Exploring Data Privacy - SQL Saturday Louisville 2011


Published on

This is the slide deck from the presentation given at SQL Saturday event in Louisville, October 2011. A modified version of this presentation was given at the Indianapolis SQL Saturday in May 2011.

Published in: Technology, News & Politics
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • In the concluding chapter of “American Privacy” authored by Frederick S. Lane, titled “The Perilous State of Privacy” the author discusses an encounter at a café while authoring this very book where he, through iTunes sharing feature, the Wi-Fi network of the café, was able to glean the full name, gender and musical preferences of a fellow patron. Additionally, with this information at hand, and a little time on Google, the unknowing subject of his experiment revealed her photo, the fact that she played Rugby at Yale, her hometown, she was an equestrian – and the name of her horse, her major at Yale, the fact that her grandfather had recently passed away, and the names of her siblings and parents. None of this information was posted by her, but by others.American Privacy: The 400-Year History of Our Most Contested Right by Frederick S. Lanehttp://www.fredericklane.com/index.php/fsl-books/american-privacy
  • My name is John Magnabosco. My official title at Defender Direct is “Data Services Manager”, however I prefer the title of “Data Coach” it is a title that describes my role with more accuracy. Through coaching others in the use, preservation and respect for data\\data systems our data environment is not only healthy, it is used more effectively by all.I am also the author of “Protecting SQL Server Data” which was published through Simple-Talk Publishing. Additionally, I was honored to contribute a chapter in the recently released “SQL Server MVP Deep Dives, Volume 2”. Here are Links to these books:Protecting SQL Server Data: http://www.simple-talk.com/books/sql-books/protecting-sql-server-data/SQL Server MVP Deep Dives Volume 2: http://www.manning.com/delaney/I am a co-founder of the Indianapolis chapter of PASS (IndyPASS) and IndyTechFest, and in 2009 and 2010, I was recognized with the Microsoft Most Valuable Professional (MVP) award for SQL Server. Today, I am honored to present this presentation to you at the Louisville SQL Saturday #87!
  • Today’s plan for this presentation is to discuss:Data Privacy in a Nutshell: Understanding what this privacy stuff really means.Laws and Stuff: A quick jaunt through the legal reasons why privacy matters.Your Data Footprint: What defines you in the data world.Weapons of Mass Protection: What you can do to make a difference as a data professional.Please DO ask questions and participate with your own tales regarding privacy of data. This is a topic that impacts us all and I am confident that there are plenty of experiences to share!
  • Data privacy: What does it mean. How is it defined? Why should I care?Somewhere somebody is holding data about YOU!
  • The definition of “privacy” can be difficult to nail down. Search the Internet and the various dictionaries in your library and you will see a wide variety of definitions. For our purpose in this discussion, we will define it as: “The relationship between the handling of personally identifiable and other sensitive data in regard to the legal right, or public expectation of privacy.”This definition provides us with the objective nature of privacy, its legal expression, and the subjective nature, the individual’s expectation, that is the amazingly complex and nebulous concept that is privacy. As data professionals, as well as data subjects, our interest in privacy can be encapsulated in to five categories:Its collection: How sensitive information is gathered.Its storage: How sensitive information is stored.Its accessibility: Who has the ability to see sensitive information.Its use: Who has the ability to use sensitive information, and how it is used.Its disclosure: How sensitive information is shared.
  • The general category of sensitive data can be defined as data that presents a compromise in the confidentiality, privacy or overall security of the data subject (the one the data is about) in the event of loss, unauthorized access, or modification. There are several subcategories that are of interest in a study on privacy:Racial or ethnic origin (in the not-so-distant path many were jailed due to the disclosure of this information)Religious or philosophical affiliation (history is full of examples where people of specific faiths were targeted)Financial records (how many of you would like to take a few minutes and discuss your spending habits?)Medical and health information (you spent how long at the mental institution?)Biometric information (how about a sample of your DNA?)
  • A specifictype of sensitive information that is highly discussed in many circles is “Personally Identifiable Data”. This is the type of information that can be used to uniquely identify, contact or locate a single person or can be used with other sources to uniquely identify a single individual. This is the information that causes us sleepless nights if it is lost or given carelessly to less than trustworthy individuals. Some examples are:Federal identification number (aka: SSN)Driver’s license numberDate of birthFull name – especially if uncommon (John Smith sleeps better than most of us.)Email addressIP Address: Although, this specific data element is in continuous debate.
