SlideShare a Scribd company logo

Leg4

B
brock55
TechnologyNews & Politics
1 of 33
Download to read offline
CANADIAN GAMING SUMMIT 2011 April 19, 2011 Casinos As Public Institutions under the Freedom of Information and Protection of Privacy Act Mary O’Donoghue General Counsel and Manager of Legal Services Information and Privacy Commissioner/Ontario © Information and Privacy Commissioner of Ontario, 2006
The Regulator: Information and Privacy Commissioner/Ontario ABOUT US: • The Information and Privacy Commissioner of Ontario (the IPC) is an administrative tribunal as well as a policy making body. • In addition to her powers as an adjudicative tribunal, the IPC has an explicit statutory authority to – Conduct research into access and privacy issues; – Receive information from the public on the operation of the Acts; – Comment on proposed government legislation and programs; and – Educate the public about Ontario’s access and privacy laws. © Information and Privacy Commissioner of Ontario, 2006
Information and Privacy Commissioner/Ontario The Acts Information and Privacy Commissioner/Ontario oversees: The Freedom of Information and Protection of Privacy Act (FIPPA) The Municipal Freedom of Information and Protection of Privacy Act (MFIPPA) and The Personal Health Information Protection Act (PHIPA) Under these Acts she resolves access to information appeals and complaints when government or health care practitioners and organizations refuse to grant requests for access or correction or fail to treat personal information in accordance with the statutory Privacy Rules; © Information and Privacy Commissioner of Ontario, 2006
The Acts • Each of these Acts provides for access to information and privacy of personal information. • FIPPA came into effect in 1988, MFIPPA in 1991, and PHIPA in 2004 • Under FIPPA and MFIPPA, the general public has a right of access to general records in the custody or control of institutions, as well as to their own personal information • Access rights are subject to both legislated exclusions and exemptions © Information and Privacy Commissioner of Ontario, 2006
Purpose of FIPPA/MFIPPA • The purposes of the Freedom of Information and Protection of Privacy Act and the Municipal Freedom of Information and Protection of Privacy Act are: – a) To provide a right of access to information under the control of government organizations in accordance with the following principles: • information should be available to the public; • exemptions to the right of access should be limited and specific; • decisions on the disclosure of government information may be reviewed by the Information and Privacy Commissioner. – b) To protect personal information held by government organizations and to provide individuals with a right of access to their own personal information. © Information and Privacy Commissioner of Ontario, 2006
PUBLIC INSTITUTIONS • Which bodies are covered? “Institutions” are the entities subject to the public sector Acts – FIPPA institutions mainly cover provincial ministries and agencies, including entities specially scheduled by regulation – MFIPPA institutions are municipal governments and their agencies, school board, libraries, police services etc. – In Ontario, under the aegis of the Ontario Lottery and Gaming Corporation, Casinos are subject to the privacy and access to information rules of FIPPA © Information and Privacy Commissioner of Ontario, 2006
Transparency, Openness and Privacy • Under the two public sector Acts, there are 3 underlying principles: – Citizens are ensured access to the information that allows them to participate meaningfully in the democratic process – Elected officials and public officials remain accountable to the citizenry – Public institutions are responsible for safeguarding personal information and following the privacy rules © Information and Privacy Commissioner of Ontario, 2006
The Privacy Rules • Part III of the Freedom of Information and Protection of Privacy Act provides rules for the protection of the privacy of the individuals. “Fair information practices:” – personal information should be collected directly from the individual, unless indirect collection is necessary and authorized; – institutions should collect only personal information which is specifically authorized by statute, necessary for a lawfully authorized activity or for law enforcement; – individuals should be notified by the collecting institution when their personal information is collected; notice should contain legal authority for the collection; name, title and telephone number of institution employee who can answer questions; © Information and Privacy Commissioner of Ontario, 2006
