A Q&A with the Commissioner: Big Data and Privacy Health Research: Big Data, Health Research Yes! Personal Data No!

Size: px
Start display at page:

Download "A Q&A with the Commissioner: Big Data and Privacy Health Research: Big Data, Health Research Yes! Personal Data No!"

Transcription

1 A Q&A with the Commissioner: Big Data and Privacy Health Research: Big Data, Health Research Yes! Personal Data No! Ann Cavoukian, Ph.D. Information and Privacy Commissioner Ontario, Canada

2 THE AGE OF BIG DATA, OPEN DATA AND PRIVACY Big Data Yes Open Data Yes Personal Data - No

3 BIG DATA Each day we create 2.5 quintillion bytes of data 90% of the data today has been created in the past 2 years; Big data analysis and data analytics promises new opportunities to gain valuable insights and benefits, (e.g., improved load management, better assets management, new programs and services etc.); However, it can also enable expanded surveillance, on a scale previously unimaginable; This situation cries out for a positive-sum solution, win-win strategy: what is needed is Big Data and Big Privacy!

4 PRIVACY BY DESIGN IN THE AGE OF BIG DATA The Big Difference with Big Data; Sensemaking Systems; Privacy by Design in the Age of Big Data; The Creation of a Big Data Sensemaking System through PbD.

5 DATA MINIMIZATION AND DE-IDENTIFICATION

6 DATA MINIMIZATION Data minimization is the most important safeguard in protecting personal health information, including for health research and data analysis; Ontario s PHIPA prohibits health care providers from collecting, using or disclosing personal health information if other information (such as de-identified or anonymized information) will serve the purpose; It also prohibits health care providers from collecting, using or disclosing more personal health information than is reasonably necessary to meet the purpose.

7 DISPELLING THE MYTHS ABOUT DE-IDENTIFICATION The claim that de-identification has no value in protecting privacy due to the ease of re-identification, is a myth; If proper de-identification techniques and re-identification risk management procedures are used, re-identification becomes a very difficult task; While there may be a residual risk of re-identification, in the vast majority of cases, de-identification will strongly protect the privacy of individuals when additional safeguards are in place.

8 DATA DE-IDENTIFICATION TOOL Developed by Dr. Khaled El Emam, Canada Research Chair in Electronic Health Information; De-identification tool that minimizes the risk of re-identification based on: - The low probability of reidentification; - Whether mitigation controls are in place; - Motives and capacity of the recipient; - The extent a breach invades privacy; Simultaneously maximizes privacy and data quality while minimizing distortion to the original database.

9 EVIDENCE THE TOOL WORKS Dr. El Emam was approached to create a longitudinal public use dataset using his de-identification tool for the purposes of a global data mining competition the Heritage Health Prize; Participants in the Heritage Health Prize competition were asked to predict, using de-identified claims data, the number of days patients would be hospitalized in a subsequent year; Before releasing the dataset created using Dr. El Emam s tool, the de-identified dataset was subjected to a strong reidentification attack by a highly skilled expert; The expert concluded the dataset could not be re-identified Dr. El Emam's de-identification tool was highly successful!

10 EVIDENCE THAT RE-IDENTIFICATION IS EXTREMELY DIFFICULT A literature search by Dr. El Emam et al. identified 14 published accounts of re-identification attacks on deidentified data; A review of these attacks revealed that one quarter of all records and roughly one-third of health records were re-identified; However, Dr. El Emam found that only 2 out of the 14 attacks were made on records that had been properly de-identified using existing standards; Further, only 1 of the 2 attacks had been made on health data, resulting in a very low re-identification rate of 0.013%.

11 DATA MINIMIZATION FOR RECORD LINKAGES Dr. El Emam has also developed a protocol for securely linking databases without sharing any identifying information; The protocol uses an encryption system to identify and locate records relating to an individual, existing in multiple datasets; This involves encrypting personal identifiers in each dataset and comparing only the encrypted identifiers, using mathematical operations, resulting in a list of matched records, without revealing any personal identifiers; The protocol promotes compliance with existing prohibition in PHIPA by allowing linkages of datasets without the disclosure of any identifying information a win/win solution positive-sum!

12 HOMOMORPHIC ENCRYPTION A form of encryption that allows computations to be carried out on encrypted data to obtain an encrypted result; Homomorphic describes the transformation of one dataset into another while preserving relationships between data elements in both sets; Homomorphic encryption allows you to make computations or engage in data analytics on encrypted values data you cannot read because it is not in plain text, therefore inaccessible; May also be used to link two or more databases without the disclosure of any unique identifiers positive-sum win/win.

13 SECURE DATA ANALYTICS ON THE CLOUD The Value of De-identification; Challenges in Re-identifying De-identified Information; De-identification in the Context of Privacy Laws; Re-identification Risk Assessment.

14 CONCLUDING THOUGHTS Make privacy a priority ensure that privacy is embedded into your systems and operational processes into your business practices; It is easier and far more cost-effective to build in privacy up-front, rather than after-the-fact; Privacy risks are best managed by proactively embedding the principles of Privacy by Design; Get smart lead with Privacy by Design, not privacy by chance or, worse, Privacy by Disaster!

15 HOW TO CONTACT US Ann Cavoukian, Ph.D. Information & Privacy Commissioner of Ontario 2 Bloor Street East, Suite 1400 Toronto, Ontario, Canada M4W 1A8 Phone: (416) / Web: For more information on Privacy by Design, please visit:

Ann Cavoukian, Ph.D.

