ecar working groups general meeting (289373064)
TRANSCRIPT
8/20/2019 ECAR Working Groups General Meeting (289373064)
http://slidepdf.com/reader/full/ecar-working-groups-general-meeting-289373064 1/24
feng shui for big data
harmony for big data
kent wadadirector, strategic IT policyucla chief privacy officer
ecar working groups general meetingeducause annual indianapolis
october 27, 2015
kent wada
director, strategic IT policyucla chief privacy officer
october 27, 2015
ecar working groups general meetingeducause annual indianapolis
8/20/2019 ECAR Working Groups General Meeting (289373064)
http://slidepdf.com/reader/full/ecar-working-groups-general-meeting-289373064 2/24
data
security
privacy
accessibility
!"#$% '
8/20/2019 ECAR Working Groups General Meeting (289373064)
http://slidepdf.com/reader/full/ecar-working-groups-general-meeting-289373064 3/24
bigdata
security
accessibility
privacy
governance
value
!"#$% +
8/20/2019 ECAR Working Groups General Meeting (289373064)
http://slidepdf.com/reader/full/ecar-working-groups-general-meeting-289373064 4/24
infrastructure(e.g., computers, smartphones, networks)
information
confidential information(e.g., intellectual property, security info)
information about individuals(e.g., student/patient records; SSNs)
informationsecurity
protectsall information
IT security
cyber
protectstechnical
infrastructure
informatioprivacyprotectsinformationabout individ
!"#$% *
8/20/2019 ECAR Working Groups General Meeting (289373064)
http://slidepdf.com/reader/full/ecar-working-groups-general-meeting-289373064 5/24
information about individuals(e.g., student/patient records; SSNs)
nformation security officer
informationsecurity
protectsall information
“cia”confidentiality
integrityavailability
(traditional realm of thprivacy offic
informatioprivacyprotectsinformationabout individ
complianceprivacy rules—e.g., hipaa, ferpa, …
state breach notification lawsopen records laws (state, foia)
fair information practices principlesnotice/awareness, choice/consent, access/participation, integrity/securityenforcement/redress
dataset techniquese.g., de-identification, anonymization,
constraints on use v. collection
information security and information privacy are generally complementa
!"#$% ,
8/20/2019 ECAR Working Groups General Meeting (289373064)
http://slidepdf.com/reader/full/ecar-working-groups-general-meeting-289373064 6/24
individualsinformatioprivacyprotectsinformationabout individ
information about individuals(e.g., student/patient records; SSNs)
autonomyprivacycovers individ
from observa
safeguards against surveillance/ big brother / the monitoring of
behavior, data mining / profilingvalues
first amendment, anonymityacademic freedomethical behavior
it’s not just security vs privacy, it may be privacy vs privacy
… increasingly because of “big data”
!"#$% -
8/20/2019 ECAR Working Groups General Meeting (289373064)
http://slidepdf.com/reader/full/ecar-working-groups-general-meeting-289373064 7/24
infrastructure(e.g., computers, smartphones, networks)
information
confidential information(e.g., intellectual property, security info)
information about individuals(e.g., student/patient records; SSNs)
individuals
nformation security officer
informationsecurity
protectsall information
ybersecurityprotects
technicalinfrastructure
privacy offic
autonomyprivacycovers individ
from observa
informatioprivacyprotectsinformationabout individ
___________________________• Based on the diagram developed for the report below. See http://ucop.edu/privacy-initiative for further information.•
Privacy and Information Security Initiative Steering Committee Report to the President. Rep. University of California, Jan.
2013. Web. 24 Aug. 2015.
http://ucop.edu/privacy-initiative/uc-privacy-and-information-security-steering-committee-final-report.pdf
!"#$% .
8/20/2019 ECAR Working Groups General Meeting (289373064)
http://slidepdf.com/reader/full/ecar-working-groups-general-meeting-289373064 8/24
big data privacy hazards
indiscriminate collection of data
volunteered dat
observed data
continuous collection of non-traditional pii
SHAZAM LOGO AMAZON ECHO SHAZAM LOGO FITBIT CHARGE HR
data generation
inferred data
___________________________
• Based on material from Doron Rotman, KPMG.