The Privacy Rules cont’d. – individuals have a right of access to their personal information held by institutions, subject only to statutory disclosure exemptions; – individuals may request correction of their personal information being held by institutions, or have right to attach statement of disagreement; – institutions only use personal information for the purpose for which it was collected or for consistent purpose; consistent purpose is one reasonably expected by the individual; – individual can consent to new use for the information; information may be collected for more than one use; all potential uses identified prior to collection, and all main uses disclosed to the individual at the time of collection; © Information and Privacy Commissioner of Ontario, 2006
The Privacy Rules cont’d. – institutions should not disclose personal information except as permitted under the Act, or upon consent of the individual; – institutions should use only personal information which is accurate and up to date in making decisions affecting an individual; and – institutions must provide for the proper secure custody of personal information © Information and Privacy Commissioner of Ontario, 2006
Privacy Rules in the Casino Investigation Report PC-010005-1, February 26, 2001 • Hamilton Spectator reporter contacted the IPC for information on biometric facial scanning by OPP in casinos. • The Alcohol and Gaming Commission (AGCO) Investigations Branch, (seconded OPP officers) closely monitors Ontario casinos to enforce section 209 of the Criminal Code, which criminalizes cheating while playing a game or betting . The OPP was using Facial Recognition Technology. © Information and Privacy Commissioner of Ontario, 2006
Facial Recognition Technology in the Casino • The OPP used Facial Recognition Technology to detect suspicious behaviour by customers. If reasonable suspicion that individual is engaging in criminal activity, uses the face recognition software to determine if the individual is a known or suspected casino cheat. • Facial template is compared for matching purposes against two databases (the first is the casino based database of suspected casino cheats throughout North America, the second is the OPP database which contains convicted casino cheats in Ontario and ongoing investigations) • Incident report is prepared and facial scan only retained if investigation leads to a criminal conviction. © Information and Privacy Commissioner of Ontario, 2006
Facial Recognition in Casinos • If conviction, scan retained in OPP database at casino where criminal activity took place. OPP may also send facial scans to OPP teams at other casinos in the province for their database. OPP in Ontario casinos did not send their facial scans to other jurisdictions, however others may send their scans to Ontario casinos. • Where the investigation resulted in no conviction the data was deleted and no copy maintained on file. In addition, contrary to media allegations, the OPP did not engage in the scanning of all casino customers. © Information and Privacy Commissioner of Ontario, 2006
IPC Findings • Template was personal information • Collection was for purpose of law enforcement and so proper; officers gather information in accordance with duties under the Police Services Act. Used only for law enforcement and access restricted to OPP. • Notice - Posted Notice was required under s. 39(2). Imaging was publicly known and disclosure would not reveal unknown investigative technique. • Law enforcement provisions “would not apply to exempt institution from requirement for general notice to inform the public entering a casino that OPP may be collecting their personal information through the use of face recognition technology… An individual’s face displays unique and highly personal information about that individual, including her or her race, colour, age and sex. In our view, members of the public should be made aware that this information could be collected if they choose to enter a casino in Ontario.” © Information and Privacy Commissioner of Ontario, 2006
Consultation • Though it is not a requirement for the IPC to be consulted on every project which may have privacy implications, it is however within the spirit and intent of the Act to consult. In addition, consultation with the IPC will ensure the compliance with the Act. Neither the AGCO nor the OPP consulted with the IPC on the development of facial recognition technology. As well, neither institution established a privacy impact assessment before the implementation of this technology. It is the view of the IPC that consultations are highly recommended and especially important when the use of biometric programs may impinge upon privacy. © Information and Privacy Commissioner of Ontario, 2006
