Accountability by Design for Privacy



Similar documents
Alternative authentication what does it really provide?

Trends in Embedded Software Development in Europe. Dr. Dirk Muthig

Liability and Privacy Issues in Business

White Paper Delivering Web Services Security: The Entrust Secure Transaction Platform

Software Engineering. Software Engineering. Component-Based. Based on Software Engineering, 7 th Edition by Ian Sommerville

Realize That Big Security Data Is Not Big Security Nor Big Intelligence

The Way to SOA Concept, Architectural Components and Organization

Inductive Analysis of Security Protocols in Isabelle/HOL with Applications to Electronic Voting

Recommendations for the PIA. Process for Enterprise Services Bus. Development

Cloud Services Catalog with Epsilon


The Cadence Partnership Service Definition

Privacy Requirements Definition and Testing in the Healthcare Environment

Shareable Private Space on a Public Cloud

APPLICATION COMPLIANCE AUDIT & ENFORCEMENT

5 FAM 140 ACCEPTABILITY AND USE OF ELECTRONIC SIGNATURES

Guidance for Data Users on the Collection and Use of Personal Data through the Internet 1

GSA s Digital Analytics Program and FTC

Johnson Controls Privacy Notice

The Information Commissioner s Office response to HM Treasury s Call for Evidence on Data Sharing and Open Data in Banking

Android Developer Applications

How To Understand The System'S Purpose And Function

CHAPTER THREE, Network Services Management Framework

Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006

Authentication, Access Control, Auditing and Non-Repudiation

FHFA. Privacy Impact Assessment Template FM: SYSTEMS (SYSTEM NAME)

Exhibit 2. Business Associate Addendum

CAPABILITY MATURITY MODEL & ASSESSMENT

Certificate Policies and Certification Practice Statements

The Netskope Active Platform

Corporate Leadership Council Metrics

White Paper. Protecting Databases from Unauthorized Activities Using Imperva SecureSphere

SQL Server for Database Administrators Course Syllabus

ISO COMPLIANCE WITH OBSERVEIT

Digital Asset Manager, Digital Curator. Cultural Informatics, Cultural/ Art ICT Manager

A Privacy Officer s Guide to Providing Enterprise De-Identification Services. Phase I

SERENITY Pattern-based Software Development Life-Cycle

Revision History Revision Date Changes Initial version published to

MANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE

IBM Data Security Services for endpoint data protection endpoint data loss prevention solution

Security architecture and framework Design and pilot implementation

Course Syllabus. Maintaining a Microsoft SQL Server 2005 Database. At Course Completion

Today, the world s leading insurers

COMPLIANCE MANAGEMENT SOLUTIONS THOMSON REUTERS ACCELUS COMPLIANCE MANAGEMENT SOLUTIONS

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards

Beyond PCI Checklists:

Solving data residency and privacy compliance challenges Delivering business agility, regulatory compliance and risk reduction

Compliance Response Edition 07/2009. SIMATIC WinCC V7.0 Compliance Response Electronic Records / Electronic Signatures. simatic wincc DOKUMENTATION

CINCS In Focus. Detecting and Preventing Fraud in the US Federal Crop Insurance Program

Global Headquarters: 5 Speen Street Framingham, MA USA P F

Risk & Hazard Management

The Requirements Compliance Matrix columns are defined as follows:

Privacy Impact Assessment

Service Definition Document

Taxpayers/Public/Tax Systems Employees/Personnel/HR Systems Other Source: State agencies provide payment information via EFTPS and SDT

New system Significant modification to an existing system To update existing PIA for a triennial security reauthorization

SAMAY - Attendance, Access control and Payroll Software

Cloud Security Strategies. Fabio Gianotti, Head of Cyber Security and Enterprise Security Systems

IBM Data Security Services for endpoint data protection endpoint data loss prevention solution

