Partner, Deloitte EMEA Data Protection & Privacy leader Prague, SCCE, March 22 nd 2016 1. 2016 Deloitte
More informationCloud Computing. Introduction
Cloud Computing Introduction This information leaflet aims to advise organisations which are considering engaging cloud computing on the factors they should consider. It explains the relationship between
More informationThe Information Commissioner s Office response to HM Treasury s Call for Evidence on Data Sharing and Open Data in Banking
The Information Commissioner s Office response to HM Treasury s Call for Evidence on Data Sharing and Open Data in Banking The Information Commissioner has responsibility for promoting and enforcing the
More informationInternational Working Group on Data Protection in Telecommunications
International Working Group on Data Protection in Telecommunications 675.42.10 4 April 2011 Working Paper Event Data Recorders (EDR) on Vehicles Privacy and data protection issues for governments and manufacturers
More informationRisk management, information security and privacy compliance. new meeting of minds or ships in the night?
Risk management, information security and privacy compliance new meeting of minds or ships in the night? Peter Leonard September 2015 page 1 ships in the night + narrowly focussed conversations reasonable
More informationLast updated: 30 May 2016. Credit Suisse Privacy Policy
Last updated: 30 May 2016 Credit Suisse Please read this privacy policy (the ) as it describes how we intend to collect, use, store, share, and safeguard your information. By accessing, visiting or using
More informationAsia Pacific Trade & Commerce Client Conference 27 August 2015 Baker & McKenzie, Hutchison House, Hong Kong
Asia Pacific Trade & Commerce Client Conference 27 August 2015 Baker & McKenzie, Hutchison House, Hong Kong Commerce Hong Kong www.bakermckenzie.com For further information please contact Paolo Sbuttoni
More informationFormal response to the Consultation Paper: Monitoring and Regulation of Migration
WITHOUT PREJUDICE Formal response to the Consultation Paper: Monitoring and Regulation of Migration 1 October 2004 1. Introduction 1.1. The role of the Office of the Data Protection Registrar ( the Registrar
More informationECSA EuroCloud Star Audit Data Privacy Audit Guide
ECSA EuroCloud Star Audit Data Privacy Audit Guide Page 1 of 15 Table of contents Introduction... 3 ECSA Data Privacy Rules... 4 Governing Law... 6 Sub processing... 6 A. TOMs: Cloud Service... 7 TOMs:
More informationData Protection Act. Conducting privacy impact assessments code of practice
Data Protection Act Conducting privacy impact assessments code of practice 1 Conducting privacy impact assessments code of practice Data Protection Act Contents Information Commissioner s foreword... 3
More informationGuidance on Personal Data Erasure and Anonymisation 1
Guidance on Personal Data Erasure and Anonymisation Introduction Data users engaged in the collection, holding, processing or use of personal data must carefully consider how to erase such personal data
More informationPOLICY TEMPLATE. Date initially approved: November 5, 2013 Date of last revision: same
POLICY TEMPLATE Video Surveillance Category: Approval: Responsibility: Date: Operations PVP VP Finance and Administration Date initially approved: November 5, 2013 Date of last revision: same Definitions:
More informationPrivacy and Data Protection Impact Assessment Framework for RFID Applications. 12 January 2011
Privacy and Data Protection Impact Assessment Framework for RFID Applications 12 January 2011 1 INDEX 1. Introduction...3 1.1. Key Concepts...4 1.2. Internal Procedures...5 2. The PIA Process...6 2.1.
More informationWhat's Up with Apps in Hong Kong July 2013
What's Up with Apps in Hong Kong July 2013 In May this year, the Hong Kong Privacy Commissioner for Personal Data ("Privacy Commissioner") joined the Global Privacy Enforcement Network ("GPEN") to conduct
More informationBRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS
BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS Mat Wright www.britishcouncil.org CONTENTS Purpose of the code 1 Scope of the code 1 The British Council s data protection commitment and
More informationHow To Respond To The Nti'S Request For Comment On Big Data And Privacy
Submission to the National Telecommunications and Information Administration (NTIA), U.S. Department of Commerce Docket No. 140514424 4424 01 RIN 0660 XC010 Comments of the Information Technology Industry
More informationProcedure for Managing a Privacy Breach
Procedure for Managing a Privacy Breach (From the Privacy Policy and Procedures available at: http://www.mun.ca/policy/site/view/index.php?privacy ) A privacy breach occurs when there is unauthorized access
More informationAbsolute Software. Complying with Australian Privacy Law: Protecting Privacy with Endpoint Security WHITEPAPER. Table of Contents. www.absolute.
