Personal Data Privacy and Information Security

0 views
1,065 views

Published on

Personal data privacy and information security -- presentation at ISOC's INET Colombo 2011

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
0
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
15
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Personal Data Privacy and Information Security

  1. 1. Personal Data Protection and Information Security INET Colombo 2011 Session II: Making the Internet Safe for Everyone Charles Mok Internet Society Hong Kong 2011.05.23
  2. 2. Privacy and Security <ul><li>Internet for all -> more problems? </li></ul><ul><li>Growing awareness and media attention on personal data protection, privacy and information security </li></ul><ul><li>Privacy legislation </li></ul><ul><li>Security vs convenience and openness </li></ul><ul><li>However, there is a contrasting attitude on others vs attitude on oneself </li></ul>
  3. 3. Privacy Law in Hong Kong <ul><li>Personal Data Protection Ordinance, enacted in 1997. </li></ul><ul><li>Enforced by the Privacy Commissioner for Personal Data </li></ul><ul><ul><li>Issue code of practice </li></ul></ul><ul><ul><li>Investigate suspected breaches and issue enforcement notices </li></ul></ul><ul><ul><li>Awareness and education </li></ul></ul><ul><li>2010 Review of the ordinance </li></ul>
  4. 4. Scope of the Ordinance <ul><li>The Ordinance covers any data relating directly or indirectly to a living individual (data subject), from which it is practicable to ascertain the identity of the individual and which are in a form in which access or processing is practicable. It applies to any person (data user) that controls the collection, holding, processing or use of personal data. </li></ul>
  5. 5. Six Data Protection Principles <ul><li>Principle 1: Purpose and manner of collection </li></ul><ul><li>Principle 2: Accuracy and duration of retention </li></ul><ul><li>Principle 3: Use of personal data </li></ul><ul><li>Principle 4: Security of personal data </li></ul><ul><li>Principle 5: Information to be generally available </li></ul><ul><li>Principle 6: Access to personal data </li></ul>
  6. 6. Incidents – Leakages <ul><li>Public hospitals – staff losing USB thumb drives and other storage devices </li></ul><ul><li>Police, immigration and fire departments* – leaking personal information and documents over P2P networks e.g. Foxy </li></ul><ul><li>Banks – losing servers and tapes with customer transaction information </li></ul><ul><li>Octopus (payment smartcard) – selling customer information to telemarketers and insurance companies </li></ul>
  7. 7. Other Recent PCO Actions <ul><li>Google collection of WiFi payload data </li></ul><ul><li>Google Street View car operation </li></ul><ul><li>Sony PlayStation Network </li></ul>
  8. 8. Emerging Issues <ul><li>Impact of social media </li></ul><ul><ul><li>Conflicts between openness, freedom and abuse </li></ul></ul><ul><ul><li>Identity fraud </li></ul></ul><ul><ul><li>'Human flesh search' and online bullying </li></ul></ul><ul><ul><li>Anonymity vs. calls for 'real name system' </li></ul></ul><ul><ul><ul><li>Example: Korea real name system for online games causing even more personal data leakages? </li></ul></ul></ul><ul><li>Information security issues </li></ul><ul><ul><li>SME and zombie networks -> Korean legislation </li></ul></ul><ul><ul><li>Mobile security </li></ul></ul>
  9. 9. More threats <ul><li>What if your information security threat is from your Government? </li></ul><ul><li>Great Firewall of China </li></ul><ul><ul><li>From Web 1.0 to Web 2.0 (e.g. Green Dam) </li></ul></ul><ul><ul><ul><li>Centralizing Internet control under the State Council </li></ul></ul></ul><ul><ul><ul><li>Moving from servers to personal devices </li></ul></ul></ul><ul><ul><ul><li>From filtering to surveillance, i.e. government spyware </li></ul></ul></ul><ul><ul><ul><li>Destabilizing VP, Gmail and 'Real Name System' </li></ul></ul></ul><ul><ul><ul><li>Government surveillance on dissidents and their supporters on blocked services such as Twitter </li></ul></ul></ul><ul><li>A trend for more governments in the world to imitate? </li></ul>
  10. 10. Resources <ul><li>Privacy Commissioner for Personal Data www.pdpd.org.hk </li></ul><ul><li>HK SAR Government's Infosec public website www.infosec.gov.hk </li></ul><ul><li>HK CERT www.hkcert.org </li></ul>
  11. 11. 莫乃光 Charles Mok [email_address] http://www.charlesmok.hk http://www.isoc.hk

×