office of the information and privacy commissioner, ontario, canada panel on privacy centre for...
TRANSCRIPT
![Page 1: Office of the Information and Privacy Commissioner, Ontario, Canada Panel on Privacy Centre for Information Integrity & Information Systems Assurance,](https://reader035.vdocuments.net/reader035/viewer/2022081602/5513dc325503463a298b5656/html5/thumbnails/1.jpg)
Office of the Information and Privacy Commissioner, Ontario, Canada
Panel on PrivacyCentre for Information Integrity & Information Systems
Assurance, U of Waterloo7th Biennial Research Symposium
October 21, 2010Toronto, Ontario
![Page 2: Office of the Information and Privacy Commissioner, Ontario, Canada Panel on Privacy Centre for Information Integrity & Information Systems Assurance,](https://reader035.vdocuments.net/reader035/viewer/2022081602/5513dc325503463a298b5656/html5/thumbnails/2.jpg)
Ann Cavoukian, PhDOntario’s Information and Privacy Commissioner
• Ensures that government organizations (provincial and municipal) comply with freedom of information and privacy laws in Ontario
• Investigates privacy complaints and resolve appeals when the government refuses to grant access to government-held information
• Conducts research on access and privacy issues
• Educates the public and raise awareness about Ontario’s access and privacy laws
![Page 3: Office of the Information and Privacy Commissioner, Ontario, Canada Panel on Privacy Centre for Information Integrity & Information Systems Assurance,](https://reader035.vdocuments.net/reader035/viewer/2022081602/5513dc325503463a298b5656/html5/thumbnails/3.jpg)
Privacy Defined
• Right of an individual to exercise a measure of control over the collection, use and disclosure of their personal information
• Definition of personally identifiable information (PII) - any information, recorded or otherwise, relating or linked to an identifiable individual
• Privacy is contextual / think of privacy as an aspect of CRM (Customer Relationship Management)
![Page 4: Office of the Information and Privacy Commissioner, Ontario, Canada Panel on Privacy Centre for Information Integrity & Information Systems Assurance,](https://reader035.vdocuments.net/reader035/viewer/2022081602/5513dc325503463a298b5656/html5/thumbnails/4.jpg)
What privacy is not
Privacy Security
Security is, however, vital to privacy
![Page 5: Office of the Information and Privacy Commissioner, Ontario, Canada Panel on Privacy Centre for Information Integrity & Information Systems Assurance,](https://reader035.vdocuments.net/reader035/viewer/2022081602/5513dc325503463a298b5656/html5/thumbnails/5.jpg)
Fair Information Practices
• Why are you asking?– Collection; purpose specification
• How will the information be used?– Primary purpose; use limitation
• Any additional secondary uses?– Notice and consent; prohibition against unauthorized
disclosure
• Who will be able to see my information?– Restricted access from unauthorized third parties
![Page 6: Office of the Information and Privacy Commissioner, Ontario, Canada Panel on Privacy Centre for Information Integrity & Information Systems Assurance,](https://reader035.vdocuments.net/reader035/viewer/2022081602/5513dc325503463a298b5656/html5/thumbnails/6.jpg)
Why We Need Privacy by Design
Most privacy breaches remain undetected – as regulators, we only see the tip of the iceberg
Regulatory compliance alone, is unsustainable as the sole model for ensuring the future of
privacy
![Page 7: Office of the Information and Privacy Commissioner, Ontario, Canada Panel on Privacy Centre for Information Integrity & Information Systems Assurance,](https://reader035.vdocuments.net/reader035/viewer/2022081602/5513dc325503463a298b5656/html5/thumbnails/7.jpg)
![Page 8: Office of the Information and Privacy Commissioner, Ontario, Canada Panel on Privacy Centre for Information Integrity & Information Systems Assurance,](https://reader035.vdocuments.net/reader035/viewer/2022081602/5513dc325503463a298b5656/html5/thumbnails/8.jpg)
Privacy by Design:The 7 Foundational Principles
www.ipc.on.ca/images/Resources/7foundationalprinciples.pdf
1. Proactive not Reactive: Preventative, not Remedial;
2. Privacy as the Default setting;
3. Privacy Embedded into Design;
4. Full Functionality: Positive-Sum, not Zero-Sum;
5. End-to-End Security: Full Lifecycle
Protection;
6. Visibility and Transparency: Keep it Open;
7. Respect for User Privacy: Keep it User-Centric.
![Page 9: Office of the Information and Privacy Commissioner, Ontario, Canada Panel on Privacy Centre for Information Integrity & Information Systems Assurance,](https://reader035.vdocuments.net/reader035/viewer/2022081602/5513dc325503463a298b5656/html5/thumbnails/9.jpg)
Privacy by Design:The Trilogy of Applications
Information Technology
Accountable Business Practices
Physical Design & Infrastructure
![Page 10: Office of the Information and Privacy Commissioner, Ontario, Canada Panel on Privacy Centre for Information Integrity & Information Systems Assurance,](https://reader035.vdocuments.net/reader035/viewer/2022081602/5513dc325503463a298b5656/html5/thumbnails/10.jpg)
Privacy by Design in 2010:Gathering Momentum
• May – As part of the European Commission’s new European Digital Agenda, Peter Hustinx, the European Data Protection Supervisor, recommended that Privacy by Design be included as a binding principle into data protection legal framework;
www.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/Consultation/Opinions/2010/10-03-19_Trust_Information_Society_EN.pdf
• October – Regulators from around the world gathered at the annual assembly of International Data Protection and Privacy Commissioners in Jerusalem, Israel, and unanimously passed a landmark Resolution recognizing Privacy by Design as an essential component of fundamental privacy protection;
www.privacylaws.com/templates/EnewsPage.aspx?id=1663
• December – The U.S. Federal Trade Commission released a major report on protecting consumer privacy in which it recommended that companies adopt a Privacy by Design approach by building privacy protections into their everyday business practices.
www.privacybydesign.ca/media-centre/in-the-news/
![Page 11: Office of the Information and Privacy Commissioner, Ontario, Canada Panel on Privacy Centre for Information Integrity & Information Systems Assurance,](https://reader035.vdocuments.net/reader035/viewer/2022081602/5513dc325503463a298b5656/html5/thumbnails/11.jpg)
Embedding Privacy at the Design Stage:The Obvious Route
• Cost-effective
• Proactive
• User-centric
• It’s all about control – preserving personal control and freedom of choice over one’s data flows
![Page 12: Office of the Information and Privacy Commissioner, Ontario, Canada Panel on Privacy Centre for Information Integrity & Information Systems Assurance,](https://reader035.vdocuments.net/reader035/viewer/2022081602/5513dc325503463a298b5656/html5/thumbnails/12.jpg)
Conclusions
• Lead with Privacy by Design;
• Change the paradigm from the dated “zero-sum” to the doubly-enabling “positive-sum;”
• Deliver both privacy AND security or any other functionality, in an empowering “win-win” paradigm;
• Embed privacy as a core functionality: the future of the Smart Grid may depend on it!
![Page 13: Office of the Information and Privacy Commissioner, Ontario, Canada Panel on Privacy Centre for Information Integrity & Information Systems Assurance,](https://reader035.vdocuments.net/reader035/viewer/2022081602/5513dc325503463a298b5656/html5/thumbnails/13.jpg)
How to Contact Us
Michelle Chibba Director of Policy and Special ProjectsInformation & Privacy Commissioner of Ontario2 Bloor Street East, Suite 1400Toronto, Ontario, Canada M4W 1A8
Phone: (416) 326-3333 / 1-800-387-0073Web: www.ipc.on.caE-mail: [email protected]