1 / 8

Data Privacy

Data Privacy. Joe Frate & Aruna Prensai. Data Security. Goals of data security Authentication Access Control Data Confidentiality Data Integrity Non-repudiation Security implementations User roles Passwords Encryption and hashing. Data Privacy.

brinly
Download Presentation

Data Privacy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Data Privacy Joe Frate & Aruna Prensai

  2. Data Security • Goals of data security Authentication • Access Control • Data Confidentiality • Data Integrity • Non-repudiation • Security implementations • User roles • Passwords • Encryption and hashing

  3. Data Privacy • Data management of data to whom access to the data is given • To whom is personal data revealed • How data is used • How long data is retained • Unidentifiable data • Personal control over one’s own data

  4. IBM Hippocratic Database • Built upon ten principles to protect and manage private information in the database: 1. Purpose specification 2. Consent 3. Limited collection 4. Limited use 5. Limited disclosure 6. Limited retention 7. Accuracy 8. Safety 9. Openness 10. Compliance

  5. Middleware Manager • Active Enforcer • IBM’s middleware component to manage privacy • Database agnostic • Enforces privacy based on privacy language • Privacy Manager • Our middleware component to manage privacy

  6. P3P • Platform for Privacy Preferences Project • Used to communicate data privacy policies • Part of W3 standard • We use to express individual’s privacy policies

  7. <POLICIES xmlns="http://www.w3.org/2000/12/P3Pv1"> <POLICY discuri="http://www.stevesstore.com/privacy.html" name="policy1"> <ENTITY> <DATA-GROUP> <DATA ref="#business.name">Steve's Store</DATA> <DATA ref="#business.contact-info.postal.city">Bethesda</DATA> <DATA ref="#business.contact-info.postal.stateprov">MD</DATA> </DATA-GROUP> </ENTITY> <ACCESS><nonident/></ACCESS> <DISPUTES-GROUP> <DISPUTES resolution-type="independent“ service=http://www.priv.org> <REMEDIES><correct/></REMEDIES> </DISPUTES> </DISPUTES-GROUP> <STATEMENT> <PURPOSE><admin/><develop/></PURPOSE> <RECIPIENT><ours/></RECIPIENT> <RETENTION><stated-purpose/></RETENTION> </STATEMENT> </POLICY> </POLICIES>

  8. <POLICIES xmlns="http://www.w3.org/2000/12/P3Pv1"> <POLICY discuri="http://www.ourmedctr.com/privacy.html" name=“our_policy"> <ENTITY> <DATA-GROUP> <DATA ref=“#patient.id”>101</DATA> <DATA ref="#patient.name">Jane Doe</DATA> </DATA-GROUP> </ENTITY> <ACCESS><ident/></ACCESS> <DISPUTES-GROUP> <DISPUTES resolution-type="independent“ service=http://www.priv.org> <REMEDIES><correct/></REMEDIES> </DISPUTES> </DISPUTES-GROUP> <STATEMENT> <PURPOSE><admin/><research/></PURPOSE> <RECIPIENT> <other-recipient>Harvard Pilgrim</other-recipient> <other-recipient>BCBS MA</other-recipient> </RECIPIENT> <RETENTION> <stated-purpose>Medical Records</stated-purpose> </RETENTION> </STATEMENT> </POLICY> </POLICIES>

More Related