  • I am no lawyer, nor did you come to a technical event to hear about such matters; but I would be remiss if I did not spend two brief slides regarding the legal impact on defining sensitive data and its handling…
  • The following are examples of privacy laws at various levels:Federal laws: HIPAA: https://www.cms.gov/hipaageninfo/State laws:Indiana Code 24-4.9-2: http://www.in.gov/legislative/ic/code/title24/ar4.9/ch2.htmlIndustry regulations:PCI DSS: https://www.pcisecuritystandards.org/security_standards/Foreign laws (yes, you are subject to them if you do business in other countries): PIPEDA: http://www.priv.gc.ca/leg_c/leg_c_p_e.cfmCorporate privacy policies: Non-Disclosure Agreements
  • The following rules of thumb define the general questions that most privacy laws ask:How was the data collected? -- was it given voluntarily with full disclosure of intent.What is the purpose of the data? -- how is the data going to be used and distributed.Is the data adequate for its purpose? -- only collect what you need at the time you need it.How is the data protected? -- methods utilized to protect data.How long should the data be kept? -- data retention policies… should it be stored at all.Is the data available to the data subject? -- the person(s) of who the data is about.
  • It was a few days before Father’s Day and my wife and I were shopping for a gift at a local clothing store. The clerk approached me, noticing my wife’s Styx t-shirt, he cheerfully greeted me and recollected when he attended one of their concerts back in the day. With that opening, he casually asked my name to which I innocently disclosed. It wasn’t long before a friendly series of questions came my way - in an attempt to make small talk, or the slow day at work more interesting, I unwittingly disclosed several pieces of personally identifiable data: the name of my home town, the name of the high school I attended, the year I graduated from high school, and the fact that I have lived near my home town my whole life. It didn’t dawn on me immediately, but when he asked my father’s first name I thought it was strange… to top it off, I handed him my credit card to process payment for the merchandise that I had selected.Thankfully, nothing happened (that I know of) – from that one seemingly innocent discourse I had disclosed enough information that any reasonable savvy identity thief could derive several, more critical and dangerous pieces of information… and this happened to me – a person who is more sensitive to data disclosure than your average citizen.
  • There are several occasions through life where you knowingly disclose sensitive data. In all cases there is a database out there that is currently housing that information that you have provided… hopefully it is protected. Some examples are:Loan applications and bank accounts: Name, SSN, Account Numbers, Personal Financial Information, ECOA Information.Registration cards for products: Name, Address, Categorized Disclosure of Income, Age, Interest InformationFacebook\\Twitter\\Linked-In: Name, Birthdate, Email, Phone Number, Employment History, Your Current Location.Discount Cards: Name, Address, Email, Purchase History.Government Census\\Marketing Surveys: Categorized Disclosure of Income.iTunes\\Amazon\\Ebay: Name, Address, Credit Card Information, Purchase History, Interest Information.The Internet: A whole bunch of potential sensitive information.
  • There are times when we grant access to our sensitive information in exchange for privileges and services. The following are just a few examples:To obtain credit: Disclosure of sensitive information is required to gain access to credit.To qualify for services: How many times have you disclosed your SSN at a Dr. office or State\\Federal Service Agency?To socialize and public expression: What do you disclose on Facebook? Isn’t it great to get those birthday wishes?To gain discounts and benefits: Get that extra 10% off when you sign up for the dept. store credit card!For convenience and funding: Sign up for that credit card or loan so that you don’t have to carry cash.For the ability to trade with others: Sign up for your own Pay Pal account.To gain access to information: Find that friend or family tree information with a subscription.
