1 / 16

PRIVACY SUB-COMMITTEE UPDATE

PRIVACY SUB-COMMITTEE UPDATE. PSCIOC Meeting February 9, 2004 Chris Norman Executive Director, Ministry of Management Services, Government of B.C. Today. Background Renewed terms of reference Work plan & strategic approach Privacy Architecture and collaborative opportunities

les
Télécharger la présentation

PRIVACY SUB-COMMITTEE UPDATE

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PRIVACY SUB-COMMITTEE UPDATE PSCIOC Meeting February 9, 2004 Chris Norman Executive Director, Ministry of Management Services, Government of B.C.

  2. Today • Background • Renewed terms of reference • Work plan & strategic approach • Privacy Architecture and collaborative opportunities • Next steps

  3. Context • Formed in 1999 in response to Lac Carling commitment • Accomplishments to date: • Model Cross Jurisdictional PIA Guidelines • User ID Authentication and Personal Privacy Presentation (PSCIOC Meeting, May 2002) • Partnerships and models for provincial private sector privacy legislation • Privacy Committee recently re-assessed its mandate, initiatives and priorities

  4. Renewed Terms of Reference Mission • Collaborate to promote joint solutions, facilitate the development of common privacy practices and act as a privacy enabler for the PSCIOC and the PSSDC • Emphasis on developing and sharing privacy solutions and concrete privacy tools (privacy impact assessments, privacy architectures, privacy codes, model contract language, PETs) • Ensure privacy is design objective for service delivery • Foster a harmonized approach to privacy legislation and standards • Facilitate communications between PSCIOC\PSSDC and Privacy Commissioners

  5. Strategic Approach • Move (a) from risk identification to risk mitigation and (b) from the exploration of alternatives to the development of deliverable designs and solutions • Three major themes for risk mitigation: • Legislation, policy and communications • Privacy design • Privacy solutions

  6. Update on PSCIOC Action Items

  7. PSCIOC Action Plan 2.7 Shared Authentication Framework • Support for and collaboration with work of the IAA Sub-Committee • Ontario is continuing to provide PSCIOC leadership in this area • GoC (secure channel), Ontario, BC’s and Alberta’s comprehensive government authentication projects 2.8 Common Legislative Templates -Private Sector Privacy Acts • Develop and distribute common legislative templates (e.g., PIPA’s) • Alberta and BC legislation – partnership – provincial PIPA models

  8. PSCIOC Action Plan…2 2.9 Privacy Architecture • Facilitate the use of Alberta’s privacy architecture work in other jurisdictions (information and communications) • Alberta’s privacy architecture made available to all jurisdictions • GoC is assessing the feasibility of adapting the architecture for federal use • Continued analysis by Privacy Sub-Committee – assessments by each jurisdiction re:applicability 2.10 Support education and awareness through dialogue withIPC’s • First meeting held in November 2002 to further open dialogue – results mixed - Second meeting – Possibility of Lac Carling Panel • Contact/Communications with individual jurisdictions

  9. PSCIOC Action Plan …3 2.11 Pursue dialogue with NCSIP - Joint Sub-Committee Opportunities • Dialogue with NCSIP regarding identifying areas of partnership and collaborative opportunities • Second joint meeting in Victoria to discuss opportunities to work together on specific projects – may include other PSCIOC sub-committees (e.g., BC’s co-sponsored privacy/security conference) • On-going assessment and consultation with NCSIP on proposed Security Data Classification Guide (include IM community) 2.12 Privacy Enhancing Technologies • Track and assess Privacy Enhancing Technologies • Provide evaluation criteria for judging the need for, and value of, PETs • GoC, GoA and the Ontario OIPC are discussing possible approaches to PET extensions for PIAs and the Common Criteria

  10. New Proposed Privacy Workplan Deliverables

  11. New Proposed Privacy Workplan Deliverables… 2

  12. GoA’s Privacy Architecture • Premise: Information technology can be designed to mitigate privacy risks. • PIA’s identify privacy risks, but PIA’s alone don’t mitigate risks. • Privacy issues are made more complex by increasingly sophisticated information integration and management. • Privacy by Design requires coordinated if not consistent standards across the enterprise. GoA’s privacy architecture provides a model for consideration by other jurisdictions

  13. GoA Privacy Architecture Topics • Terminology – a common language for discussing privacy requirements, issues and solutions • Identification Keys - how will data subjects be uniquely identified? • Privacy Taxonomy - how should personal information and its uses be classified? • Data Sharing, Re-Use and Placement – to what extent can personal information be shared between departments and where should it be stored? • Data Transformation - rendering data anonymous, at varying levels of anonymity as appropriate for its purpose

  14. What is requested today of the PSCIOC? Requesting endorsement of : • Revised mandate that highlights: • “Privacy enabler” direction and partnerships • Continued expert advisory/support role • Enhanced support role for PSSDC (still report to PSCIOC) • Strategic approach, priorities and proposed work plan

  15. What is the Roadmap Ahead? • Privacy Committee to focus on: • Strategic alignment with PSCIOC & PSSDC priorities – targeted support role • Stronger linkages with authentication and security (and other) sub-committees • Preparing specific funding proposals and deliverables with detailed plans for next PSCIOC meeting (Lac Carling VIII)

  16. Final thoughts.. “Anyone who thinks the privacy issue has peaked is greatly mistaken. We are in the early stages of a sweeping change in attitudes that will fuel years of political battles and put once routine business practices under the microscope.” Forrester Research

More Related