1 / 13

Office of the Information and Privacy Commissioner, Ontario, Canada

Office of the Information and Privacy Commissioner, Ontario, Canada. Panel on Privacy Centre for Information Integrity & Information Systems Assurance, U of Waterloo 7 th Biennial Research Symposium October 21, 2010 Toronto, Ontario.

vaughan-best
Download Presentation

Office of the Information and Privacy Commissioner, Ontario, Canada

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Office of the Information and Privacy Commissioner, Ontario, Canada Panel on Privacy Centre for Information Integrity & Information Systems Assurance, U of Waterloo 7th Biennial Research Symposium October 21, 2010 Toronto, Ontario

  2. Ann Cavoukian, PhDOntario’s Information and Privacy Commissioner • Ensures that government organizations (provincial and municipal) comply with freedom of information and privacy laws in Ontario • Investigates privacy complaints and resolve appeals when the government refuses to grant access to government-held information • Conducts research on access and privacy issues • Educates the public and raise awareness about Ontario’s access and privacy laws

  3. Privacy Defined • Right of an individual to exercise a measure of control over the collection, use and disclosure of their personal information • Definition of personally identifiable information (PII) - any information, recorded or otherwise, relating or linked to an identifiable individual • Privacy is contextual / think of privacy as an aspect of CRM (Customer Relationship Management)

  4. What privacy is not Privacy  Security Security is, however, vital to privacy

  5. Fair Information Practices • Why are you asking? • Collection; purpose specification • How will the information be used? • Primary purpose; use limitation • Any additional secondary uses? • Notice and consent; prohibition against unauthorized disclosure • Who will be able to see my information? • Restricted access from unauthorized third parties

  6. Why We Need Privacy by Design Most privacy breaches remain undetected – as regulators, we only see the tip of the iceberg Regulatory compliance alone, is unsustainable as the sole model for ensuring the future of privacy

  7. Privacy by Design:The 7 Foundational Principles • Proactive not Reactive: Preventative, not Remedial; • Privacy as the Default setting; • Privacy Embedded into Design; • FullFunctionality: Positive-Sum, not Zero-Sum; • End-to-End Security: Full Lifecycle Protection; • Visibility and Transparency: Keep it Open; • Respect for User Privacy: Keep it User-Centric. www.ipc.on.ca/images/Resources/7foundationalprinciples.pdf

  8. Privacy by Design:The Trilogy of Applications Information Technology Accountable Business Practices Physical Design & Infrastructure

  9. Privacy by Design in 2010:Gathering Momentum • May – As part of the European Commission’s new European Digital Agenda, Peter Hustinx, the European Data Protection Supervisor, recommended that Privacy by Design be included as a binding principle into data protection legal framework; www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consultation/Opinions/2010/10-03-19_Trust_Information_Society_EN.pdf • October – Regulators from around the world gathered at the annual assembly of International Data Protection and Privacy Commissioners in Jerusalem, Israel, and unanimously passed a landmark Resolution recognizing Privacy by Design as an essential component of fundamental privacy protection; www.privacylaws.com/templates/EnewsPage.aspx?id=1663 • December – The U.S. Federal Trade Commission released a major report on protecting consumer privacy in which it recommended that companies adopt a Privacy by Design approach by building privacy protections into their everyday business practices. www.privacybydesign.ca/media-centre/in-the-news/

  10. Embedding Privacy at the Design Stage:The Obvious Route • Cost-effective • Proactive • User-centric • It’s all about control – preserving personal control and freedom of choice over one’s data flows

  11. Conclusions • Lead with Privacy by Design; • Change the paradigm from the dated “zero-sum” to the doubly-enabling “positive-sum;” • Deliver both privacy AND security or any other functionality, in an empowering “win-win” paradigm; • Embed privacy as a core functionality: the future of the Smart Grid may depend on it!

  12. How to Contact Us Michelle Chibba Director of Policy and Special ProjectsInformation & Privacy Commissioner of Ontario2 Bloor Street East, Suite 1400Toronto, Ontario, Canada M4W 1A8 Phone: (416) 326-3333 / 1-800-387-0073 Web: www.ipc.on.ca E-mail: info@ipc.on.ca

More Related