Casino Investigation Information - Access • IPC Order PO-2796, AGCO, 2009 • http://www.ipc.on.ca/images/Findings/PO-2796.pdf • Alcohol and Gaming Commission of Ontario received FOI request for 1) “plan to investigate” 2) “report of investigation” – ...any other AGCO document which mentions the [requester] or relates to the [date] Casino [name] incident. © Information and Privacy Commissioner of Ontario, 2006
Investigation Information - Access • Records denied by AGCO included some about investigation of the casino’s “operational and performance aspects of a surveillance system”. • The IPC Adjudicator found that the records contained “more than an internal review of a surveillance incident as claimed by the appellant…This information at issue in the records concerns a sensitive subject, namely the surveillance system in a named casino which is related to both the security system in that casino, as well as the protection of the public who frequent that casino. While there may be a public interest in disclosure of this information, the significant and sensitive nature of this information outweighs both the public’s interest in disclosure as well as the appellant’s need to receive this information for his own private interest to assist him in his court action.” • Refusal of access upheld - section 49(a) (requester’s own p.i.) in conjunction with section 13(1) (Advice to gov’t) as well as section 14(2)(a) (law enforcement report). © Information and Privacy Commissioner of Ontario, 2006
The Future of Privacy With onslaught of new technological programs involving personal information and new privacy risks, the Commissioner’s challenge is to Change the Paradigm to Positive-Sum, NOT Zero-Sum © Information and Privacy Commissioner of Ontario, 2006
Privacy by Design: The Trilogy of Applications Information Technology Accountable Physical Design Business Practices & Infrastructure © Information and Privacy Commissioner of Ontario, 2006
PRIVACY BY DESIGN: THE 7 FOUNDATIONAL PRINCIPLES • 1. Proactive not Reactive: Preventative, not Remedial; • 2. Privacy as the Default setting; • 3. Privacy Embedded into Design; • 4. Full Functionality: Positive-Sum, not Zero-Sum; • 5. End-to-End Security: Full Lifecycle Protection; • 6. Visibility and Transparency: Keep it Open; • 7. Respect for User Privacy: Keep it User-Centric. • www.ipc.on.ca/images/Resources/7foundationalprinciples.pdf © Information and Privacy Commissioner of Ontario, 2006
Embedding Privacy at the Design Stage: The Obvious Route • Cost-effective • Proactive • User-centric • It’s all about control – preserving personal control and freedom of choice over one’s data flows © Information and Privacy Commissioner of Ontario, 2006
Privacy by Design in Action in Casinos © Information and Privacy Commissioner of Ontario, 2006
Biometric Encryption (BE) What is Biometric Encryption? • Class of emerging “untraceable biometrics” technologies that seek to translate the biometric data provided by the user; • Special properties: - uniqueness - irreversibility © Information and Privacy Commissioner of Ontario, 2006
Biometric Encryption: A Positive-Sum Technology that Achieves Strong Authentication, Security AND Privacy • Privacy-enhanced uses of biometrics, with a particular focus on the privacy and security advantages of BE over other uses of biometrics; • How BE technology can help to overcome the prevailing “zero- sum” mentality by effectively transforming one’s biometric to a private key. www.ipc.on.ca/images/Resources/up-1bio_encryp.pdf © Information and Privacy Commissioner of Ontario, 2006
Advantages of Biometric Encryption BE Embodies core privacy practices: 1. Data minimization: no retention of biometric image or template, minimizing potential for unauthorized secondary uses, loss, or misuse; 2. Maximal individual control: Individuals may keep their biometric data private, and can use it to generate or change unique (“anonymous”) account identifiers, and encrypt own data; 3. Improved security: authentication, communication and data security are enhanced. © Information and Privacy Commissioner of Ontario, 2006