Ann Cavoukian, Ph.D. Protecting Privacy in an Era of Electronic Health Records Ann Cavoukian, Ph.D. Information and Privacy Commissioner Ontario Barrie and Community Family Health Team Royal Victoria Hospital Georgian College

More information

Foundation Working Group

Foundation Working Group Foundation Working Group Proposed Recommendations on De-identifying Information for Disclosure to Third Parties The Foundation Working Group (FWG) engaged in discussions around protecting privacy while

More information

What to do When Faced With a Privacy Breach: Guidelines for the Health Sector ANN CAVOUKIAN, PH.D. COMMISSIONER

What to do When Faced With a Privacy Breach: Guidelines for the Health Sector ANN CAVOUKIAN, PH.D. COMMISSIONER What to do When Faced With a Privacy Breach: Guidelines for the Health Sector ANN CAVOUKIAN, PH.D. COMMISSIONER INFORMATION AND PRIVACY COMMISSIONER/ONTARIO Table of Contents What is a privacy breach?...1

More information

Ann Cavoukian, Ph.D.

Ann Cavoukian, Ph.D. Data, Data Everywhere The Need for BIG Privacy in a World of Big Data Ann Cavoukian, Ph.D. Information and Privacy Commissioner Ontario, Canada Future of Consumer Intelligence Universal City, California

More information

Dispelling the Myths Surrounding De-identification:

Dispelling the Myths Surrounding De-identification: Dispelling the Myths Surrounding De-identification: Anonymization Remains a Strong Tool for Protecting Privacy Ann Cavoukian, Ph.D. Information & Privacy Commissioner, Ontario, Canada Khaled El Emam, Ph.D.

More information

Maximize the Value of Your Data and the Ability to Protect Privacy, by Design

Maximize the Value of Your Data and the Ability to Protect Privacy, by Design Maximize the Value of Your Data and the Ability to Protect Privacy, by Design Ann Cavoukian, Ph.D. Executive Director Privacy and Big Data Institute Ryerson University Ontario University Registrar s Association

More information

Embedding Privacy into the Design of EHRs to Enable Multiple Functionalities Win/Win

Embedding Privacy into the Design of EHRs to Enable Multiple Functionalities Win/Win Embedding Privacy into the Design of EHRs to Enable Multiple Functionalities Win/Win March 2, 2012 Information and Privacy Commissioner, Ontario, Canada Ann Cavoukian, Ph.D. Information & Privacy Commissioner

More information

The 7 Foundational Principles. Implementation and Mapping of Fair Information Practices. Ann Cavoukian, Ph.D.

The 7 Foundational Principles. Implementation and Mapping of Fair Information Practices. Ann Cavoukian, Ph.D. Privacy by Design The 7 Foundational Principles Implementation and Mapping of Fair Information Practices Ann Cavoukian, Ph.D. Information & Privacy Commissioner Ontario, Canada Purpose: This document provides

More information

Ann Cavoukian, Ph.D.

Ann Cavoukian, Ph.D. Data, Data Everywhere The Need for Big Privacy in a World of Big Data Ann Cavoukian, Ph.D. Information and Privacy Commissioner Ontario, Canada 15 th Annual Privacy and Security Conference February 6,

More information

Ann Cavoukian, Ph.D.

Ann Cavoukian, Ph.D. School Psychologists: What You Should Know about the Personal Health Information Protection Act Ann Cavoukian, Ph.D. Information and Privacy Commissioner Ontario Psychological Services Northeast Toronto

More information

The De-identification of Personally Identifiable Information

The De-identification of Personally Identifiable Information The De-identification of Personally Identifiable Information Khaled El Emam (PhD) www.privacyanalytics.ca 855.686.4781 info@privacyanalytics.ca 251 Laurier Avenue W, Suite 200 Ottawa, ON Canada K1P 5J6

More information

De-identification Protocols:

De-identification Protocols: De-identification Protocols: Essential for Protecting Privacy Office of the Information and Privacy Commissioner of Ontario, Canada Khaled El Emam, Ph.D. Canada Research Chair in Electronic Health Information

More information

Privacy Breach Protocol

Privacy Breach Protocol & Privacy Breach Protocol Guidelines for Government Organizations www.ipc.on.ca Table of Contents What is a privacy breach? 1 Guidelines on what government organizations should do 2 What happens when the

More information

Degrees of De-identification of Clinical Research Data

Degrees of De-identification of Clinical Research Data Vol. 7, No. 11, November 2011 Can You Handle the Truth? Degrees of De-identification of Clinical Research Data By Jeanne M. Mattern Two sets of U.S. government regulations govern the protection of personal

More information

The Ontario Health Study s Assessment Centres: A Case Study for Privacy by Design

The Ontario Health Study s Assessment Centres: A Case Study for Privacy by Design The Ontario Health Study s Assessment Centres: A Case Study for Privacy by Design Ann Cavoukian, Ph.D. Information & Privacy Commissioner Ontario, Canada and Pamela C. Spencer Cancer Care Ontario VP Corporate

More information

BEFORE THE DEPARTMENT OF COMMERCE NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY. Request for Comments Docket # 120214135-2135-01

BEFORE THE DEPARTMENT OF COMMERCE NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY. Request for Comments Docket # 120214135-2135-01 BEFORE THE DEPARTMENT OF COMMERCE NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY Request for Comments Docket # 120214135-2135-01 Multistakeholder Process to Develop Consumer Privacy Codes of Conduct COMMENTS

More information

Abstract. It s peace of mind knowing that we ve done everything that is possible to meet industry standards for de-identification. Dr.