!"#$% '
8/20/2019 ECAR Working Groups General Meeting (289373064)
http://slidepdf.com/reader/full/ecar-working-groups-general-meeting-289373064 9/24
big data privacy hazards
indiscriminate collection of data
data generation
volunteered dat
observed data
inferred data
indefinite storage
infinite reuse
deidentified data reidentified
AOL LOGO HARVARD UNIVERSITY SEAL NETFLIX LOGO
!"#$% ,
8/20/2019 ECAR Working Groups General Meeting (289373064)
http://slidepdf.com/reader/full/ecar-working-groups-general-meeting-289373064 10/24
volunteered dat
observed data
inferred data
indiscriminate collection of data
data generation
indefinite storage
infinite reuse
deidentified data reidentified
big data privacy hazards
data breaches
GENERIC BREACH
NOTIFICATION LANGUAGEASHLEY MADISON LOGO
SEAL OF THE US OFFICE OF
PERSONNEL MANAGEMENT
!"#$% /0
8/20/2019 ECAR Working Groups General Meeting (289373064)
http://slidepdf.com/reader/full/ecar-working-groups-general-meeting-289373064 11/24
volunteered dat
observed data
inferred data
indiscriminate collection of data
data generation
indefinite storage
big data privacy hazards
infinite reuse
deidentified data reidentified
data breachespredictive analytics
descriptive — summarize what happened
predictive — forecast what may happen in the future
prescriptive — recommend one or more courses of action
!"#$% --
8/20/2019 ECAR Working Groups General Meeting (289373064)
http://slidepdf.com/reader/full/ecar-working-groups-general-meeting-289373064 12/24
volunteered dat
observed data
inferred data
indiscriminate collection of data
data generation
indefinite storage
infinite reuse
deidentified data reidentified
data breaches
big data privacy hazards
predictive analytics
algorithmic discriminationFICO LOGO
PARTIAL STILL
FROM THE MOVIE
MINORITY REPORT
!"#$% /'
8/20/2019 ECAR Working Groups General Meeting (289373064)
http://slidepdf.com/reader/full/ecar-working-groups-general-meeting-289373064 13/24
July 22, 2015 — A GitHub project is using the
23andMe API for genetic decoding to act as a way
to bar users from entering websites based on their
genetic data — race and ancestry.
“Stumbling around GitHub, I came across this bit of
code: Genetic Access Control. Now, budding
young racist coders can check out your 23andMe
page before they allow you into their website!
Seriously, this code uses the 23andMe API to pull
genetic info, then runs access control on the user
based on the results. Just why you decide not to let
someone into your site is up to you, but it can be
based on any aspect of the 23andMe API. This is
literally the code to automate racism.”
___________________________•
Genetic Access Control Code Uses 23andMe DNA Data For Internet Racism. (2015, July 22). Retrieved from
http://science.slashdot.org/story/15/07/22/0146236/genetic-access-control-code-uses-23andme-dna-data-for-internet-rac
!"#$% /+
8/20/2019 ECAR Working Groups General Meeting (289373064)
http://slidepdf.com/reader/full/ecar-working-groups-general-meeting-289373064 14/24
ARTICLE HEADLINE “FRANK PASQUALE UNRAVELS THE NEW MACHINE AGE OF ALGORITHMS AND BOTS”
___________________________•
Selinger, Evan. “Frank Pasquale Unravels the New Machine Age of Algorithms and Bots.” The Christian Science Monitor 28
Jan. 2015, Passcode sec. Web. 24 Aug. 2015.
