The Virtual Privacy Office



Similar documents
elearning Content Management Middleware

Chapter 1: Introduction

Password Management Buyer s Guide. FastPass Password Manager V 3.3 Enterprise & Service Provider Editions

ELECTRONIC MAIL ( ) September Version 3.1

NSW Government Open Data Policy. September 2013 V1.0. Contact

YORK REGION DISTRICT SCHOOL BOARD. Policy and Procedure #160.0 Records and Information Management

Digital Continuity Plan

Welcome to EPO Online Services

DFS C Open Data Policy

D . A reliable and secure online communication platform. Armin Wappenschmidt (secunet) More information:

User Guide of edox Archiver, the Electronic Document Handling Gateway of

Figure 1 Cloud Computing. 1.What is Cloud: Clouds are of specific commercial interest not just on the acquiring tendency to outsource IT

The RFID Revolution: Your voice on the Challenges, Opportunities and Threats. Online Public Consultation Preliminary Overview of the Results

Aecus European Innovation Awards 2015

D.I.M. allows different authentication procedures, from simple confirmation to electronic ID.

INTERNET DATA SAFE SOLUTIONS TURNKEY AND CUSTOM MADE

TITAN LOAN MASTER CENTRAL SOFTWARE

Big Data Analytics Service Definition G-Cloud 7

Development of a generic IT service catalog as pre-arrangement for Service Level Agreements

Adlib Internet Server

How To Protect Decd Information From Harm

Best Practices for Choosing a Content Control Solution

Digital Rights Management - The Difference Between DPM and CM

4.10 Information Management Policy

SECURITY AND PRIVACY ISSUES IN A KNOWLEDGE MANAGEMENT SYSTEM

Cloud Computing in a Government Context

ARC-Desk CHANGE MANAGEMENT, REVIEW AND APPROVAL OF DOCUMENTS EASY TRACEABLE EFFICIENT

Dynamic Services from T-Systems: Enterprise Cloud Computing in practice

A. Document repository services for EU policy support

Business of the Web - CPNT 265 Module 1 Planning a Web site Instructor s Guide

Electronic Document Workflow Platform for KBA Customers

How To Protect Your Privacy On The Net

FISHER & PAYKEL PRIVACY POLICY

COCIR contribution to the public consultation on Personal Data Protection in the EU 1

Response of the German Medical Association

SCDHSC0437 Promote your organisation and its services to stakeholders

Fujitsu Dynamic Cloud Bridging today and tomorrow

Adworks Local Area Marketing. The way it works

CWA Flow. CWA Flow 8D Report. The flexibly configurable software. Claim and Complaint Management. User-defined forms and processes

Audit & Inspection Management. Enterprise Cloud Audit & Inspection Management Solution

Protective Marking Standard Implementation Guide for the Australian Government

Mobile Access Software Blade

Guidelines on Facsimile Transmission Security

Visendo Fax Server Integration With SharePoint Server

Information Management: A common approach

vtiger Customer Portal 4.2 User Manual

Table of content. Electronic Performance Support System

Three tools to facilitate online job matching throughout Europe. ESCO, EURES, Match & Map

Mapping the Technical Dependencies of Information Assets

AppConnect FAQ for MobileIron Technology Partners! AppConnect Overview

CUSTOMER MANAGEMENT IN THE CLOUD

Office of the Chief Information Officer. Annual Report

UGANDA REVENUE AUTHORITY TERMS AND CONDITIONS FOR WEB PORTAL USE

Enterprise Content Management (ECM) Strategies

Designed for Local Government Powered by Microsoft Dynamics

Action/Task Management

Guidelines on Executive Order on Information and Consent Required in Case of Storing and Accessing Information in End-User Terminal Equipment

Virtual Team Collaboration Glossary

Get Better Protected... Secure data sharing made possible with Updata s Encryption Overlay Service.

