Privacy by Design. Strategies & Patterns. Jaap-Henk Hoepman. Digital Security (DS) Radboud University Nijmegen, the Netherlands
|
|
- Josephine Shelton
- 8 years ago
- Views:
Transcription
1 Privacy by Design Strategies & Patterns Jaap-Henk Hoepman Digital Security (DS) Radboud University Nijmegen, the // //
2 Introduction Security Privacy Identity Management Internet of Things Jaap-Henk Hoepman // Radboud University Nijmegen // // Privacy Desing Strategies and Patterns 2
3 Software development cycle Concept Development Implementation Jaap-Henk Hoepman // Radboud University Nijmegen // // Privacy Desing Strategies and Patterns 3
4 Privacy by design Protect privacy during technology development: From conception to realisation. Through the full product development lifecycle Jaap-Henk Hoepman // Radboud University Nijmegen // // Privacy Desing Strategies and Patterns 4
5 Levels of abstraction Design strategy A basic method to achieve a particular design goal that has certain properties that allow it to be distinguished from other basic design strategies Design pattern Commonly recurring structure to solve a general design problem within a particular context (Privacy enhancing) technology A coherent set of ICT measures that protects privacy implemented using concrete technology Jaap-Henk Hoepman // Radboud University Nijmegen // // Privacy Desing Strategies and Patterns 5
6 Software development cycle Concept Development Implementation Jaap-Henk Hoepman // Radboud University Nijmegen // // Privacy Desing Strategies and Patterns 6
7 Levels of abstraction Design strategy A basic method to achieve a particular design goal that has certain properties that allow it to be distinguished from other basic design strategies Design pattern Commonly recurring structure to solve a general design problem within a particular context (Privacy enhancing) technology A coherent set of ICT measures that protects privacy implemented using concrete technology Jaap-Henk Hoepman // Radboud University Nijmegen // // Privacy Desing Strategies and Patterns 7
8 Software development cycle Concept Development Implementation Privacy enhancing technologies Jaap-Henk Hoepman // Radboud University Nijmegen // // Privacy Desing Strategies and Patterns 8
9 Jaap-Henk Hoepman // Radboud University Nijmegen // // Privacy Desing Strategies and Patterns 9
10 Levels of abstraction Design strategy A basic method to achieve a particular design goal that has certain properties that allow it to be distinguished from other basic design strategies Design pattern Commonly recurring structure to solve a general design problem within a particular context (Privacy enhancing) technology A coherent set of ICT measures that protects privacy implemented using concrete technology Jaap-Henk Hoepman // Radboud University Nijmegen // // Privacy Desing Strategies and Patterns 10
11 Concept development & analysis Privacy Impact Assessment Concept Development Analysis Privacy Design Strategies Jaap-Henk Hoepman // Radboud University Nijmegen // // Privacy Desing Strategies and Patterns 11
12 Eight Privacy Design Strategies 12
13 Source #1: Solove Information storage Information flow Jaap-Henk Hoepman // Radboud University Nijmegen // // Privacy Desing Strategies and Patterns 13
14 Source #2: data protection law Core principles Data minimisation Purpose limitation Proportionality Subsidiarity Data subject rights: consent, (re)view Adequate protection (Provable) Compliance Jaap-Henk Hoepman // Radboud University Nijmegen // // Privacy Desing Strategies and Patterns 14
15 What happens if we want to apply these data protection principles to an information storage (ie database) system? Jaap-Henk Hoepman // Radboud University Nijmegen // // Privacy Desing Strategies and Patterns 15
16 Individuals Database tables Attributes minimise separate aggregate hide Jaap-Henk Hoepman // Radboud University Nijmegen // // Privacy Desing Strategies and Patterns 16
17 8 privacy design strategies Minimise The amount of PII should be minimal Separate Process PII in a distributed fashion Aggregate Process PII in the least possible detail Hide PII should not be stored in plain view Enforce A privacy policy should be in place and be enforced Inform Subjects should be informed when PII is processed Control Subjects should have control over when/how PII is processed Demonstrate Compliance to policies and legal requirements must be demonstrated Jaap-Henk Hoepman // Radboud University Nijmegen // // Privacy Desing Strategies and Patterns 17
