Posts tagged Privacy by Design
NFC the next big thing? Do it right – embed privacy from the start
Dec 4th
by Dr. Ann Cavoukian
There was a lot of buzz about Near Field Communications (NFC) at The Future of the Internet Congress this week in Ottawa. NFC is an emerging short-range wireless technology being built into the latest generation of smartphones, allowing users to bridge the real and virtual worlds with simple “Tap ‘n Go” gestures.
Ann Cavoukian, Information and Privacy Commissioner of Ontario
NFC holds tremendous potential to change the way we interact with our physical environments, acquire and share information, access facilities, and pay for goods and services (to name just a few interoperabilities), using now-ubiquitous mobile devices.
Illustrative Uses Cases
At the Congress, I made available a new paper, entitled Mobile Near Field Communications (NFC) “Tap ‘n Go” – Keep it Secure & Private, that examines the technology’s potential in four illustrative use cases:
Mobile devices & medical research — protecting personal health information
Sep 13th
By Dr. Ann Cavoukian
Nothing disappoints me more than news of yet another lost unencrypted USB key or laptop containing personal health information. Unequivocally, there have been far too many breaches of this kind, most of which could have easily been avoided by utilizing well-established privacy and security measures and building in Privacy by Design (‘PbD’)best practices.
Ann Cavoukian, Information and Privacy Commissioner of Ontario
The numbers are startling. In the U.S. over a 20-month period ending June 2011, there were 288 notable breaches impacting millions of Americans – with about a third involving mobile devices. Here in Ontario, there have been a number of high-profile breaches over the past two years impacting well over 100,000 people.
Some of these breaches have been in the health research area, as researchers have become increasingly reliant on laptop computers, memory sticks and other mobile computing storage devices, to collect and store personal information.
Concerns over the privacy and security of personal health information used for research purposes should not undermine the resounding fact that health research is extremely important, and high quality research depends on the availability of high quality information. Read the rest of this entry »
Privacy by ReDesign: Building a better legacy
May 26th
Support for embedding privacy into systems from the outset – the essence of Privacy by Design (PbD) – is increasingly well-established, and PbD is now being applied by leading organizations developing cutting-edge applications.
Ann Cavoukian, Information and Privacy Commissioner of Ontario
Significant projects in nascent areas such as the Smart Grid, Biometric Facial Recognition, precise IP geolocation, and a variety of mobile applications are demonstrating innovative applications of the principles of Privacy by Design, paving a way forward for others.
There is no longer any question that tackling privacy issues upfront, and embedding privacy protections directly into new systems, processes, and architectures, is optimal from both a privacy and a business perspective. Indeed, most businesses are no longer asking “why should we do this?” but rather “how do we do it?” This is great news for PbD. Read the rest of this entry »
iPhone tracking controversy & PlayStation breach: Both unacceptable and avoidable
May 5th
The following is an excerpt from Commissioner Cavoukian’s keynote presentation at the IAPP Canada Privacy Symposium on May 5, 2011.
Privacy by Disaster is what you get when you don’t do Privacy by Design – when you don’t build privacy into technologies, business processes, and infrastructures proactively, right from the beginning!
The Apple iPhone/iPad controversy has put mobile location privacy in the spotlight. The Sony PlayStation breach is another case in point.
Ann Cavoukian, Information and Privacy Commissioner of Ontario
Taking privacy mobile: Embedding the principles of Privacy by Design
Mar 15th
Mobile technologies are increasingly ubiquitous, and provide us with growing opportunities to stay connected and informed from anywhere, at any time.
But these same technologies can raise significant privacy concerns. Some concerns arise from the general means of engagement with mobile phones – such as users’ propensity to always leave them on. Of course, this enables incoming phone calls and text messages to be received, and many other applications that are central to the functionality of mobile devices. But it may also enable activities such
Ann Cavoukian, Information and Privacy Commissioner of Ontario
as location tracking, which can provide very accurate information about where the device’s owner goes over the course of the day, and when.
Privacy by Design comes to power: Protecting personal information in the Smart Grid
Feb 4th
The current electrical grid is seen by some as the greatest engineering achievement of the 20th century. But it is increasingly out of date and overburdened. Efforts to modernize the grid – making it smarter, stronger, and greener – are gathering momentum, especially in North America and Europe.
Ann Cavoukian
Right now, the Smart Grid is very much in its infancy, existing mostly in the form of plans, projects, and small pilots. But ultimately, development of the Smart Grid is expected to enable a two-way flow of information and electricity that will provide major advantages for the system, and give consumers more choices about how, when, and how much electricity they use.
We all stand to benefit from the Smart Grid. And we stand to benefit most if it is well designed and well implemented. An important aspect of that, in my view, is making sure that the Smart Grid is also smart about privacy.
My office has been actively advocating on behalf of building privacy into the Smart Grid for some time. In November 2009, we released a white paper with the Future of Privacy Forum, entitled SmartPrivacy for the Smart Grid: Embedding Privacy into the Design of Electricity Conservation. The paper called attention to the privacy issues related to personal data generated and collected by the Smart Grid, and argued that improving the grid can be achieved without sacrificing privacy. Read the rest of this entry »
2011: The decade of Privacy by Design starts now
Jan 15th
The Future of Privacy Forum, a Washington-based think tank that promotes responsible data practices, recently posted its First Annual List of Privacy Ins and Outs. It’s a playful – but insightful – look at what’s hot and what’s not in the world of privacy for the year ahead.
Ann Cavoukian
I was delighted (and gratified) to see Privacy by Design (PbD) make the list of what’s “in.” 2010 was a great year for Privacy by Design – the made-in-Ontario framework for embedding privacy into the architecture of technologies and practices, right from the outset. Around the world, PbD continued to gather momentum and gain increasingly widespread support. We’re clearly at a tipping point.
So what can look forward to for PbD in 2011? I’m anticipating this year as the launch of the Privacy by Design decade – one that will assure the future of privacy. Here is my “Top 5” list: Read the rest of this entry »
OLG’s winning biometric encryption strategy
Dec 8th
For several years now, I have been a very vocal proponent of Privacy by Design (PbD) – the concept of engineering privacy directly into the design of new technologies, business processes, and networked infrastructure as a core functionality. I have argued that privacy and security can – and must – co-exist in a positive-sum, not zero-sum relationship.
Ann Cavoukian
My office, working with industry leaders, is showing that it is possible. Over the past year, for example, we have worked closely with Ontario’s biggest utility, Hydro One, on building the 7 Foundational Principles of Privacy by Design into Ontario’s emerging Smart Grid. As a result, Ontario is leading the way in Smart Grid privacy! And just last week, we released a joint paper with the Ontario Lottery and Gaming Corporation (OLG) about another very exciting application of PbD that will be rolling out in Spring 2011. Read the rest of this entry »
Onus on tech firms to build responsible privacy controls: a guest blog from MaRS
Feb 22nd
In my last blog entry, I wrote about Privacy by Design: The Gold Standard – my annual event that focuses on the implementation of new technologies and business practices that can deliver tangible results with regard to ensuring the future of privacy. This year, the theme was “We did it…so can you” and I was delighted to see so many practical examples of products, services and solutions that are designed with a view to making privacy the default mode of operation.
Toronto-based innovation incubator MaRS was on hand to showcase leading edge technology, with privacy solutions embedded, from a number of its Ontario-based companies. I have invited Earl Miller of MaRS as a guest blogger for this entry – to share his thoughts on why young tech companies should treaty privacy as a key business issue: Read the rest of this entry »
