1 / 84

Privacy in Software Development

Privacy in Software Development. Secure software made easier . Agenda. Privacy Basics Privacy Guidelines for Developing Software and Services Section I: Definitions and Concepts Section II: Development Scenarios and Guidelines Driving Privacy Compliance Additional Resources.

kata
Télécharger la présentation

Privacy in Software Development

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Privacy in Software Development Secure software made easier

  2. Agenda • Privacy Basics • Privacy Guidelines for Developing Software and Services • Section I: Definitions and Concepts • Section II: Development Scenarios and Guidelines • Driving Privacy Compliance • Additional Resources

  3. Purpose & Scope Purpose: • Provide an introduction to privacy guidelines for developing software and services. Scope: • Product • Services • Website privacy guidelines

  4. Learning Objectives Upon completion of this course, you should be able to: • Describe principles and impacts of privacy compliance. • Define best practices for collecting, storing and using personal data.

  5. Privacy Basics

  6. What is Privacy?

  7. Privacy and Security • Privacy: Empowering users to control collection, use, and distribution of their personal information. • Security: Establishing protective measures that defend against hostile acts or influences and provides assurance of defense. • Privacy AND Security are key factors for trust.

  8. Investing in Privacy

  9. Policy Development Considerations

  10. Policy Development Considerations

  11. Privacy Guidelines for Development

  12. Guidelines for Development

  13. Definitions and Concepts

  14. Data Types • Anonymous Data Pseudonymous Data Personally Identifiable Information (PII) Sensitive PII

  15. Note: Information associated with PII must be treated as PII Data Types: Anonymous • Anonymous Data • Is not unique or tied to a specific person. • Includes: Hair color, system configuration, method of purchase, statistics distilled from many users. Pseudonymous Data Personally Identifiable Information (PII) Sensitive PII

  16. Data Types: Pseudonymous • Unique identifier does not identify a specific person, but could be associated with an individual. • Includes: Unique identifiers, biometric information, usage profiles not tied to a known individual. • Until associated with an individual, data can be treated as anonymous. • Anonymous Data Pseudonymous Data Personally Identifiable Information (PII) Sensitive PII

  17. Data Types: PII • Anonymous Data • Data that identifies (or can be used to contact or locate) a specific individual. • Includes: Name, address, phone number, fax number, email address, or any information associated with PII. Pseudonymous Data Personally Identifiable Information (PII) Sensitive PII

  18. Data Types: Sensitive PII • Anonymous Data • A subset of PII that has special requirements due to higher risk associated with the data. • Includes: Medical and/or financial data, national ID numbers (e.g., SSN), and credit card information. • Also includes data that could be used to discriminate (i.e. race/ethnicity; political, religious or philosophical beliefs; union membership). Pseudonymous Data Personally Identifiable Information (PII) Sensitive PII

  19. PII Knowledge Test

  20. AOL Search Data: Aug. 2006 A Face Is Exposed for AOL Searcher No. 4417749

  21. Notice and Consent Fundamentals • Please send me the latest information on special offers of Xbox® games.

  22. Notice: Privacy Statements

  23. Consent: Explicit vs. Implicit

  24. Consent: Opt-in vs. Opt-out

  25. Notice and Consent Continuum Privacy Risk Notice DiscoverableProminent Consent Implicit Opt-Out Explicit Opt-In Explicit Behaviors Redirecting the user’s Internet searches Transfer of PII and Sensitive PII Local Storage of Hidden PII Use of PII for Secondary Purposes Local Storage of Sensitive PII Installation of Software Adding a toolbar to the user’s web browser One-time Transfer of Anonymous Data Enabling Automatic Update Displaying web site when a user clicks a link Ongoing Transfer of Anonymous Data Modifying the user’s browser settings

  26. Data Minimization Collect personal information from individuals only for the purposes identified in the provided privacy notice, and only to provide the product or service the individual has requested or authorized.

  27. Other Concepts • Privacy controls • Shared computers • Children’s privacy • Software installation practices • Server products • Pre-release products • Essential transfers and updates

  28. Scenarios Transferring PII to and from the user’s system Storing PII on the user’s system Transferring anonymous/pseudonymous data from user systems Installing software on a user’s system Deploying a web site • Storing and processing user data at the company • Transferring user data outside the company • Interacting with children • Server Deployment • 1 • 2 • 3 • 5 • 6 • 4 • 7 • 8 • 9

  29. Scenario 1 Transferring PII To and From the User’s System

  30. Examples • 1 • Sending product registration to the company. • Transferring a file containing hidden PII. • Submitting data entered by the user in a Web form. • Transferring financial information to a web service. • Displaying profile information stored at the company to the user.

  31. Notice and Consent • 1 Value Proposition Privacy Impact Discoverable Notice Explicit Opt-in Consent

  32. Notice and Consent (cont.) • 1 Should clearly distinguish in user interface (UI)between optional and required items. Mandatory

  33. Notice and Consent (cont.) • 1 Must provide prominent notice and get explicit consent if PII being transferred will be used for secondary purposes (e.g., marketing).

  34. Security and Data Integrity • 1 Must transfer Sensitive PII using a secure method that prevents unauthorized access. Should transfer PII using a secure method that prevents unauthorized access.

  35. Security and Data Integrity (cont.) • 1 Run controls on server for assurance.

  36. Customer controls • 1 The user must be able to control automatic collection and transfer of PII.

  37. Facebook Beacon: Dec. 2007 • 1 • Meant to provide “trusted referrals”on the Facebook profile. • Broadcasted off-Facebook activities (e.g., purchases at online retailers, reviews at other sites, auction bids) in the user’s profile without consent. • Many Facebook users closed their accounts in response.

  38. Facebook Beacon: Outcome • 1 • Users are asked to approve broadcast of each off-network behavior before they become visible in the user’s profile. • Privacy advocates filed complaint with the FTC. • Users can now opt-out completely.

  39. Manage My Home: Jan. 2008 • 1 • Sears.com allowed users to view purchases going back 10+ years. • Using only name, phone number and street address, you could view purchases of any user. • Feature was quickly removed. • $5 million class action suit was filed shortly thereafter.

  40. Scenario 2 Storing PII On the User’s System

  41. Examples • 2 • Storing the user’s contacts. • Caching Web pages that contain PII. • Storing PII in cookie.

  42. Notice and Consent • 2 • Must provide user with notice and get consent prior to storage of Sensitive PII, or when storing PII in a persistent cookie. • Should provide Discoverable Notice describing what data is stored and how to control prior to storing Hidden PII (e.g., metadata).

  43. Security and Data Integrity • 2

  44. Customer Controls • 2 Users should be able to: • Control whether PII is stored. • Delete any PII stored on the user’s system,including Hidden PII. Users mustbe able to view and edit stored PII they entered.

  45. Scenario 3 Transferring Anonymous/ Pseudonymous Data From User Systems

  46. Examples • 3 • Anonymous monitoring by an ISP to assess the quality of an Internet connection. • Sending anonymous error reports to the company.

  47. Notice and Consent • 3 Ongoing : Must provide user with Prominent Notice, and get Explicit Consent prior to collection.

  48. Notice and Consent (cont.) • 3 One-time: Must get consent from the user prior to transfer, and provide Discoverable Notice.

  49. User and Administrator Controls • 3 Ongoing: User must be able to stop subsequent collection and transfer.

  50. Scenario 4 Installing Software Ona User’s System

More Related