Information governance strategy

Get more value from virtualisation

PATCH MANAGEMENT. February The Government of the Hong Kong Special Administrative Region

The Information Commissioner s Office response to HM Treasury s Call for Evidence on Data Sharing and Open Data in Banking

Risk & Hazard Management

Cloud Computing and Government Services August 2013 Serdar Yümlü SAMPAŞ Information & Communication Systems

Health Portal Suggestions for Continued Work

SuperOffice Expander. Introduction & Background

Trust and Dependability in Cloud Computing

Offer Highly Available SAAS Solutions with Huawei. Huang Li Executive Vice President of isoftstone

A Best Practices Point of View from. Data Backup and Disaster Recovery Planning

Strategic Briefing Data Center Management & Automation

H5RE 04 (SCDHSC0437) Promote Your Organisation and Its Services to Stakeholders

Rebuilding Trust Through Privacy by Design. by Alexander Hanff

QualitySSL by BitEngines Nellikevaenget Vallensbaek Denmark. WWW:

SharePoint 2013 Social Intranet Case Study

White Paper. Simplify SSL Certificate Management Across the Enterprise

Papermule Workflow. Workflow and Asset Management Software. Papermule Ltd

Big Data and New Paradigms in Information Management. Vladimir Videnovic Institute for Information Management

Websense Content Gateway HTTPS Configuration

KM road map. Technology Components of KM. Chapter 5- The Technology Infrastructure. Knowledge Management Systems

Transcription:

- A New Approach To Privacy Protection - Bruno Baeriswyl John Borking Helmut Bäumler Marit Köhntopp Privacy Commissioner Zurich, CH Registratiekamer, NL Independent Centre for Privacy Protection Schleswig-Holstein, D Overview Trust and Privacy Protection Authorities The Idea behind the Project Aims of the Virtual Privacy Office Ways and Means to the Aims Modules Technological Aspects Co-operation within the Project Possible Problems Conclusion and Outlook 1

Trust as an Essential Element of the Information Society Today s IT Systems: highly complex, intransparent & lacking control lacking fundamental security demands correctness cannot practically be proven by formal means The Element of Trust: users feel uneasy about their privacy trust is important for IT systems, especially for safety/security matters trust is valuable for vendors Trust plays an essential role in the information society. Privacy Protection Authorities: Trusted Parties Tasks: guarantee privacy & data security (as laid down in Privacy Acts) being an advocate for citizen s privacy rights Requirements: independence trustworthiness & discretion acceptance interference when necessary Methods: monitoring use of personal data (control visits) in case of infringements of Privacy Acts: complaint recommending improvements publications & (bi)annual activity reports 2

The Net is bringing social changes so profound their only parallel is probably the discovery of fire. Louis Rosetto The Idea behind the Virtual Privacy Office Users are concerned about privacy: increasing data trails and motion profiles almost no limits to analysability of data neither limitation of use to specific purpose nor protection against their misuse can be guaranteed Transformation of society revaluing privacy concepts: need for action in order to prevent the loss of privacy new tasks for Privacy Commissioners: more than web presence basis: absorbing Internet technology and culture New ways needed to act adequately to challenges posed by the Internet 3

The question before you is not preservation of the status quo - all hope of that is now lost.... Demand privacy, while the question is still relevant. Dan Geer Aims of the Virtual Privacy Office E-Privacy: privacy protection contact for users absorbing Internet culture: open discussions & open source Privacy Protection Network: information exchange & division of labour assembly point for privacy experts & platform for projects Gaining Working Knowledge: learning by doing: practical experience Updating the State of the Art for Technical Measures: support of Privacy Enhancing Technologies Main aim: new quality of privacy protection 4

There is power in this Internet to create conversations and open source is the heart of it. Tim O'Reilly More Detailed: Ways and Means to the Aims Transparency: open discussions with experts and the public open source for software Participation: everybody is invited to take part project pool to bring people together High Standards of Privacy Protection and Data Security: put existing law into practice give new impulses by developing concepts testbed for Privacy Enhancing Technologies Feedback: transfer to manufacturers, providers, users, legislators, standardisation bodies 5