Abstract. It s peace of mind knowing that we ve done everything that is possible to meet industry standards for de-identification. Dr. Abstract In this presentation I will discuss the adoption of the Privacy Analytics Risk Assessment Tool (PARAT) by the Institute for Clinical Evaluative Sciences (ICES), for the Ontario Cancer Data Linkage

More information

Big Data, Not Big Brother: Best Practices for Data Analytics Peter Leonard Gilbert + Tobin Lawyers

Big Data, Not Big Brother: Best Practices for Data Analytics Peter Leonard Gilbert + Tobin Lawyers Big Data, Not Big Brother: Best Practices for Data Analytics Peter Leonard Gilbert + Tobin Lawyers March 2013 How Target Knew a High School Girl Was Pregnant Before Her Parents Did just because you can,

More information

Privacy Policy on the Collection, Use, Disclosure and Retention of Personal Health Information and De-Identified Data, 2010

Privacy Policy on the Collection, Use, Disclosure and Retention of Personal Health Information and De-Identified Data, 2010 pic pic Privacy Policy on the Collection, Use, Disclosure and Retention of Personal Health Information and De-Identified Data, 2010 Updated March 2013 Our Vision Better data. Better decisions. Healthier

More information

Using Privacy by Design to Achieve Big Data Innovation Without Compromising Privacy

Using Privacy by Design to Achieve Big Data Innovation Without Compromising Privacy Using Privacy by Design to Achieve Big Data Innovation Without Compromising Privacy Ann Cavoukian, Ph.D. Information and Privacy Commissioner Ontario, Canada David Stewart National Advanced Analytics Leader

More information

Privacy Guidelines for RFID Information Systems (RFID Privacy Guidelines)

Privacy Guidelines for RFID Information Systems (RFID Privacy Guidelines) Privacy Guidelines for RFID Information Systems (RFID Privacy Guidelines) Information and Privacy Ann Cavoukian, Ph.D. Commissioner June 2006 Commissioner Ann Cavoukian gratefully acknowledges the work

More information

Have it all Protecting privacy in the age of analytics

Have it all Protecting privacy in the age of analytics Have it all Protecting privacy in the age of analytics Acknowledgements: The authors wish to acknowledge Megan Brister, National Privacy Leader, Deloitte and Michelle Chibba, Director, Policy & Special

More information

SAFEGUARDING PRIVACY IN A MOBILE WORKPLACE

SAFEGUARDING PRIVACY IN A MOBILE WORKPLACE SAFEGUARDING PRIVACY IN A MOBILE WORKPLACE Checklist for taking personally identifiable information (PII) out of the workplace: q Does your organization s policy permit the removal of PII from the office?

More information

Big Data and Innovation, Setting the Record Straight: De-identification Does Work

Big Data and Innovation, Setting the Record Straight: De-identification Does Work Big Data and Innovation, Setting the Record Straight: De-identification Does Work Ann Cavoukian, Ph.D. Information and Privacy Commissioner Daniel Castro Senior Analyst, Information Technology and Innovation

More information

Report of the Information & Privacy Commissioner/Ontario. Review of the Canadian Institute for Health Information:

Report of the Information & Privacy Commissioner/Ontario. Review of the Canadian Institute for Health Information: Information and Privacy Commissioner of Ontario Report of the Information & Privacy Commissioner/Ontario Review of the Canadian Institute for Health Information: A Prescribed Entity under the Personal

More information

Privacy by Design The 7 Foundational Principles Implementation and Mapping of Fair Information Practices

Privacy by Design The 7 Foundational Principles Implementation and Mapping of Fair Information Practices Privacy by Design The 7 Foundational Principles Implementation and Mapping of Fair Information Practices Ann Cavoukian, Ph.D. Information & Privacy Commissioner, Ontario, Canada Purpose: This document

More information

Strengthening Public Sector Transparency and Privacy

Strengthening Public Sector Transparency and Privacy Strengthening Public Sector Transparency and Privacy Renee Barrette Director of Policy Information and Privacy Commissioner of Ontario AMCTO 2015 Municipal Information Access and Privacy Forum October

More information

Advance Chiropractic Vic Weatherall, DC

Advance Chiropractic Vic Weatherall, DC 3-136 Bridge Street Carleton Place, Ontario K7C 2V5 Letter of understanding I,, understand the fees to be charged to me, or my insurance, or both, for treatment by Dr. Weatherall. These fees may vary

More information

Leveraging Privacy by Design to Achieve your Business Needs through Big Data, without Compromising Privacy

Leveraging Privacy by Design to Achieve your Business Needs through Big Data, without Compromising Privacy Leveraging Privacy by Design to Achieve your Business Needs through Big Data, without Compromising Privacy Big Data & Analytics Summit Canada Old Mill, Toronto February 10, 2015 Let s Dispel Some Myths

More information

Instant Messaging and Personal Email Accounts: Meeting Your Access and Privacy Obligations

Instant Messaging and Personal Email Accounts: Meeting Your Access and Privacy Obligations Instant Messaging and Personal Email Accounts: Meeting Your Access and Privacy Obligations June 2016 Acknowledgments The IPC gratefully acknowledges the contributions of staff at Ontario s Ministry of