Complying with Australian Privacy Law: Protecting Privacy with Endpoint Security Table of Contents Highlights... 2 Endpoint Devices: Increasing Risks for Organisations... 3 The New Law: Getting Serious
More informationEstate Agents Authority
INFORMATION SECURITY AND PRIVACY PROTECTION POLICY AND GUIDELINES FOR ESTATE AGENTS Estate Agents Authority The contents of this document remain the property of, and may not be reproduced in whole or in
More informationDo you have a private life at your workplace?
Do you have a private life at your workplace? Privacy in the workplace in EC institutions and bodies Giovanni Buttarelli In the course of his supervisory activities, the EDPS has published positions on
More informationHow To Know What You Can And Can'T Do At The University Of England Students Union
HOW WE USE YOUR INFORMATION This privacy notice tells you what to expect when University of Essex Students Union (referred to as the SU herein) collects personal information. It applies to information
More informationCalifornia State University, Sacramento INFORMATION SECURITY PROGRAM
California State University, Sacramento INFORMATION SECURITY PROGRAM 1 I. Preamble... 3 II. Scope... 3 III. Definitions... 4 IV. Roles and Responsibilities... 5 A. Vice President for Academic Affairs...
More informationBig Data, Not Big Brother: Best Practices for Data Analytics Peter Leonard Gilbert + Tobin Lawyers
Big Data, Not Big Brother: Best Practices for Data Analytics Peter Leonard Gilbert + Tobin Lawyers March 2013 How Target Knew a High School Girl Was Pregnant Before Her Parents Did just because you can,
More informationInvestigation Report: Hospital Authority s Breach of Data Security. in Connection with Disposal of Patient Records
Published under Section 48(2) of the Personal Data (Privacy) Ordinance (Cap. 486) Investigation Report: Hospital Authority s Breach of Data Security in Connection with Disposal of Patient Records Report
More informationHow to Practice Safely in an era of Cybercrime and Privacy Fears
How to Practice Safely in an era of Cybercrime and Privacy Fears Christina Harbridge INFORMATION PROTECTION SPECIALIST Information Security The practice of defending information from unauthorised access,
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More informationAdobe Systems Software Ireland Ltd
Adobe Systems Software Ireland Ltd Own motion investigation report 13/00007 Timothy Pilgrim, Australian Privacy Commissioner Contents Overview... 2 Background... 3 Relevant provisions of the Privacy Act...
More informationThe potential legal consequences of a personal data breach
The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.
More informationSecurity & Privacy Friends, Foes or Partners?
Security & Privacy Friends, Foes or Partners? How To Develop a Global Privacy Compliance Strategy and Implementation Program Thursday, February 12 Rebecca Whitener, EDS Fellow (919) 645-1902 rebecca.whitener@eds.com
More informationOpinion and recommendations on challenges raised by biometric developments
Opinion and recommendations on challenges raised by biometric developments Position paper for the Science and Technology Committee (House of Commons) Participation to the inquiry on Current and future
More informationUnderstanding the impact of the connected revolution. Vodafone Power to you
Understanding the impact of the connected revolution Vodafone Power to you 02 Introduction With competitive pressures intensifying and the pace of innovation accelerating, recognising key trends, understanding
More informationSummary of the Dutch Data Protection Authority s guidelines for the Data Breach Notification Act
Summary of the Dutch Data Protection Authority s guidelines for the Data Breach Notification Act On 1 January 2016, the Dutch Data Breach Notification Act will enter into force. The Dutch DPA issued Guidelines
More information16 Electronic health information management systems
16 Electronic health information management systems Section 16: Electronic information management systems The continued expansion and growth in global technologies is aiding the development of many new
More informationA Best Practice Guide
A Best Practice Guide Contents Introduction [2] The Benefits of Implementing a Privacy Management Programme [3] Developing a Comprehensive Privacy Management Programme [3] Part A Baseline Fundamentals
More informationHow To Protect Your Personal Data In The United Kingdom
Guidance on the Proper Handling of Customers Personal Data for the Insurance Industry Contents 1. Introduction 2. An Overview of the Relevant Requirements under the Ordinance 2.1 What is personal data?
More informationCYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION. Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131
CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION Robert N. Young, Director Carruthers & Roth, P.A. Email: rny@crlaw.com Phone: (336) 478-1131 TOPICS 1. Threats to your business s data 2. Legal obligations
More informationDATA PROTECTION AND DATA STORAGE POLICY
DATA PROTECTION AND DATA STORAGE POLICY 1. Purpose and Scope 1.1 This Data Protection and Data Storage Policy (the Policy ) applies to all personal data collected and dealt with by Centre 404, whether
More informationCITY UNIVERSITY OF HONG KONG Communications and Operating Management Standard
CITY UNIVERSITY OF HONG KONG Communications and Operating Management Standard (Approved by the Information Strategy and Governance Committee in December 2013) PUBLIC Date of Issue: 2013-12-24 Document
More informationBig Data Big Privacy. Setting the scene. Big Data; Big Privacy 29 April 2013 Privacy Awareness Week 2013 Launch.
Big Data Big Privacy Privacy Awareness Week SPEAKING NOTES Stephen Wilson Lockstep Group Setting the scene Practical experience shows a gap in the understanding that technologists as a class have regarding
More informationPRAIRIE SPIRIT SCHOOL DIVISION NO. 206, BOX 809, 121 KLASSEN STREET EAST, WARMAN, SK S0K 4S0 -- PHONE: (306) 683-2800
PRAIRIE SPIRIT SCHOOL DIVISION NO. 206, BOX 809, 121 KLASSEN STREET EAST, WARMAN, SK S0K 4S0 -- PHONE: (306) 683-2800 ADMINISTRATIVE POLICY NO. 511 IMPLEMENTATION JANUARY 2014 EMPLOYEE ACCEPTABLE USE POLICY
More informationBig Data for Mutuals. Marc Dautlich 25 November 2013
Big Data for Mutuals Marc Dautlich 25 November 2013 Agenda BIG DATA What is it? OPPORTUNITIES What are they? LEGAL CHALLENGES How do we overcome them? LEGAL REFORM What can we do now to minimise impact?
More informationHow to Secure Your Environment
End Point Security How to Secure Your Environment Learning Objectives Define Endpoint Security Describe most common endpoints of data leakage Identify most common security gaps Preview solutions to bridge
More informationArticle 29 Working Party Issues Opinion on Cloud Computing
Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,
More informationCentral and Eastern European Data Theft Survey 2012
FORENSIC Central and Eastern European Data Theft Survey 2012 kpmg.com/cee KPMG in Central and Eastern Europe Ever had the feeling that your competitors seem to be in the know about your strategic plans
More informationHealth Data Governance: Privacy, Monitoring and Research - Policy Brief
Health Data Governance: Privacy, Monitoring and Research - Policy Brief October 2015 www.oecd.org/health Highlights All countries can improve their health information systems and make better use of data
More informationDevelopment / Monitoring / Review of this Policy. Schedule for Development / Monitoring / Review
Blakeley Heath Primary School E-Safety Policy Development / Monitoring / Review of this Policy This e-safety policy has been developed by a working group made up of: Headteacher Coordinator Staff including
More informationSmart Grid and Privacy An International View
Smart Grid and Privacy An International View 27 November 2013 By: Nader Farah President ESTA International One US Consumer s Reaction in Texas! 2 Source: SmartGridNews.com July 20, 2012 ESTA International
More informationUNILEVER PRIVACY PRINCIPLES UNILEVER PRIVACY POLICY
UNILEVER PRIVACY PRINCIPLES Unilever takes privacy seriously. The following five principles underpin our approach to respecting your privacy: 1. We value the trust that you place in us by giving us your
More informationIT OUTSOURCING SECURITY
IT OUTSOURCING SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
More informationPRIVACY BREACH MANAGEMENT POLICY
PRIVACY BREACH MANAGEMENT POLICY DM Approval: Effective Date: October 1, 2014 GENERAL INFORMATION Under the Access to Information and Protection of Privacy Act (ATIPP Act) public bodies such as the Department
More informationProcedures on Data Security Breach Management Version Control Date Version Reason Owner Author 16/09/2009 Draft 1 Outline Draft Jackie Groom