Modules of the Virtual Privacy Office Forums for Project Partners: mailing lists, Virtual Private Networks (VPN) Privacy Internet Portal: FAQ, search engines, on-line privacy magazine Public Privacy Office: individual questions, call centre management system Forums for Experts: mailing lists, web forums, project pool Basis: Privacy Information Database (being developed) Project Events: Regular Meetings of Project Associates Public Project Events Note: The layers displaying the four main modules are each built from the basics. The tasks can in order of their realization be found beneath. marks tasks currently in progress (as of 09/2000) Concepts: - Webdesign - Structure and Presentation of Content Individual Service via E-mail Webserver with Dynamic Page Generation and Authoring System Room for any Experts: - Invitation for Participation - Privacy Events Public Privacy Office Privacy Internet Portal Forums for Project Associates Forums for Experts Thematic Mailing Lists and Other Forums Project Pool Workflow & Call Center Functionality: - Classification of E-mails - Personal Assistants with - Forwarding to Responsible Departments Editing Support - Ticket System: Trace Job Status Contents: - Frequently Asked Questions - Detailed Expert Information - Tools for Self-Protection Basic Features: - Catalogues - Search Engine - Multilingual Support Advanced Features: - On-line Magazine - Hyperlink Management - Interactivity Mailing Lists via an own Server Integration of Encryption Technologies Virtual Private Network: Privacy VPN Virtual Meetings: - Chatrooms - Videoconferences via the Internet Groupware System with Document Management Basics Basic Concepts: - Functionality of the Separate Modules - Requirements and Interfaces - Technology and Organization Internet Access: - of the Privacy Protection Authorities - at the Workplace - Providing of Servers Knowledge Management Systems: - Structured Knowledge - Technical Representation (XML) - Information Database with Adequate Search Patterns Evaluation: Practicable Concepts for Privacy Protection and Data Security 6

Participation of Trusted Parties in Technology Design Building Trust into (Technological) Systems: General advice Participation in standardisation Individual consultation Active prototyping Participation in development Technology: Design, Implementation, and Operating Functionality different optimization methods sometimes putting effort in one field leads to restrictions in the other(s) sometimes increase in all fields is possible Security Privacy 7

Technology in the Virtual Privacy Office Developing Innovative & Privacy Enhancing Concepts (basis: security, data minimization): for Internet Connectivity for Virtual Private Networks for Ticket Systems & Workflow Knowledge Management System: structured privacy information representation in XML Tools for Internet Users and Privacy Protection Authorities: recommendations & links download area for privacy tools Principle: Open Source where possible 8

Platform for Projects Project Pool: people looking for ideas (e.g. students, researchers) ideas looking for realisation Supporting Projects: fund raising among several interested parties reuse existing modules because of open source PET in Action: prove of practicability bringing PET on the market PET becoming state of the art Results useful for e-government and e-commerce Co-operation within the Virtual Privacy Office Project Partners (September 2000): D: Federal Commissioner for Data Protection and a number of regional Offices for Privacy Protection NL: Registratiekamer CH: Privacy Commissioners CA: IPC Ontario Possible Co-operation Partners from Internet community, science, organisations, economy etc. Prototype sponsored and supported by: Schleswig-Holstein Information Society Initiative Independent Centre for Privacy Protection Schleswig-Holstein Technology Foundation Schleswig-Holstein 9

Present Status and Schedule September 2000: mailing lists and web server on-line for project partners End of November, 2000: authoring and moderating systems for project partners going public (German & English version) 2001: Virtual Private Network for project partners integration of external experts 2002: support by privacy information database and workflow system enlargement by Privacy Mall Scalability of the project: size and pace depend on invested resources 10

Possible Problems Garbage Collection? Connectivity Problems? Only Little Impact? Not Operating On Internet Time? Conclusions and Outlook Virtual Privacy Office - a new approach to privacy protection new role for Privacy Protection Authorities by absorbing Internet culture by making use of technology remodelling privacy protection with available resources E-Privacy privacy information and privacy tools for Internet users networks for Privacy Protection Authorities Everybody is invited to participate: as project partners: Privacy Protection Authorities as co-operation partners: other experts 11

Contact: Virtual Privacy Office Project info@privacyservice.org www.privacyservice.org 12