18 What did we cover Core principles Data minimisation Purpose limitation Proportionality Subsidiarity Data subject rights: consent, (re)view Adequate protection (Provable) Compliance Design strategies Minimise Separate Aggregate Hide Jaap-Henk Hoepman // Radboud University Nijmegen // // Privacy Desing Strategies and Patterns 18
19 What did we cover Core principles Data minimisation Purpose limitation Proportionality Subsidiarity Data subject rights: consent, (re)view Adequate protection (Provable) Compliance Design strategies Minimise Separate Aggregate Hide Jaap-Henk Hoepman // Radboud University Nijmegen // // Privacy Desing Strategies and Patterns 19
20 What did we cover Core principles Data minimisation Purpose limitation Proportionality Subsidiarity Data subject rights: consent, (re)view Adequate protection (Provable) Compliance Design strategies Minimise Separate Aggregate Hide Enforce Inform Control Demonstrate Jaap-Henk Hoepman // Radboud University Nijmegen // // Privacy Desing Strategies and Patterns 20
21 8 privacy design strategies Minimise The amount of PII should be minimal Separate Process PII in a distributed fashion Aggregate Process PII in the least possible detail Hide PII should not be stored in plain view Enforce A privacy policy should be in place and be enforced Inform Subjects should be informed when PII is processed Control Subjects should have control over when/how PII is processed Demonstrate Compliance to policies and legal requirements must be demonstrated Jaap-Henk Hoepman // Radboud University Nijmegen // // Privacy Desing Strategies and Patterns 21
22 What about design patterns? Strategy Patterns Coverage Minimise Separate Aggregate Hide Enforce Select before you collect, anonymisation,. Distribute, sector-specific pseudonyms Data fuzzing; coarse-grained location Encryption, onion routing,.. Access control, privacy licenses Inform P3P (?) Control Informed consent (?) Demonstrate Privacy management system, logging Jaap-Henk Hoepman // Radboud University Nijmegen // // Privacy Desing Strategies and Patterns 22
23 Provides a scheme for refining the subsystems or components of a software system, or the relationships between them. It describes a commonly recurring structure of communicating components that solves a general design problem within a particular context. Jaap-Henk Hoepman // Radboud University Nijmegen // // Privacy Desing Strategies and Patterns 23
24 (Privacy) Design Pattern Template Name Intent Application context Including the problem it aims to solve Implementation components & relationships Consequences / Forces & Concerns Results, side-effects, trade offs When to apply When not to apply Examples Related patterns Jaap-Henk Hoepman // Radboud University Nijmegen // // Privacy Desing Strategies and Patterns 24
25 Contribute See also: blog.xot.nl Jaap-Henk Hoepman // Radboud University Nijmegen // // Privacy Desing Strategies and Patterns 25
Can we save our online freedom?
Can we save our online freedom? Jaap-Henk Hoepman TNO, Groningen, the Netherlands jaap-henk.hoepman@tno.nl Digital Security (DS) Radboud University Nijmegen, the Netherlands jhh@cs.ru.nl / www.cs.ru.nl/~jhh
More informationPrivacy by Design. Ian Brown, Prof. of Information Security and Privacy Oxford Internet Institute, University of Oxford @IanBrownOII
Privacy by Design Ian Brown, Prof. of Information Security and Privacy Oxford Internet Institute, University of Oxford @IanBrownOII Privacy by Design principles 1. Proactive not Reactive; Preventative
More informationHow To Protect Privacy In A Computer System
PReparing Industry to Privacy-by-design by supporting its Application in REsearch PRIPARE: un projet Européen visant à définir une pratique intégrée de protection de la vie privée par construction PRIPARE:
More informationBest Practices at Research Level
PReparing Industry to Privacy-by-design by supporting its Application in REsearch Best Practices at Research Level Hisain Elshaafi Telecommunications Software and Systems Group (TSSG) Waterford Institute
More informationPrivacy & data protection in big data: Fact or Fiction?