Facial recognition a system problem gamblers can’t beat? This coming May facial recognition technology will be used to scan the faces of every patron entering an Ontario casino. This scan will then be compared with a database of 15 000 individuals who have placed themselves on a self- excluded list. When there is a match found the casino security is notified, if no match is found the image is discarded. Privacy mechanisms have been implemented into this technology through a biometric encryption algorithm. This algorithm assures the public that there is “no permanent link between a biometric template of a person’s face and their private information.” According to Commissioner Cavoukian measures must be taken to ensure the privacy of those who come to the casino and have not placed themselves on this list. • Toronto Star, January 12, 2011 © Information and Privacy Commissioner of Ontario, 2006
OLG’s new 4 step self-exclusion program • Enrolment process - Images are taken for facial recognition process, conversation between the self-excluder and security is documented, and a digital form is signed agreeing to the terms of self-exclusion. • Detection – Cameras are located at the entrance and exit of each casino. Faces are scanned in real time and encrypted into a unique algorithm. • Tracking and identification – the self-excluded database is searched for a match of that algorithm. If detected, the self-excluder’s information is distributed to security. Security personnel double- check to make sure the system has identified a self-excluded person, and that no one has been falsely identified. • Enforcement – If a self-excluded person is detected the casino, they are asked to leave and the incident is recorded in the database. © Information and Privacy Commissioner of Ontario, 2006
OLG Facial Recognition Program • The system is designed to detect only self-excluded people – not cheaters or organized crime; • Legacy, photograph-based system, needs to be maintained without the need for re-enrolment of individuals; • Automated facial recognition system is the only technology that produces remote identification and is compatible with the legacy photograph-based system. © Information and Privacy Commissioner of Ontario, 2006
OLG Self-Exclusion program • Completely voluntary self-excluded individuals – more than 12,000 in Ontario and growing; • Great Need for reliable detection of those attempting to enter a gaming site – manual comparison alone does not work; • Privacy of all casino patrons must be protected; • Solution: Facial recognition in watch-list scenario with the use of Biometric Encryption; • Novel “Made in Ontario” PbD application: collaboration of OLG, IPC, UofT, and iView Systems © Information and Privacy Commissioner of Ontario, 2006
OLG Facial Recognition Program • OLG is subject to Ontario’s privacy legislation; • OLG contacted us at the earliest stage and adopted the Privacy-by- Design approach – embedding the privacy protection means directly into the core technology; • The research project was successfully completed at the University of Toronto, developing an essentially new variant of a BE algorithm called Quantized Index Modulation (QIM); • The database tests showed that BE may be integrated with conventional facial recognition, with little or no accuracy degradation. © Information and Privacy Commissioner of Ontario, 2006
Facial Recognition with Biometric Encryption • Biometric Encryption (BE): securely binds a person’s identifier (pointer to personal information) with facial biometrics; • The pointer is retrieved only if a correct (i.e., self-excluded) person is present; • The link between facial templates and personal information is controlled by BE; • Final comparison is done manually; • Privacy of both the general public and self-excluded individuals is protected. © Information and Privacy Commissioner of Ontario, 2006
Proof of Concept • Live field test at Woodbine facilities: Correct Identification Rate (CIR) is 91% without BE, and 90% with BE – negligible accuracy impact; • BE reduces False Acceptance Rate (FAR) by up to 50% – a huge improvement in accuracy; • Accuracy exceeds state-of-the-art for facial recognition; • Triple-win: privacy, security, and accuracy (unexpected) – all improved; • Next: production version of facial recognition with BE. © Information and Privacy Commissioner of Ontario, 2006
How to Contact Us Mary O’Donoghue General Counsel and Manager of Legal Services Information and Privacy Commissioner/Ontario 2 Bloor Street East, Suite 1400 Toronto, Ontario M4W 1A8 mary.o’donoghue@ipc.on.ca 416 326-3922 © Information and Privacy Commissioner of Ontario, 2006

