SlideShare a Scribd company logo

Building Privacy and Trust with System Design

blogzilla
blogzilla

This document discusses privacy concerns related to data breaches and the importance of building privacy into systems from the start. It provides examples of personal data being sold illegally and outlines key principles from privacy directives, including collecting minimum necessary data and protecting data through security and access restrictions. Finally, it critiques some UK systems for failing to adequately consider privacy during development.

Economy & FinanceTechnology
1 of 8
Download to read offline
Privacy as a key system requirement for building trust Dr Ian Brown
HMRC data debacle  25m names, addresses, dates of birth, Child Benefit numbers, National Insurance numbers and bank or building society account details lost  A stream of other losses to be Steve Bell, The Guardian, 22/11/07 revealed
Insider fraud Information required Price paid to Price to ‘blagger’ customer Occupant search/Electoral roll check not known £17.50 (obtaining address) Telephone reverse trace £40 £75 Telephone conversion (mobile) not known £75 Friends and Family £60 – £80 not known Vehicle check at DVLA £70 £150 – £200 Criminal records check not known £500 Area search (locating a named person not known £60 across a wide area) Company/Director search not known £40 Ex-directory search £40 £65 – £75 Mobile telephone account enquiries not known £750 Licence check not known £250 Source: “What price privacy?”, Information Commissioner, May 2006
Engineering privacy  Privacy, like security, must be built in to a system from the start - not bolted on at a late stage  Key legal and technology requirements are minimisation (of personal data collected, purpose, time kept, access given) and protection (data stored securely and access strictly limited)
Privacy Directive principles 1. Personal data shall be processed fairly and lawfully 2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes. 3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed. 4. Personal data shall be accurate and, where necessary, kept up to date. 5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. 6. Personal data shall be processed in accordance with the rights of data subjects under this Act. 7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destructionof, or damage to, personal data. 8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
Minimisation  Why is personal data being collected in the first place?  Identification vs authorisation  Privacy Enhancing Technologies  Distributed v centralised
Protection  Data held and transmitted securely to prevent unauthorised access and modification  Extensive protection against data loss or corruption  Resistant to Denial of Service attacks  All transactions must be loggable by user
Some (bad) UK examples  NPfIT (over 1 million potential users)  ContactPoint (330,000 users)  National Identity Register (public & private sector use)

Recommended

Preparing an export contract – please note! 2017
Preparing an export contract – please note! 2017Preparing an export contract – please note! 2017
Preparing an export contract – please note! 2017Beverley Zabow
 
GDPR Information
GDPR InformationGDPR Information
GDPR InformationOxford City Council
 
Data Protection and IDEA
Data Protection and IDEAData Protection and IDEA
Data Protection and IDEAAuditWare Systems Ltd.
 
Gdpr
GdprGdpr
GdprSergey Aleshkin
 
Ed Wright - Staying on the right side of the law in the digital world
Ed Wright - Staying on the right side of the law in the digital worldEd Wright - Staying on the right side of the law in the digital world
Ed Wright - Staying on the right side of the law in the digital worldHallam
 
R&P Practice Areas
R&P Practice AreasR&P Practice Areas
R&P Practice AreasMichael Wilder
 
POPI Update 2013
POPI Update 2013POPI Update 2013
POPI Update 2013Contact Centre Management Group
 
Exploring GDPR
Exploring GDPRExploring GDPR
Exploring GDPRMediaPost
 

Recommended

Preparing an export contract – please note! 2017
Preparing an export contract – please note! 2017Preparing an export contract – please note! 2017
Preparing an export contract – please note! 2017Beverley Zabow
 
GDPR Information
GDPR InformationGDPR Information
GDPR InformationOxford City Council
 
Data Protection and IDEA
Data Protection and IDEAData Protection and IDEA
Data Protection and IDEAAuditWare Systems Ltd.
 
Gdpr
GdprGdpr
GdprSergey Aleshkin
 
Ed Wright - Staying on the right side of the law in the digital world
Ed Wright - Staying on the right side of the law in the digital worldEd Wright - Staying on the right side of the law in the digital world
Ed Wright - Staying on the right side of the law in the digital worldHallam
 
R&P Practice Areas
R&P Practice AreasR&P Practice Areas
R&P Practice AreasMichael Wilder
 
POPI Update 2013
POPI Update 2013POPI Update 2013
POPI Update 2013Contact Centre Management Group
 
Exploring GDPR
Exploring GDPRExploring GDPR
Exploring GDPRMediaPost
 
What All Organisations Need to Know About Data Protection and Cloud Computing...
What All Organisations Need to Know About Data Protection and Cloud Computing...What All Organisations Need to Know About Data Protection and Cloud Computing...
What All Organisations Need to Know About Data Protection and Cloud Computing...Brian Miller, Solicitor
 