Privacy & data protection in big data: Fact or Fiction? Athena Bourka ENISA ISACA Athens Conference 24.11.2015 European Union Agency for Network and Information Security Agenda 1 Privacy challenges in
More informationLegal Aspects of the MonIKA-Project - Privacy meets Cybersecurity
Legal Aspects of the MonIKA-Project - Privacy meets Cybersecurity Sebastian Meissner Security Incident Information Sharing Workshop Berlin, 26.07.2013 Introduction Opening question Privacy & cybersecurity:
More informationSecurity of smart grid communication protocols
Security of smart grid communication protocols C-DAX is funded by the European Union's Seventh Framework Programme (FP7-ICT-2011-8) under grant agreement n 318708 Erik Poll Radboud University Nijmegen
More informationThe Identity Crisis Security, Privacy and Usability Issues in Identity Management
Preprint Id: identity-crisis-body.tex 1355 2011-01-02 14:00:45Z jhh The Identity Crisis Security, Privacy and Usability Issues in Identity Management Gergely Alpár Jaap-Henk Hoepman Johanneke Siljee January
More informationTwo worlds, one smart card
Two worlds, one smart card An integrated solution for physical access and logical security using PKI on a single smart card Jaap-Henk Hoepman 12, Geert Kleinhuis 1 1 TNO Information and Communication Technology
More informationPrivacy and Data Protection by Design from policy to engineering
European Union Agency for Network and Information Security www.enisa.europa.eu About ENISA The European Union Agency for Network and Information Security (ENISA) is a centre of network and information
More informationWorkshop Privacy Impact Assessments The NOREA-PIA: design and experience
PI.lab: Privacy in 2014 Workshop Privacy Impact Assessments The NOREA-PIA: design and experience Wolter Karssenberg RE Member of the Knowledge Group Privacy Audits NOREA (NOREA is the professional association
More informationGuidance on the Use of Social Networking
Guidance on the Use of Social Networking Version 1 - January 2012 Reviewed: September 2013 Version 2 Approved by SM: November 2013 Version 2 modified and approved by the PCC Board: April 2014 Overview
More informationCOCIR contribution to the public consultation on Personal Data Protection in the EU 1
COCIR contribution to the public consultation on Personal Data Protection in the EU 1 European Coordination Committee of the Radiological, Electromedical and Healthcare IT Industry Bd. A. Reyers 80, 1030
More informationCopyrighted material SUMMARY
Source: E.C.A. Kaarsemaker (2006). Employee ownership and human resource management: a theoretical and empirical treatise with a digression on the Dutch context. Doctoral Dissertation, Radboud University
More information360 Degree Safe Cymru SELF REVIEW TOOL
360 Degree Safe Cymru SELF REVIEW TOOL UPDATED OCTOBER 2014 The South West Grid for Learning Trust, Belvedere House, Woodwater Park, Pynes Hill, Exeter, EX2 5WS. Tel: 0845 601 3203 Email: enquiries@swgfl.org.uk
More informationThe Netherlands response to the public consultation on the revision of the European Commission s Impact Assessment guidelines
The Netherlands response to the public consultation on the revision of the European Commission s Impact Assessment guidelines Introduction Robust impact assessment is a vital element of both the Dutch
More informationlegal & ethical data sharing prof.dr. Ronald Leenes r.e.leenes@uvt.nl TILT - Tilburg Institute for Law, Technology, and Society
legal & ethical data sharing prof.dr. Ronald Leenes r.e.leenes@uvt.nl TILT - Tilburg Institute for Law, Technology, and Society overview the problem revisited secondary use data protection regulation Data
More informationVyve Broadband Website Privacy Policy. What Information About Me Is Collected and Stored?