Securing Data on Microsoft SQL Server 2012

Adaptive Business Management Systems Privacy Policy

Call Center and Clearing System. ID Technologies Inc

JA to support the ehealth Network

REMEDY Enterprise Services Management System

CLOUD STORAGE SECURITY INTRODUCTION. Gordon Arnold, IBM

Protecting Data-at-Rest with SecureZIP for DLP

Identity Management Overview. Bill Nelson Vice President of Professional Services

Privacy Impact Assessment for the. E-Verify Self Check. DHS/USCIS/PIA-030(b) September 06, 2013

MS SQL Server 2014 New Features and Database Administration

Workshop Privacy Impact Assessments The NOREA-PIA: design and experience

The system: does NOT contain PII. If this is the case, you must only complete Section 13.

ICT 6: Cloud computing

BEA AquaLogic Integrator Agile integration for the Enterprise Build, Connect, Re-use

CÚRAM. Government of Alberta. Privacy Impact Assessment. Final Report. March 2009

Automatic vs. Manual Code Analysis

A. SYSTEM DESCRIPTION

Transcription:

Accountability by Design for Privacy Denis Butin, Marcos Chicote and Daniel Le Métayer 1 / 17

Introduction ICT growth adds to concern about sensitive data use Individuals share more & more PII Stronger privacy guarantees needed Regulations exist through EU directives, country-specific laws Not enough practical, specific means required 2 / 17

Background The Need for Accountability 3 / 17

Background Legal privacy protection EU directives 95/46 (Data Protection), 2002/58 (Privacy & Electronic Communications) Privacy & PII security are subtle, context-dependent Need bridge between broadly-defined concepts & actual ICT systems 4 / 17

Privacy Impact Assessment Modern analytic approach to mitigate privacy risks in ICT systems Done before system deployment No guarantees to users about actual running system 5 / 17

Motivation (1/2) Runtime / a posteriori verifications needed! Provide proven trust instead of blind trust Data controllers should be accountable to data subjects Practical requirements? 6 / 17

Motivation (2/2) Need to provide the means to check that agreements were fulfilled Approach: check PII handling event histories (logs) against agreements with an automatic tool! Duality if PIA done right (implies design choices), accountability possible (depends on design) 7 / 17

What is Accountability? Obligation to accept responsibility for actions Attributability: who did what? Non-repudiable evidence that cannot be falsified Transparent use of information 8 / 17

Enabling Accountability (1/2) Accountability does not emerge spontaneously Feasibility of comprehensive a posteriori verification? Depends directly on technical architecture! Example requirements on logs for accountability Timestamps needed in logs if notification to data subject within an hour required when sharing their age with a third party 9 / 17

Enabling Accountability (2/2) Need to define: Obligations to be met = Policy language Compliance checking evidence = Log architecture Compliance checking procedure = Log analyzer 10 / 17

Usage Policy Languages Usage policy languages allow data handling details to be set On both sides: data subject (preferences), data controller (policies) Example data handling preference Data controller may use data subject s email address to send security alerts, but may not share it with third parties. 11 / 17

Primelife Policy Language (PPL) Automated matching of data subject & data controller policies yields Sticky Policies (agreements) Wide range of obligations possible (trigger + action) Only informal specification available until our work Example informal obligation If PII accessed by data controller for purpose marketing, anonymize it within a day 12 / 17

PII Event Logging Data Controller must provide evidence that agreements met Audit possible through inspection of event histories (logs) wrt data handling agreements Structure of logs conditions auditability, hence accountability Deciding what to include in logs not a trivial task 13 / 17

Formalising PPL Relevant events precisely defined (syntax) Compliance properties described (semantics) Tool built for automated compliance checking (implementation) Reasoning over compliance can be generalised 14 / 17

Importance of explicitness sufficiently detailed event information needed Avoid ambiguity; reflect causal relationships Accountability definitions shape log structure & vice versa Include contextual information if obligation of performance 15 / 17

Implications of audit process role definition (third party, data subject, certificated authority... ) Accountability-oriented, standardised log format (policy language-independent) Detailed case studies illustrating design guidelines 16 / 17

Questions? 17 / 17

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information