Privacy, Security & Access to Data
-
Upload
cybera-inc -
Category
Data & Analytics
-
view
550 -
download
0
Transcript of Privacy, Security & Access to Data
![Page 1: Privacy, Security & Access to Data](https://reader031.fdocuments.in/reader031/viewer/2022021921/58efef8e1a28ab9e218b4591/html5/thumbnails/1.jpg)
Privacy, Security & Access to DataCyber Summit 2015
Brian Hamilton, Director, Compliance and Special InvestigationsSeptember 28, 2015
![Page 2: Privacy, Security & Access to Data](https://reader031.fdocuments.in/reader031/viewer/2022021921/58efef8e1a28ab9e218b4591/html5/thumbnails/2.jpg)
Agenda
• Privacy laws enable your success
• How do privacy regulators analyze information sharing/analytics/big data initiatives?
• Regulatory challenges
• Tips for success in working with privacy regulators
![Page 3: Privacy, Security & Access to Data](https://reader031.fdocuments.in/reader031/viewer/2022021921/58efef8e1a28ab9e218b4591/html5/thumbnails/3.jpg)
Office of the Information and Privacy Commissioner of Alberta• Commissioner – Jill Clayton
• an officer of the Legislative Assembly• independent of government
• Oversight of Alberta’s access to information and privacy laws:
• Freedom of Information and Protection of Privacy Act• Personal Information Protection Act• Health Information Act
• Provincial government is responsible for legislation
![Page 4: Privacy, Security & Access to Data](https://reader031.fdocuments.in/reader031/viewer/2022021921/58efef8e1a28ab9e218b4591/html5/thumbnails/4.jpg)
What we do
![Page 5: Privacy, Security & Access to Data](https://reader031.fdocuments.in/reader031/viewer/2022021921/58efef8e1a28ab9e218b4591/html5/thumbnails/5.jpg)
How we intersect with research
• Health Research Ethics Boards• File their approvals with us• Duty to review research proposals and assess whether
adequate safeguards are in place
• Privacy Impact Assessment review• Especially data matching• Recommended for multi-stakeholder initiatives
• Investigations• Unusual, most people aren’t aware, or have consented• access to data without agreement
![Page 6: Privacy, Security & Access to Data](https://reader031.fdocuments.in/reader031/viewer/2022021921/58efef8e1a28ab9e218b4591/html5/thumbnails/6.jpg)
Privacy is an enabler
• Privacy regulators understand benefits of information sharing and analytics
• Advancement of science, health• Convenience• Harmonized, coordinated, targeted services• Efficiency, cost containment
• Privacy statutes allow appropriate information sharing and data matching
• Privacy ensures your success
• We are in the freedom of information business
![Page 7: Privacy, Security & Access to Data](https://reader031.fdocuments.in/reader031/viewer/2022021921/58efef8e1a28ab9e218b4591/html5/thumbnails/7.jpg)
Things privacy laws allow you to do(as long as you do it right)• Research• Planning• Resource allocation• Policy development• Quality improvement • Auditing• Evaluation• Data matching• Share personal information for service delivery
![Page 8: Privacy, Security & Access to Data](https://reader031.fdocuments.in/reader031/viewer/2022021921/58efef8e1a28ab9e218b4591/html5/thumbnails/8.jpg)
How we analyze initiatives• Who are you?
• Nature of organizations• Jurisdiction
• What are you doing?• What personal information will you collect, use or disclose?• Research, data matching
• Is it legal?• Analysis of legal authorities
• How are you managing risk?• Information security• Agreements, policies• Incident response plans• Regular review of controls• Training
![Page 9: Privacy, Security & Access to Data](https://reader031.fdocuments.in/reader031/viewer/2022021921/58efef8e1a28ab9e218b4591/html5/thumbnails/9.jpg)
Key Privacy Controls(for big data initiatives)
• Governance, policies, training• Access controls
• Need to know, least amount principle
• Consent (where necessary)
• Openness, transparency, notification
• Retention and disposition• Only keep information as long as necessary
• Incident response
• Privacy laws use reasonableness test• Controls do not need to be perfect
![Page 10: Privacy, Security & Access to Data](https://reader031.fdocuments.in/reader031/viewer/2022021921/58efef8e1a28ab9e218b4591/html5/thumbnails/10.jpg)
Challengesfor the new data scientist
• We live in a federation and have international partners
• Managing privacy among multiple stakeholders (governance)
• Transparency
• Managing consent, citizen expectations
• Trans border legal demands
• Bureaucratic fear, uncertainty and doubt
![Page 11: Privacy, Security & Access to Data](https://reader031.fdocuments.in/reader031/viewer/2022021921/58efef8e1a28ab9e218b4591/html5/thumbnails/11.jpg)
Tips for success• Talk to us
• We are happy to consult on any initiative• Early consultation prevents last-minute pitfalls
• Build privacy into your initiative from the start• Last-minute, bolt-on privacy is expensive and inefficient
• Engage the public• Transparency assuages fear
• Conduct a privacy impact assessment• Our Office is pleased to review and provide comments• Consider making your PIA public
• Develop privacy expertise
![Page 12: Privacy, Security & Access to Data](https://reader031.fdocuments.in/reader031/viewer/2022021921/58efef8e1a28ab9e218b4591/html5/thumbnails/12.jpg)
Curriculum for the new data scientist
• Privacy principles• Privacy risk assessment and mitigation
strategies• Information security• Access to information• Records management• Agreements and contracts
![Page 13: Privacy, Security & Access to Data](https://reader031.fdocuments.in/reader031/viewer/2022021921/58efef8e1a28ab9e218b4591/html5/thumbnails/13.jpg)
OIPC sponsored research on information sharing
Government Information SharingIs Data Going Out of the Silos, Into the Mines?
•http://www.oipc.ab.ca/Content_Files/Files/Publications/Report_GovtInfoSharing_Jan2015.pdf
•Case studies•Citizen expectations•Examining risk in data sharing projects
13
![Page 14: Privacy, Security & Access to Data](https://reader031.fdocuments.in/reader031/viewer/2022021921/58efef8e1a28ab9e218b4591/html5/thumbnails/14.jpg)
Free PIA training• Calgary: October 16• Edmonton: October 15• www.oipc.ab.ca for more info.
![Page 15: Privacy, Security & Access to Data](https://reader031.fdocuments.in/reader031/viewer/2022021921/58efef8e1a28ab9e218b4591/html5/thumbnails/15.jpg)
Your questions
![Page 16: Privacy, Security & Access to Data](https://reader031.fdocuments.in/reader031/viewer/2022021921/58efef8e1a28ab9e218b4591/html5/thumbnails/16.jpg)
THANK YOU!
Brian HamiltonDirector, Compliance and Special InvestigationsOffice of the Information and Privacy Commissioner, [email protected]