Designing a privacy management system
This presentation is the property of its rightful owner.
Sponsored Links
1 / 20

Designing a Privacy Management System PowerPoint PPT Presentation


  • 80 Views
  • Uploaded on
  • Presentation posted in: General

Designing a Privacy Management System. International Security Trust & Privacy Alliance. PRIVACY MANAGEMENT.

Download Presentation

Designing a Privacy Management System

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Designing a privacy management system

Designing a Privacy Management System

International Security

Trust & Privacy Alliance


Designing a privacy management system

PRIVACY MANAGEMENT

Mr. Private I, system designer and charter member of the ISTPA Framework Committee, has been given a real challenge by one of his customers: Design a total privacy management system for ALL the corporate databases, which receive, hold, and transfer both customer and employee data, and in multiple jurisdictions! WHERE TO BEGIN???


Designing a privacy management system

Personal

Information

Mr. Private I decided to start at the center of the design challenge: The corporate databases containing the Personal Information. But, from his ISTPA tutorials, he knew that SECURITY was an essential element of privacy management….


Designing a privacy management system

Personal

Information

SECURITY

The system components would need to draw on well-defined SECURITY functions, such as confidentiality, integrity, authentication, and access control. Now, what privacy management services are needed?


Designing a privacy management system

Personal

Information

SECURITY

Since privacy deals with life cycle management of PI, I needed to fence off that PI data from the rest of the database….


Designing a privacy management system

Personal

Information

AGENT

SECURITY

Looking ahead, I realized that the “fence” created a boundary and that any dialog about PI would have to cross that boundary. I gave it a name: AGENT. Dialog about PI is handled by the AGENT service…


Designing a privacy management system

INTERACTION

Personal

Information

AGENT

SECURITY

The AGENT will need to interface to the world outside the database and interact with other system elements, so I created an INTERACTION service.


Designing a privacy management system

INTERACTION

CONTROL

Personal

Information

AGENT

SECURITY

Procedures, best practices, legislation, and jurisdictional mandates will govern the collection, access, and use of PI. A CONTROL service is needed to execute the particular privacy “policy” against the PI database….


Designing a privacy management system

INTERACTION

AGREEMENT

CONTROL

Personal

Information

AGENT

SECURITY

Privacy is the proper use of PI throughout its lifecycle, consistent with the permission of the subject and applicable laws/policies. As PI is collected and maintained, an AGREEMENT service is needed to arbitrate with the PI subject for permissible use of the PI….


Designing a privacy management system

INTERACTION

AGREEMENT

CONTROL

USAGE

Personal

Information

AGENT

SECURITY

Reflect on the concept of “proper use of PI throughout its lifecycle”, which is a core management requirement of the definition of privacy. Subsequent use of PI by other system entities could involve transfer, linking, inference and even re-negotiation of permissions. I added a USAGE service for that purpose….


Designing a privacy management system

INTERACTION

ACCESS

AGREEMENT

CONTROL

USAGE

Personal

Information

AGENT

SECURITY

PI is “personal” information about the subject. Since the use of the PI is to be “proper” and “consistent with the permission of the subject and applicable laws/policies”, the subject should be able to access, review, and possibly correct PI about the subject held by another entity. Thus, the ACCESS Service…


Designing a privacy management system

INTERACTION

ACCESS

VALIDATION

AGREEMENT

CONTROL

USAGE

Personal

Information

AGENT

SECURITY

Given the assumed value of PI collected in the database, the privacy management system should make every effort itself to check the accuracy of PI at any point in its life cycle. The VALIDATION service does the checking, through the AGENT service.


Designing a privacy management system

INTERACTION

ACCESS

VALIDATION

AGREEMENT

CONTROL

USAGE

CERTIFICATION

Personal

Information

AGENT

SECURITY

“Users” should have the proper credentials to use the system. The CERTIFICATION service will manage and check those credentials for any entity involved in processing PI.


Designing a privacy management system

INTERACTION

ACCESS

VALIDATION

AGREEMENT

CONTROL

USAGE

CERTIFICATION

Audit

Personal

Information

AGENT

SECURITY

The privacy management system needs its own “watchdog” to record, maintain, and report any and all relevant events in order to subsequently confirm compliance. For that reason, I added the AUDIT service.


Designing a privacy management system

INTERACTION

ACCESS

VALIDATION

AGREEMENT

CONTROL

USAGE

CERTIFICATION

Audit

Personal

Information

ENFORCEMENT

AGENT

SECURITY

What should happen IF the system fails in some aspect of privacy management or violates an accepted tenet of the system? The ENFORCEMENT service handles redress in such cases.


Designing a privacy management system

REQUESTOR

SUBJECT

INTERACTION

ACCESS

VALIDATION

AGREEMENT

CONTROL

USAGE

CERTIFICATION

Audit

Personal

Information

ENFORCEMENT

AGENT

SECURITY

PI SUBJECTS will interact with the system, as well as PI REQUESTORS.


Designing a privacy management system

SUBJECT

REQUESTOR

INTERACTION

ACCESS

VALIDATION

AGREEMENT

CONTROL

USAGE

CERTIFICATION

Audit

Personal

Information

ENFORCEMENT

AGENT

SECURITY

WHEW! Mr Private I needed a rest after all that design. I had identified 10 privacy SERVICES, but how did they work together to create an operational privacy management system? I needed to experiment with a few Use Cases…


Designing a privacy management system

SUBJECT

REQUESTOR

INTERACTION

ACCESS

VALIDATION

AGREEMENT

CONTROL

USAGE

CERTIFICATION

Audit

Personal

Information

ENFORCEMENT

AGENT

SECURITY

I started simple: Consider an employer application like Payroll that requests certain PI from an employee…


Designing a privacy management system

NOTICE

SUBJECT

REQUESTOR

PI

INTERACTION

ACCESS

VALIDATION

AGREEMENT

CONTROL

USAGE

CERTIFICATION

Audit

Personal

Information

PI

ENFORCEMENT

AGENT

SECURITY

Through the employer AGENT and INTERACTION, a NOTICE of the purpose and use of the requested PI is presented to the SUBJECT. The PI, together with the permissible purpose/use, is submitted for VALIDATION, then stored in the PI database by CONTROL. Through CONTROL, PI is shared with the REQUESTOR.


Designing a privacy management system

SUBJECT

REQUESTOR

INTERACTION

ACCESS

VALIDATION

AGREEMENT

CONTROL

USAGE

CERTIFICATION

Audit

Personal

Information

ENFORCEMENT

AGENT

SECURITY

(ADDITIONAL USE CASES…)


  • Login