Accountability by Design for Privacy
|
|
|
- Cory Phelps
- 10 years ago
- Views:
Transcription
1 Accountability by Design for Privacy Denis Butin, Marcos Chicote and Daniel Le Métayer 1 / 17
2 Introduction ICT growth adds to concern about sensitive data use Individuals share more & more PII Stronger privacy guarantees needed Regulations exist through EU directives, country-specific laws Not enough practical, specific means required 2 / 17
3 Background The Need for Accountability 3 / 17
4 Background Legal privacy protection EU directives 95/46 (Data Protection), 2002/58 (Privacy & Electronic Communications) Privacy & PII security are subtle, context-dependent Need bridge between broadly-defined concepts & actual ICT systems 4 / 17
5 Privacy Impact Assessment Modern analytic approach to mitigate privacy risks in ICT systems Done before system deployment No guarantees to users about actual running system 5 / 17
6 Motivation (1/2) Runtime / a posteriori verifications needed! Provide proven trust instead of blind trust Data controllers should be accountable to data subjects Practical requirements? 6 / 17
7 Motivation (2/2) Need to provide the means to check that agreements were fulfilled Approach: check PII handling event histories (logs) against agreements with an automatic tool! Duality if PIA done right (implies design choices), accountability possible (depends on design) 7 / 17
8 What is Accountability? Obligation to accept responsibility for actions Attributability: who did what? Non-repudiable evidence that cannot be falsified Transparent use of information 8 / 17
9 Enabling Accountability (1/2) Accountability does not emerge spontaneously Feasibility of comprehensive a posteriori verification? Depends directly on technical architecture! Example requirements on logs for accountability Timestamps needed in logs if notification to data subject within an hour required when sharing their age with a third party 9 / 17
10 Enabling Accountability (2/2) Need to define: Obligations to be met = Policy language Compliance checking evidence = Log architecture Compliance checking procedure = Log analyzer 10 / 17
11 Usage Policy Languages Usage policy languages allow data handling details to be set On both sides: data subject (preferences), data controller (policies) Example data handling preference Data controller may use data subject s address to send security alerts, but may not share it with third parties. 11 / 17
12 Primelife Policy Language (PPL) Automated matching of data subject & data controller policies yields Sticky Policies (agreements) Wide range of obligations possible (trigger + action) Only informal specification available until our work Example informal obligation If PII accessed by data controller for purpose marketing, anonymize it within a day 12 / 17
13 PII Event Logging Data Controller must provide evidence that agreements met Audit possible through inspection of event histories (logs) wrt data handling agreements Structure of logs conditions auditability, hence accountability Deciding what to include in logs not a trivial task 13 / 17
14 Formalising PPL Relevant events precisely defined (syntax) Compliance properties described (semantics) Tool built for automated compliance checking (implementation) Reasoning over compliance can be generalised 14 / 17
15 Importance of explicitness sufficiently detailed event information needed Avoid ambiguity; reflect causal relationships Accountability definitions shape log structure & vice versa Include contextual information if obligation of performance 15 / 17
16 Implications of audit process role definition (third party, data subject, certificated authority... ) Accountability-oriented, standardised log format (policy language-independent) Detailed case studies illustrating design guidelines 16 / 17
17 Questions? 17 / 17
Alternative authentication what does it really provide?
Alternative authentication what does it really provide? Steve Pannifer Consult Hyperion Tweed House 12 The Mount Guildford GU2 4HN UK [email protected] Abstract In recent years many new technologies
Trends in Embedded Software Development in Europe. Dr. Dirk Muthig [email protected]
Trends in Embedded Software Development in Europe Dr. Dirk Muthig [email protected] Problems A software project exceeds the budget by 90% and the project time by 120% in average Project Management
Liability and Privacy Issues in Business
1 Interactions between law and computer science: privacy and liability Daniel Le Métayer 2 Multidisciplinary approach Growing intermingling of legal and technological issues: privacy, DRM, liability, electronic
White Paper Delivering Web Services Security: The Entrust Secure Transaction Platform
White Paper Delivering Web Services Security: September 2003 Copyright 2003 Entrust. All rights reserved. Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries.
