privacy and data protection iii annual latin american telecommunications, technology, and internet...
TRANSCRIPT
Privacy and Data ProtectionIII Annual Latin American Telecommunications, Technology, and Internet Public Policy ForumGeff Brown, Assistant General CounselMicrosoft CorporationMay 16, 2013
Privacy and Data Protection
Regulatory Infrastructure
Transparency
Privacy by Design
No Privacy w/o Security
Security
DATAAPPLICATIONNETWORK HOST
SECURITY
IDENTITYAND
ACCESS MANAGEME
NT
Privacy by design
Context: Personal data should be used only in the context of the relationship with the individual.
Individual Choice and Control: Users should have choices about how their personal data is used.
Data Portability: Customers should have the right to freely access and move their personal data.
Compliance management framework
Policy
Control Framework
Standards
Operating Procedures
Business rules for protecting information and systems which store and process information
A process or system to assure the implementation of policy
System or procedural specific requirements that must be met
Step-by-step procedures
5
Transparency
What personal data goes where.
Who can access the personal data and why.
Privacy statements and other documentation.
Regulatory Infrastructure
Defining bases for processing personal data: Consent; legitimate interests; contract.
Implementing rights: Access, correction and deletion; data breach notification; redress.Consistent and effective enforcement: Oversight and guidance; risk-based approaches; penalties.