More information

Policy Brief: Protecting Privacy in Cloud-Based Genomic Research

Policy Brief: Protecting Privacy in Cloud-Based Genomic Research Policy Brief: Protecting Privacy in Cloud-Based Genomic Research Version 1.0 July 21 st, 2015 Suggested Citation: Adrian Thorogood, Howard Simkevitz, Mark Phillips, Edward S Dove & Yann Joly, Policy Brief:

More information

Protecting Patient Privacy. Khaled El Emam, CHEO RI & uottawa

Protecting Patient Privacy. Khaled El Emam, CHEO RI & uottawa Protecting Patient Privacy Khaled El Emam, CHEO RI & uottawa Context In Ontario data custodians are permitted to disclose PHI without consent for public health purposes What is the problem then? This disclosure

More information

Societal benefits vs. privacy: what distributed secure multi-party computation enable? Research ehelse 2015 21-22 April Oslo

Societal benefits vs. privacy: what distributed secure multi-party computation enable? Research ehelse 2015 21-22 April Oslo Privacy Societal benefits vs. privacy: what distributed secure multi-party computation enable? Research ehelse 2015 21-22 April Oslo Kassaye Yitbarek Yigzaw UiT The Arctic University of Norway Outline

More information

Privacy by Design für Big Data

Privacy by Design für Big Data Dr. Günter Karjoth 26. August 2013 Sommerakademie Kiel Privacy by Design für Big Data 1 / 34 2013 IBM Coorporation Privacy by Design (PbD) proposed by Ann Cavoukin, Privacy Commissioner Ontario mostly

More information

ENSURING ANONYMITY WHEN SHARING DATA. Dr. Khaled El Emam Electronic Health Information Laboratory & uottawa

ENSURING ANONYMITY WHEN SHARING DATA. Dr. Khaled El Emam Electronic Health Information Laboratory & uottawa ENSURING ANONYMITY WHEN SHARING DATA Dr. Khaled El Emam Electronic Health Information Laboratory & uottawa ANONYMIZATION Motivations for Anonymization Obtaining patient consent/authorization not practical

More information

Brian Beamish. Commissioner (Acting) Ontario Information and Privacy Commission. Cyber Risk National Conference February 9, 2015

Brian Beamish. Commissioner (Acting) Ontario Information and Privacy Commission. Cyber Risk National Conference February 9, 2015 Preventing Privacy Breaches and Building Confidence in Electronic Health Records Brian Beamish Commissioner (Acting) Ontario Information and Privacy Commission Cyber Risk National Conference February 9,

More information

The De-identification Maturity Model Authors: Khaled El Emam, PhD Waël Hassan, PhD

The De-identification Maturity Model Authors: Khaled El Emam, PhD Waël Hassan, PhD A PRIVACY ANALYTICS WHITEPAPER The De-identification Maturity Model Authors: Khaled El Emam, PhD Waël Hassan, PhD De-identification Maturity Assessment Privacy Analytics has developed the De-identification

More information

Privacy by Design: What s Been Happening? Ken Anderson

Privacy by Design: What s Been Happening? Ken Anderson Privacy by Design: What s Been Happening? Ken Anderson Assistant Commissioner (Privacy) Ontario Hong Kong June 13, 2012 Key Definitions Information privacy refers to the right or ability of individuals

More information

CIHI Submission: 2011 Prescribed Entity Review

CIHI Submission: 2011 Prescribed Entity Review pic pic CIHI Submission: 2011 Prescribed Entity Review October 2011 Who We Are Established in 1994, CIHI is an independent, not-for-profit corporation that provides essential information on Canada s health

More information

Redesigning IP Geolocation: Privacy by Design and Online Targeted Advertising

Redesigning IP Geolocation: Privacy by Design and Online Targeted Advertising Redesigning IP Geolocation: Privacy by Design and Online Targeted Advertising October 2010 With contributions from: Ann Cavoukian, Ph.D. Information and Privacy Commissioner, Ontario, Canada Acknowledgements

More information

Thinking small about big data: Privacy considerations for the public sector Shaun Brown Partner, nnovation LLP

Thinking small about big data: Privacy considerations for the public sector Shaun Brown Partner, nnovation LLP Thinking small about big data: Privacy considerations for the public sector Shaun Brown Partner, nnovation LLP March 30, 2016 Thinking small about big data: objectives Consider big data as a concept Focus

More information

Information and Privacy Commissioner of Ontario. Guidelines for the Use of Video Surveillance Cameras in Public Places

Information and Privacy Commissioner of Ontario. Guidelines for the Use of Video Surveillance Cameras in Public Places Information and Privacy Commissioner of Ontario Guidelines for the Use of Video Surveillance Cameras in Public Places Ann Cavoukian, Ph.D. Commissioner September 2007 Acknowledgements This publication

More information

Submission to the National Telecommunications and Information Administration (NTIA), U.S. Department of Commerce

Submission to the National Telecommunications and Information Administration (NTIA), U.S. Department of Commerce Submission to the National Telecommunications and Information Administration (NTIA), U.S. Department of Commerce Docket No. 140514424 4424 01 RIN 0660 XC010 Comments of the Information Technology Industry

More information

How to Avoid Abandoned Records: Guidelines on the Treatment of Personal Health Information, in the Event of a Change in Practice