Procedures on Data Security Breach Management Version Control Date Version Reason Owner Author 16/09/2009 Draft 1 Outline Draft Jackie Groom Indirani 02/11/2009 Draft 2 Include JG s comments Jackie Groom
More informationSecTor 2009 October 6, 2009. Tracy Ann Kosa
SecTor 2009 October 6, 2009 Tracy Ann Kosa Privacy versus Security Un enforced Privacy Privacy Requirements that Work People Process Technology Territorial Privacy Setting boundaries on intrusion into
More informationVodafone response to the European Commission consultation on governance of the Internet of Things
Vodafone response to the European Commission consultation on governance of the Internet of Things Vodafone welcomes comments or questions on the views expressed in this submission. They should be directed
More informationUNIVERSITY COLLEGE LONDON CCTV POLICY. Endorsed by the Security Working Group - 17 October 2012
UNIVERSITY COLLEGE LONDON CCTV POLICY Endorsed by the Security Working Group - 17 October 2012 Endorsed by the Infrastructure IT Services Strategy Group - 18 October 2012 Reviewed and endorsed (with one
More information1 Details of Premises to be Insured
投 通 保 人 姓 名 聯 訊 址 經 絡 電 話 住 Name 投 營 保 業 地 務 of 點 Proposer Mailing Address Contact No. Business 公 眾 責 任 保 險 投 保 書 Public Liability Insurance Proposal Form 宅 手 提 辦 公 室 電 Home Mobile Office 佔 郵 用 地 性 址 質
More informationCrossing Borders New Guidance on the Transfer of Personal Data outside Hong Kong
Legal Update Privacy & Security Hong Kong 20 January 2015 Crossing Borders New Guidance on the Transfer of Personal Data outside Hong Kong Section 33 of the Hong Kong Personal Data (Privacy) Ordinance
More informationHuddersfield New College Further Education Corporation
Huddersfield New College Further Education Corporation Card Payments Policy (including information security and refunds) 1.0 Policy Statement Huddersfield New College Finance Office handles sensitive cardholder
More informationPOLICY AND PROCEDURE MANUAL
Pennington Biomedical POLICY NO. 412.22 POLICY AND PROCEDURE MANUAL Origin Date: 02/04/2013 Impacts: ALL PERSONNEL Effective Date: 03/17/2014 Subject: HIPAA BREACH NOTIFICATION Last Revised: Source: LEGAL
More informationHow To Protect Decd Information From Harm
Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the
More informationENA Smart Metering Security & Privacy Control Points
ENA Smart Metering Security & Privacy Control Points For: Energy Networks Association May 2010 Engage Consulting Limited Document Ref: ENA-CR009-002 -1.1 Restriction: ENA authorised parties Engage Consulting
More informationAppendix. Key Areas of Concern. i. Inadequate coverage of cybersecurity risk assessment exercises
Appendix Key Areas of Concern i. Inadequate coverage of cybersecurity risk assessment exercises The scope coverage of cybersecurity risk assessment exercises, such as cybersecurity control gap analysis
More informationTemplate for Automatic Number Plate Recognition (ANPR) Infrastructure Development Privacy Impact Assessment
Template for Automatic Number Plate Recognition (ANPR) Infrastructure Development Privacy Impact Assessment This template is provided to support the police service and other law enforcement agencies (LEA)
More informationPOLICY FOR USE OF CCTV SYSTEM AT BOW SCHOOL OF MATHS AND COMPUTING SCHOOL
POLICY FOR USE OF CCTV SYSTEM AT BOW SCHOOL OF MATHS AND COMPUTING SCHOOL CCTV cameras are now a familiar sight throughout the country. They are one of the many measures being introduced to help prevent
More informationOnline Behavioural Tracking / April 2014
Online Behavioural Tracking This information leaflet aims to highlight to organisations what they should consider before deployment of online tracking on their websites. It explains the relationship between
More informationINERTIA ETHICS MANUAL
SEVENTH FRAMEWORK PROGRAMME Smart Energy Grids Project Title: Integrating Active, Flexible and Responsive Tertiary INERTIA Grant Agreement No: 318216 Collaborative Project INERTIA ETHICS MANUAL Responsible
More informationSURVEILLANCE AND PRIVACY
info sheet 03.12 SURVEILLANCE AND PRIVACY Info Sheet 03.12 March 2012 This Information Sheet applies to Victorian state and local government organisations that are bound by the Information Privacy Act
