Privacy by Design Flashcards Preview

Information Systems > Privacy by Design > Flashcards

Flashcards in Privacy by Design Deck (18)
Loading flashcards...
1
Q

Define privacy

A

informed consent

Privacy is the claim of individuals, groups, or institutions to determine for themselves when, how, and to what extent information about them is communicated to others.

2
Q

How is privacy good for business?

A
  • consumer trust and confidence
  • customer loyalty
  • brand reputation
  • competitive advantage
3
Q

Why design with privacy in mind?

A

Because retroactively adding privacy measures is much more expensive and complicated.

4
Q

Privacy can be thought of as a set of trade-offs…

A
  • privacy vs security
  • privacy vs business goals
  • privacy vs functionality
5
Q

Why has privacy become such a big issue lately?

A

Because there is business in data collection.

  • data more valuable; advertising
  • better data analysis
    • faster processing
    • smart algorithms
    • data aggregators
  • cheaper sensors = more installed
  • more input sources = more data
6
Q

Benefits of data collection

A
  • Know your customer and build a profile
  • Offer personalised products, services, “experiences”
  • Lower advertising costs
  • Increase revenue through targeted offers
  • Predict trends
  • Enforce profit-enhancing price discrimination
7
Q

Sources of online data & offline data

A

data aggregators can do this job for you

online

  • IP address, cookies, click-stream data, deep packet inspection
  • Tracking across many web sites or advertising networks
  • Personal information from social media sites

offline

  • credit histories
  • retail data
  • health histories
  • electoral register
8
Q

What are data aggregators?

A

Collect and process by data (e.g. Dunn Humby, Choicepoint).

9
Q

The Issue of Privacy

A

Privacy intrusion has become easy, with cheaper sensors, being installed everywhere, smart algorithms and tracking technology everywhere.

Using only a few observations, user’s routines are easily identified.

The user is unaware of that scope.

10
Q

Purpose of the CPO

A
  • Chief Privacy Officer
  • senior level executive
  • responsible for managing the risks and business impacts of privacy laws and policies
  • created to respond to both consumer concern over the use of personal information, including medical data and financial information, and laws and regulations
11
Q

The 7 Privacy Principles

A

1. Think ahead — Proactive not Reactive

  • Clear commitment at the highest levels
  • Employ methods to recognise poor privacy design
  • Anticipate poor privacy practices and outcomes before they affect your business

2. Privacy as the default setting

  • Personal data automatically protected
  • No action required

3. Privacy by Design

  • Embedded in the design of IT systems and business processes
  • Delivered without diminishing functionality

4. Full functionality – positive sum

  • It is possible to have privacy AND achieve other business benefits

5. Full life-cycle, end-to-end security

  • Privacy and security must be embedded from start to finish
  • Securely retained
  • Securely destroyed

6. Visibility and transparency

  • Assure all stakeholders that you are operating to stated promises and objectives
  • Offer independent verification
  • Trust but verify

7. Respect for user privacy

  • Keep it user-centric
  • Strong privacy defaults
  • Appropriate notice
  • User-friendly options
12
Q

Best defence against privacy attacks:

A

Don’t collect personally identifying data.

13
Q

Outline privacy in the development cycle (6 steps)

A
  1. Make a privacy requirement
  2. Indentify flows of personally identifiable information
  3. Develop specific privacy requirements
  4. Incorporate privacy requirements into design
  5. Test/confirm
  6. Repeat
14
Q

(Some) Recommendations

A
  • Only information necessary to conduct the company’s business should be collected.
  • Consent should be sought for each use or disclosure of their information.
  • Consumers should not be forced into a choice between privacy and energy efficiency / conservation.
15
Q

Privacy Enhancing Technologies (PET) aim to…

A
  • Minimise data user data
  • Give power to individuals over their data
16
Q

Privacy management tools

A

Business to Consumer:

  • Increase transparency
    • public privacy policies and data practices
  • Personal data brokers - user controls data
  • DuckDuckGo (Extension) - checks encryptions, tracker, privacy policy
  • Terms of Service Checker (tosback.org)
  • P3P (Public for Privacy Preferences Project)
    • User configures browser with acceptable policy
    • Business states its policies
    • Negotiation at the point of handing over data
    • FAILED

For enterprises:

  • (Automated) Privacy Impact Assessment (PIA)
  • Privacy education and awareness training
  • Automated data incident management
17
Q

Privacy protection tools

A

Anonymising Tools

  • Protects identity
  • Hides identifying information (IP address, email, etc.)
  • Anonymous emailers like Hushmail or Mixminion III
  • Tor browser
  • Blockchain
  • Adding Noise to Aggregated Date / Differential Privacy
    • Ensuring no single person makes too much difference to the results
    • Rather than publicly publishing actual anonymised dataset, aggregate data first (count things up).
    • Add random noise to help cover up the difference they do make
18
Q

Privacy Case Study

A

Potential Benefits

  • Improved reliability of power; less outages; automatic rerouting
  • Flexibile in adding new power sources
  • Prioritises green power sources
  • Over-the-air software updates
  • Decentralisation reduces vulnerability to terrorist attacks and natural disasters
  • Improved load management, energy storage and demand-response options
  • Economical for utility provider and customer

Possible Privacy Invasion

  • Daily routines can be identified
    • (e.g., household size, security alarm activation, TV duration, breakfast time)
  • Spoofing (front-end unsecure)
  • Information leakage: data communication, storage secure, website interface secure?

Data from smart appliances

  • Risk area #1 — Smart meter to grid
    • Might send out incorrect data that causes grid disturbance
  • Risk area #2 — Guardianship
    • Excessive data collection
    • May be sold to third parties
    • Leaks from smart meter
  • Risk area #3 — Websites
    • Leaks from cloud or website

Addressing the Risks: Separate the data

  • Grid: manage the power network
  • Distribution: billing, demand management
  • Customer: home devices

Solutions for Billing

  • Business needs: aggregated monthly readings would be sufficient for billing.
  • Utility provider only sees encrypted and aggregated readings once per month.
  • Householder can see the more detailed/non-aggregated data produced by the meter, kept local.

Solutions for Network Management

  • Business needs:
    • High frequency readings from multiple households can be aggregated, thereby securing privacy.
    • Enable utility companies to predict energy needs.
  • Profiles of individual devices could still be provided (e.g. air-conditioning units)
  • Size of group should be chosen carefully to avoid accidental re-identification