p://csmonitor.com/World/Passcode/Passcode-Voices/2015/0128/Frank-Pasquale-unravels-the-new-machine-age-of-algorithms-an
!"#$% /*
8/20/2019 ECAR Working Groups General Meeting (289373064)
http://slidepdf.com/reader/full/ecar-working-groups-general-meeting-289373064 15/24
history says:
• data, once collected, can rarely be “uncollected”
• data, once collected, will always find another use
• the rules change
the concerns are greatest:
• when data are used to make decisions about people
• when data are collected about people without their
knowledge or consent
• when data about people are used in unexpected ways
without subjects’ knowledge or consent
• when data are shared with external entities
!"#$% /,
8/20/2019 ECAR Working Groups General Meeting (289373064)
http://slidepdf.com/reader/full/ecar-working-groups-general-meeting-289373064 16/24
partial privacy timeline
1789
US
onstitution
1890
brandeis ‘right
to be let alone’
1948
UN declarationof human rights
1968
privacytort
60s-70s
privacyrulings by
SCOTUS
1972
privacy addedto california
constitution asinalienable right
1974
privacy act
ferpa/student
1977
privacycommission
report
___________________________• Based on a timeline developed by Sol Bermann, Privacy Officer, IT Policy, Compliance, Enterprise Continuity Strategist, at th
University of Michigan.
!"#$% /-
8/20/2019 ECAR Working Groups General Meeting (289373064)
http://slidepdf.com/reader/full/ecar-working-groups-general-meeting-289373064 17/24
partial privacy timeline, con’t
1991
commonrule/
humanresearchprivacy
1995
EU dataprotectiondirective
1996
hipaa/medical and
health
1998
coppa/childrenonline
1999
chiefcounselor forprivacy in fed
gov’t
first cpo
glba/loan
2003
first statebreach
notificationlaw
2010
red flags/id theft
2012
googleimplementsthe EU right
to beforgotten
201
calECP
!"#$% /.
8/20/2019 ECAR Working Groups General Meeting (289373064)
http://slidepdf.com/reader/full/ecar-working-groups-general-meeting-289373064 18/24
“public-private”partnerships
(whether weknow it or not)
google apps for education
learning analytics
translational research
scholarly publications
!"#$% /1
8/20/2019 ECAR Working Groups General Meeting (289373064)
http://slidepdf.com/reader/full/ecar-working-groups-general-meeting-289373064 19/24
implementing bdfs at ucla via the dgtf
“These governance mechanisms should be invoked when
competing privacy interests, goals, University values, or
obligations in the application or use of these data exist and for
which no statutory provision, common law, or University policy
is directly applicable.”
___________________________• UCLA. (2015). UCLA Data Governance Task Force: Final Report and Recommendations (DRAFT).•
Borgman, Christine, and Kent Wada (co-chairs). UCLA Data Governance Task Force.
https://ccle.ucla.edu/course/view/datagov
!"#$% /2
8/20/2019 ECAR Working Groups General Meeting (289373064)
http://slidepdf.com/reader/full/ecar-working-groups-general-meeting-289373064 20/24
implementing bdfs at ucla via the dgtf
the goal is not to be an irb, vet everything, or be seen as
“those who say no”, but to:
• resolve legitimate disagreements and provide a path
forward
• promote transparency and open discussion
am i my data?
am i more important?
___________________________• http://lex.ucsc.edu/resources/datalex_registration.html• DataLex 2015: Privacy, Big Data, and the Law. (n.d.). UC Santa Cruz, Digital Arts Research Center. Retrieved
from www.ustream.tv/channel/c6Mv3vuye3D
!"#$% '0
8/20/2019 ECAR Working Groups General Meeting (289373064)
http://slidepdf.com/reader/full/ecar-working-groups-general-meeting-289373064 21/24
we’re all sitting on treasure troves of data …
•
but the private sector has no irb• and a different mission (value = monetize)
• the facebook contagion experiment may have made things
worse
!"#$% '/
8/20/2019 ECAR Working Groups General Meeting (289373064)
http://slidepdf.com/reader/full/ecar-working-groups-general-meeting-289373064 22/24
(big)data
security
accessibility
privacy
governance
value
!"#$% ''
8/20/2019 ECAR Working Groups General Meeting (289373064)
http://slidepdf.com/reader/full/ecar-working-groups-general-meeting-289373064 23/24
bigdata
security
accessibility
privacy
governance
value
!"#$% '+
8/20/2019 ECAR Working Groups General Meeting (289373064)
http://slidepdf.com/reader/full/ecar-working-groups-general-meeting-289373064 24/24
harmony for big data
kent wadadirector, strategic IT policyucla chief privacy officer
ecar working groups general meetingeducause annual indianapolis
october 27, 2015
!"#$% '*