More informationThe data privacy, data protection and data security implications of smart cities and urban big data
The data privacy, data protection and data security implications of smart cities and urban big data Prof. Rob Kitchin Maynooth University Geo Ethics, Twente 14 th March 2016 Data and the city Rich history
More information14 December 2006 GUIDELINES ON OUTSOURCING
14 December 2006 GUIDELINES ON OUTSOURCING CEBS presents its Guidelines on Outsourcing. The proposed guidelines are based on current practices and also take into account international, such as the Joint
More informationData and Information Security Policy
St. Giles School Inspire and achieve through creativity School Policy for: Date: February 2014 Data and Information Security Policy Legislation: Policy lead(s) The Data Protection Act 1998 (with consideration
More informationRoles and Responsibilities The following section outlines the e-safety roles and responsibilities of individuals and groups within Heath Farm School:
Introduction This e-safety policy was approved by the School Senior Leadership Team: January2015 The implementation of this e-safety policy will be monitored by the: E-Safety Coordinator, Senior Leadership
More informationA Q&A with the Commissioner: Big Data and Privacy Health Research: Big Data, Health Research Yes! Personal Data No!
A Q&A with the Commissioner: Big Data and Privacy Health Research: Big Data, Health Research Yes! Personal Data No! Ann Cavoukian, Ph.D. Information and Privacy Commissioner Ontario, Canada THE AGE OF
More informationMASSACHUSETTS IDENTITY THEFT RANKING BY STATE: Rank 23, 66.5 Complaints Per 100,000 Population, 4292 Complaints (2006) Updated January 17, 2009
MASSACHUSETTS IDENTITY THEFT RANKING BY STATE: Rank 23, 66.5 Complaints Per 100,000 Population, 4292 Complaints (2006) Updated January 17, 2009 Current Laws: Identity Crime: A person is guilty of identity
More informationIntelligent Home Automation and Security System
Intelligent Home Automation and Security System Ms. Radhamani N Department of Electronics and communication, VVIET, Mysore, India ABSTRACT: In todays scenario safer home security is required, As the technology
More informationCitizens Advice Response to DECC s Consultation on the timing of the review of the Data Access and Privacy Framework
Citizens Advice Response to DECC s Consultation on the timing of the review of the Data Access and Privacy Framework Introduction The Citizens Advice service provides free, independent, confidential and
More informationSelf assessment tool. Using this tool
Self assessment tool How well does your organisation comply with the 12 guiding principles of the surveillance camera code of practice? Complete this easy to use self assessment tool to find out if you
More informationIDT Financial Services Limited. Prime Card Privacy Policy
IDT Financial Services Limited Prime Card Privacy Policy Effective and Updated April 7, 2014 General IDT Financial Services Limited and its affiliates ( IDT, us, we, our ) are committed to protecting the
More informationPrivacy + Security + Integrity
Privacy + Security + Integrity Docufree Corporation Data Security Checklist Security by Design Docufree is very proud of our security record and our staff works diligently to maintain the greatest levels
More informationViolation Become a Privacy Breach? Agenda
How Does a HIPAA Violation Become a Privacy Breach? Karen Voiles, MBA, CHC, CHPC, CHRC Senior Managing Consultant, Compliance Agenda Differentiating between HIPAA violation and reportable breach Best practices
More informationLessons Learned from HIPAA Audits
Lessons Learned from HIPAA Audits October 29, 2012 Tony Brooks, CISA, CRISC Partner - IT Assurance and Risk Services HORNE LLP AGENDA HIPAA/HITECH Regulations Breaches and Fines OCR HIPAA/HITECH Compliance
More informationPhilosophy. Ageing successfully. Ageing in place
Netcarity A European project researching and testing technologies which will help older people to improve their wellbeing, independence, safety and health at home. Philosophy Ageing successfully Ageing
More informationEugene Low. Data breach notification in Hong Kong: Why is it important for companies?
