Information Privacy Engineering PDF

Summary

This document discusses information privacy concepts, including personally identifiable information (PII). It explains privacy by design (PbD) and privacy engineering, outlining their principles and applications. The text also details security controls and privacy requirements.

Full Transcript

IT2028 Information Privacy Concepts Information privacy generally pertains to what is known as personally identifiable i...

IT2028 Information Privacy Concepts Information privacy generally pertains to what is known as personally identifiable information (PII). PII is information that can be used to distinguish or trace an individual’s identity, such as: o Information about birth, race, religion, weight, activities, geographic indicators, employment information, medical information, education information, and financial information; o Personal characteristics, including photographic images, x-rays, fingerprints, or biometric image; and o Asset information, such as Internet Protocol (IP) or media access control (MAC) address or other host- specific persistent static identifier that consistently links Figure 1. Information Privacy Development Life Cycle to a particular person or a small, well-defined group of people. Privacy by Design Principles Privacy by Design A useful guide to developing a PbD approach is the set of In dealing with the privacy of PII, two (2) new concepts have foundational principles for PbD first proposed by Ann Cavoukian, emerged: privacy by design (PbD) and privacy engineering. as shown in Figure 2. These principles were later widely adopted The goal of privacy by design is to take privacy requirements into as a resolution by other prominent policymakers at the 32nd account throughout the system development process, from the Annual International Conference of Data Protection and Privacy conception of a new IT system through detailed system design, Commissioners meeting. implementation, and operation. o Privacy requirements: These are system requirements that have privacy relevance. System privacy requirements define the protection capabilities provided by the system, the performance and behavioral characteristics exhibited by the system, and the evidence used to determine that the system privacy requirements have been satisfied. Privacy requirements are derived from various sources, including laws, regulations, standards, and stakeholder expectations. Figure 1 provides an overview of the major activities and tasks involved in integrating information privacy protection into any information system developed by an organization. The upper part of the figure encompasses design activities that determine what is needed and how to satisfy requirements. The lower part of the figure deals with the implementation and operation of privacy features as part of the overall system. Figure 2. Foundational Principles of Privacy by Design 02 Handout 1 *Property of STI  [email protected] Page 1 of 4 IT2028 Proactive, not reactive; preventive, not remedial: PbD is an Privacy and Security Control Selection approach that anticipates privacy issues and seeks to prevent The privacy protection of PII involves the use of both controls problems before they arise. In this approach, designers must that are specific to privacy and the use of controls developed for assess the potential vulnerabilities in a system and the types of information security requirements. threats that may occur and then select technical and managerial Security controls are safeguards or countermeasures controls to protect the system. prescribed for an information system or an organization that are Privacy as the default: This principle requires an organization designed to protect the confidentiality, integrity, and availability to ensure that it only processes the data that is necessary to of its information and to meet a set of defined security achieve its specific purpose and that PII is protected during requirements collection, storage, use, and transmission. individual privacy cannot be achieved solely through securing Privacy embedded into the design: Privacy protections should personally identifiable information. Hence, both security and be core, organic functions, not added on after a design is privacy controls are needed. complete. Privacy should be integral both to the design and Privacy controls are the technical, physical, and administrative architecture of IT systems and to business practices. (or management) measures employed within an organization to Full functionality: positive-sum, not zero-sum: Designers satisfy privacy requirements. Privacy controls might result in: should seek solutions that avoid requiring a trade-off between o Removing the threat source; privacy and system functionality or between privacy and security. o Changing the likelihood that the threat can exploit a End-to-end security—life cycle protection: This principle vulnerability by reducing or eliminating the vulnerability encompasses two concepts. The terms end-to-end and life cycle or by changing the amount of PII collected or the way it refer to the protection of PII from the time of collection through is processed; and retention and destruction. During this life cycle, there should be o Changing the consequences of a privacy event. no gaps in the protection of the data or accountability for the Privacy Engineering data. The term security highlights that security processes and Privacy engineering involves taking account of privacy during the controls are used to provide not just security but privacy. entire life cycle of ICT (information and communications Visibility and transparency: PbD seeks to assure users and technology) systems other stakeholders that privacy-related business practices and Privacy engineering focuses on implementing techniques that technical controls are operating according to state commitments decrease privacy risks and enables organizations to make and objectives. purposeful decisions about resource allocation and effective Respect for user privacy: The organization must view privacy implementation of controls in information systems as primarily being characterized by personal control and free Figure 1 indicates that privacy engineering encompasses the choice. implementation, deployment, and ongoing operation and Privacy Risk Assessment management of privacy features and controls in systems The objective of a privacy risk assessment is to enable Privacy engineering involves both technical capabilities and organization executives to determine an appropriate budget for management processes. The primary goals of privacy privacy and, within that budget, implement the privacy controls engineering are to: that optimize the level of protection. o Incorporate functionality and management practices to satisfy privacy requirements o Prevent compromise of PII o Mitigate the impact of breach of personal data. 02 Handout 1 *Property of STI  [email protected] Page 2 of 4 IT2028 Privacy engineering is often used to encompass privacy-related o Assess risk based on assets, threats, vulnerabilities, and activities throughout the system development life cycle. An existing controls. From these inputs, determine impact example of this is shown in Figure 3. and likelihood and then the level of risk. o Identify potential security controls to reduce risk, prioritize their use, and select controls for implementation. o Allocate resources, roles, and responsibilities and implement controls. o Monitor and evaluate risk treatment effectiveness. Figure 3. Components of Privacy Engineering Figure 4. Risk Management Cycle Privacy requirements are system requirements that have Security risk assessment is an expectation of loss expressed privacy relevance. System privacy requirements define the as the probability that a particular threat will exploit a particular protection capabilities provided by the system, the performance vulnerability with a particular harmful result. and behavioral characteristics exhibited by the system, and the Risk management includes a disciplined, structured, and evidence used to determine that the system privacy flexible process for organizational asset valuation; security and requirements have been satisfied. Privacy requirements are privacy control selection, implementation, and assessment; derived from various sources, including laws, regulations, system and control authorizations; and continuous monitoring. standards, and stakeholder expectations. Risk management is an iterative process, as illustrated in Figure Privacy impact assessment (PIA) is an analysis of how 4, which consists of four steps: information is handled: to ensure handling conforms to applicable legal, regulatory, and policy requirements regarding privacy; to determine the risks and effects of collecting, 02 Handout 1 *Property of STI  [email protected] Page 3 of 4 IT2028 maintaining, and to examine and evaluate protections and alternative processes for handling information to mitigate potential privacy risks. In essence, PIA consists of a privacy risk assessment followed by a selection of privacy and security controls to reduce the risk. Privacy engineering and security objectives focus on the types of capabilities the system needs to demonstrate the implementation of an organization’s privacy policies and system privacy requirements. Figure 5. Privacy Engineering Objectives References: Kumar, G., Saini, DK., Huy Cuong, NH. (2020). Cyber defense mechanisms: Security, privacy, and challenges. CRC Press. Stallings, W. (2019). Information privacy engineering and privacy by design: Understanding privacy threats, technologies, and regulations. Assison-Wesley Professional. Torra, V. (2018). Data privacy: foundations, new developments, and the big data challenge. Springer International Publishing. 02 Handout 1 *Property of STI  [email protected] Page 4 of 4

Use Quizgecko on...
Browser
Browser