ECAR Working Groups General Meeting (289373064)

8/20/2019 ECAR Working Groups General Meeting (289373064)

http://slidepdf.com/reader/full/ecar-working-groups-general-meeting-289373064 1/24

feng shui for big data

harmony for big data

kent wadadirector, strategic IT policyucla chief privacy officer

ecar working groups general meetingeducause annual indianapolis

october 27, 2015

kent wada

director, strategic IT policyucla chief privacy officer

october 27, 2015




data

security

privacy

accessibility

!"#$% '



bigdata

security

accessibility

privacy

governance

value

!"#$% +



infrastructure(e.g., computers, smartphones, networks)

information

confidential information(e.g., intellectual property, security info)

information about individuals(e.g., student/patient records; SSNs)

informationsecurity

protectsall information

IT security

cyber

protectstechnical

infrastructure

informatioprivacyprotectsinformationabout individ

!"#$% *




nformation security officer

informationsecurity


“cia”confidentiality

integrityavailability

(traditional realm of thprivacy offic


complianceprivacy rules—e.g., hipaa, ferpa, …

state breach notification lawsopen records laws (state, foia)

fair information practices principlesnotice/awareness, choice/consent, access/participation, integrity/securityenforcement/redress

dataset techniquese.g., de-identification, anonymization,

constraints on use v. collection

information security and information privacy are generally complementa

!"#$% ,



individualsinformatioprivacyprotectsinformationabout individ


autonomyprivacycovers individ

from observa

safeguards against surveillance/ big brother / the monitoring of

behavior, data mining / profilingvalues

first amendment, anonymityacademic freedomethical behavior

it’s not just security vs privacy, it may be privacy vs privacy

… increasingly because of “big data”

!"#$% -



infrastructure(e.g., computers, smartphones, networks)

information

confidential information(e.g., intellectual property, security info)


individuals

nformation security officer

informationsecurity


ybersecurityprotects

technicalinfrastructure

privacy offic

autonomyprivacycovers individ

from observa


___________________________• Based on the diagram developed for the report below. See http://ucop.edu/privacy-initiative for further information.•

Privacy and Information Security Initiative Steering Committee Report to the President. Rep. University of California, Jan.

2013. Web. 24 Aug. 2015.

http://ucop.edu/privacy-initiative/uc-privacy-and-information-security-steering-committee-final-report.pdf

!"#$% .



big data privacy hazards

indiscriminate collection of data

volunteered dat

observed data

continuous collection of non-traditional pii

SHAZAM LOGO AMAZON ECHO SHAZAM LOGO FITBIT CHARGE HR

data generation

inferred data

___________________________

• Based on material from Doron Rotman, KPMG.

!"#$% '





data generation

volunteered dat

observed data

inferred data

indefinite storage

infinite reuse

deidentified data reidentified

AOL LOGO HARVARD UNIVERSITY SEAL NETFLIX LOGO

!"#$% ,



volunteered dat

observed data

inferred data


data generation

indefinite storage

infinite reuse



data breaches

GENERIC BREACH

NOTIFICATION LANGUAGEASHLEY MADISON LOGO

SEAL OF THE US OFFICE OF

PERSONNEL MANAGEMENT

!"#$% /0



volunteered dat

observed data

inferred data


data generation

indefinite storage


infinite reuse


data breachespredictive analytics

descriptive — summarize what happened

predictive — forecast what may happen in the future

prescriptive — recommend one or more courses of action

!"#$% --



volunteered dat

observed data

inferred data


data generation

indefinite storage

infinite reuse


data breaches


predictive analytics

algorithmic discriminationFICO LOGO

PARTIAL STILL

FROM THE MOVIE

MINORITY REPORT

!"#$% /'



July 22, 2015 — A GitHub project is using the

23andMe API for genetic decoding to act as a way

to bar users from entering websites based on their

genetic data — race and ancestry.

“Stumbling around GitHub, I came across this bit of

code: Genetic Access Control. Now, budding

young racist coders can check out your 23andMe

page before they allow you into their website!

