Download
keeping your eye on privacy n.
Skip this Video
Loading SlideShow in 5 Seconds..
Keeping Your Eye on Privacy PowerPoint Presentation
Download Presentation
Keeping Your Eye on Privacy

Keeping Your Eye on Privacy

176 Views Download Presentation
Download Presentation

Keeping Your Eye on Privacy

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Keeping Your Eye on Privacy Mike Gurski, Director: Bell Privacy Centre of Excellence April, 2008 NY. NY.

  2. Background Privacy Threats Canadian Privacy Law Sample of University Privacy Postures Solutions for Privacy Management

  3. Background: How Soon We Forget • On August 1, 2006, USA Today reported that, "in the past 18 months, colleges were the source of one-third to half of all publicly disclosed (privacy) breaches. By reviewing 109 privacy breaches at 76 campuses, USA Today found that 70 percent of the incidents involved hacking." • What does this tell us? Bell Restricted

  4. U.S. to Ease Privacy Rules • Federal Education Department proposed new regulations to clarify when Universities may release confidential student information after Virginia Tech shootings. • NY Times, March 25th, 2008 Bell Restricted

  5. Privacy Threat Models Reviewed • The ‘duh’ factor • The infinite information appetite syndrome: including Hackers • The privacy policy riddle • The attacker models: and willing participants in a University setting • Reporter, Marketer, Insider • The ‘balancing rights’ conundrum • The proportional response problem • The save us from disaster misconception • Examining the Risks: Probabilities and Outcomes Bell Restricted

  6. A Special University Privacy Challenge • A Hot Bed of Early Adopters • Web 2.0/3.0 • Social Networks • Software as a Service Bell Restricted

  7. A Different Privacy Landscape in Canada? • Provincial OCIO bans instant messaging and file sharing after privacy breaches in NFLD: • Memorial University CSO mirrors ban: • March 28, 2008 NFLD • Question: How is the University Responding? • Primary Focus on tactical PIA’s for BANNER and Laptops Bell Restricted

  8. The Canadian Particulars • Legislative Landscape: Fair Information Practices Based • A Digression to GWU and Daniel Solove • A Privacy Maturity Model for Universities • The Role of Strategy as opposed to Tactics • The Role of Technology and New Tools Bell Restricted

  9. Daniel Solove • A taxonomy of privacy attacks • A new way to think about privacy legislation and technology Bell Restricted

  10. Level 4 Integrated Level 3 Standardized Level 2 Focused Level 1 Ad-Hoc Organization’s Privacy Management Maturity • Processes fully defined and audited • Privacy management fully integrated with bus. • Processes, roles, and workflows are defined • Privacy Management is broad based to serve strategic goals • Training ongoing • Privacy processes are partially documented • Minimal automation for privacy automation • Training policy with event based training • Privacy processes are not defined or documented Bell Restricted

  11. A Strategic Approach • The key steps: • Build a business case for strategic investment in privacy management • Build Internal Privacy Management Capacity (reducing cost and reliance on outside consultants) • Use tools that allow non-specialists to manage privacy • Set out a strategy and planning roadmap • Develop a vulnerability assessment/gap analysis of personal information management within the University • Engage all levels in privacy management • Reduce resources needed to manage privacy • Provide a new focus on system design for personal information banks Bell Restricted

  12. New Tools • Compliance and Assessment Tools • Internal Capacity Workshops • Data repository for knowledge transfer • Training Curriculum geared to privacy management capacity • Enterprise Privacy Strategy/Roadmap • Privacy Enhancing Technologies Bell Restricted

  13. Contact Information Mike Gurski, Director: Bell Privacy Centre of Excellence 905-751-4310 mike.gurski@bell.ca Bell Restricted