Software Engineering. Software Engineering. Component-Based. Based on Software Engineering, 7 th Edition by Ian Sommerville
Software Engineering Component-Based Software Engineering Based on Software Engineering, 7 th Edition by Ian Sommerville Objectives To explain that CBSE is concerned with developing standardised components
Realize That Big Security Data Is Not Big Security Nor Big Intelligence
G00245789 Realize That Big Security Data Is Not Big Security Nor Big Intelligence Published: 19 April 2013 Analyst(s): Joseph Feiman Security intelligence's ultimate objective, enterprise protection, is
The Way to SOA Concept, Architectural Components and Organization
The Way to SOA Concept, Architectural Components and Organization Eric Scholz Director Product Management Software AG Seite 1 Goals of business and IT Business Goals Increase business agility Support new
Inductive Analysis of Security Protocols in Isabelle/HOL with Applications to Electronic Voting
Inductive Analysis of Security Protocols in Isabelle/HOL with Applications to Electronic Voting Denis Butin 1 / 37 2 / 37 Introduction Network communication sensitive: banking, private correspondence,
Recommendations for the PIA. Process for Enterprise Services Bus. Development
Recommendations for the PIA Process for Enterprise Services Bus Development A Report by the Data Privacy and Integrity Advisory Committee This report reflects the consensus recommendations provided by
Cloud Services Catalog with Epsilon
Cloud Services Catalog with Epsilon Modern IT enterprises face several challenges while building a service catalog for their data center. Provisioning with a cloud management platform solves some of these
Executive Summary In light of the i2010 initiative, the Commission has adopted initiatives to further develop the Single European Information Space a Single Market for the Information Society. However,
The Cadence Partnership Service Definition
The Cadence Partnership Service Definition About Cadence The Cadence Partnership is an independent management consultancy, specialising in working with a wide range of organisations, solving complex issues
Privacy Requirements Definition and Testing in the Healthcare Environment
Definition and Testing in the Healthcare Environment Julie S. McEwen, CIPM, CIPP/G/IT/US, CISSP, PMP Julie Snyder, CIPM, CIPP/G/US Approved for Public Release. Distribution Unlimited. 13-2766 2013 The
Shareable Private Space on a Public Cloud
Shareable Private Space on a Public Cloud 1.0 Introduction: Sharable private space on public cloud (a distributed computing platform) is nontrivial task. With immerse of Free & Open Source Software (FOSS),
APPLICATION COMPLIANCE AUDIT & ENFORCEMENT
TELERAN SOLUTION BRIEF Building Better Intelligence APPLICATION COMPLIANCE AUDIT & ENFORCEMENT For Exadata and Oracle 11g Data Warehouse Environments BUILDING BETTER INTELLIGENCE WITH BI/DW COMPLIANCE
5 FAM 140 ACCEPTABILITY AND USE OF ELECTRONIC SIGNATURES
5 FAM 140 ACCEPTABILITY AND USE OF ELECTRONIC SIGNATURES 5 FAM 141 PURPOSE (CT-IM-112; 07-30-2010) (Office of Origin: IRM/OPS/ITI/SI/IIB) The purpose of this FAM chapter is to enable the Department to
Guidance for Data Users on the Collection and Use of Personal Data through the Internet 1
Guidance for Data Users on the Collection and Use of Personal Data through the Internet Introduction Operating online businesses or services, whether by commercial enterprises, non-government organisations
GSA s Digital Analytics Program and FTC
Federal Trade Commission Privacy Impact Assessment Google Analytics Through GSA s Digital Analytics Program June 2014 1 SECTION 1.0 SPECIFIC PURPOSE OF THE FTC S PARTICIPATION IN GSA s DIGITAL ANALYTICS
Johnson Controls Privacy Notice
Johnson Controls Privacy Notice Johnson Controls, Inc. and its affiliated companies (collectively Johnson Controls, we, us or our) care about your privacy and are committed to protecting your personal
The Information Commissioner s Office response to HM Treasury s Call for Evidence on Data Sharing and Open Data in Banking
The Information Commissioner s Office response to HM Treasury s Call for Evidence on Data Sharing and Open Data in Banking The Information Commissioner has responsibility for promoting and enforcing the
Android Developer Applications
Android Developer Applications January 31, 2013 Contact Departmental Privacy Office U.S. Department of the Interior 1849 C Street NW Mail Stop MIB-7456 Washington, DC 20240 202-208-1605 [email protected]
How To Understand The System'S Purpose And Function
NOTE: The following reflects the information entered in the PIAMS Website. A. SYSTEM DESCRIPTION Authority: Office of Management Budget (OMB) Memorandum (M) 03-22, OMB Guidance for Implementing the Privacy