How to Avoid Abandoned Records: Guidelines on the Treatment of Personal Health Information, in the Event of a Change in Practice Information and Privacy Commissioner / Ontario How to Avoid Abandoned Records: Guidelines on the Treatment of Personal Health Information, in the Event of a Change in Practice Ann Cavoukian, Ph.D. Commissioner

More information

Privacy and Cloud Computing for Australian Government Agencies

Privacy and Cloud Computing for Australian Government Agencies Privacy and Cloud Computing for Australian Government Agencies Better Practice Guide February 2013 Version 1.1 Introduction Despite common perceptions, cloud computing has the potential to enhance privacy

More information

CANADIAN PRIVACY AND DATA RESIDENCY REQUIREMENTS. White Paper

CANADIAN PRIVACY AND DATA RESIDENCY REQUIREMENTS. White Paper CANADIAN PRIVACY AND DATA RESIDENCY REQUIREMENTS White Paper Table of Contents Addressing compliance with privacy laws for cloud-based services through persistent encryption and key ownership... Section

More information

1.2: DATA SHARING POLICY. PART OF THE OBI GOVERNANCE POLICY Available at: http://www.braininstitute.ca/brain-code-governance. 1.2.

1.2: DATA SHARING POLICY. PART OF THE OBI GOVERNANCE POLICY Available at: http://www.braininstitute.ca/brain-code-governance. 1.2. 1.2: DATA SHARING POLICY PART OF THE OBI GOVERNANCE POLICY Available at: http://www.braininstitute.ca/brain-code-governance 1.2.1 Introduction Consistent with its international counterparts, OBI recognizes

More information

Privacy & Big Data: Enable Big Data Analytics with Privacy by Design. Datenschutz-Vereinigung von Luxemburg Ronald Koorn DRAFT VERSION 8 March 2014

Privacy & Big Data: Enable Big Data Analytics with Privacy by Design. Datenschutz-Vereinigung von Luxemburg Ronald Koorn DRAFT VERSION 8 March 2014 Privacy & Big Data: Enable Big Data Analytics with Privacy by Design Datenschutz-Vereinigung von Luxemburg Ronald Koorn DRAFT VERSION 8 March 2014 Agenda? What is 'Big Data'? Privacy Implications Privacy

More information

Towards Unified Data Security Requirements for Human Research

Towards Unified Data Security Requirements for Human Research Towards Unified Data Security Requirements for Human Research Susan Bouregy, Ph.D., CIP Chief HIPAA Privacy Officer Vice Chair, Human Subjects Committee Yale University susan.bouregy@yale.edu March 21,

More information

Over the last two decades, as a Privacy Commissioner, I have witnessed how the. Introduction

Over the last two decades, as a Privacy Commissioner, I have witnessed how the. Introduction Introduction Over the last two decades, as a Privacy Commissioner, I have witnessed how the growth of technology has brought exceedingly new challenges to the protection of privacy. Individuals are now

More information

What is involved if you are asked to provide a Police Background Check?

What is involved if you are asked to provide a Police Background Check? What is involved if you are asked to provide a Police Background Check? Read on What right do employers, volunteer recruiters, regulators, landlords and educational institutions ( organizations ) have

More information

Moving Information: Privacy & Security Guidelines

Moving Information: Privacy & Security Guidelines Information and Privacy Commissioner/ Ontario Moving Information: Privacy & Security Guidelines Ann Cavoukian, Ph.D. Commissioner July 1997 Information and Privacy Commissioner/Ontario 2 Bloor Street East

More information

Administrative Services

Administrative Services Policy Title: Administrative Services De-identification of Client Information and Use of Limited Data Sets Policy Number: DHS-100-007 Version: 2.0 Effective Date: Upon Approval Signature on File in the

More information

Best Practices for Protecting Individual Privacy in Conducting Survey Research

Best Practices for Protecting Individual Privacy in Conducting Survey Research Best Practices for Protecting Individual Privacy in Conducting Survey Research CONTENTS Foreword... 1 Introduction... 2 Privacy Considerations at Each Stage of a Survey Research Project... 5 Stage 1: Issue

More information

De-Identification 101

De-Identification 101 De-Identification 101 We live in a world today where our personal information is continuously being captured in a multitude of electronic databases. Details about our health, financial status and buying

More information

NSF Workshop on Big Data Security and Privacy

NSF Workshop on Big Data Security and Privacy NSF Workshop on Big Data Security and Privacy Report Summary Bhavani Thuraisingham The University of Texas at Dallas (UTD) February 19, 2015 Acknowledgement NSF SaTC Program for support Chris Clifton and

More information

Submission to the Standing Committee on Industry. Bill C-54, Personal Information Protection and Electronic Documents Act. Information and Privacy

Submission to the Standing Committee on Industry. Bill C-54, Personal Information Protection and Electronic Documents Act. Information and Privacy Information and Privacy Commissioner Ontario / Submission to the Standing Committee on Industry Bill C-54, Personal Information Protection and Electronic Documents Act Ann Cavoukian, Ph.D. Commissioner

More information

Privacy Impact Assessment Guidelines for the Ontario Personal Health Information Protection Act. Ann Cavoukian, Ph.D. Commissioner October 2005

Privacy Impact Assessment Guidelines for the Ontario Personal Health Information Protection Act. Ann Cavoukian, Ph.D. Commissioner October 2005 Privacy Impact Assessment Guidelines for the Ontario Personal Health Information Protection Act Ann Cavoukian, Ph.D. Commissioner October 2005 Information and Privacy Commissioner/Ontario Privacy Impact

