Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Privacy, Security & Access to Data

619 views

Published on

As institutions start to delve into the staff / student / consumer data they have been storing for years, new questions are emerging about the repercussions of using this data. How will it be analyzed? Who is doing the analysis? And what steps should be taken to protect user’s privacy?

Published in: Data & Analytics
  • Be the first to comment

  • Be the first to like this

Privacy, Security & Access to Data

  1. 1. Privacy, Security & Access to Data Cyber Summit 2015 Brian Hamilton, Director, Compliance and Special InvestigationsSeptember 28, 2015
  2. 2. Agenda • Privacy laws enable your success • How do privacy regulators analyze information sharing/analytics/big data initiatives? • Regulatory challenges • Tips for success in working with privacy regulators
  3. 3. Office of the Information and Privacy Commissioner of Alberta • Commissioner – Jill Clayton • an officer of the Legislative Assembly • independent of government • Oversight of Alberta’s access to information and privacy laws: • Freedom of Information and Protection of Privacy Act • Personal Information Protection Act • Health Information Act • Provincial government is responsible for legislation
  4. 4. What we do
  5. 5. How we intersect with research • Health Research Ethics Boards • File their approvals with us • Duty to review research proposals and assess whether adequate safeguards are in place • Privacy Impact Assessment review • Especially data matching • Recommended for multi-stakeholder initiatives • Investigations • Unusual, most people aren’t aware, or have consented • access to data without agreement
  6. 6. Privacy is an enabler • Privacy regulators understand benefits of information sharing and analytics • Advancement of science, health • Convenience • Harmonized, coordinated, targeted services • Efficiency, cost containment • Privacy statutes allow appropriate information sharing and data matching • Privacy ensures your success • We are in the freedom of information business
  7. 7. Things privacy laws allow you to do (as long as you do it right) • Research • Planning • Resource allocation • Policy development • Quality improvement • Auditing • Evaluation • Data matching • Share personal information for service delivery
  8. 8. How we analyze initiatives • Who are you? • Nature of organizations • Jurisdiction • What are you doing? • What personal information will you collect, use or disclose? • Research, data matching • Is it legal? • Analysis of legal authorities • How are you managing risk? • Information security • Agreements, policies • Incident response plans • Regular review of controls • Training
  9. 9. Key Privacy Controls (for big data initiatives) • Governance, policies, training • Access controls • Need to know, least amount principle • Consent (where necessary) • Openness, transparency, notification • Retention and disposition • Only keep information as long as necessary • Incident response • Privacy laws use reasonableness test • Controls do not need to be perfect
  10. 10. Challenges for the new data scientist • We live in a federation and have international partners • Managing privacy among multiple stakeholders (governance) • Transparency • Managing consent, citizen expectations • Trans border legal demands • Bureaucratic fear, uncertainty and doubt
  11. 11. Tips for success • Talk to us • We are happy to consult on any initiative • Early consultation prevents last-minute pitfalls • Build privacy into your initiative from the start • Last-minute, bolt-on privacy is expensive and inefficient • Engage the public • Transparency assuages fear • Conduct a privacy impact assessment • Our Office is pleased to review and provide comments • Consider making your PIA public • Develop privacy expertise
  12. 12. Curriculum for the new data scientist • Privacy principles • Privacy risk assessment and mitigation strategies • Information security • Access to information • Records management • Agreements and contracts
  13. 13. OIPC sponsored research on information sharing Government Information Sharing Is Data Going Out of the Silos, Into the Mines? •http:// www.oipc.ab.ca/Content_Files/Files/Publications/Repor •Case studies •Citizen expectations •Examining risk in data sharing projects 13
  14. 14. Free PIA training • Calgary: October 16 • Edmonton: October 15 • www.oipc.ab.ca for more info.
  15. 15. Your questions
  16. 16. THANK YOU! Brian Hamilton Director, Compliance and Special Investigations Office of the Information and Privacy Commissioner, Alberta bhamilton@oipc.ab.ca www.oipc.ab.ca 780.422.6860

×