Recommended

Protection of Personal Information
Protection of Personal InformationProtection of Personal Information
Protection of Personal InformationFrancois Naude Jr.
 
Clyrofor popia readiness webinar
Clyrofor popia readiness webinarClyrofor popia readiness webinar
Clyrofor popia readiness webinarLesedi Mnisi
 
Popi act presentation
Popi act presentationPopi act presentation
Popi act presentationKholisile Mazaza
 
Data Privacy Act in the Philippines
Data Privacy Act in the PhilippinesData Privacy Act in the Philippines
Data Privacy Act in the PhilippinesShirley Ingles-Cruz
 
Werksmans presentations on popi
Werksmans presentations on popiWerksmans presentations on popi
Werksmans presentations on popiWerksmans Attorneys
 
Philippine Data Privacy Act of 2012 (RA 10173)
Philippine Data Privacy Act of 2012 (RA 10173)Philippine Data Privacy Act of 2012 (RA 10173)
Philippine Data Privacy Act of 2012 (RA 10173)Kirk Go
 
Data privacy act of 2012 presentation
Data privacy act of 2012 presentationData privacy act of 2012 presentation
Data privacy act of 2012 presentationKittelson & Carpo Consulting
 
CEU DPA
CEU DPACEU DPA
CEU DPABERBERGRACEMARJORIE
 

Recommended

Protection of Personal Information
Protection of Personal InformationProtection of Personal Information
Protection of Personal InformationFrancois Naude Jr.
 
Clyrofor popia readiness webinar
Clyrofor popia readiness webinarClyrofor popia readiness webinar
Clyrofor popia readiness webinarLesedi Mnisi
 
Popi act presentation
Popi act presentationPopi act presentation
Popi act presentationKholisile Mazaza
 
Data Privacy Act in the Philippines
Data Privacy Act in the PhilippinesData Privacy Act in the Philippines
Data Privacy Act in the PhilippinesShirley Ingles-Cruz
 
Werksmans presentations on popi
Werksmans presentations on popiWerksmans presentations on popi
Werksmans presentations on popiWerksmans Attorneys
 
Philippine Data Privacy Act of 2012 (RA 10173)
Philippine Data Privacy Act of 2012 (RA 10173)Philippine Data Privacy Act of 2012 (RA 10173)
Philippine Data Privacy Act of 2012 (RA 10173)Kirk Go
 
Data privacy act of 2012 presentation
Data privacy act of 2012 presentationData privacy act of 2012 presentation
Data privacy act of 2012 presentationKittelson & Carpo Consulting
 
CEU DPA
CEU DPACEU DPA
CEU DPABERBERGRACEMARJORIE
 
The Popi Act 4 of 2013 - Implications for iSCM
The Popi Act 4 of 2013 - Implications for iSCMThe Popi Act 4 of 2013 - Implications for iSCM
The Popi Act 4 of 2013 - Implications for iSCMMyron Duncan Burton Betshanger
 
Data Privacy Act of 2012 (R.A. 10173) Briefing 2017
Data Privacy Act of 2012 (R.A. 10173) Briefing 2017Data Privacy Act of 2012 (R.A. 10173) Briefing 2017
Data Privacy Act of 2012 (R.A. 10173) Briefing 2017Jay Castillo
 
Safety And Security Of Data 4
Safety And Security Of Data 4Safety And Security Of Data 4
Safety And Security Of Data 4Wynthorpe
 
Crash Course on Data Privacy (December 2012)
Crash Course on Data Privacy (December 2012)Crash Course on Data Privacy (December 2012)
Crash Course on Data Privacy (December 2012)Jason Haislmaier
 
The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013Myron Duncan Burton Betshanger
 
POPI Seminar FINAL
POPI Seminar FINALPOPI Seminar FINAL
POPI Seminar FINALImraan Kharwa
 
Data privacy act
Data privacy actData privacy act
Data privacy actansherina erika dejan
 
FOI Executive Order (Freedom of Information)
FOI Executive Order (Freedom of Information) FOI Executive Order (Freedom of Information)
FOI Executive Order (Freedom of Information) Philippine Press Institute
 
Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)Robert MacLean
 
Privacy and Data Protection in South Africa
Privacy and Data Protection in South AfricaPrivacy and Data Protection in South Africa
Privacy and Data Protection in South Africablogzilla
 
M.Marusic Dzlp E Society En
M.Marusic Dzlp E Society EnM.Marusic Dzlp E Society En
M.Marusic Dzlp E Society EnMetamorphosis
 