More information

Welcome to Privacy and Big Data Analytics by Design

Welcome to Privacy and Big Data Analytics by Design Welcome to Privacy and Big Data Analytics by Design Ann Cavoukian, Ph.D. Executive Director Privacy and Big Data Institute Ryerson University Privacy by Design Seminar January 22, 2015 Presentation Outline

More information

Privacy Committee. Privacy and Open Data Guideline. Guideline. Of South Australia. Version 1

Privacy Committee. Privacy and Open Data Guideline. Guideline. Of South Australia. Version 1 Privacy Committee Of South Australia Privacy and Open Data Guideline Guideline Version 1 Executive Officer Privacy Committee of South Australia c/o State Records of South Australia GPO Box 2343 ADELAIDE

More information

Anonymizing Unstructured Data to Enable Healthcare Analytics Chris Wright, Vice President Marketing, Privacy Analytics

Anonymizing Unstructured Data to Enable Healthcare Analytics Chris Wright, Vice President Marketing, Privacy Analytics Anonymizing Unstructured Data to Enable Healthcare Analytics Chris Wright, Vice President Marketing, Privacy Analytics Privacy Analytics - Overview For organizations that want to safeguard and enable their

More information

Privacy by Design: Fundamentals for Smart Grid App Developers. Ann Cavoukian, Ph.D. Information and Privacy Commissioner, Ontario, Canada

Privacy by Design: Fundamentals for Smart Grid App Developers. Ann Cavoukian, Ph.D. Information and Privacy Commissioner, Ontario, Canada Privacy by Design: Fundamentals for Smart Grid App Developers Ann Cavoukian, Ph.D. Information and Privacy Commissioner, Ontario, Canada August 2013 Information and Privacy Commissioner, Ontario, Canada

More information

Encryption by Default and Circles of Trust

Encryption by Default and Circles of Trust Encryption by Default and Circles of Trust Strategies to Secure Personal Information in High-Availability Environments December 2012 Information and Privacy Commissioner, Ontario, Canada Acknowledgements

More information

How to De-identify Data. Xulei Shirley Liu Department of Biostatistics Vanderbilt University 03/07/2008

How to De-identify Data. Xulei Shirley Liu Department of Biostatistics Vanderbilt University 03/07/2008 How to De-identify Data Xulei Shirley Liu Department of Biostatistics Vanderbilt University 03/07/2008 1 Outline The problem Brief history The solutions Examples with SAS and R code 2 Background The adoption

More information

Information and Privacy Commissioner of Ontario. Guidelines for Using Video Surveillance Cameras in Schools

Information and Privacy Commissioner of Ontario. Guidelines for Using Video Surveillance Cameras in Schools Information and Privacy Commissioner of Ontario Guidelines for Using Video Surveillance Cameras in Schools Ann Cavoukian, Ph.D. Commissioner Revised July 2009 This publication is an updated version of

More information

De-identification, defined and explained. Dan Stocker, MBA, MS, QSA Professional Services, Coalfire

De-identification, defined and explained. Dan Stocker, MBA, MS, QSA Professional Services, Coalfire De-identification, defined and explained Dan Stocker, MBA, MS, QSA Professional Services, Coalfire Introduction This perspective paper helps organizations understand why de-identification of protected

More information

Brave New World or Old Problems? Privacy, Security and Big Data: Beware of Unintended Consequences

Brave New World or Old Problems? Privacy, Security and Big Data: Beware of Unintended Consequences Brave New World or Old Problems? Privacy, Security and Big Data: Beware of Unintended Consequences A nn C avouk ian, P h.d. E x ecut ive D ir ect or P r ivacy and B ig D at a Inst it ut e R yer son U niver

More information

Privacy by Design Protecting privacy in the age of analytics

Privacy by Design Protecting privacy in the age of analytics Privacy by Design Protecting privacy in the age of analytics The era of Big Data is here, and it isn t going away. The ability to use data to connect information, identify patterns and personalise interactions

More information

What s New in Access, Privacy and Health Care. Brian Beamish Commissioner. Ontario Connections May 21, 2015

What s New in Access, Privacy and Health Care. Brian Beamish Commissioner. Ontario Connections May 21, 2015 What s New in Access, Privacy and Health Care Brian Beamish Commissioner Ontario Connections May 21, 2015 The Three Acts The IPC ensures compliance with: o Freedom of Information and Protection of Privacy

More information

Privacy by Design Setting a new standard for privacy certification

Privacy by Design Setting a new standard for privacy certification Privacy by Design Setting a new standard for privacy certification Privacy by Design is a framework based on proactively embedding privacy into the design and operation of IT systems, networked infrastructure,

More information

Procedure for Managing a Privacy Breach

Procedure for Managing a Privacy Breach Procedure for Managing a Privacy Breach (From the Privacy Policy and Procedures available at: http://www.mun.ca/policy/site/view/index.php?privacy ) A privacy breach occurs when there is unauthorized access

More information

Practice Tool for Exercising Discretion: Emergency Disclosure of Personal Information by Universities, Colleges and other Educational Institutions

Practice Tool for Exercising Discretion: Emergency Disclosure of Personal Information by Universities, Colleges and other Educational Institutions Practice Tool for Exercising Discretion: Emergency Disclosure of Personal Information by Universities, Colleges and other Educational Institutions October 2008 Information and Privacy Commissioner of Ontario