Vyve Broadband Website Privacy Policy Effective: July 31, 2015 Vyve Broadband ( Vyve, we, us, our ) is committed to letting you know how we will collect and use your information. This Website Privacy Policy
More informationRTI Software Development Methodology and CMMI
RTI Software Development Methodology and CMMI Presented at International Field Directors & Technologies Conference Karen M. Davis Vice President, Research Computing Division May 20, 2008 3040 Cornwallis
More informationEuropean Commission Per email: CNECT-H4@ec.europa.eu
Post Bits of Freedom Bank 55 47 06 512 M +31(0)646282693 Postbus 10746 KvK 34 12 12 86 E simone.halink@bof.nl 1001 ES Amsterdam W https://www.bof.nl European Commission Per email: CNECT-H4@ec.europa.eu
More informationProject Management Manual
Project Management Manual PM01 Introduction to the Project Management Manual Ref: PM01 (V7.01) - Uncontrolled once Printed Issued on 20 th December 2006 Manual Owner: James Couper Head of Project Management
More informationThe Information Commissioner s Office response to HM Treasury s Call for Evidence on Data Sharing and Open Data in Banking
The Information Commissioner s Office response to HM Treasury s Call for Evidence on Data Sharing and Open Data in Banking The Information Commissioner has responsibility for promoting and enforcing the
More informationStaff Guide to Information Sharing
Central Bedfordshire Council www.centralbedfordshire.gov.uk Staff Guide to Information Sharing May 2015 Security Classification: Not Protected Factors to consider before sharing information When deciding
More informationWeb Beacons Guidelines for Notice and Choice
Web Beacons Guidelines for Notice and Choice The following statement was developed by a coalition of companies 1 in an effort to guide the appropriate use of Web Beacons. 2 The coalition is made up of
More information23/1/15 Version 1.0 (final)
Information Commissioner s Office response to the Cabinet Office s consultation on the proposal to amend the Privacy and Electronic Communications (EC Directive) Regulations 2003 ( PECR ), to enable the
More informationEDITION CLOUD REPORT HEALTHCARE AND LIFE SCIENCES LEAD IN FINDING AND PREVENTING SENSITIVE DATA LOSS
Fall 205 WORLDWIDE EDITION CLOUD REPORT HEALTHCARE AND LIFE SCIENCES LEAD IN FINDING AND PREVENTING SENSITIVE DATA LOSS Report Highlights Healthcare and life sciences enterprises account for 76.2 percent
More informationPRISMACLOUD. Privacy and Security Maintaining Services in the Cloud Thomas Loruenser AIT Austrian Institute of Technology GmbH
PRISMACLOUD Privacy and Security Maintaining Services in the Cloud Thomas Loruenser AIT Austrian Institute of Technology GmbH FOC2015 Vienna / 17.06.2015 Challenges for Future ICT Systems Cloud computing
More informationARCHIVING YOUR DATA: PLANNING AND MANAGING THE PROCESS
ARCHIVING YOUR DATA: PLANNING AND MANAGING THE PROCESS LIBBY BISHOP. RESEARCHER LIAISON UNIVERSITY OF ESSEX TCRU/NOVELLA SPECIAL SEMINAR - LONDON 29 MAY 2012 THE & ESDS QUALIDATA forty years experience
More informationOverview. Data protection in a swirl of change 28.03.2014. Cloud computing. Software as a service. Infrastructure as a service. Platform as a service
Data protection in a swirl of change Overview 1 Data protection issues in cloud computing 2 Consent for mobile applications Security Seminar 2014: Privacy Radboud University Nijmegen 3 The WhatsApp case
More informationTECHNICAL SPECIFICATION: LEGISLATION EXECUTING CLOUD SERVICES
REALIZATION OF A RESEARCH AND DEVELOPMENT PROJECT (PRE-COMMERCIAL PROCUREMENT) ON CLOUD FOR EUROPE TECHNICAL SPECIFICATION: LEGISLATION EXECUTING CLOUD SERVICES ANNEX IV (D) TO THE CONTRACT NOTICE TENDER
More informationABC PRIVACY POLICY. The ABC is strongly committed to protecting your privacy when you interact with us, our content, products and services.
ABC PRIVACY POLICY The ABC is strongly committed to protecting your privacy when you interact with us, our content, products and services. Our goal is to provide you and your family with media experiences
More informationDe-identification of Data using Pseudonyms (Pseudonymisation) Policy
De-identification of Data using Pseudonyms (Pseudonymisation) Policy Version: 2.0 Page 1 of 7 Partners in Care This is a controlled document. It should not be altered in any way without the express permission
More informationPrivacy by Design in Federated Identity Management
1 Privacy by Design in Federated Identity Management Interpreting Legal Privacy Requirements for FIM and Comparing Risk Mitigation Models 2015 International Workshop on Privacy Engineering IWPE 15 - MAY