P a g e 1 Privacy Interviews with Experts September 2015 Eugene Low Partner Hogan Lovells Hong Kong Data breach notification in Hong Kong: Why is it important for companies? The number of data breaches
More informationNine Steps to Smart Security for Small Businesses
Nine Steps to Smart Security for Small Businesses by David Lacey Co-Founder, Jericho Forum Courtesy of TABLE OF CONTENTS INTRODUCTION... 1 WHY SHOULD I BOTHER?... 1 AREN T FIREWALLS AND ANTI-VIRUS ENOUGH?...
More informationBinding Corporate Rules ( BCR ) Summary of Third Party Rights
Binding Corporate Rules ( BCR ) Summary of Third Party Rights This document contains in its Sections 3 9 all provision of the Binding Corporate Rules (BCR) for Siemens Group Companies and Other Adopting
More information360 Degree Safe Cymru SELF REVIEW TOOL
360 Degree Safe Cymru SELF REVIEW TOOL UPDATED OCTOBER 2014 The South West Grid for Learning Trust, Belvedere House, Woodwater Park, Pynes Hill, Exeter, EX2 5WS. Tel: 0845 601 3203 Email: enquiries@swgfl.org.uk
More informationWelcome to qonqa solutions AG
Welcome to qonqa solutions AG Thank you for choosing our qonqa Direct Debit Service. Our Service is subject to the following Standard Terms and Conditions. Please read them thoroughly. A copy of our Standard
More informationCode of Practice on the Identity Card Number and other Personal Identifiers Compliance Guide for Data Users
Code of Practice on the Identity Card Number and other Personal Identifiers Compliance Guide for Data Users INTRODUCTION What does the code of practice cover? The code of practice gives practical guidance
More informationEthical Considerations for Lawyers Using the Cloud
Ethical Considerations for Lawyers Using the Cloud Presentation by Peter J. Guffin, Esq. Pierce Atwood LLP pguffin@pierceatwood.com (207) 791-1199 Maine State Bar Association Summer Meeting June 22, 2012
More informationData Protection Act 1998. Bring your own device (BYOD)
Data Protection Act 1998 Bring your own device (BYOD) Contents Introduction... 3 Overview... 3 What the DPA says... 3 What is BYOD?... 4 What are the risks?... 4 What are the benefits?... 5 What to consider?...
More informationGrant Agreement No.: 611001 UCN. D 5.1a: Preliminary UCN Use Cases and Applications - Supplement. Submission date: 25.09.2015
Grant Agreement No.: 611001 Instrument: Call Identifier: Objective 1.6: Collaborative Project FP7-ICT-2013-10 Connected and Social Media D 5.1a: Preliminary Use Cases and Applications - Supplement Submission
More informationINCIDENT RESPONSE CHECKLIST
INCIDENT RESPONSE CHECKLIST The purpose of this checklist is to provide clients of Kivu Consulting, Inc. with guidance in the initial stages of an actual or possible data breach. Clients are encouraged
More informationThird Party Security Requirements Policy
Overview This policy sets out the requirements expected of third parties to effectively protect BBC information. Audience Owner Contacts This policy applies to all third parties and staff, including contractors,
More informationRemote Working and Portable Devices Policy
Remote Working and Portable Devices Policy Policy ID IG04 Version: V1 Date ratified by Governing Body 29/09/13 Author South Commissioning Support Unit Date issued: 21/10/13 Last review date: N/A Next review
More informationdetails, and numerous other data points. Enough information is often collected that even 2
Big Data Study Office of Science and Technology Policy Eisenhower Executive Office Building 650 Pennsylvania Avenue, NW Washington, D.C. 050 VIA E MAIL bigdata@ostp.gov March, 04 Re: Big Data Study, Document
More informationCOMMENTARY. Hong Kong Strengthens Its Personal Data. on Direct Marketing JONES DAY
May 2013 JONES DAY COMMENTARY Hong Kong Strengthens Its Personal Data Privacy Laws and Imposes Criminal Penalties on Direct Marketing In 2012 Hong Kong introduced the Personal Data (Privacy) (Amendment)
More information