Protecting Privacy by Using Data Labels


Published on

Published in: Technology, News & Politics
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Picture a chemistry lab Picture a cabinet in that lab All of the jars in that cabinet are unlabeled Image courtesy of UF Digital Collections -
  • Each jar contains a potentially grim surprise * Caustic * Toxic * Harmless * Volatile Image courtesty of bhikku -
  • Because the jars are unlabeled The strictest handling procedures must be applied for all jars * Even though some don ’ t require such strictness This increases the handling costs. Requires spot audit programs Make everything more difficult Image courtesy of
  • But I know what is on that shelf Implicit knowledge might be generated * Items on this shelf are caustic * Items on this shelf are volatile * Items on this shelf are harmless Image courtesy of Shobhit Agrawal -
  • Image courtesy of code poet -
  • This is how enterprises handle data Our systems and databases are the cabinets and the unlabeled jars We do not tailor handling procedures to the data well We do not inform handlers about the data well Image courtesy of carrierdetect -
  • We have implicit knowledge We have implicit knowledge of the data based on the system it comes from * “ If it came from that system, it must be this kind of data ” * This implicit knowledge informs our data handling procedures Image courtesy of scriptingnews -
  • Transferring data moves that data from one context to anotherWhen data changes context, implicit knowledge is lostBad enough when the sharing is within the enterpriseFar worse when we share beyond our walls Image courtesy of dan4th -
  • The authorization event is the end of the story to a security professional. But the authorization event is merely the beginning of the story to a privacy professional. What happens after authorization is the interesting bit from a privacy perspective. Image courtesy of davedugdale -
  • How should we handle the data?Are our obligations to the data met?What uses and disclosures were consented to?Answering these questions require context Image courtesy of Paul Bratcher Photography:
  • Determining how to handle data requires the social layer of the enterprise to be informedPeople know how to evaluate context Image courtesy of tjdewey -
  • Need to keep the social layer informed We don ’ t label our data.Any context information we have is stripped when data changes hands. This makes handling transferred data expensive and fraught with danger
  • Use data labels to protect privacy Make the implicit explicitDescribe context in human readable termsHelp the social layer make better data handling decisions
  • Use data labels to protect privacy Richer context information for technical controls to useAssign accountability more accurately and fairlyWe call these data labels relationship context metadata
  • RCM is created when data is transferred * Intra-company transfers * Inter-company transfers * Individual to organizations transfers Each piece of RCM is called a bead and beads are attached to strings. A string adorns a set of data.
  • What to do if you find data in the wild The use of data labels can help companies track where their data flows. It can also be used when data flows out of the control of the originating organization. One could image instructions such as the following embedded in the RCM: “ Call Hemisphere Medical ’ s Data Protection office. Tell them you ’ ve discovered RCM number 8541-BOS-123001 ”“ Call the Massachusetts State Attorney General ’ s office at (617) 727-8400. Tell them you have found MA 201 CMR 17 information. ” Image courtesy of bill barber:
  • Protecting Privacy by Using Data Labels

    1. 1. Protecting Privacy by using data labels <ul><li>Ian Glazer - @iglazer </li></ul>
    2. 2. No Labels = Grim Surprises
    3. 3. Strictest handling procedure must be applied for all jars
    4. 4. But I know what ’ s on that shelf
    5. 5. But what happens when we give a sample to another lab? <ul><li>The jar is still unlabeled. </li></ul><ul><li>Any implicit knowledge, and thus handling procedures, is lost. </li></ul><ul><li>The receiving lab doesn ’ t know how to handle the stuff in the jar. </li></ul>
    6. 6. Unlabeled jar Cabinet
    7. 7. We ’ ve got 16kB of PHI right here
    8. 8. Changing Context, Losing Knowledge
    9. 9. Authorization as proxy for explicit knowledge <ul><li>Because of the lack of knowledge about the data, we rely on authorization schemes </li></ul><ul><ul><li>Is this person allowed to work with this system? </li></ul></ul><ul><ul><li>Shorthand for: can this person work with this sort of data? </li></ul></ul>
    10. 10. Privacy Professional Security Professional
    11. 11. What happens next?
    12. 12. Feed the social layer
    13. 15. Relationship Context Metadata
    14. 16. Beads and Strings
    15. 17. What ’ s in a bead? Parties & their relationships Consented Uses & Disclosures Obligations What do to if you aren ’ t one of the parties
    16. 18. What to do if you find data in the wild
    17. 19. Privacy is a Social Construct <ul><li>Privacy is contextual </li></ul><ul><li>People innately know how to parse context </li></ul><ul><li>Protecting privacy requires the social layer, the people, in an enterprise to be engaged and informed </li></ul>
    18. 20. Making the Implicit Explicit <ul><li>RCM informs people by making implicit context explicit </li></ul><ul><li>Making the implicit explicit leads to better privacy-preserving and data handling decisions </li></ul><ul><li>Labeling the jars makes working the lab easier and safer </li></ul>