More informationCode of Conduct for Mobile Money Providers
Code of Conduct for Mobile Money Providers SOUNDNESS OF SERVICES FAIR TREATMENT OF CUSTOMERS SECURITY OF THE MOBILE NETWORK AND CHANNEL VERSION 2 - OCTOBER 2015 Introduction This Code of Conduct identifies
More informationUsing Ontologies for Privacy-Awareness in Network Monitoring Workflows
Using Ontologies for Privacy-Awareness in Network Monitoring Workflows Georgios V. Lioudakis Institute of Communication and Computer Systems National Technical University of Athens Workshop on Collaborative
More informationSCHOOL E-SAFETY SELF REVIEW TOOL
SCHOOL E-SAFETY SELF REVIEW TOOL The South West Grid for Learning, Belvedere House, Woodwater Park, Pynes Hill, Exeter, Devon, UK, EX2 5WS. Tel: 0845 601 3203 Fax: 01392 366 494 Email: esafety@swgfl.org.uk
More informationResponse of the German Medical Association
Response of the German Medical Association To the Green Paper on mobile Health ( mhealth ) of the European Commission Berlin, 3 July 2014 Bundesärztekammer Herbert-Lewin-Platz 1 10623 Berlin We are grateful
More informationHow To Ensure Health Information Is Protected
pic pic CIHI Submission: 2011 Prescribed Entity Review October 2011 Who We Are Established in 1994, CIHI is an independent, not-for-profit corporation that provides essential information on Canada s health
More informationCustomize Bluefin Payment Processing app to meet the needs of your business. Click here for detailed documentation on customizing your application
STEP 1 Download and install Bluefin Payment Processing app STEP 2 Sign up for a Bluefin merchant account Once you install the application, click the Get Started link from the home page to get in touch
More information2. Issues using administrative data for statistical purposes
United Nations Statistical Institute for Asia and the Pacific Seventh Management Seminar for the Heads of National Statistical Offices in Asia and the Pacific, 13-15 October, Shanghai, China New Zealand
More informationPrivacy & Big Data: Enable Big Data Analytics with Privacy by Design. Datenschutz-Vereinigung von Luxemburg Ronald Koorn DRAFT VERSION 8 March 2014
Privacy & Big Data: Enable Big Data Analytics with Privacy by Design Datenschutz-Vereinigung von Luxemburg Ronald Koorn DRAFT VERSION 8 March 2014 Agenda? What is 'Big Data'? Privacy Implications Privacy
More informationResults of the Task Team Privacy
United Nations Economic Commission for Europe Statistical Division Workshop on the Modernisation of Statistical Production and Services November 19-20, 2014 The Role of Big Data in the Modernisation of
More informationOxCCARE Information Governance Policy
OxCCARE Information Governance Policy Introduction: This document is intended to act as a practical guide to information governance (IG) for all research, audit, quality improvement and service evaluation
More informationLegal session: copyright status of statistical data, privacy issues
Legal session: copyright status of statistical data, privacy issues JISC Usage Statistics Workshop Pr o f. Dr. Mic h ael S ead l e 1 Statistics as Facts Copyright protects expression, not fact. Facts per
More informationManaging Session Recordings from the SAS Quick Reference Guide
Managing Session Recordings from the SAS Quick Reference Guide As a Moderator, you can record web conferencing session and play it later by clicking on a link or logging into the SAS and locating the recording.
More informationDifferences between Computer and User Templates
Configuring NetSupport School & Manager using Active Directory Overview This document explains how NetSupport School and Manager both integrate with Microsoft s Active Directory structure enabling you
More informationAttribute-proving for Smart Cards
Attribute-proving for Smart Cards progress made over the past two years ir. Pim Vullers p.vullers@cs.ru.nl Institute for Computing and Information Sciences Digital Security 5th October 2011 Pim Vullers
More informationFree Article PHYSICAL PENTESTING A WHOLE NEW STORY IN PENETRATION TESTING 2/2011. by Trajce Dimkov & Wolter Pieters
Free Article 2/2011 PHYSICAL PENTESTING A WHOLE NEW STORY IN PENETRATION TESTING by Trajce Dimkov & Wolter Pieters FREE ARTICLE Physical Penetration Testing A Whole New Story In Penetration Testing Physical
More informationGUIDELINES FOR RESPONSIBLE USE OF IDENTITY MANAGEMENT SYSTEMS
GUIDELINES FOR RESPONSIBLE USE OF IDENTITY MANAGEMENT SYSTEMS When used appropriately, identity management systems provide safety and security where they are needed. When used improperly, identity management
More informationEncrypting*a*Windows*7*Hard*Disk* with%bitlocker%disk%encryption!