  • Once disclosed, data spreads like wild fire. Millions can be exposed to your sensitive data with a single well placed posting on the Internet. It is enduring. It can be referenced somewhere for years and has a way to rear its ugly head at inopportune moments. That poofy hair cut you had when you were 12 will surely show up on someone’s Facebook photo album – easily searched and recalled. Here are examples of how data is spread:Through electronic disclosure: Download that poofy hair photo!Verbal disclosure: In the old days it was called “gossip”.Snail Mail: Your personal information can be found in your mailbox on any given day except Sunday.Photo copying and printing: Have you ever looked at those orphaned photocopies laying around the coffee room?Long-term offline storage: It’s on DVD, CD, Cassette and even mono-eight track.Social Media: Facebook, Twitter, Linked-In, Blogs, Forums, etc.File deletion: Deleting those sensitive files off of your hard drive is not enough!
  • For any company a data loss event can be at best embarrassing and at worst criminal. Recovery from a data loss event can also be very expensive for the business as well as the victim.In 2011 the estimated cost to a business is $214 per record. In that context consider Sony’s data loss event in April in which a hack disclosed 100 million credit card records… do the math on that one! It’s in the Billions.For each victim, the average cost to resolve an identity theft case is $1,378. Additionally, in hours spent in the resolution, it averages the equivalent of a full-time job for two years. 10 million consumers a year are victims of identity theft each year.Symantec and Ponemon Institute Study: http://www.symantec.com/about/news/resources/press_kits/detail.jsp?pkid=ponemonPonemon Institute:http://www.ponemon.org/index.phpSpamLaws.com: http://www.spamlaws.com/
  • You may be asking yourself: “We now know what is sensitive data. We now see why it is so important to protect it. Now, what I can I do about it?” There are several things you can do about it. One is to live on an isolated desert island and eat kelp that washes up on the beach the rest of your life. Since I see no one rushing out to join that crowd, here are a few examples that are specific to your opportunities with SQL Server…
  • Data Classification is a process of categorizing data elements in the effort of applying standardized data handling policies. It is a critical step in the identification and documentation of sensitive data in a database.Here I offer a very simplified version of a sensitivity classification:Low (the data can be disclosed to the general public)Medium (the data should only be disclosed within the company – this is the default classification)High (the data should only be disclosed to a specific group of people)
  • Once you have effectively classified your data it should be captured in a way that is easy to reference. In SQL Server there are extended properties for every object (tables, sprocs, views, etc.). By using extended properties they can be referenced through queries and code – providing limitless opportunities in automation.To add an extended property, use the sys.sp_addextendedproperty method.To update an existing extended property, use the sys.sp_updateextendedproperty method.To query the extended properties, use the fn_listextendedproperty function.Let’s check out a demo to see how these are used…
  • Database Object Schemas are an excellent feature that provides a means to logically group database objects together. This allows you to manage access to several objects at the schema level. The default schema in SQL Server is “dbo”. You have seen this in majority of the examples provided online. You can, and are recommended, to create custom schemas. When the database object schemas are used you will be required to fully qualify your objects [Schema].[Object]. Employ role based privileges to your schemas for greater manageability. Let’s take a look at a demo to see how database object schemas are implemented…
  • Encryption is a very powerful data protection method: The infamous Wikipedia offers a great definition – “It is the process of transforming information using an algorithm to make it unreadable to anyone except those processing special knowledge.” (aka: key).This subject alone could take up the remainder of the afternoon and a grand chunk of the evening. Therefore, I will just touch on a few points:Encryption can be used to protect data in transit (being recalled) or at rest (being stored)SQL Server offers native cell-level encryption as a feature in Standard Edition or greater.SQL Server offers native one-way encryption – through the HashBytes method.SQL Server offers data file encryption (TDE) as a feature in Enterprise Edition or greater.The key hierarchy is an important concept to understand when approaching encryption.SKM: Service Master Key; DMK: Database Master Key; Asymmetric\\Symmetric Keys
  • Finally, the most important resource in protecting sensitive data is YOU! When considering the data that you use and protect…Understand how sensitive data is to be handledSupport privacy and data handling policiesBe familiar with privacy laws and policiesAdvocate for the data privacy of others – they are depending on you.Raise awareness of data privacy among your co-workers.
  • Exploring Data Privacy - SQL Saturday Louisville 2011

    1. 1. John Magnabosco
    2. 2. ◦ Data Coach at Defender Direct◦ Author of “Protecting SQL Server Data”◦ Contributing Author to “SQL MVP Deep Dives Vol.2”◦ SQL Server MVP 2009 & 2010◦ Co-Founder of IndyPASS and IndyTechFest
    3. 3.  Data Privacy in a Nutshell Laws and Stuff Your Data Footprint Weapons of Mass ProtectionPlease DO ask questions as we progress!