Seriously, this code uses the 23andMe API to pull

genetic info, then runs access control on the user

based on the results. Just why you decide not to let

someone into your site is up to you, but it can be

based on any aspect of the 23andMe API. This is

literally the code to automate racism.”

___________________________•

Genetic Access Control Code Uses 23andMe DNA Data For Internet Racism. (2015, July 22). Retrieved from

http://science.slashdot.org/story/15/07/22/0146236/genetic-access-control-code-uses-23andme-dna-data-for-internet-rac

!"#$% /+



ARTICLE HEADLINE “FRANK PASQUALE UNRAVELS THE NEW MACHINE AGE OF ALGORITHMS AND BOTS”

___________________________•

Selinger, Evan. “Frank Pasquale Unravels the New Machine Age of Algorithms and Bots.” The Christian Science Monitor 28

Jan. 2015, Passcode sec. Web. 24 Aug. 2015.

p://csmonitor.com/World/Passcode/Passcode-Voices/2015/0128/Frank-Pasquale-unravels-the-new-machine-age-of-algorithms-an

!"#$% /*



history says:

• data, once collected, can rarely be “uncollected”

• data, once collected, will always find another use

• the rules change

the concerns are greatest:

• when data are used to make decisions about people

• when data are collected about people without their

knowledge or consent

• when data about people are used in unexpected ways

without subjects’ knowledge or consent

• when data are shared with external entities

!"#$% /,



partial privacy timeline

1789

US

onstitution

1890

brandeis ‘right

to be let alone’

1948

UN declarationof human rights

1968

privacytort

60s-70s

privacyrulings by

SCOTUS

1972

privacy addedto california

constitution asinalienable right

1974

privacy act

ferpa/student

1977

privacycommission

report

___________________________• Based on a timeline developed by Sol Bermann, Privacy Officer, IT Policy, Compliance, Enterprise Continuity Strategist, at th

University of Michigan.

!"#$% /-



partial privacy timeline, con’t

1991

commonrule/

humanresearchprivacy

1995

EU dataprotectiondirective

1996

hipaa/medical and

health

1998

coppa/childrenonline

1999

chiefcounselor forprivacy in fed

gov’t

first cpo

glba/loan

2003

first statebreach

notificationlaw

2010

red flags/id theft

2012

googleimplementsthe EU right

to beforgotten

201

calECP

!"#$% /.



“public-private”partnerships

(whether weknow it or not)

google apps for education

learning analytics

translational research

scholarly publications

!"#$% /1



implementing bdfs at ucla via the dgtf

“These governance mechanisms should be invoked when

competing privacy interests, goals, University values, or

obligations in the application or use of these data exist and for

which no statutory provision, common law, or University policy

is directly applicable.”

___________________________• UCLA. (2015). UCLA Data Governance Task Force: Final Report and Recommendations (DRAFT).•

Borgman, Christine, and Kent Wada (co-chairs). UCLA Data Governance Task Force.

https://ccle.ucla.edu/course/view/datagov

!"#$% /2



implementing bdfs at ucla via the dgtf

the goal is not to be an irb, vet everything, or be seen as

“those who say no”, but to:

• resolve legitimate disagreements and provide a path

forward

• promote transparency and open discussion

am i my data?

am i more important?

___________________________• http://lex.ucsc.edu/resources/datalex_registration.html• DataLex 2015: Privacy, Big Data, and the Law. (n.d.). UC Santa Cruz, Digital Arts Research Center. Retrieved

from www.ustream.tv/channel/c6Mv3vuye3D

!"#$% '0



we’re all sitting on treasure troves of data …

•

but the private sector has no irb• and a different mission (value = monetize)

• the facebook contagion experiment may have made things

worse

!"#$% '/



(big)data

security

accessibility

privacy

governance

value

!"#$% ''



bigdata

security

accessibility

privacy

governance

value

!"#$% '+



harmony for big data

kent wadadirector, strategic IT policyucla chief privacy officer


october 27, 2015

!"#$% '*

ECAR Working Groups General Meeting (289373064)

Documents