Encrypting*a*Windows*7*Hard*Disk* with%bitlocker%disk%encryption Thisdocumentcontainsthenecessarystepstoencryptthecontentsofaharddrive usingbitlockerandwindows7. Thefollowinginstructionsarederivedfromdocumentationat:
More informationDelivery date: 18 October 2014
Genomic and Clinical Data Sharing Policy Questions with Technology and Security Implications: Consensus s from the Data Safe Havens Task Team Delivery date: 18 October 2014 When the Security Working Group
More informationManagement of Official Records in a Business System
GPO Box 2343 ADELAIDE SA 5001 Tel (08) 8204 8773 Fax (08) 8204 8777 DX:467 srsarecordsmanagement@sa.gov.au www.archives.sa.gov.au Management of Official Records in a Business System October 2011 Version
More informationTargetingMantra Privacy Policy
Last Updated August 15 th, 2013 TargetingMantra Privacy Policy TargetingMantra allows its customers, to provide personalization widgets to their users (collectively, the TargetingMantra Service ). The
More informationEUROPEAN DATA PROTECTION SUPERVISOR
C 47/6 Official Journal of the European Union 25.2.2010 EUROPEAN DATA PROTECTION SUPERVISOR Opinion of the European Data Protection Supervisor on the Communication from the Commission on an Action Plan
More informationLog Design for Accountability
Log Design for Accountability Denis Butin, Marcos Chicote and Daniel Le Métayer 1 / 18 Background Need for Accountability 2 / 18 Context Background Need for Accountability Data subjects share more & more
More informationIsraeli Law Information and Technology Authority. Privacy and Data Security in the Cloud - The Israeli Perspective
הרשות למשפט, טכנולוגיה ומידע Israeli Law Information and Technology Authority Privacy and Data Security in the Cloud - The Israeli Perspective Amit Ashkenazi, Head of the Legal Department Outline Introduction
More informationSecurity architecture and framework Design and pilot implementation
WP 5 Work Package Meeting Security architecture and framework Design and pilot implementation 3 rd AGM in Munich, 17 February 2015 TUM: Raffael Bild, Florian Kohlmayer, Helmut Spengler EBI: Olga Melnichuk,
More informationCleveland Police. Data protection audit report. Executive summary November 2014
Cleveland Police Data protection audit report Executive summary November 2014 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with the Data Protection Act
More informationCorporate ICT Change Management
Policy Corporate ICT Change Management Please note this policy is mandatory and staff are required to adhere to the content Summary A formal change management system must be approved, implemented and enforced
More informationISO 27000 Information Security Management Systems Professional
ISO 27000 Information Security Management Systems Professional Professional Certifications Sample Questions Sample Questions 1. A single framework of business continuity plans should be maintained to ensure
More informationPRIVACY POLICY. To start, it is important for you to know two definitions that are key to understanding our programs and privacy practices:
PRIVACY POLICY At Brand Loyalty International B.V., or any of its subsidiaries or affiliates, including IceMobile, Merison and Edison companies, all Companies (, we, us, or our ), we advise on, implement,
More informationRFC 2350 CSIRT-TEHTRIS [CERT-TEHTRIS]
RFC 2350 CSIRT-TEHTRIS [CERT-TEHTRIS] 1 Document information... 2 1.1 Date of Last Update... 2 1.2 Distribution List for Notifications... 2 1.3 Locations where this Document May Be Found... 2 1.4 Authenticating
More informationPROFESSIONAL INDEMNITY INSURANCE
PROFESSIONAL INDEMNITY INSURANCE The AIC NSW holds a policy of Professional Indemnity Insurance which is available to all licensed conveyancers who are, or intend to, conduct a conveyancing practice. The
More informationSecuring the NetSupport Client
Securing the NetSupport Client Environments, Considerations & Requirements. Overview This document is designed to provide an overview of the security features available within NetSupport Manager and NetSupport
More informationCLINICAL GOVERNANCE POLICY
Clinical governance is defined as: CLINICAL GOVERNANCE POLICY A framework through which NHS organisations are accountable for continually improving the quality of their services and safeguarding high standards
More informationPrivacy Policy Last Modified: April 3, 2015 1
Privacy Policy Last Modified: April 3, 2015 1 Introduction Jamberry Nails, LLC, a Utah limited liability company, U.S.A., (referred to herein as Jamberry, we, us and our ) understands the importance of
More informationUsing AWS in the context of Australian Privacy Considerations October 2015
Using AWS in the context of Australian Privacy Considerations October 2015 (Please consult https://aws.amazon.com/compliance/aws-whitepapers/for the latest version of this paper) Page 1 of 13 Overview
More informationDHS SharePoint and Collaboration Sites
for the March 22, 2011 Robert Morningstar Information Systems Security Manager DHS Office of the Chief Information Officer/Enterprise Service Delivery Office (202) 447-0467 Reviewing Official Mary Ellen
More informationIntroduction. They may not be connected to the Internet directly but though intermediate devices.