CHAPTER THREE, Network Services Management Framework
CHAPTER THREE, Acronyms and Terms 3-3 List of Figures 3-4 1 Introduction 3-5 2 Architecture 3-6 2.1 Entity Identification & Addressing 3-7 2.2 Management Domain Registration and Information Service 3-7
Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006
Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates September 2006 Copyright 2006 Entrust. All rights reserved. www.entrust.com Entrust is a registered trademark
Authentication, Access Control, Auditing and Non-Repudiation
Authentication, Access Control, Auditing and Non-Repudiation 1 Principals Humans or system components that are registered in and authentic to a distributed system. Principal has an identity used for: Making
FHFA. Privacy Impact Assessment Template FM: SYSTEMS (SYSTEM NAME)
FHFA Privacy Impact Assessment Template FM: SYSTEMS (SYSTEM NAME) This template is used when the Chief Privacy Officer determines that the system contains Personally Identifiable Information and a more
Exhibit 2. Business Associate Addendum
Exhibit 2 Business Associate Addendum This Business Associate Addendum ( Addendum ) governs the use and disclosure of Protected Health Information by EOHHS when functioning as a Business Associate in performing
CAPABILITY MATURITY MODEL & ASSESSMENT
ENTERPRISE DATA GOVERNANCE CAPABILITY MATURITY MODEL & ASSESSMENT www.datalynx.com.au Data Governance Data governance is a key mechanism for establishing control of corporate data assets and enhancing
Certificate Policies and Certification Practice Statements
Entrust White Paper Certificate Policies and Certification Practice Statements Author: Sharon Boeyen Date: February 1997 Version: 1.0 Copyright 2003 Entrust. All rights reserved. Certificate Policies and
The Netskope Active Platform
The Netskope Active Platform Enabling Safe Migration to the Cloud Massive Cloud Adoption Netskope is the leader in safe cloud enablement. With Netskope, IT can protect data and ensure compliance across
Corporate Leadership Council Metrics
for the Corporate Leadership Council Metrics Contact Point Chris Cejka Director, Strategic Planning and Evaluation Division Human Capital Innovation Office of the Chief Human Capital Officer Department
White Paper. Protecting Databases from Unauthorized Activities Using Imperva SecureSphere
Protecting Databases from Unauthorized Activities Using Imperva SecureSphere White Paper As the primary repository for the enterprise s most valuable information, the database is perhaps the most sensitive
SQL Server for Database Administrators Course Syllabus
SQL Server for Database Administrators Course Syllabus 1. Description This course teaches the administration and maintenance aspects of Microsoft SQL Server. It covers all the roles performed by administrative
ISO 27001 COMPLIANCE WITH OBSERVEIT
ISO 27001 COMPLIANCE WITH OBSERVEIT OVERVIEW ISO/IEC 27001 is a framework of policies and procedures that include all legal, physical and technical controls involved in an organization s information risk
Digital Asset Manager, Digital Curator. Cultural Informatics, Cultural/ Art ICT Manager
Role title Digital Cultural Asset Manager Also known as Relevant professions Summary statement Mission Digital Asset Manager, Digital Curator Cultural Informatics, Cultural/ Art ICT Manager Deals with
A Privacy Officer s Guide to Providing Enterprise De-Identification Services. Phase I
IT Management Advisory A Privacy Officer s Guide to Providing Enterprise De-Identification Services Ki Consulting has helped several large healthcare organizations to establish de-identification services
SERENITY Pattern-based Software Development Life-Cycle
SERENITY Pattern-based Software Development Life-Cycle Francisco Sanchez-Cid, Antonio Maña Computer Science Department University of Malaga. Spain {cid, amg}@lcc.uma.es Abstract Most of current methodologies
Revision History Revision Date 3.0 14.02.10. Changes Initial version published to http://www.isasecure.org
SDLA-312 ISA Security Compliance Institute Security Development Lifecycle Assurance - Security Development Lifecycle Assessment v3.0 Lifecycle Phases Number Phase Name Description PH1 Security Management
MANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE
WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both. But
IBM Data Security Services for endpoint data protection endpoint data loss prevention solution
Automating policy enforcement to prevent endpoint data loss IBM Data Security Services for endpoint data protection endpoint data loss prevention solution Highlights Protecting your business value from
Security architecture and framework Design and pilot implementation
