1 privacy by design: don’t make privacy an afterthought – build it in convergence expo 2005...
Post on 21-Dec-2015
215 views
TRANSCRIPT
1
Privacy by Design:Don’t Make Privacy An Afterthought –
Build It In
Convergence Expo 2005Calgary, Alberta
May 17, 2005
Ann Cavoukian, Ph.D.Ann Cavoukian, Ph.D.Information & Privacy Commissioner/Ontario
2
Impetus for Change
• Growth of Privacy as a Global Issue
(EU Directive on Data Protection)
• Exponential growth of personal data collected, transmitted and exploited
• Convergence of growth in bandwidth, sensors, data storage and computing power
• Consumer Backlash; heightened consumer expectations
3
And then came 9/11
• U.S. Patriot Act and series of anti-terrorism laws introduced;
• Served to expand powers of surveillance on the part of the state, and reduce judicial oversight
4
The Aftermath
•It’s business as usual:
– Clear distinction between public safety and business issues – make no mistake: business expectations remain high
– NO reduction in consumer expectations
– Increased value of trusted relationships
5
Consumer Attitudes
• Business is not a beneficiary of the post-9/11 “Trust Mood”
• Increased trust in government has not been paralleled by increased trust in business handling of personal information
Privacy On and Off the Internet: What Consumers Want
Harris Interactive, November 2001
Dr. Alan Westin
6
Importance of Consumer Trust
• In the post-9/11 world:– Consumers either as concerned or more concerned about
online privacy– Concerns focused on the business use of personal
information, not new government surveillance powers
• If consumers have confidence in a company’s privacy practices, consumers are more likely to:– Increase volume of business with company…….... 91%– Increase frequency of business……………….…... 90%– Stop doing business with company if PI misused…83%
Harris/Westin Poll, Nov. 2001 & Feb. 2002
7
Information Privacy Defined
• Information Privacy: Data Protection
– Freedom of choice; control; informational self-determination
– Personal control over the collection, use and disclosure of any recorded information about an identifiable individual
9
• Authentication• Data Integrity• Confidentiality• Non-repudiation
• Privacy; Data Protection• Fair Information
Practices
Privacy and Security: The Difference
Security:
Organizational control of information through information systems
10
Change the Paradigm
• Old Paradigm: Zero Sum Game
• New Paradigm: STEPs
(Security Technologies Enabling Privacy)
• Expand the discourse: Privacy and Security are not polar opposites — both are essential
http://www.ipc.on.ca/docs/steps.pdf
11
Fair Information Practices: A Brief History
• OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data
• EU Directive on Data Protection
• CSA Model Code for the Protection of Personal Information
• Canada Personal Information Protection and Electronic Documents Act (PIPEDA)
12
Summary of Fair Information Practices
• Accountability• Identifying Purposes• Consent• Limiting Collection• Limiting Use,
Disclosure, Retention
• Accuracy
• Safeguards• Openness• Individual Access• Challenging
Compliance
13
The Ten Commandments
1. Accountability• for personal information designate an
individual(s) accountable for compliance
2. Identifying Purposes• purpose of collection must be clear at or before
time of collection
3. Consent• individual has to give consent to collection, use,
disclosure of personal information
14
The Ten Commandments 4. Limiting Collection
• collect only information required for the identified purpose; information shall be collected by fair and lawful means
5. Limiting Use, Disclosure, Retention
• consent of individual required for all other purposes
6. Accuracy
• keep information as accurate and up-to-date as necessary for identified purpose
7. Safeguards
• protection and security required, appropriate to the sensitivity of the information
15
The Ten Commandments
8. Openness
• policies and other information about the management of personal information should be readily available
9. Individual Access
• upon request, an individual shall be informed of the existence, use and disclosure of his or her personal information and be given access to that information, be able to challenge its accuracy and completeness and have it amended as appropriate
10. Challenging Compliance
• ability to challenge all practices in accord with the above principles to the accountable body in the organization
16
Extension of PIPEDA• As of January 1, 2004, the Personal Information
Protection and Electronic Documents Act has extended to:
all personal information collected, used or disclosed in the course of commercial activities by provincially regulated organizations
unless a substantially similar provincial privacy law is in force
17
Provincial Private-Sector Privacy Laws
Québec: Act respecting the protection of personal information in the private sector
B.C.: Personal Information Protection Act
Alberta: Personal Information Protection Act
Ontario: Personal Health Information Protection Act
19
The Promise
Electronic Commerce projected to reach $220 billion by 2001
— WTO, 1998
Electronic Commerce projected to reach $133 billion by 2004
— Wharton Forum on E-Commerce, 1999
Estimates revised downward to reflect lower expectations
20
The Reality
United States: e-commerce sales were only 1.9% of total sales -- $69.2 billion in 2004
-U.S. Dept. of Commerce Census Bureau, February 2005
Canada: Online sales were 0.8% of total revenues -- $28.3 billion in 2004
- Statistics Canada, April 2005
21
Clicks vs. Bricks
“e-tailers are not even coming close to replacing traditional stores, as some suggested they would a few years ago amid all the dot-com hype.”