GDPR General Awarness for employees and personal data types
GDPR General Awarness for employees and personal data typesGDPR General Awarness for employees and personal data types
GDPR General Awarness for employees and personal data typesAbdullaFatiya3
 
New Data Breach Regime, Privacy & Confidentiality
New Data Breach Regime, Privacy & ConfidentialityNew Data Breach Regime, Privacy & Confidentiality
New Data Breach Regime, Privacy & ConfidentialityColeman Greig Lawyers
 
Privacy Compliance for Law Firms: Moving Beyond Confidentiality
Privacy Compliance for Law Firms: Moving Beyond ConfidentialityPrivacy Compliance for Law Firms: Moving Beyond Confidentiality
Privacy Compliance for Law Firms: Moving Beyond ConfidentialityClio - Cloud-Based Legal Technology
 
MMV Webinar 2. GDPR Insights. January 2018
MMV Webinar 2. GDPR Insights. January 2018MMV Webinar 2. GDPR Insights. January 2018
MMV Webinar 2. GDPR Insights. January 2018Match-Maker Ventures
 
Update on Laws and Practices 2020
Update on Laws and Practices 2020Update on Laws and Practices 2020
Update on Laws and Practices 2020LawPlus Ltd.
 
Gdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulationGdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulationJames Mulhern
 
GDPR: Data Breach Notification and Communications
GDPR: Data Breach Notification and CommunicationsGDPR: Data Breach Notification and Communications
GDPR: Data Breach Notification and CommunicationsCharlie Pownall
 
Legal vectors - Survey of Law, Regulation and Technology Risk
Legal vectors - Survey of Law, Regulation and Technology RiskLegal vectors - Survey of Law, Regulation and Technology Risk
Legal vectors - Survey of Law, Regulation and Technology RiskWilliam Gamble
 
skillcast-gdpr-training-presentation-q320.pptx
skillcast-gdpr-training-presentation-q320.pptxskillcast-gdpr-training-presentation-q320.pptx
skillcast-gdpr-training-presentation-q320.pptxRahulGarg294918
 
GDPR for your Payroll Bureau
GDPR for your Payroll BureauGDPR for your Payroll Bureau
GDPR for your Payroll BureauBrightPay Payroll and Auto Enrolment Software
 
*Webinar* CCPA: Get Your Business Ready
*Webinar* CCPA: Get Your Business Ready*Webinar* CCPA: Get Your Business Ready
*Webinar* CCPA: Get Your Business ReadyMoEngage Inc.
 
Understanding GDPR: Myths & Reality of Compliance
Understanding GDPR: Myths & Reality of ComplianceUnderstanding GDPR: Myths & Reality of Compliance
Understanding GDPR: Myths & Reality of ComplianceVeridium
 
Protection des données et de la vie privée : nouvelles obligations pour les e...
Protection des données et de la vie privée : nouvelles obligations pour les e...Protection des données et de la vie privée : nouvelles obligations pour les e...
Protection des données et de la vie privée : nouvelles obligations pour les e...Forums financiers de Wallonie
 
GDPR Part 1: Quick Facts
GDPR Part 1: Quick FactsGDPR Part 1: Quick Facts
GDPR Part 1: Quick FactsAdrian Dumitrescu
 
GDPR training
GDPR training GDPR training
GDPR training ASL
 
Data protection regulations in Nigeria
Data protection regulations in NigeriaData protection regulations in Nigeria
Data protection regulations in NigeriaMercy Akinseinde
 
Data breaches - Is Your Law Firm in Danger
Data breaches - Is Your Law Firm in DangerData breaches - Is Your Law Firm in Danger
Data breaches - Is Your Law Firm in DangerZitaAdlTrk
 
Scotland legal update 25 sept
Scotland legal update 25 septScotland legal update 25 sept
Scotland legal update 25 septRachel Aldighieri
 
eu-market-access-gdpr-fundamentals-by-risk-associates
eu-market-access-gdpr-fundamentals-by-risk-associateseu-market-access-gdpr-fundamentals-by-risk-associates
eu-market-access-gdpr-fundamentals-by-risk-associatesMohsin Termezy
 
Interoperability for SNS competition
Interoperability for SNS competitionInteroperability for SNS competition
Interoperability for SNS competitionblogzilla
 
Transatlantic data flows following the Schrems II judgment
Transatlantic data flows following the Schrems II judgmentTransatlantic data flows following the Schrems II judgment
Transatlantic data flows following the Schrems II judgmentblogzilla
 

More Related Content

Similar to Building Privacy and Trust with System Design

What All Organisations Need to Know About Data Protection and Cloud Computing...
What All Organisations Need to Know About Data Protection and Cloud Computing...What All Organisations Need to Know About Data Protection and Cloud Computing...
What All Organisations Need to Know About Data Protection and Cloud Computing...Brian Miller, Solicitor
 
