Privacy audittalkfinal


Published on

20 minute talk at the Annual Privacy Forum in Limassol on October 11, 2012

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • The DPG cube allows for a standardized approach to data protection assessment. An Assessment requires precise knowledge of its target. The cube model allows to identify and determine all aspects and “players” relevant for a data protection assessment: the processes, roles and responsibilities and protection measures necessary to address the requirements of data protection represented by the six fundamental data protection goals. Using the protection goals allows a two-way check: To identify whether all and sufficient technical and organizational measures are taken that are required by data protection law and to determine whether all relevant processes have been identified. In doing so roles can be determined and responsibilities can be assigned which is essential for accountability. Yet, accountability (who is responsible for what?) is what is still missing in the majority of processing operations. In an assessment it is important to assess that there is a responsible entity for each and every operation.
  • Privacy conceptual model is the meta-model of a modeling language for the privacy domain Privacy requirements are specified as logic predicates that 1) bind elements of this modeling language among them and 2) constrain their properties Logic components of existing applications are mapped to privacy domain conceptual elements The mapping results in a model which is an instance of the aforementioned meta-model Privacy metrics define compliance criteria of the mapped system to the reference requirements A privacy metric expresses a quantifiable similarity criterion of the expected system state with its actual state
  • Privacy audittalkfinal

    1. 1. IBM Research - HaifaConceptual Framework and Architecture for Privacy Audit Ksenya Kveler, Kirsten Bock, Pietro Colombo, Tamar Domany, Elena Ferrari, Alan Hartman IBM Haifa Research Laboratory – KK, TD, AH Unabhaengiges Landeszentrum fuer Datenschutz - KB University of Insubria – PC, EF © 2012 IBM Corporation
    2. 2. IBM Research - HaifaAgenda Motivation Tool Enhanced Audit Process Data Protection Goals Data Privacy Compliance Metrics Architecture For Privacy Audit © 2012 IBM Corporation
    3. 3. IBM Research - HaifaMotivation Many organizations collect a lot of private data Most of them want to comply with the law BUT  The privacy protection laws are complex and heterogeneous  Privacy compliance audits are expensive © 2011 IBM Corporation
    4. 4. IBM Research - HaifaTool Enhanced Audit Process Stage 1: Determine targets of evaluation  Based on data protection goals – rather than laws  Analysis of data collection and storage processes  Analysis of the types of data collected Stage 2: Design metrics  Create a UML representation of the privacy requirements  Map the processes and IT artifacts onto the model  Derive metrics related to the DPG Stage 3: Build assessment tools  Separate metric assessor plugins for each metric © 2011 IBM Corporation
    5. 5. IBM Research - HaifaData Protection Goals Protection Measures Assessment and Finding of Protection Needs 1. Legal Balancing of Protection Goals 2. Protection Measures Catalogues 3. Scalability (normal, high, very high) Data Protection Goals Intervenability Legal Additional External Actors Relationships • Research (engineering, economics, social scienes) Unlinkability • Security Services • Regulators, BNA, Bureau of Standards Process owners = • Access-, Content-, IT-Provider Responsibilities Transparency Roles and Responsibilities Sub-Processsing Operative Support of DP by: Data (Data Center, Cloud Confidentiality IT-Provider, …) External Standards (e.g. ISO2910X), BSI/DSec-Audits Operator Provider Operative Support of DP by: Data (& formats) Data Protection Management System Integrity Metering Point Processes (& adresses) Operator Systems (& legal and Availability User Operative Support of DP by: technical interfaces) User Controlled Identity Management Key- Appl. Specific Admin. Aggregated Gateway … Processes © Rost Data Data Data Data Data © 2012 IBM Corporation
    6. 6. IBM Research - HaifaData Privacy Compliance Metrics Privacy conceptual model defines a language for expressing privacy requirements Constraints on the model are weighted by the assessor, and associated with Data Protection Goals The system under assessment is mapped onto the privacy requirements model Metrics are derived from the weighted sum of constraints satisfied by the system under assessment6 © 2012 IBM Corporation
    7. 7. IBM Research - HaifaArchitecture for Data Privacy Audit7 © 2012 IBM Corporation
    8. 8. IBM Research - HaifaSample Audit Report © 2012 IBM Corporation
    9. 9. IBM Research - HaifaMain contributions Linkage between data protection goals and privacy compliance metrics Conceptual model for privacy requirements including a set of UML classes and constraints Extensible and transparent architecture for privacy compliance assessment tools © 2012 IBM Corporation