— Bob Keefe, The Arizona Republic, January 3, 2005
22
Lack of Privacy = Lack of Sales
“Consumer privacy apprehensions continue to plague the Web. These fears will hold back roughly $15 billion in e-commerce revenue.”
— Forrester Research, September 2001
“Privacy and security concerns could cost online sellers almost $25 billion by 2006.”
— Jupiter Research, May 2002
23
The Business Case
• “Our research shows that 80% of our customers would walk away if we mishandled their personal information.”
— CPO, Royal Bank of Canada, 2003
• Nearly 90% of online consumers want the right to control how their personal information is used after it is collected.
24
ISF Highlights Damage Done by Privacy Breaches
• The Information Security Forum reported that a company’s privacy breaches can cause major damage to brand and reputation:– 25% of companies surveyed experienced some
adverse publicity due to privacy– 1 in 10 had experienced civil litigation, lost
business or broken contracts– Robust privacy policies and staff training were
viewed as keys to avoiding privacy problems
- The Information Security Forum, July 7, 2004
25
It’s All About Trust
“Trust is more important than ever online … Price does not rule the Web … Trust does.”
— Frederick F. Reichheld, Loyalty Rules:
How Today’s Leaders Build Lasting Relationships
26
Distrust and Profitability
• Distrust can have a potentially devastating impact on profitability
• 45% of respondents said there is at least one retail business that they trusted at one time, but no longer trust
• 94% said they spent less money with that company, resulting in an average 87% decrease in spending by that group
— Yankelovich Study, June 2004
27
The High Road
“When customers DO trust an online vendor, they are much more likely to share personal information. This information then enables the company to form a more intimate relationship with its customers.”
— Frederick F. Reichheld, Loyalty Rules:
How Today’s Leaders Build Lasting Relationships
28
Lack of Trust on the Web
“In 70% of instances where Internet users were asked to provide information in order to access an online informational resource, those users did not pursue the resource because they thought their privacy would be compromised.”
— Narrowline Study, 1997
29
Falsifying Information on the Web
“42.1% have falsified information at one time or another when asked to register at a Web site.”
— 10th WWW User Survey, October 1998
30
Trust and Privacy Policies
“Fully 50% of online users said they would leave a Web site if they were unhappy with a company’s privacy policy.”
— Customer Respect Group Survey, February 2004
31
Identity Theft
• The fastest growing form of consumer fraud in North America
• Identity theft is the most frequently cited complaint received by the F.T.C
• 10 million victims of ID theft each year, costing businesses $50 billion, and $5 billion in out-of-pocket expenses from individuals.