WP 5 Work Package Meeting Security architecture and framework Design and pilot implementation 3 rd AGM in Munich, 17 February 2015 TUM: Raffael Bild, Florian Kohlmayer, Helmut Spengler EBI: Olga Melnichuk,
Course Syllabus. Maintaining a Microsoft SQL Server 2005 Database. At Course Completion
Course Syllabus Maintaining a Microsoft SQL Server 2005 Database Elements of this syllabus are subject to change. This five-day instructor-led course provides students with the knowledge and skills to
Today, the world s leading insurers
analytic model management FICO Central Solution for Insurance Complete model management and rapid deployment Consistent precision in insurers predictive models, and the ability to deploy new and retuned
COMPLIANCE MANAGEMENT SOLUTIONS THOMSON REUTERS ACCELUS COMPLIANCE MANAGEMENT SOLUTIONS
THOMSON REUTERS ACCELUS COMPLIANCE MANAGEMENT SOLUTIONS THOMSON REUTERS ACCELUS Our solutions dynamically connect business transactions, strategy, and operations to the ever-changing regulatory environment,
A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards
A Websense Research Brief Prevent Loss and Comply with Payment Card Industry Security Standards Prevent Loss and Comply with Payment Card Industry Security Standards Standards for Credit Card Security
Beyond PCI Checklists:
Beyond PCI Checklists: Securing Cardholder Data with Tripwire s enhanced File Integrity Monitoring white paper Configuration Control for Virtual and Physical Infrastructures Contents 4 The PCI DSS Configuration
Solving data residency and privacy compliance challenges Delivering business agility, regulatory compliance and risk reduction
Solving data residency and privacy compliance challenges Delivering business agility, regulatory compliance and risk reduction Introduction In today s dynamic business environment, corporation s intangible
Compliance Response Edition 07/2009. SIMATIC WinCC V7.0 Compliance Response Electronic Records / Electronic Signatures. simatic wincc DOKUMENTATION
Compliance Response Edition 07/2009 SIMATIC WinCC V7.0 Compliance Response Electronic Records / Electronic Signatures simatic wincc DOKUMENTATION Compliance Response Electronic Records / Electronic Signatures
CINCS In Focus. Detecting and Preventing Fraud in the US Federal Crop Insurance Program
CINCS In Focus Detecting and Preventing Fraud in the US Federal Crop Insurance Program 19th December, 2012 Mitigating the Risks of Fraud in the USDA Federal Crop Insurance Program By CINCS Team Member
Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com
Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com Advanced Analytics Dan Vesset September 2003 INTRODUCTION In the previous sections of this series
Risk & Hazard Management
Rivo Software Solution Layer provides a rapidly deployable complete set of hazard and risk management functionality from any device, accessible from anywhere through our highly secure cloud platform. Identify,
The Requirements Compliance Matrix columns are defined as follows:
1 DETAILED REQUIREMENTS AND REQUIREMENTS COMPLIANCE The following s Compliance Matrices present the detailed requirements for the P&I System. Completion of all matrices is required; proposals submitted
Privacy Impact Assessment
Technology, Planning, Architecture, & E-Government Version: 1.1 Date: April 14, 2011 Prepared for: USDA OCIO TPA&E Privacy Impact Assessment for the April 14, 2011 Contact Point Charles McClam Deputy Chief
Service Definition Document
Service Definition Document QinetiQ Secure Cloud Protective Monitoring Service (AWARE) QinetiQ Secure Cloud Protective Monitoring Service (DETER) Secure Multi-Tenant Protective Monitoring Service (AWARE)
Taxpayers/Public/Tax Systems Employees/Personnel/HR Systems Other Source: State agencies provide payment information via EFTPS and SDT
NOTE: The following reflects the information entered in the PIAMS website. A. SYSTEM DESCRIPTION Authority: Office of Management Budget (OMB) Memorandum (M) 03-22, OMB Guidance for Implementing the Privacy
New system Significant modification to an existing system To update existing PIA for a triennial security reauthorization
1. Contact Information Department of State Privacy Coordinator Margaret P. Grafeld Bureau of Administration Global Information Services Office of Information Programs and Services 2. System Information
SAMAY - Attendance, Access control and Payroll Software
SAMAY - Attendance, Access control and Payroll Software Welcome to a new world of comprehensive Human Capital Management (HCM) solutions from ISS. ISS SAMAY is a highly simplified HCM solution with an
Cloud Security Strategies. Fabio Gianotti, Head of Cyber Security and Enterprise Security Systems
Cloud Security Strategies Fabio Gianotti, Head of Cyber Security and Enterprise Security Systems London, 14 October 2015 UNICREDIT AT A GLANCE Employees: more than 146.600 Branches: 8.403 Banking operations
