02_Handout_1(2).pdf

Full Transcript

IT2028

Information Privacy Concepts
Information privacy generally pertains to what is known as
personally identifiable information (PII).
PII is information that can be used to distinguish or trace an
individual’s identity, such as:
o Information about birth, race, religion, weight, activities,
geographic indicators, employment information, medical
information, education information, and financial
information;
o Personal characteristics, including photographic
images, x-rays, fingerprints, or biometric image; and
o Asset information, such as Internet Protocol (IP) or
media access control (MAC) address or other host-
specific persistent static identifier that consistently links Figure 1. Information Privacy Development Life Cycle
to a particular person or a small, well-defined group of
people. Privacy by Design Principles
Privacy by Design A useful guide to developing a PbD approach is the set of
In dealing with the privacy of PII, two (2) new concepts have foundational principles for PbD first proposed by Ann Cavoukian,
emerged: privacy by design (PbD) and privacy engineering. as shown in Figure 2. These principles were later widely adopted
The goal of privacy by design is to take privacy requirements into as a resolution by other prominent policymakers at the 32nd
account throughout the system development process, from the Annual International Conference of Data Protection and Privacy
conception of a new IT system through detailed system design, Commissioners meeting.
implementation, and operation.
o Privacy requirements: These are system requirements
that have privacy relevance. System privacy
requirements define the protection capabilities provided
by the system, the performance and behavioral
characteristics exhibited by the system, and the
evidence used to determine that the system privacy
requirements have been satisfied. Privacy requirements
are derived from various sources, including laws,
regulations, standards, and stakeholder expectations.
Figure 1 provides an overview of the major activities and tasks
involved in integrating information privacy protection into any
information system developed by an organization. The upper
part of the figure encompasses design activities that determine
what is needed and how to satisfy requirements. The lower part
of the figure deals with the implementation and operation of
privacy features as part of the overall system.
Figure 2. Foundational Principles of Privacy by Design

02 Handout 1 *Property of STI
 [email protected] Page 1 of 4
 IT2028

Proactive, not reactive; preventive, not remedial: PbD is an Privacy and Security Control Selection
approach that anticipates privacy issues and seeks to prevent The privacy protection of PII involves the use of both controls
problems before they arise. In this approach, designers must that are specific to privacy and the use of controls developed for
assess the potential vulnerabilities in a system and the types of information security requirements.
threats that may occur and then select technical and managerial Security controls are safeguards or countermeasures
controls to protect the system. prescribed for an information system or an organization that are
Privacy as the default: This principle requires an organization designed to protect the confidentiality, integrity, and availability
to ensure that it only processes the data that is necessary to of its information and to meet a set of defined security
achieve its specific purpose and that PII is protected during requirements
collection, storage, use, and transmission. individual privacy cannot be achieved solely through securing
Privacy embedded into the design: Privacy protections should personally identifiable information. Hence, both security and
be core, organic functions, not added on after a design is privacy controls are needed.
complete. Privacy should be integral both to the design and Privacy controls are the technical, physical, and administrative
architecture of IT systems and to business practices. (or management) measures employed within an organization to
Full functionality: positive-sum, not zero-sum: Designers satisfy privacy requirements. Privacy controls might result in:
should seek solutions that avoid requiring a trade-off between o Removing the threat source;
privacy and system functionality or between privacy and security. o Changing the likelihood that the threat can exploit a
End-to-end security—life cycle protection: This principle vulnerability by reducing or eliminating the vulnerability
encompasses two concepts. The terms end-to-end and life cycle or by changing the amount of PII collected or the way it
refer to the protection of PII from the time of collection through is processed; and
retention and destruction. During this life cycle, there should be o Changing the consequences of a privacy event.
no gaps in the protection of the data or accountability for the Privacy Engineering
data. The term security highlights that security processes and Privacy engineering involves taking account of privacy during the
controls are used to provide not just security but privacy. entire life cycle of ICT (information and communications
Visibility and transparency: PbD seeks to assure users and technology) systems
other stakeholders that privacy-related business practices and Privacy engineering focuses on implementing techniques that
technical controls are operating according to state commitments decrease privacy risks and enables organizations to make
and objectives. purposeful decisions about resource allocation and effective
Respect for user privacy: The organization must view privacy implementation of controls in information systems
as primarily being characterized by personal control and free Figure 1 indicates that privacy engineering encompasses the
choice. implementation, deployment, and ongoing operation and
Privacy Risk Assessment management of privacy features and controls in systems
The objective of a privacy risk assessment is to enable Privacy engineering involves both technical capabilities and
organization executives to determine an appropriate budget for management processes. The primary goals of privacy
privacy and, within that budget, implement the privacy controls engineering are to:
that optimize the level of protection. o Incorporate functionality and management practices to
satisfy privacy requirements
o Prevent compromise of PII
o Mitigate the impact of breach of personal data.

02 Handout 1 *Property of STI
 [email protected] Page 2 of 4
 IT2028

Privacy engineering is often used to encompass privacy-related o Assess risk based on assets, threats, vulnerabilities, and
activities throughout the system development life cycle. An existing controls. From these inputs, determine impact
example of this is shown in Figure 3. and likelihood and then the level of risk.
o Identify potential security controls to reduce risk,
prioritize their use, and select controls for
implementation.
o Allocate resources, roles, and responsibilities and
implement controls.
o Monitor and evaluate risk treatment effectiveness.

Figure 3. Components of Privacy Engineering Figure 4. Risk Management Cycle
Privacy requirements are system requirements that have
Security risk assessment is an expectation of loss expressed privacy relevance. System privacy requirements define the
as the probability that a particular threat will exploit a particular protection capabilities provided by the system, the performance
vulnerability with a particular harmful result. and behavioral characteristics exhibited by the system, and the
Risk management includes a disciplined, structured, and evidence used to determine that the system privacy
flexible process for organizational asset valuation; security and requirements have been satisfied. Privacy requirements are
privacy control selection, implementation, and assessment; derived from various sources, including laws, regulations,
system and control authorizations; and continuous monitoring. standards, and stakeholder expectations.
Risk management is an iterative process, as illustrated in Figure Privacy impact assessment (PIA) is an analysis of how
4, which consists of four steps: information is handled: to ensure handling conforms to
applicable legal, regulatory, and policy requirements regarding
privacy; to determine the risks and effects of collecting,

02 Handout 1 *Property of STI
 [email protected] Page 3 of 4
 IT2028

maintaining, and to examine and evaluate protections and
alternative processes for handling information to mitigate
potential privacy risks. In essence, PIA consists of a privacy risk
assessment followed by a selection of privacy and security
controls to reduce the risk.
Privacy engineering and security objectives focus on the
types of capabilities the system needs to demonstrate the
implementation of an organization’s privacy policies and system
privacy requirements.

Figure 5. Privacy Engineering Objectives References:

Kumar, G., Saini, DK., Huy Cuong, NH. (2020). Cyber defense mechanisms: Security,
privacy, and challenges. CRC Press.
Stallings, W. (2019). Information privacy engineering and privacy by design:
Understanding privacy threats, technologies, and regulations. Assison-Wesley
Professional.
Torra, V. (2018). Data privacy: foundations, new developments, and the big data
challenge. Springer International Publishing.

02 Handout 1 *Property of STI
 [email protected] Page 4 of 4