GDPR General Awarness for employees and personal data types
GDPR General Awarness for employees and personal data typesGDPR General Awarness for employees and personal data types
GDPR General Awarness for employees and personal data typesAbdullaFatiya3
 
New Data Breach Regime, Privacy & Confidentiality
New Data Breach Regime, Privacy & ConfidentialityNew Data Breach Regime, Privacy & Confidentiality
New Data Breach Regime, Privacy & ConfidentialityColeman Greig Lawyers
 
MMV Webinar 2. GDPR Insights. January 2018
MMV Webinar 2. GDPR Insights. January 2018MMV Webinar 2. GDPR Insights. January 2018
MMV Webinar 2. GDPR Insights. January 2018Match-Maker Ventures
 
Update on Laws and Practices 2020
Update on Laws and Practices 2020Update on Laws and Practices 2020
Update on Laws and Practices 2020LawPlus Ltd.
 
Gdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulationGdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulationJames Mulhern
 
GDPR: Data Breach Notification and Communications
GDPR: Data Breach Notification and CommunicationsGDPR: Data Breach Notification and Communications
GDPR: Data Breach Notification and CommunicationsCharlie Pownall
 
Legal vectors - Survey of Law, Regulation and Technology Risk
Legal vectors - Survey of Law, Regulation and Technology RiskLegal vectors - Survey of Law, Regulation and Technology Risk
Legal vectors - Survey of Law, Regulation and Technology RiskWilliam Gamble
 
skillcast-gdpr-training-presentation-q320.pptx
skillcast-gdpr-training-presentation-q320.pptxskillcast-gdpr-training-presentation-q320.pptx
skillcast-gdpr-training-presentation-q320.pptxRahulGarg294918
 
*Webinar* CCPA: Get Your Business Ready
*Webinar* CCPA: Get Your Business Ready*Webinar* CCPA: Get Your Business Ready
*Webinar* CCPA: Get Your Business ReadyMoEngage Inc.
 
Understanding GDPR: Myths & Reality of Compliance
Understanding GDPR: Myths & Reality of ComplianceUnderstanding GDPR: Myths & Reality of Compliance
Understanding GDPR: Myths & Reality of ComplianceVeridium
 
Protection des données et de la vie privée : nouvelles obligations pour les e...
Protection des données et de la vie privée : nouvelles obligations pour les e...Protection des données et de la vie privée : nouvelles obligations pour les e...
Protection des données et de la vie privée : nouvelles obligations pour les e...Forums financiers de Wallonie
 
GDPR training
GDPR training GDPR training
GDPR training ASL
 
Data protection regulations in Nigeria
Data protection regulations in NigeriaData protection regulations in Nigeria
Data protection regulations in NigeriaMercy Akinseinde
 
Data breaches - Is Your Law Firm in Danger
Data breaches - Is Your Law Firm in DangerData breaches - Is Your Law Firm in Danger
Data breaches - Is Your Law Firm in DangerZitaAdlTrk
 
Scotland legal update 25 sept
Scotland legal update 25 septScotland legal update 25 sept
Scotland legal update 25 septRachel Aldighieri
 
eu-market-access-gdpr-fundamentals-by-risk-associates
eu-market-access-gdpr-fundamentals-by-risk-associateseu-market-access-gdpr-fundamentals-by-risk-associates
eu-market-access-gdpr-fundamentals-by-risk-associatesMohsin Termezy
 

Similar to Building Privacy and Trust with System Design (20)

What All Organisations Need to Know About Data Protection and Cloud Computing...
What All Organisations Need to Know About Data Protection and Cloud Computing...What All Organisations Need to Know About Data Protection and Cloud Computing...
What All Organisations Need to Know About Data Protection and Cloud Computing...
 
GDPR General Awarness for employees and personal data types
GDPR General Awarness for employees and personal data typesGDPR General Awarness for employees and personal data types
GDPR General Awarness for employees and personal data types
 
New Data Breach Regime, Privacy & Confidentiality
New Data Breach Regime, Privacy & ConfidentialityNew Data Breach Regime, Privacy & Confidentiality
New Data Breach Regime, Privacy & Confidentiality
 
Privacy Compliance for Law Firms: Moving Beyond Confidentiality
Privacy Compliance for Law Firms: Moving Beyond ConfidentialityPrivacy Compliance for Law Firms: Moving Beyond Confidentiality
Privacy Compliance for Law Firms: Moving Beyond Confidentiality
 
MMV Webinar 2. GDPR Insights. January 2018
MMV Webinar 2. GDPR Insights. January 2018MMV Webinar 2. GDPR Insights. January 2018
MMV Webinar 2. GDPR Insights. January 2018
 
Update on Laws and Practices 2020
Update on Laws and Practices 2020Update on Laws and Practices 2020
Update on Laws and Practices 2020
 
Gdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulationGdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulation
 
GDPR: Data Breach Notification and Communications
GDPR: Data Breach Notification and CommunicationsGDPR: Data Breach Notification and Communications
GDPR: Data Breach Notification and Communications
 
Legal vectors - Survey of Law, Regulation and Technology Risk
Legal vectors - Survey of Law, Regulation and Technology RiskLegal vectors - Survey of Law, Regulation and Technology Risk
Legal vectors - Survey of Law, Regulation and Technology Risk
 
skillcast-gdpr-training-presentation-q320.pptx
skillcast-gdpr-training-presentation-q320.pptxskillcast-gdpr-training-presentation-q320.pptx
skillcast-gdpr-training-presentation-q320.pptx
 
GDPR for your Payroll Bureau
GDPR for your Payroll BureauGDPR for your Payroll Bureau
GDPR for your Payroll Bureau
 
*Webinar* CCPA: Get Your Business Ready
*Webinar* CCPA: Get Your Business Ready*Webinar* CCPA: Get Your Business Ready
*Webinar* CCPA: Get Your Business Ready
 
Understanding GDPR: Myths & Reality of Compliance
Understanding GDPR: Myths & Reality of ComplianceUnderstanding GDPR: Myths & Reality of Compliance
Understanding GDPR: Myths & Reality of Compliance
 
Protection des données et de la vie privée : nouvelles obligations pour les e...
Protection des données et de la vie privée : nouvelles obligations pour les e...Protection des données et de la vie privée : nouvelles obligations pour les e...
Protection des données et de la vie privée : nouvelles obligations pour les e...
 
GDPR Part 1: Quick Facts
GDPR Part 1: Quick FactsGDPR Part 1: Quick Facts
GDPR Part 1: Quick Facts
 
GDPR training
GDPR training GDPR training
GDPR training
 
Data protection regulations in Nigeria
Data protection regulations in NigeriaData protection regulations in Nigeria
Data protection regulations in Nigeria
 
Data breaches - Is Your Law Firm in Danger
Data breaches - Is Your Law Firm in DangerData breaches - Is Your Law Firm in Danger
Data breaches - Is Your Law Firm in Danger
 
Scotland legal update 25 sept
Scotland legal update 25 septScotland legal update 25 sept
Scotland legal update 25 sept
 
eu-market-access-gdpr-fundamentals-by-risk-associates
eu-market-access-gdpr-fundamentals-by-risk-associateseu-market-access-gdpr-fundamentals-by-risk-associates
eu-market-access-gdpr-fundamentals-by-risk-associates
 

More from blogzilla

Interoperability for SNS competition
Interoperability for SNS competitionInteroperability for SNS competition
Interoperability for SNS competitionblogzilla
 
Transatlantic data flows following the Schrems II judgment
Transatlantic data flows following the Schrems II judgmentTransatlantic data flows following the Schrems II judgment
Transatlantic data flows following the Schrems II judgmentblogzilla
 
Lessons for interoperability remedies from UK Open Banking
Lessons for interoperability remedies from UK Open BankingLessons for interoperability remedies from UK Open Banking
Lessons for interoperability remedies from UK Open Bankingblogzilla
 
Covid exposure apps in England and Wales
Covid exposure apps in England and WalesCovid exposure apps in England and Wales
Covid exposure apps in England and Walesblogzilla
 
Key issues in data protection policy
Key issues in data protection policyKey issues in data protection policy
Key issues in data protection policyblogzilla
 
Trusted government access to private sector data
Trusted government access to private sector dataTrusted government access to private sector data
Trusted government access to private sector datablogzilla
 
Interoperability in the Digital Services Act
Interoperability in the Digital Services ActInteroperability in the Digital Services Act
Interoperability in the Digital Services Actblogzilla
 
Making effective policy use of academic expertise
Making effective policy use of academic expertiseMaking effective policy use of academic expertise
Making effective policy use of academic expertiseblogzilla
 
Introduction to Cybersecurity for Elections
Introduction to Cybersecurity for ElectionsIntroduction to Cybersecurity for Elections
Introduction to Cybersecurity for Electionsblogzilla
 
Cyber Essentials for Managers
Cyber Essentials for ManagersCyber Essentials for Managers
Cyber Essentials for Managersblogzilla
 
Privacy and Data Protection in South Africa
Privacy and Data Protection in South AfricaPrivacy and Data Protection in South Africa
Privacy and Data Protection in South Africablogzilla
 
Human rights and the future of surveillance - Lord Anderson QC
Human rights and the future of surveillance - Lord Anderson QCHuman rights and the future of surveillance - Lord Anderson QC
Human rights and the future of surveillance - Lord Anderson QCblogzilla
 
Data science and privacy regulation
Data science and privacy regulationData science and privacy regulation
Data science and privacy regulationblogzilla
 