End-to-End Privacy for Open Big Data Markets Charith Perera (Open University), Rajiv Ranjan (CSIRO Digital Productivity Flagship), Lizhe Wang (Chinese Academy of Sciences) Abstract The idea of an open
More informationU.S. Securities and Exchange Commission. Integrated Workplace Management System (IWMS) PRIVACY IMPACT ASSESSMENT (PIA)
U.S. Securities and Exchange Commission (IWMS) PRIVACY IMPACT ASSESSMENT (PIA) March 21, 2013 General Information 1. Name of Project or System. (IWMS) 2. Describe the project and its purpose or function
More informationThe Bureau of the Fiscal Service. Privacy Impact Assessment
The Bureau of the Fiscal Service Privacy Impact Assessment The mission of the Bureau of the Fiscal Service (Fiscal Service) is to promote the financial integrity and operational efficiency of the federal
More informationWEEK CHAPTER OBJECTIVES ASSIGNMENTS & TESTS 11 Chapter 1 An Introduction to Electronic Health Records
ELECTRONIC HEALTH RECORDS Textbook: Electronic Health Records, 3 rd Edition by Byron R. Hamilton Software: SpringCharts EHR WEEK CHAPTER OBJECTIVES ASSIGNMENTS & TESTS 11 Chapter 1 An Introduction to Electronic
More informationCountermeasures. References
v1.0 P1 Web Application Vulnerabilities Vulnerability is a key problem in any system that guards or operates on sensitive user data. Failure to suitably design and implement an application, detect a problem
More informationOneCentral Portal 2/10/2015 1
OneCentral Portal 2/10/2015 1 CONTENTS Portal Overview 02 Important Information 03 User Login 05 OCP Home Page 06 My Billing 07 OVERVIEW By now, you should have received your OCP account login information
More informationCookies Compliance Advisory
Cookies Compliance Advisory Note: this is an advisory notice that summarises the current position of the Article 29 Working Group and makes suggestions as to how organisations might practically achieve
More information9 Research Questions Resolved
217 9 Research Questions Resolved "All truths are easy to understand once they are discovered; the point is to discover them." Galileo Galilei. 9.1 Main Contributions In section 1.6 the thesis introduced
More informationQuality is Advantage
Quality is Advantage Administering Windows Server 2012 Course duration: 36 academic hours Exam Code: 70-411 This version of this course is built on the final release version of Windows Server 2012. Learn
More informationOutline. IRMA Math. Background about IRMA. Mathematical basis of IRMA. What is authentication? Nijmegen s contribution.
Outline IRMA Math Bart Jacobs Institute for Computing and Information Sciences Digital Security May 17, 2013, Kaleidoscoop, Nijmegen irmacard.org Bart Jacobs May 17, 2013 IRMA Math 1 / 45 Background about
More informationAccessing Personal Information on Patients and Staff:
Accessing Personal Information on Patients and Staff: A Framework for NHSScotland Purpose: Enabling access to personal and business information is a key part of the NHSScotland Information Assurance Strategy
More informationData Privacy Protection of Medical Data in a National Context
Data Privacy Protection of in a National Context Dr. Uwe Roth Heiko Zimmermann, Dr. Stefan Benzschawel Friday, 20 April 2012 Version v1.0 r006 2012-04-20 in a National Context Data Privacy and Data Security
More informationUnited States Department of State Global Financial Management System (GFMS) Privacy Impact Assessment
United States Department of State Global Financial Management System (GFMS) Privacy Impact Assessment CGFS/DCFO/GFMS 1. Contact Information Privacy Impact Assessment (PIA) Department of State Privacy Coordinator
More informationInformation Governance Management Framework
Information Governance Management Framework Responsible Officer Author Business Planning & Resources Director Governance Manager Date effective from October 2015 Date last amended October 2015 Review date
More informationPersonal Data Handling and Sharing Policy
Personal Data Handling and Sharing Policy Originator Richard Gibson Date 20 June 2012 Verifier Lynda Oliver Date 20 June 2012 Reviewed Richard Gibson, Lynda Oliver Date July 2013 Contents Page 1. Introduction
More informationCloud Computing Security Considerations
Cloud Computing Security Considerations Roger Halbheer, Chief Security Advisor, Public Sector, EMEA Doug Cavit, Principal Security Strategist Lead, Trustworthy Computing, USA January 2010 1 Introduction
More informationImpact of Increased Scrutiny of High Value High Risk Projects
1 Impact of Increased Scrutiny of High Value High Risk Projects Tabled 26 June 2014 Background 2 Critical that major projects are well planned and delivered. Past problems poor business cases and procurements.