More information

Data Privacy and Biomedicine Syllabus - Page 1 of 6

Data Privacy and Biomedicine Syllabus - Page 1 of 6 Data Privacy and Biomedicine Syllabus - Page 1 of 6 Course: Data Privacy in Biomedicine (BMIF-380 / CS-396) Instructor: Bradley Malin, Ph.D. (b.malin@vanderbilt.edu) Semester: Spring 2015 Time: Mondays

More information

Legal Insight. Big Data Analytics Under HIPAA. Kevin Coy and Neil W. Hoffman, Ph.D. Applicability of HIPAA

Legal Insight. Big Data Analytics Under HIPAA. Kevin Coy and Neil W. Hoffman, Ph.D. Applicability of HIPAA Big Data Analytics Under HIPAA Kevin Coy and Neil W. Hoffman, Ph.D. Privacy laws and regulations such as the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule can have a significant

More information

A Guide to Ontario Legislation Covering the Release of Students

A Guide to Ontario Legislation Covering the Release of Students A Guide to Ontario Legislation Covering the Release of Students Personal Information Revised: June 2011 Ann Cavoukian, Ph.D. Information and Privacy Commissioner, Ontario, Canada Commissioner, Ontario,

More information

FIPPA and MFIPPA: Bill 8 The Recordkeeping Amendments

FIPPA and MFIPPA: Bill 8 The Recordkeeping Amendments FIPPA and MFIPPA: Bill 8 The Recordkeeping Amendments December 2015 CONTENTS Introduction...1 The Amendments What s New?...1 Is My Institution Required to Comply With These Provisions?...2 What are Records?...2

More information

De-Identification of Health Data under HIPAA: Regulations and Recent Guidance" " "

De-Identification of Health Data under HIPAA: Regulations and Recent Guidance  De-Identification of Health Data under HIPAA: Regulations and Recent Guidance" " " D even McGraw " Director, Health Privacy Project January 15, 201311 HIPAA Scope Does not cover all health data Applies

More information

An Updated Privacy Paradigm for the Internet of Things

An Updated Privacy Paradigm for the Internet of Things An Updated Privacy Paradigm for the Internet of Things By Christopher Wolf and Jules Polonetsky Co-Chairs, Future of Privacy Forum November 19, 2013 The Future of Privacy Forum is a think tank whose mission

More information

Privacy and Security Framework, February 2010

Privacy and Security Framework, February 2010 Privacy and Security Framework, February 2010 Updated April 2014 Our Vision Better data. Better decisions. Healthier Canadians. Our Mandate To lead the development and maintenance of comprehensive and

More information

CIHI Portal P r i v a c y I m p a c t A s s e s s m e n t

CIHI Portal P r i v a c y I m p a c t A s s e s s m e n t CIHI Portal P r i v a c y I m p a c t A s s e s s m e n t The contents of this publication may be reproduced in whole or in part, provided the intended use is for non-commercial purposes and full acknowledgement

More information

Safeguarding Personal Health Information When Using Mobile Devices for Research Purposes

Safeguarding Personal Health Information When Using Mobile Devices for Research Purposes Safeguarding Personal Health Information When Using Mobile Devices for Research Purposes Information & Privacy Commissioner, Ontario, Canada Children s Hospital of Eastern Ontario September 13, 2011 The

More information

BUSINESS ASSOCIATE AGREEMENT BETWEEN AND COMMISSION ON ACCREDITATION, AMERICAN PSYCHOLOGICAL ASSOCIATION

BUSINESS ASSOCIATE AGREEMENT BETWEEN AND COMMISSION ON ACCREDITATION, AMERICAN PSYCHOLOGICAL ASSOCIATION BUSINESS ASSOCIATE AGREEMENT BETWEEN AND COMMISSION ON ACCREDITATION, AMERICAN PSYCHOLOGICAL ASSOCIATION This Agreement governs the provision of Protected Health Information ("PHI") (as defined in 45 C.F.R.

More information

THE STATE OF DATA SHARING FOR HEALTHCARE ANALYTICS 2015-2016: CHANGE, CHALLENGES AND CHOICE

THE STATE OF DATA SHARING FOR HEALTHCARE ANALYTICS 2015-2016: CHANGE, CHALLENGES AND CHOICE THE STATE OF DATA SHARING FOR HEALTHCARE ANALYTICS 2015-2016: CHANGE, CHALLENGES AND CHOICE As demand for data sharing grows, healthcare organizations must move beyond data agreements and masking to achieve

More information

HIPAA POLICY REGARDING DE-IDENTIFICATION OF PROTECTED HEALTH INFORMATION AND USE OF LIMITED DATA SETS

HIPAA POLICY REGARDING DE-IDENTIFICATION OF PROTECTED HEALTH INFORMATION AND USE OF LIMITED DATA SETS HIPAA POLICY REGARDING DE-IDENTIFICATION OF PROTECTED HEALTH INFORMATION AND USE OF LIMITED DATA SETS SCOPE OF POLICY: What Units Are Covered by this Policy?: This policy applies to the following units

More information

Risk management, information security and privacy compliance. new meeting of minds or ships in the night?

