Personal Data Privacy and Information Security
Upcoming SlideShare
Loading in...5
×
 

Personal Data Privacy and Information Security

on

  • 1,102 views

Personal data privacy and information security -- presentation at ISOC's INET Colombo 2011

Personal data privacy and information security -- presentation at ISOC's INET Colombo 2011

Statistics

Views

Total Views
1,102
Views on SlideShare
1,100
Embed Views
2

Actions

Likes
0
Downloads
10
Comments
0

2 Embeds 2

http://www.linkedin.com 1
https://www.linkedin.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Personal Data Privacy and Information Security Personal Data Privacy and Information Security Presentation Transcript

    • Personal Data Protection and Information Security INET Colombo 2011 Session II: Making the Internet Safe for Everyone Charles Mok Internet Society Hong Kong 2011.05.23
    • Privacy and Security
      • Internet for all -> more problems?
      • Growing awareness and media attention on personal data protection, privacy and information security
      • Privacy legislation
      • Security vs convenience and openness
      • However, there is a contrasting attitude on others vs attitude on oneself
    • Privacy Law in Hong Kong
      • Personal Data Protection Ordinance, enacted in 1997.
      • Enforced by the Privacy Commissioner for Personal Data
        • Issue code of practice
        • Investigate suspected breaches and issue enforcement notices
        • Awareness and education
      • 2010 Review of the ordinance
    • Scope of the Ordinance
      • The Ordinance covers any data relating directly or indirectly to a living individual (data subject), from which it is practicable to ascertain the identity of the individual and which are in a form in which access or processing is practicable. It applies to any person (data user) that controls the collection, holding, processing or use of personal data.
    • Six Data Protection Principles
      • Principle 1: Purpose and manner of collection
      • Principle 2: Accuracy and duration of retention
      • Principle 3: Use of personal data
      • Principle 4: Security of personal data
      • Principle 5: Information to be generally available
      • Principle 6: Access to personal data
    • Incidents – Leakages
      • Public hospitals – staff losing USB thumb drives and other storage devices
      • Police, immigration and fire departments* – leaking personal information and documents over P2P networks e.g. Foxy
      • Banks – losing servers and tapes with customer transaction information
      • Octopus (payment smartcard) – selling customer information to telemarketers and insurance companies
    • Other Recent PCO Actions
      • Google collection of WiFi payload data
      • Google Street View car operation
      • Sony PlayStation Network
    • Emerging Issues
      • Impact of social media
        • Conflicts between openness, freedom and abuse
        • Identity fraud
        • 'Human flesh search' and online bullying
        • Anonymity vs. calls for 'real name system'
          • Example: Korea real name system for online games causing even more personal data leakages?
      • Information security issues
        • SME and zombie networks -> Korean legislation
        • Mobile security
    • More threats
      • What if your information security threat is from your Government?
      • Great Firewall of China
        • From Web 1.0 to Web 2.0 (e.g. Green Dam)
          • Centralizing Internet control under the State Council
          • Moving from servers to personal devices
          • From filtering to surveillance, i.e. government spyware
          • Destabilizing VP, Gmail and 'Real Name System'
          • Government surveillance on dissidents and their supporters on blocked services such as Twitter
      • A trend for more governments in the world to imitate?
    • Resources
      • Privacy Commissioner for Personal Data www.pdpd.org.hk
      • HK SAR Government's Infosec public website www.infosec.gov.hk
      • HK CERT www.hkcert.org
    • 莫乃光 Charles Mok [email_address] http://www.charlesmok.hk http://www.isoc.hk