B. Privacy by Design Flashcards
What is privacy by design?
The concept that privacy is part of the design of products, systems, software, etc. and is built in my default.
Data minimization
collect only what you need
process oriented privacy design strategy
Commitment to processing personal information in a privacy-friendly way and ensuring that these commitments are honored.
Data oriented privacy design strategy
Focus on technical ways that data can be processed with the maximization of privacy in mind.
Privacy by Design
1) Integrates privacy protections into physical stems, technology products and business processes.
2) Ensures can be assured that privacy controls are in place from the outset of a project
Privacy by Design Foundational Principles
1) Proactive not Reactive
2) Preventative not Remedial
3) Privacy as the Default Setting
4) Privacy Embedded into Design
5) Full Functionality- Positive-Sum, not Zero-Sum
6) End-to-End Security - Full Lifecycle Protection
7) Visibility and Transparency - Keep it Open
8) Respect for User Privacy - Keep it User-Centric
Instituting Privacy by Design
1) Commit to the Program
2) Create a Privacy Standard
3) Perform Privacy Reviews of Products and Services
4) Perform a data flow analysis
5) Inform consumers of your privacy practices
6) Provide privacy controls for users
7) Provide users with access to data
8) Apply data retention and destruction policies
9) Secure sensitive data
goal setting
including privacy
document requiremments
documenting what you will do and what you won’t do – useful for testing after building
quality attributes
1) identifiability
2) confidentiality
3) availability
information needs
what is the least amount of data needed to accomplish this goal
high level design
comprises of:
1) quality attributes (identify, confident, available)
2) architectures: (usable front-end, compliant back-end)
3) design representation (design includes all nodes throughout system)
low level design/implementation
- reuses libraries, frameworks, APIs when possible from other parts of system for consistency’s sake
impose controls
1) architecture (decentralize operations)
2) secure (using abstraction/hiding)
3) supervise (enforcement of privacy policies)
4) balance (ensuring that solutions don’t incur further risks)
testing and validation
validating the requirements. comprised of:
1) unit testing
2) system testing
3) integration testing
4) manual testing
ongoing vigilance practices against privacy and security risks
1) code reviews (peer to peer)
2) code audits (3rd party to organization)
3) runtime behavior monitoring (noting spikes and dips)
4) keeping software up to date with modern standards
What are the three primary ways that data is anonymized?
1) Suppression
2) generalization, and
3) noise addition
What is perturbation data privacy?
Data perturbation is a data security technique that adds ‘noise’ to databases allowing individual record confidentiality.
This technique allows users to ascertain key summary information about the data that is not distorted and does not lead to a security breach.
How is data perturbation used in Healthcare?
Data perturbation is a form of privacy-preserving data mining for electronic health records (EHR).
There are two main types of data perturbation appropriate for EHR data protection. The first type is known as the probability distribution approach and the second type is called the value distortion approach.
Is differential privacy a data perturbation technique?
Differential privacy is a data perturbation technique.
How does differential privacy work?
Data perturbation is a privacy preservation technique that alters the values of data elements in a database to maintain individual record.
Differential privacy involves adding noise to hide the true value of data points.
What is a common misconception when considering data anonymization solutions?
That encryption for data security is a form of data masking.
Data maskingand data encryptionare two technicallydistinct data privacy solutions. Data encryption, at the structured data field level, is a data masking function. However, both can be useful to address regulatory compliance, such as theGDPRandCCPAand other data privacy use cases, such as protecting bigdata analyticsto reduce data exposure risks.
Example of Data protection by design
The use of pseudonymization (replacing personally identifiable material with artificial identifiers) and encryption (encoding messages so only those authorized can read them).
Example of Data protection by default
A social media platform should be encouraged to set users’ profile settings in the most privacy-friendly setting by, for example, limiting from the start the accessibility of the users’ profile so that it isn’t accessible by default to an indefinite number of persons.
What does data protection by default mean?
Data protection by default means you need to specify this data before the processing starts, appropriately inform individuals and only process the data you need for your purpose. It does not require you to adopt a ‘default to off’ solution.
When a female visitor fills in an online form in order to subscribe to a newsletter list, she is submitting her name and her email address or/and any additional personal information about herself. She can by default expect that the controller will process her personal data according to the GDPR, in the way and only for the purposes that she has given her consent for, before she clicks the ‘Submit’ button and submits her subscription to the newsletter list.
Blurring
Data blurring uses an approximation of data values to render their meaning obsolete and/or render the identification of individuals impossible.