Where next for encryption regulation?
Where next for encryption regulation?Where next for encryption regulation?
Where next for encryption regulation?blogzilla
 
Where next for the Regulation of Investigatory Powers Act?
Where next for the Regulation of Investigatory Powers Act?Where next for the Regulation of Investigatory Powers Act?
Where next for the Regulation of Investigatory Powers Act?blogzilla
 
Regulation and the Internet of Things
Regulation and the Internet of ThingsRegulation and the Internet of Things
Regulation and the Internet of Thingsblogzilla
 
Global Cyber Security Capacity Centre
Global Cyber Security Capacity CentreGlobal Cyber Security Capacity Centre
Global Cyber Security Capacity Centreblogzilla
 
Privacy post-Snowden
Privacy post-SnowdenPrivacy post-Snowden
Privacy post-Snowdenblogzilla
 
Keeping our secrets? Shaping Internet technologies for the public good
Keeping our secrets? Shaping Internet technologies for the public goodKeeping our secrets? Shaping Internet technologies for the public good
Keeping our secrets? Shaping Internet technologies for the public goodblogzilla
 
The Data Retention Directive: recent developments
The Data Retention Directive: recent developmentsThe Data Retention Directive: recent developments
The Data Retention Directive: recent developmentsblogzilla
 

More from blogzilla (20)

Interoperability for SNS competition
Interoperability for SNS competitionInteroperability for SNS competition
Interoperability for SNS competition
 
Transatlantic data flows following the Schrems II judgment
Transatlantic data flows following the Schrems II judgmentTransatlantic data flows following the Schrems II judgment
Transatlantic data flows following the Schrems II judgment
 
Lessons for interoperability remedies from UK Open Banking
Lessons for interoperability remedies from UK Open BankingLessons for interoperability remedies from UK Open Banking
Lessons for interoperability remedies from UK Open Banking
 
Covid exposure apps in England and Wales
Covid exposure apps in England and WalesCovid exposure apps in England and Wales
Covid exposure apps in England and Wales
 
Key issues in data protection policy
Key issues in data protection policyKey issues in data protection policy
Key issues in data protection policy
 
Trusted government access to private sector data
Trusted government access to private sector dataTrusted government access to private sector data
Trusted government access to private sector data
 
Interoperability in the Digital Services Act
Interoperability in the Digital Services ActInteroperability in the Digital Services Act
Interoperability in the Digital Services Act
 
Making effective policy use of academic expertise
Making effective policy use of academic expertiseMaking effective policy use of academic expertise
Making effective policy use of academic expertise
 
Introduction to Cybersecurity for Elections
Introduction to Cybersecurity for ElectionsIntroduction to Cybersecurity for Elections
Introduction to Cybersecurity for Elections
 
Cyber Essentials for Managers
Cyber Essentials for ManagersCyber Essentials for Managers
Cyber Essentials for Managers
 
Privacy and Data Protection in South Africa
Privacy and Data Protection in South AfricaPrivacy and Data Protection in South Africa
Privacy and Data Protection in South Africa
 
Human rights and the future of surveillance - Lord Anderson QC
Human rights and the future of surveillance - Lord Anderson QCHuman rights and the future of surveillance - Lord Anderson QC
Human rights and the future of surveillance - Lord Anderson QC
 
Data science and privacy regulation
Data science and privacy regulationData science and privacy regulation
Data science and privacy regulation
 
Where next for encryption regulation?
Where next for encryption regulation?Where next for encryption regulation?
Where next for encryption regulation?
 
Where next for the Regulation of Investigatory Powers Act?
Where next for the Regulation of Investigatory Powers Act?Where next for the Regulation of Investigatory Powers Act?
Where next for the Regulation of Investigatory Powers Act?
 
Regulation and the Internet of Things
Regulation and the Internet of ThingsRegulation and the Internet of Things
Regulation and the Internet of Things
 
Global Cyber Security Capacity Centre
Global Cyber Security Capacity CentreGlobal Cyber Security Capacity Centre
Global Cyber Security Capacity Centre
 
Privacy post-Snowden
Privacy post-SnowdenPrivacy post-Snowden
Privacy post-Snowden
 
Keeping our secrets? Shaping Internet technologies for the public good
Keeping our secrets? Shaping Internet technologies for the public goodKeeping our secrets? Shaping Internet technologies for the public good
Keeping our secrets? Shaping Internet technologies for the public good
 
The Data Retention Directive: recent developments
The Data Retention Directive: recent developmentsThe Data Retention Directive: recent developments
The Data Retention Directive: recent developments
 

Recently uploaded

NO1 WorldWide Love marriage specialist baba ji Amil Baba Kala ilam powerful v...
NO1 WorldWide Love marriage specialist baba ji Amil Baba Kala ilam powerful v...NO1 WorldWide Love marriage specialist baba ji Amil Baba Kala ilam powerful v...
NO1 WorldWide Love marriage specialist baba ji Amil Baba Kala ilam powerful v...Amil baba
 