— Federal Trade Commission, 2003
32
ChoicePoint
• A data aggregation and clearinghouse company that maintains databases of background information on virtually every U.S. citizen
• 19 billion public records in its database: motor vehicle registrations, license and deed transfers, military records, names, addresses and Social Security numbers
• ChoicePoint routinely sells dossiers to police, lawyers, reporters and private investigators
33
ChoicePoint:Gateway for Identity Thieves
• In a plot twist taken from a Hollywood movie, criminals were creating false identities to establish accounts with ChoicePoint and then using those accounts to commit identity theft
• In response, ChoicePoint:– Notified 35,000 Californians as required by
California law, SB1386– Will notify an additional 145,000 persons that
“unauthorized third parties” had obtained their personal information
• Los Angeles police believe that the actual number of persons affected could be 500,000 or more
34
ChoicePoint:Fallout and Cost
• Since February 2005, ChoicePoint’s stock value has fallen from $48 to $38
• ChoicePoint will pay to re-screen, and re-credential, 17,000 customers to verify that they are legitimate businesses
• Suspension of contract with New York State — other states pending
• March 2005, suspension of sales to small businesses — loss of 5% of annual revenue or, $900 million
• Three separate lawsuits have been filed:– Victim of I.D. theft– Class action by individuals– Class action by shareholders
35
Recent Outbreak of Major Privacy Breaches
November 2004ChoicePoint — Identity theft involving 145,000 personsDecember 2004Bank of America — 1.2 million records misplacedJanuary 2005T-Mobile — Illegal access to 16.3 million recordsHSBC — 180,000 MasterCard records stolenFebruary 2005Ameritrade — 200,000 customer files lostMarch 2005LexisNexis — Identity theft involving 32,000 recordsDSW Inc — Hacker theft of 103 credit card numbersBoston College — Theft of 120,000 alumni donor recordsApril 2005TimeWarner — Lost files on 600,000 current and former employees
36
Technology Can Help
• “The most effective means to counter technology’s erosion of privacy is technology itself.”
— Alan Greenspan, Federal Reserve Chairman
• “A technology should reveal no more information than is necessary…it should be built to be the least revealing system possible.”
— Dr. Lawrence Lessig, Harvard, September, 1999
37
Threats to Privacy“In creating large databases, whether for government or corporations, we are opening ourselves to the possibility that the databases will be subverted by attackers.”
— Bruce Schneier, Beyond Fear, 2003
"In the vast majority of cases we investigate, the culprits are current or former employees. They are not hacking into systems using flaws in software. Instead they are using flaws in the security procedures of the company to carry out their attack.“
— Detective Inspector Chris Simpson, London Police, Euro-InfoSec Conference, 2005
Approximately 80% of all computer and Internet related crimes are committed by insiders.
— CSI/FBI 2003 Computer Crime and Security Survey
38
Privacy By Design: Build It In
• Build in privacy – up front, right in the design specifications
• Minimize the collection and routine use of personally identifiable information – use aggregate or coded information if possible: data minimization is the goal
• Wherever possible, encrypt personal information
• Use privacy enhancing technologies (PETs): think about anonymity and pseudonymity
• Assess the risks to privacy: conduct a privacy impact assessment; follow up with privacy audits
39
RFIDs: Privacy Fears Loom
• Consumers perceive that RFIDs may facilitate tracking:
• The ability to track consumers who have purchased a product
• The establishment of a widespread surveillance infrastructure
• The linking of product information and personal information without consent
40
Make Privacy a Corporate Priority
• An effective privacy program needs to be integrated into the corporate culture
• It is essential that privacy protection become a corporate priority throughout all levels of the organization
• Senior Management and Board of Directors’ commitment is critical
41
Good Governance and Privacy
“Privacy and Boards of Directors:
What You Don’t Know Can Hurt You”
– Guidance to corporate directors faced with increasing responsibilities and expectation of openness and transparency
– Privacy among the key issues that Boards of Directors must address
– Potential risks if Directors ignore privacy
– Great benefits to be reaped if privacy included in a company’s business plan
http://www.ipc.on.ca/docs/director.pdf
42
Final Thought
“Anyone today who thinks the privacy issue has peaked is greatly mistaken…we are in the early stages of a sweeping change in attitudes that will fuel political battles and put once-routine business practices under the microscope.”
- Forrester Research, March 5, 2001
43
How to Contact Us
Commissioner Ann CavoukianCommissioner Ann CavoukianInformation & Privacy Commissioner/Ontario2 Bloor Street East, Suite 1400Toronto, Ontario M4W 1A8
Phone: (416) 326-3333Web: www.ipc.on.caE-mail: [email protected]