    4. 4. Somewhere out these someone isstoring data about you!
    5. 5. The relationship between the handling of personallyidentifiable and other sensitive data in regard to thelegal right, or public expectation of privacy.◦ Collection◦ Storage◦ Accessibility◦ Use◦ Disclosure
    6. 6. Information that presents a compromise in theconfidentiality, privacy or overall security of the datasubject in the event of loss, unauthorized access, ormodification.◦ Racial or ethnic origin◦ Religious or philosophical affiliation◦ Financial records◦ Medical and health information◦ Biometric information
    7. 7. Information that can be used to uniquely identify,contact, or locate a single person or can be used withother sources to uniquely identify a single individual.◦ Federal identification number (SSN)◦ Driver’s license number◦ Date of birth◦ Full name – especially if uncommon◦ Email Address◦ IP Address (in debate)
    8. 8. I am not a lawyer, nor do I play oneon television.
    9. 9. ◦ Federal laws (HIPPA, FISMA)◦ State laws (Indiana Code 24-4.9-2)◦ Industry regulations (PCI DSS)◦ Foreign laws (PIPEDA – Canada)◦ Corporate privacy policies
    10. 10. ◦ How was the data collected?◦ What is the purpose of the data?◦ Is the data adequate for its purpose?◦ How is the data protected?◦ How long should the data be kept?◦ Is the data available to the data subject?
    11. 11. To the world we are data
    12. 12. Who has personal information about you?◦ Loan applications and bank accounts◦ Registration cards for products◦ FacebookTwitterLinked-In◦ Discount cards◦ Government CensusMarketing Surveys◦ iTunesAmazonEbay◦ The Internet
    13. 13. What are you exchanging data privacy for?◦ To obtain credit◦ To qualify for services◦ To socialize and public expression◦ To gain discounts and benefits◦ For convenience and funding◦ For the ability to trade with others◦ To gain access to information
    14. 14. Data is viral and enduring. It goes way beyond yourdatabase:◦ Electronic disclosure◦ Verbal disclosure◦ Snail Mail◦ Photo copying and printing◦ Long-term offline storage◦ Social media◦ File deletion – or is it?
    15. 15. Data loss events are not only embarrassing, but theycan be expensive for the business and the victim. 10 million consumers are a victim of identity theft per year.The April Sony data loss was an estimated 100 million records. Symantec, the Ponemon Institute and SpamLaws.com.
    16. 16. “There is no security on this earth;only opportunity.”- Douglas MacArthur
    17. 17. The process of categorizing data elements in theeffort of applying standardized data handlingpolicies.◦ Simplified example of sensitivity classification  Low (general public)  Medium (internal disclosure only) <-- default  High (restricted to specific personnel)
    18. 18. This feature provides a means to document andquery data classification and other valuableinformation.◦ Add: sys.sp_addextendedproperty◦ Update: sys.sp_updateextendedproperty◦ Query: fn_listextendedproperty
    19. 19. This feature provides a means to logically groupdatabase objects together. This provides the abilityto manage access at the schema level.◦ The default schema is “dbo”◦ You can create custom schemas◦ Use fully qualified references to objects◦ Employ role based privileges to schemas
    20. 20. “Process of transforming information using analgorithm to make it unreadable to anyone exceptthose processing special knowledge.” - Wikipedia◦ Encrypting data in transit and at rest◦ Cell-level encryption◦ One-Way encryption◦ Key hierarchy:
    21. 21. The most powerful weapon in your arsenal is you!◦ Understand how sensitive data is handled◦ Support privacy and data handling policies◦ Be familiar with privacy laws and policies◦ Advocate for the data privacy of others◦ Raise awareness of data privacy
    22. 22. • Basics of data privacy• Laws and policies• Data footprint awareness• Tools for protection• Spirit of guardianship
    23. 23. Exploring Data PrivacyJohn MagnaboscoBlog: JohnMagnabosco.comTwitter: johnnydataEmail: john_magnabosco@live.com