Call Girls Near Golden Tulip Essential Hotel, New Delhi 9873777170
Call Girls Near Golden Tulip Essential Hotel, New Delhi 9873777170Call Girls Near Golden Tulip Essential Hotel, New Delhi 9873777170
Call Girls Near Golden Tulip Essential Hotel, New Delhi 9873777170Sonam Pathan
 
212MTAMount Durham University Bachelor's Diploma in Technology
212MTAMount Durham University Bachelor's Diploma in Technology212MTAMount Durham University Bachelor's Diploma in Technology
212MTAMount Durham University Bachelor's Diploma in Technologyz xss
 
(办理原版一样)QUT毕业证昆士兰科技大学毕业证学位证留信学历认证成绩单补办
(办理原版一样)QUT毕业证昆士兰科技大学毕业证学位证留信学历认证成绩单补办(办理原版一样)QUT毕业证昆士兰科技大学毕业证学位证留信学历认证成绩单补办
(办理原版一样)QUT毕业证昆士兰科技大学毕业证学位证留信学历认证成绩单补办fqiuho152
 
Call Girls Near Me WhatsApp:+91-9833363713
Call Girls Near Me WhatsApp:+91-9833363713Call Girls Near Me WhatsApp:+91-9833363713
Call Girls Near Me WhatsApp:+91-9833363713Sonam Pathan
 
NO1 WorldWide online istikhara for love marriage vashikaran specialist love p...
NO1 WorldWide online istikhara for love marriage vashikaran specialist love p...NO1 WorldWide online istikhara for love marriage vashikaran specialist love p...
NO1 WorldWide online istikhara for love marriage vashikaran specialist love p...Amil Baba Dawood bangali
 
Interimreport1 January–31 March2024 Elo Mutual Pension Insurance Company
Interimreport1 January–31 March2024 Elo Mutual Pension Insurance CompanyInterimreport1 January–31 March2024 Elo Mutual Pension Insurance Company
Interimreport1 January–31 March2024 Elo Mutual Pension Insurance CompanyTyöeläkeyhtiö Elo
 
《加拿大本地办假证-寻找办理Dalhousie毕业证和达尔豪斯大学毕业证书的中介代理》
《加拿大本地办假证-寻找办理Dalhousie毕业证和达尔豪斯大学毕业证书的中介代理》《加拿大本地办假证-寻找办理Dalhousie毕业证和达尔豪斯大学毕业证书的中介代理》
《加拿大本地办假证-寻找办理Dalhousie毕业证和达尔豪斯大学毕业证书的中介代理》rnrncn29
 
Quantitative Analysis of Retail Sector Companies
Quantitative Analysis of Retail Sector CompaniesQuantitative Analysis of Retail Sector Companies
Quantitative Analysis of Retail Sector Companiesprashantbhati354
 
BPPG response - Options for Defined Benefit schemes - 19Apr24.pdf
BPPG response - Options for Defined Benefit schemes - 19Apr24.pdfBPPG response - Options for Defined Benefit schemes - 19Apr24.pdf
BPPG response - Options for Defined Benefit schemes - 19Apr24.pdfHenry Tapper
 
Financial Leverage Definition, Advantages, and Disadvantages
Financial Leverage Definition, Advantages, and DisadvantagesFinancial Leverage Definition, Advantages, and Disadvantages
Financial Leverage Definition, Advantages, and Disadvantagesjayjaymabutot13
 
magnetic-pensions-a-new-blueprint-for-the-dc-landscape.pdf
magnetic-pensions-a-new-blueprint-for-the-dc-landscape.pdfmagnetic-pensions-a-new-blueprint-for-the-dc-landscape.pdf
magnetic-pensions-a-new-blueprint-for-the-dc-landscape.pdfHenry Tapper
 
SBP-Market-Operations and market managment
SBP-Market-Operations and market managmentSBP-Market-Operations and market managment
SBP-Market-Operations and market managmentfactical
 
Economics, Commerce and Trade Management: An International Journal (ECTIJ)
Economics, Commerce and Trade Management: An International Journal (ECTIJ)Economics, Commerce and Trade Management: An International Journal (ECTIJ)
Economics, Commerce and Trade Management: An International Journal (ECTIJ)ECTIJ
 
Stock Market Brief Deck for 4/24/24 .pdf
Stock Market Brief Deck for 4/24/24 .pdfStock Market Brief Deck for 4/24/24 .pdf
Stock Market Brief Deck for 4/24/24 .pdfMichael Silva
 
Call Girls Near Delhi Pride Hotel, New Delhi|9873777170
Call Girls Near Delhi Pride Hotel, New Delhi|9873777170Call Girls Near Delhi Pride Hotel, New Delhi|9873777170
Call Girls Near Delhi Pride Hotel, New Delhi|9873777170Sonam Pathan
 