More informationBring Your Own Devices (BYOD) Information Governance Guidance
Bring Your Own Devices (BYOD) Information Governance Guidance 1. Purpose The purpose of this document is to provide guidelines that will support organisations wishing to enable the use of Bring Your Own
More informationVersion: 1.2 Date: March, 10 2014. HAN-CERT - RFC 2350 Hogeschool van Arnhem en Nijmegen (HAN University of Applied Sciences)
Version: 1.2 Date: March, 10 2014 HAN-CERT - RFC 2350 Hogeschool van Arnhem en Nijmegen (HAN University of Applied Sciences) CONTENTS 1 Document Information...3 1.1 Date of Last Update...3 1.2 Distribution
More informationPrivacy Management Standards: What They Are and Why They Are Needed Now
ITU-T Q10/17 Identity Summit Geneva December 10, 2010 Privacy Management Standards: What They Are and Why They Are Needed Now John Sabo Director Global Government Relations Chair, OASIS IDtrust Member
More informationHow To Write A Mobile Device Policy
BYOD Policy Implementation Guide BYOD Three simple steps to legally secure and manage employee-owned devices within a corporate environment We won t bore you with the typical overview that speaks to the
More informationSOA Governance Essentials
SOA Governance Essentials Paul C. Brown Principal Software Architect Agenda SOA Governance Overview Run-Time Governance Design-Time Governance Organizational Issues Summary 2 SOA Governance Overview SOA
More informationPrivacy in e-ticketing & e-identity
Privacy in e-ticketing & e-identity Attribute-proving for Smart Cards ir. Pim Vullers p.vullers@cs.ru.nl Institute for Computing and Information Sciences Digital Security 17th May 2011 Pim Vullers Collis
More information3. OPERATING COMPANY'S ANNUAL ROAD SAFETY REVIEW 1
SCOTTISH MINISTERS' REQUIREMENTS 1. SCHEDULE 8 PART 3 ROAD SAFETY AND ACCIDENT INVESTIGATION AND PREVENTION CONTENTS Page No. 1. GENERAL 1 1.1 Introduction 1 2. ROUTE SAFETY FILES 1 3. OPERATING COMPANY'S
More informationMission Assurance and Security Services
Mission Assurance and Security Services Dan Galik, Chief Federation of Tax Administrators Computer Security Officer Conference March 2007 Security, privacy and emergency preparedness issues are front page
More informationU.S. DEPARTMENT OF COMMERCE UNITED STATES PATENT AND TRADEMARK OFFICE. Privacy Impact Assessment
U.S. DEPARTMENT OF COMMERCE UNITED STATES PATENT AND TRADEMARK OFFICE Privacy Impact Assessment Employee Relation and Labor Relation Case Management System (ERLRCSMS) PTOC-031-00 May 11, 2015 Privacy Impact
More informationLevel 3 Customer support provision for the IT professional (7540-030/7630-323)
Level 3 Customer support provision for the IT professional (7540-030/7630-323) Systems and Principles (QCF) Assignment guide for Candidates Assignment A www.cityandguilds.com September 2012 Version 7.0
More informationAcxiom Privacy by Design: Accountability
Acxiom Privacy by Design: Accountability Sheila Colclasure Acxiom Global Public Policy and Privacy Officer 06/05/2014 2013 Acxiom Corporation. All Rights Reserved. 2013 Acxiom Corporation. All Rights Reserved.
More informationMEMBI PRIVACY POLICY
MEMBI 1 PURPOSE OF OUR POLICY 1.1 Membi Limited (Company Number 09775238) of 396a Kingston Road, Kingston Road, London SW20 8LL, United Kingdom (Membi, we, us or our) provides the services offered on the
More informationAmalgamated Life Privacy Statement
Amalgamated Life Privacy Statement Effective Date: June 26, 2015 This privacy statement applies to AmalgamatedLife.com and the Amalgamated Family of Companies websites, portals, products and services that
More information