This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Fair Information Principles for Privacy Risk Analysis FTC Fair Information Principles (1998)
– Notice/Awareness: Individuals should be informed of an entity’s information handling practices and the collection, use, disclosure, and retention of personal information should be limited to that which is consistent with stated purposes
– Choice/consent: To the extent possible, options should be provided to individuals regarding the collection and handling of their personal information
– Access/Participation: Individuals should have the ability to view and/or contest the data held about themselves
– Integrity/Security: Personal information should be both accurate and protected
– Enforcement/Redress: There should be mechanisms for identifying and addressing noncompliance with these principles
Privacy risk intersects, but is distinct from, security risk
– Systematic deployment of technical privacy controls and configurations so as to comprehensively address privacy risk
– Controls should map to business processes as well as risks– Analogous to service-oriented architecture (SOA)
SOA implies the high-level system functional design PEA should imply the high-level system privacy design
Sound complicated? It is
So let’s make things more manageable by focusing on exposure as a risk concept– Exposure ≠ Breach– Exposure involves the relative accessibility of PII– Reduce exposure and you reduce privacy risk
Shifting emphasis from data-in-motion to data-at-rest (DAR) Too many organizations are focusing on DAR for mobile
platforms exclusively– Avoiding the lost laptop/PDA nightmare
Physically restricted platforms and activities can still involve excessive exposure of PII– External hacking– Insider threat– Non-malicious misuse, improper sharing and disclosure
2007 Ponemon Institute Study on U.S. Enterprise Encryption Trends– 16% of respondents reported an encryption strategy applied
throughout the enterprise– 50% reported selective encryption based on application/data
type or data sensitivity– 34% reported no encryption strategy at all
De-identifying PII (removing all direct or indirect links to specific individuals) can substantially reduce (but not necessarily eliminate) exposure and its associated privacy risk
An increasing variety of transformations can maintain important relationships and properties of PII while still de-identifying it
One area where this can potentially pay big dividends is in system development and testing– Development and testing environments often do not implement
the same level of controls as production environments– Forthcoming Ponemon Institute study on the use of live data
62% of respondents report their organization uses live data for software development
69% report use of live data for testing
89% report use of customer records for development and testing
43% report use of employee records for development and testing
41% report using no protective measures at all, such as– Suppression of sensitive data elements– Anonymization of PII– Replacement of PII with dummy data– Data encryption
23% report that live data used for development and testing has been lost or stolen (38% unsure)
Privacy risk goes beyond security risk– Focusing on security risk will not necessarily control privacy
risk Everybody has PII
– Customers– Employees– Business contacts– Shareholder information– Applicants– Visitors
Privacy-enabling technologies can help mitigate privacy risk, but– They need to be properly mapped to identified privacy risks– They need to be combined with appropriate policies and