IBM Data Security Services for endpoint data protection endpoint data loss prevention solution
Automating policy enforcement to prevent endpoint data loss IBM Data Security Services for endpoint data protection endpoint data loss prevention solution Highlights Facilitate policy-based expertise and
Securing Data on Microsoft SQL Server 2012
Securing Data on Microsoft SQL Server 2012 Course 55096 The goal of this two-day instructor-led course is to provide students with the database and SQL server security knowledge and skills necessary to
Adaptive Business Management Systems Privacy Policy
Adaptive Business Management Systems Privacy Policy Updated policy: Effective on July 01, 2013 This privacy statement describes how Adaptive Business Management Systems collects and uses the personal information
Call Center and Clearing System. ID Technologies Inc
Call Center and Clearing System ID Technologies Inc Features Enterprise level ticket generation, clearing and tracking system GIS based integrated graphical information. Multi-format map integration Real
JA to support the ehealth Network
JA to support the ehealth Network ehealth Network & ehgi Directive 2011/24/EU of the European Parliament and of the Council on the application of patients` rights in cross-border healtcare 08.05.2015 2
REMEDY Enterprise Services Management System
for the Enterprise Services Management System April 28, 2016 Contact Point Marshall Nolan Border Enforcement and Management Systems Division Office of Information Technology U.S. Customs & Border Protection
CLOUD STORAGE SECURITY INTRODUCTION. Gordon Arnold, IBM
CLOUD STORAGE SECURITY INTRODUCTION Gordon Arnold, IBM SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individual members may use this material
Protecting Data-at-Rest with SecureZIP for DLP
Protecting Data-at-Rest with SecureZIP for DLP TABLE OF CONTENTS INTRODUCTION 3 PROTECTING DATA WITH DLP 3 FINDING INDIVIDUAL AND SHARED INFORMATION-AT-REST 4 METHODS FOR REMEDIATION 4 ENCRYPTING UNPROTECTED
Identity Management Overview. Bill Nelson [email protected] Vice President of Professional Services
Identity Management Overview Bill Nelson [email protected] Vice President of Professional Services 1 Agenda Common Identity-related Requests Business Drivers for Identity Management Account (Identity)
Privacy Impact Assessment for the. E-Verify Self Check. DHS/USCIS/PIA-030(b) September 06, 2013
for the E-Verify Self Check DHS/USCIS/PIA-030(b) September 06, 2013 Contact Point Donald K. Hawkins Privacy Officer United States Citizenship and Immigration Services (202) 272-8030 Reviewing Official
MS SQL Server 2014 New Features and Database Administration
MS SQL Server 2014 New Features and Database Administration MS SQL Server 2014 Architecture Database Files and Transaction Log SQL Native Client System Databases Schemas Synonyms Dynamic Management Objects
Workshop Privacy Impact Assessments The NOREA-PIA: design and experience
PI.lab: Privacy in 2014 Workshop Privacy Impact Assessments The NOREA-PIA: design and experience Wolter Karssenberg RE Member of the Knowledge Group Privacy Audits NOREA (NOREA is the professional association
The system: does NOT contain PII. If this is the case, you must only complete Section 13.
1. Contact Information Department of State Privacy Coordinator Margaret P. Grafeld Bureau of Administration Global Information Services Office of Information Programs and Services 2. System Information
ICT 6: Cloud computing
computing Jorge GASÓS Software and Services, Cloud Unit DG Connect [email protected] Cloud computing in previous WPs FP7 ICT Work Programmes (Calls 1, 5, 8, 10) Total investment in the software,
BEA AquaLogic Integrator Agile integration for the Enterprise Build, Connect, Re-use
Product Data Sheet BEA AquaLogic Integrator Agile integration for the Enterprise Build, Connect, Re-use BEA AquaLogic Integrator delivers the best way for IT to integrate, deploy, connect and manage process-driven
CÚRAM. Government of Alberta. Privacy Impact Assessment. Final Report. March 2009
Government of Alberta Final Report Submitted by: Information and Privacy Office Employment and Immigration Table of Contents 1. Background...1 2. Purpose of This Review...2 3. Managing Access and System
Automatic vs. Manual Code Analysis
Automatic vs. Manual Code Analysis 2009-11-17 Ari Kesäniemi Senior Security Architect Nixu Oy [email protected] Copyright The Foundation Permission is granted to copy, distribute and/or modify this
A. SYSTEM DESCRIPTION
NOTE: The following reflects the information entered in the PIAMS website. A. SYSTEM DESCRIPTION Authority: Office of Management Budget (OMB) Memorandum (M) 03-22, OMB Guidance for Implementing the Privacy