| | 2.7 Information Security
27. Privacy by Design | |
|---|
| 27.27 Privacy by Design: | | 1. Privacy-by-Design (PbD) is an approach advocated by the Information Commissioners Office (ICO) to promote privacy and data protection. Privacy is a design approach to keep business data private and confifdential. Security is a method to make business data private and confidential. | | 2. Privacy-by-Design is legal requirement of the Data Protection Act, but is a mitigating factor in the event of a data breach. ICO fines will be reduced where Privacy-by-Design has been reasonably and correctly deployed with good intent. | | 3. Privacy-by-Design begins with a Data Privacy Impact Assessment as a way to identify and reduce privacy risks. Risk Management Service should be part of the Project Management Service used to provide Bespoke Application Services. |
| Founding Principles: | | 1. Privacy-by-Design is associated with Proactive rather than reactive measures - no focus on what happened yesterday, but all focus on what is happening right now. Proactive measures Prevent privacy problems, rather than remedial procedurees to cope with the result. Privacy-by-Design comes before-the-fact, not after the fact. | | 2. Privacy-by-Design is the Default Setting when a person does nothing. Privacy is built-in rather than bolted-on. Privacy is always working to the maximum degree. | | 3. Privacy-by-Design is Embedded into the design of the application and an essential component. Privacy is integral to the application that cannot operate without it. | | 4. Privacy-by-Design is a Positive-Sum solution that does not trade-off against other factors such as security. It is perfectly practical to enjoy both privacy and security without any trade-off of one against the other. | | 5. Privacy-by-Design applies to the Entire Life Cycle of business data, not just to one aspect of how and where its used. Privacy are critical from cradle to grave, from creation to destruction and from end-to-end. | | 6. Privacy-by-Design must be Visible, Open and Transparent as a matter of trust for all stakeholders. Privacy needs independent verification to create trust. | | 7. Privacy-by-Design is about Respect for people by emplowering people with easy-to-use options that maintain privacy. People have the right to choose the level of privacy that they want, after they have been fully informed. |
| Information Technology: | | 1. Technology is not a threat, but how it is used may be a threat. Technology like encryption can protect privacy, however encryption on its own may not be good enough. | | 2. Every encryption method every devised (and published) has eventually been cracked (or will be cracked). However when many different encryption methods are used in layers, then the technology can protect privacy. |
| Procedures and Practices: | | 1. With the best technology in the world, people can use procedures that leak business data to others. While encrypted email is inherently safe, people can send private attachment to the wrong person as a major data breach. | | 2. Business procedures must evolve to eliminate the possibility of a person making an error that causes a data breach. This can mean stop using unsafe procedures that have been used for many years and start using more effective procedures that cannot cause a data breach. Changes are mandated, but ICO fines may need to be imposed to give people the right motivation to make those changes. |
| Physical Design: | | 1. Technology and procedures are only as good as the physical security of the network, infrastructure and local computers. Where people are working and interacting with the public, then business data may be stolen by viewing a screen, plugging in a USB drive, recording keyboard actions, hacking the Ethernet connection, monitoring the wireless connection or simply stealing a computer. | | 2. Many times, people in a public place like a train or airport lounge will communicate private data that can be copied by other people around them. Paper records are very hard to make secure and even harder to create a backup in case one copy is lost. The filing cabinet is obsolete and every thing needed to eliminate the filing cabinet must be taken to impose privacy with security. |
| Nobody Cares: | | 1. It may be that a culture has evolved in some companies where nobdy cares about privacy - all business data is shared with everybody else and left on desks for anybody to read or copy. That culture will be destroyed by the Data Protection Act where people are rewarded for being a whistleblower and the company will be continually fined until they comply with the law or go out of business. | | 2. It is unjust enrichment is most companies comply with the law while a few choose to ignore privacy regulations and fines will be very high to stop such unfair trading practices. While ignoring Privacy-by-Design is not illegal, the act of ignoring privacy is illegal and all such companies will be fined until they comply with the law. |
| Business Rules: | | 1. Data Protection Act (DPA) does NOT apply to data rendered anonymous in such a way that the data subject is not longer identifiable. | | 2. The anonymisation of data is possible and can help the ASP needs in a privacy friendy way. | | 3. An ICO code has been published to explian how data can be anonymised and the legal tests to comply. | | 4. DPA does NOT require anonymisation to be completely risk free - only to mitigate the risk to make it very small. | | 5. DPA recognises that aggregated data is anonomous and very low risk to be re-identified. | | 6. DPA recognises that pseudonymised data carries a higher risk to be re-identified. | | 7. When dealing with small sets of data, anonymisation may not work because simply guesswork can be able to identify the people involved from work patterns, travel times and holiday events. | | 8. UK courts apply a "likely reasonable" test of the risk to anonoymised data being re-identified. |
| Data Breach: | | 1. A data breach is an incident in which sensitive, protected or confidential data has potentially been viewed, stolen or used by a person who was not authorised to do so. | | 2. Service provided are required to notify the ICO if a personal data breach occurs. The service provider mus keep a log of all data breaches. The service provider must also notify the people involved if the data breach is likely to adversely affect the persons privacy. | | 3. A data breach of security leading to the accidental or unlawful destruction , loss, alteration, unauthorised disclosure of, or access to, person data transmitted, stored or otherwise processed in connection with the provision of a public electronic communication service. The service provider must have a breach notification log and a single point of contact. |
| Data Security Breach Log: | | 1. Organisation. | | 2. Date of Log. | | 3. Number. | | 3. Reference. | | 3. Date of Breach. | | 3. Number of people affected. | | 3. Nature of breach. | | 3. Descrition of breach. | | 3. How you became aware of the breach. | | 3. Description of data. | | 3. Consequences of breach. | | 3. All individuals informed? | | 3. Remedial action. | | 3. Other regulators informed. | | 3. When did you first notify the ICO of the breach? |
| Document Control: | | 1. Document Title: Privacy by Design. | | 2. Reference: 161308. | | 3. Keywords: Privacy by Design, Bespoke Application Service, Application Service Provider. | | 4. Description: Privacy by Design is an optional design approach that the ASP has chosen to make mandated. This document does not provide legal or financial advice. | | 5. Privacy: Public information service to who it may concern. | | 6. Issued: 11 Feb 2017. | | 7. Edition: 1.1. |
| Factors: | | 1. All business data can be fragmented (using differenciation) into a large set of elementary numbers. | | 2. A large set of photographs can be fragmented into a large set of tokens and elementary numbers. | | 3. Mapping can encrypt business data using tokens with equivalent elementary numbers. | | 4. No matter how many powerful computers are deployed, the mapped data cannot be decrypted. | | 5. This is like encrypting a message using page, line and word numbers in a book to represent each word or phrase. The modern twist is that a very large number of different books may be used as part of the cypher. Books have been replaced with a massive photographic library. Field values have been replaced with elementary number strings. | | 6. To crack SHA1 encryption, Google used 100 very powerful computers running none stop for a year before they won. As computers get more powerful, different encryption methods must be devised that cannot be cracked by massive processing power. Mapping field values to photo albums cannot be cracked while the photographic library is continually growing and unknown to the hackers. | | 7. Video could be a future source of tokens and elementary numbers. Encoding of field values to elementary numbers will evolve. It has been suggested that agents with the most powerfull computers in the world will not be able to decrypt tokens matched with the numeric content of a video library. |
|
|