(中央兰开夏大学毕业证学位证成绩单-案例)
(中央兰开夏大学毕业证学位证成绩单-案例)(中央兰开夏大学毕业证学位证成绩单-案例)
(中央兰开夏大学毕业证学位证成绩单-案例)twfkn8xj
 
PMFBY , Pradhan Mantri Fasal bima yojna
PMFBY , Pradhan Mantri Fasal bima yojnaPMFBY , Pradhan Mantri Fasal bima yojna
PMFBY , Pradhan Mantri Fasal bima yojnaDharmendra Kumar
 
NO1 WorldWide Genuine vashikaran specialist Vashikaran baba near Lahore Vashi...
NO1 WorldWide Genuine vashikaran specialist Vashikaran baba near Lahore Vashi...NO1 WorldWide Genuine vashikaran specialist Vashikaran baba near Lahore Vashi...
NO1 WorldWide Genuine vashikaran specialist Vashikaran baba near Lahore Vashi...Amil baba
 
原版1:1复刻堪萨斯大学毕业证KU毕业证留信学历认证
原版1:1复刻堪萨斯大学毕业证KU毕业证留信学历认证原版1:1复刻堪萨斯大学毕业证KU毕业证留信学历认证
原版1:1复刻堪萨斯大学毕业证KU毕业证留信学历认证jdkhjh
 

Recently uploaded (20)

NO1 WorldWide Love marriage specialist baba ji Amil Baba Kala ilam powerful v...
NO1 WorldWide Love marriage specialist baba ji Amil Baba Kala ilam powerful v...NO1 WorldWide Love marriage specialist baba ji Amil Baba Kala ilam powerful v...
NO1 WorldWide Love marriage specialist baba ji Amil Baba Kala ilam powerful v...
 
Call Girls Near Golden Tulip Essential Hotel, New Delhi 9873777170
Call Girls Near Golden Tulip Essential Hotel, New Delhi 9873777170Call Girls Near Golden Tulip Essential Hotel, New Delhi 9873777170
Call Girls Near Golden Tulip Essential Hotel, New Delhi 9873777170
 
212MTAMount Durham University Bachelor's Diploma in Technology
212MTAMount Durham University Bachelor's Diploma in Technology212MTAMount Durham University Bachelor's Diploma in Technology
212MTAMount Durham University Bachelor's Diploma in Technology
 
(办理原版一样)QUT毕业证昆士兰科技大学毕业证学位证留信学历认证成绩单补办
(办理原版一样)QUT毕业证昆士兰科技大学毕业证学位证留信学历认证成绩单补办(办理原版一样)QUT毕业证昆士兰科技大学毕业证学位证留信学历认证成绩单补办
(办理原版一样)QUT毕业证昆士兰科技大学毕业证学位证留信学历认证成绩单补办
 
Call Girls Near Me WhatsApp:+91-9833363713
Call Girls Near Me WhatsApp:+91-9833363713Call Girls Near Me WhatsApp:+91-9833363713
Call Girls Near Me WhatsApp:+91-9833363713
 
NO1 WorldWide online istikhara for love marriage vashikaran specialist love p...
NO1 WorldWide online istikhara for love marriage vashikaran specialist love p...NO1 WorldWide online istikhara for love marriage vashikaran specialist love p...
NO1 WorldWide online istikhara for love marriage vashikaran specialist love p...
 
Interimreport1 January–31 March2024 Elo Mutual Pension Insurance Company
Interimreport1 January–31 March2024 Elo Mutual Pension Insurance CompanyInterimreport1 January–31 March2024 Elo Mutual Pension Insurance Company
Interimreport1 January–31 March2024 Elo Mutual Pension Insurance Company
 
《加拿大本地办假证-寻找办理Dalhousie毕业证和达尔豪斯大学毕业证书的中介代理》
《加拿大本地办假证-寻找办理Dalhousie毕业证和达尔豪斯大学毕业证书的中介代理》《加拿大本地办假证-寻找办理Dalhousie毕业证和达尔豪斯大学毕业证书的中介代理》
《加拿大本地办假证-寻找办理Dalhousie毕业证和达尔豪斯大学毕业证书的中介代理》
 
Quantitative Analysis of Retail Sector Companies
Quantitative Analysis of Retail Sector CompaniesQuantitative Analysis of Retail Sector Companies
Quantitative Analysis of Retail Sector Companies
 
BPPG response - Options for Defined Benefit schemes - 19Apr24.pdf
BPPG response - Options for Defined Benefit schemes - 19Apr24.pdfBPPG response - Options for Defined Benefit schemes - 19Apr24.pdf
BPPG response - Options for Defined Benefit schemes - 19Apr24.pdf
 