Risk management, information security and privacy compliance. new meeting of minds or ships in the night? Risk management, information security and privacy compliance new meeting of minds or ships in the night? Peter Leonard September 2015 page 1 ships in the night + narrowly focussed conversations reasonable

More information

HIPAA-Compliant Research Access to PHI

HIPAA-Compliant Research Access to PHI HIPAA-Compliant Research Access to PHI HIPAA permits the access, disclosure and use of PHI from a HIPAA Covered Entity s or HIPAA Covered Unit s treatment, payment or health care operations records for

More information

Understanding De-identification, Limited Data Sets, Encryption and Data Masking under HIPAA/HITECH: Implementing Solutions and Tackling Challenges

Understanding De-identification, Limited Data Sets, Encryption and Data Masking under HIPAA/HITECH: Implementing Solutions and Tackling Challenges Understanding De-identification, Limited Data Sets, Encryption and Data Masking under HIPAA/HITECH: Implementing Solutions and Tackling Challenges Daniel C. Barth-Jones, M.P.H., Ph.D. Assistant Professor

More information

Comments of the World Privacy Forum To: Office of Science and Technology Policy Re: Big Data Request for Information. Via email to bigdata@ostp.

Comments of the World Privacy Forum To: Office of Science and Technology Policy Re: Big Data Request for Information. Via email to bigdata@ostp. 3108 Fifth Avenue Suite B San Diego, CA 92103 Comments of the World Privacy Forum To: Office of Science and Technology Policy Re: Big Data Request for Information Via email to bigdata@ostp.gov Big Data

More information

Guidelines on Facsimile Transmission Security

Guidelines on Facsimile Transmission Security Information and Privacy Commissioner/ Ontario Guidelines on Facsimile Transmission Security Ann Cavoukian, Ph.D. Commissioner Revised January 2003 Information and Privacy Commissioner/Ontario 2 Bloor Street

More information

A Privacy Officer s Guide to Providing Enterprise De-Identification Services. Phase I

A Privacy Officer s Guide to Providing Enterprise De-Identification Services. Phase I IT Management Advisory A Privacy Officer s Guide to Providing Enterprise De-Identification Services Ki Consulting has helped several large healthcare organizations to establish de-identification services

More information

For ONC S&I DS4P. Dennis Giokas Chief Technology Officer Canada Health Infoway Inc. January 25, 2012

For ONC S&I DS4P. Dennis Giokas Chief Technology Officer Canada Health Infoway Inc. January 25, 2012 For ONC S&I DS4P Dennis Giokas Chief Technology Officer Canada Health Infoway Inc. January 25, 2012 1 Outline EHR Business Architecture EHR Solution Blueprint EHR Privacy and Security Summary & Conclusion

More information

Privacy Investigation: The Toronto Police Service s use of Mobile Licence Plate Recognition Technology to find stolen vehicles

Privacy Investigation: The Toronto Police Service s use of Mobile Licence Plate Recognition Technology to find stolen vehicles Information and Privacy Commissioner/Ontario Commissaire à l information et à la protection de la vie privée/ontario Privacy Investigation: The Toronto Police Service s use of Mobile Licence Plate Recognition

More information

Welcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information

Welcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information Welcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information about HIPAA, the HITECH-HIPAA Omnibus Privacy Act, how

More information

Roadmap. What is Big Data? Big Data for Educational Institutions 5/30/2014. A Framework for Addressing Privacy Compliance and Legal Considerations

Roadmap. What is Big Data? Big Data for Educational Institutions 5/30/2014. A Framework for Addressing Privacy Compliance and Legal Considerations Big Data for Educational Institutions A Framework for Addressing Privacy Compliance and Legal Considerations Roadmap Introduction What is Big Data? How are educational institutions using Big Data? What

More information

Principles and Best Practices for Sharing Data from Environmental Health Research: Challenges Associated with Data-Sharing: HIPAA De-identification

Principles and Best Practices for Sharing Data from Environmental Health Research: Challenges Associated with Data-Sharing: HIPAA De-identification Principles and Best Practices for Sharing Data from Environmental Health Research: Challenges Associated with Data-Sharing: HIPAA De-identification Daniel C. Barth-Jones, M.P.H., Ph.D Assistant Professor

More information

Information Sheet: Cloud Computing

Information Sheet: Cloud Computing info sheet 03.11 Information Sheet: Cloud Computing Info Sheet 03.11 May 2011 This Information Sheet gives a brief overview of how the Information Privacy Act 2000 (Vic) applies to cloud computing technologies.

More information

Data Security Plan Development Guide for Researchers

Data Security Plan Development Guide for Researchers Data Security Plan Development Guide for Researchers November 2014 Prepared for: Association for Public Policy Analysis and Management Fall Research Conference Submitted by: Sean Owen, CISSP, CAP and Teresa

More information

Practice Resource. Cloud computing checklist. Introduction

Practice Resource. Cloud computing checklist. Introduction Practice Resource Cloud computing checklist Cloud computing offers many benefits to lawyers including the ability to access an exploding array of new software services and applications, the offloading

More information

UPMC POLICY AND PROCEDURE MANUAL

UPMC POLICY AND PROCEDURE MANUAL UPMC POLICY AND PROCEDURE MANUAL POLICY: INDEX TITLE: HS-EC1807 Ethics & Compliance SUBJECT: Honest Broker Certification Process Related to the De-identification of Health Information for Research and

More information

Personal Health Information Protection Act

Personal Health Information Protection Act Frequently Asked Questions : Personal Health Information Protection Act February 2005 Information and Privacy Commissioner/Ontario Ann Cavoukian, Ph.D Commissioner. Dr. Ann Cavoukian, the Information and

More information