Financial Leverage Definition, Advantages, and Disadvantages
Financial Leverage Definition, Advantages, and DisadvantagesFinancial Leverage Definition, Advantages, and Disadvantages
Financial Leverage Definition, Advantages, and Disadvantages
 
magnetic-pensions-a-new-blueprint-for-the-dc-landscape.pdf
magnetic-pensions-a-new-blueprint-for-the-dc-landscape.pdfmagnetic-pensions-a-new-blueprint-for-the-dc-landscape.pdf
magnetic-pensions-a-new-blueprint-for-the-dc-landscape.pdf
 
SBP-Market-Operations and market managment
SBP-Market-Operations and market managmentSBP-Market-Operations and market managment
SBP-Market-Operations and market managment
 
Economics, Commerce and Trade Management: An International Journal (ECTIJ)
Economics, Commerce and Trade Management: An International Journal (ECTIJ)Economics, Commerce and Trade Management: An International Journal (ECTIJ)
Economics, Commerce and Trade Management: An International Journal (ECTIJ)
 
Stock Market Brief Deck for 4/24/24 .pdf
Stock Market Brief Deck for 4/24/24 .pdfStock Market Brief Deck for 4/24/24 .pdf
Stock Market Brief Deck for 4/24/24 .pdf
 
Call Girls Near Delhi Pride Hotel, New Delhi|9873777170
Call Girls Near Delhi Pride Hotel, New Delhi|9873777170Call Girls Near Delhi Pride Hotel, New Delhi|9873777170
Call Girls Near Delhi Pride Hotel, New Delhi|9873777170
 
(中央兰开夏大学毕业证学位证成绩单-案例)
(中央兰开夏大学毕业证学位证成绩单-案例)(中央兰开夏大学毕业证学位证成绩单-案例)
(中央兰开夏大学毕业证学位证成绩单-案例)
 
PMFBY , Pradhan Mantri Fasal bima yojna
PMFBY , Pradhan Mantri Fasal bima yojnaPMFBY , Pradhan Mantri Fasal bima yojna
PMFBY , Pradhan Mantri Fasal bima yojna
 
NO1 WorldWide Genuine vashikaran specialist Vashikaran baba near Lahore Vashi...
NO1 WorldWide Genuine vashikaran specialist Vashikaran baba near Lahore Vashi...NO1 WorldWide Genuine vashikaran specialist Vashikaran baba near Lahore Vashi...
NO1 WorldWide Genuine vashikaran specialist Vashikaran baba near Lahore Vashi...
 
原版1:1复刻堪萨斯大学毕业证KU毕业证留信学历认证
原版1:1复刻堪萨斯大学毕业证KU毕业证留信学历认证原版1:1复刻堪萨斯大学毕业证KU毕业证留信学历认证
原版1:1复刻堪萨斯大学毕业证KU毕业证留信学历认证
 

Building Privacy and Trust with System Design

  • 1. Privacy as a key system requirement for building trust Dr Ian Brown
  • 2. HMRC data debacle  25m names, addresses, dates of birth, Child Benefit numbers, National Insurance numbers and bank or building society account details lost  A stream of other losses to be Steve Bell, The Guardian, 22/11/07 revealed
  • 3. Insider fraud Information required Price paid to Price to ‘blagger’ customer Occupant search/Electoral roll check not known £17.50 (obtaining address) Telephone reverse trace £40 £75 Telephone conversion (mobile) not known £75 Friends and Family £60 – £80 not known Vehicle check at DVLA £70 £150 – £200 Criminal records check not known £500 Area search (locating a named person not known £60 across a wide area) Company/Director search not known £40 Ex-directory search £40 £65 – £75 Mobile telephone account enquiries not known £750 Licence check not known £250 Source: “What price privacy?”, Information Commissioner, May 2006
  • 4. Engineering privacy  Privacy, like security, must be built in to a system from the start - not bolted on at a late stage  Key legal and technology requirements are minimisation (of personal data collected, purpose, time kept, access given) and protection (data stored securely and access strictly limited)
  • 5. Privacy Directive principles 1. Personal data shall be processed fairly and lawfully 2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes. 3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed. 4. Personal data shall be accurate and, where necessary, kept up to date. 5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. 6. Personal data shall be processed in accordance with the rights of data subjects under this Act. 7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destructionof, or damage to, personal data. 8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
  • 6. Minimisation  Why is personal data being collected in the first place?  Identification vs authorisation  Privacy Enhancing Technologies  Distributed v centralised
  • 7. Protection  Data held and transmitted securely to prevent unauthorised access and modification  Extensive protection against data loss or corruption  Resistant to Denial of Service attacks  All transactions must be loggable by user
  • 8. Some (bad) UK examples  NPfIT (over 1 million potential users)  ContactPoint (330,000 users)  National Identity Register (public & private sector use)