Data legislation, governance and policy/Abraham M Keetshabe
Data legislation, governance and policy/Abraham M KeetshabeData legislation, governance and policy/Abraham M Keetshabe
Data legislation, governance and policy/Abraham M KeetshabeAfrican Open Science Platform
 
The Protection of Personal Information Act: A Presentation
The Protection of Personal Information Act: A PresentationThe Protection of Personal Information Act: A Presentation
The Protection of Personal Information Act: A PresentationEndcode_org
 
Data Privacy Act of 2012 implication to cooperatives
Data Privacy Act of 2012 implication to cooperativesData Privacy Act of 2012 implication to cooperatives
Data Privacy Act of 2012 implication to cooperativesjo bitonio
 
Examples of international privacy legislation
Examples of international privacy legislationExamples of international privacy legislation
Examples of international privacy legislationUlf Mattsson
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection ActYizi
 
Freedom of Information and Data Protection
Freedom of Information and Data ProtectionFreedom of Information and Data Protection
Freedom of Information and Data ProtectionEquiGov Institute
 
RIGHT TO INFORMATION ACT 2005 ,FULL THEORY-MANPREET SINGH (B.COM)
RIGHT TO INFORMATION ACT 2005 ,FULL THEORY-MANPREET SINGH (B.COM)RIGHT TO INFORMATION ACT 2005 ,FULL THEORY-MANPREET SINGH (B.COM)
RIGHT TO INFORMATION ACT 2005 ,FULL THEORY-MANPREET SINGH (B.COM)MANPREETSINGHPANESAR1
 
Presentation on RTI
Presentation on RTI Presentation on RTI
Presentation on RTIDirectorate of Education Delhi
 
Overview of the Egyptian Personal Data Protection Law
Overview of the Egyptian Personal Data Protection LawOverview of the Egyptian Personal Data Protection Law
Overview of the Egyptian Personal Data Protection LawFatmaAkram2
 
Right to information act
Right to information actRight to information act
Right to information actDr. Prashant L. Pingale GES's Sir Dr. M. S. Gosavi College of Pharmacy, Nashik
 
2019 Bar Notes On Data Privacy Act Data Privacy Act Of 2012
2019 Bar Notes On Data Privacy Act Data Privacy Act Of 20122019 Bar Notes On Data Privacy Act Data Privacy Act Of 2012
2019 Bar Notes On Data Privacy Act Data Privacy Act Of 2012Maria Perkins
 

More Related Content

What's hot

Data Privacy Act of 2012 (R.A. 10173) Briefing 2017
Data Privacy Act of 2012 (R.A. 10173) Briefing 2017Data Privacy Act of 2012 (R.A. 10173) Briefing 2017
Data Privacy Act of 2012 (R.A. 10173) Briefing 2017Jay Castillo
 
Safety And Security Of Data 4
Safety And Security Of Data 4Safety And Security Of Data 4
Safety And Security Of Data 4Wynthorpe
 
Crash Course on Data Privacy (December 2012)
Crash Course on Data Privacy (December 2012)Crash Course on Data Privacy (December 2012)
Crash Course on Data Privacy (December 2012)Jason Haislmaier
 
Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)Robert MacLean
 
Privacy and Data Protection in South Africa
Privacy and Data Protection in South AfricaPrivacy and Data Protection in South Africa
Privacy and Data Protection in South Africablogzilla
 
M.Marusic Dzlp E Society En
M.Marusic Dzlp E Society EnM.Marusic Dzlp E Society En
M.Marusic Dzlp E Society EnMetamorphosis
 
Data legislation, governance and policy/Abraham M Keetshabe
Data legislation, governance and policy/Abraham M KeetshabeData legislation, governance and policy/Abraham M Keetshabe
Data legislation, governance and policy/Abraham M KeetshabeAfrican Open Science Platform
 
The Protection of Personal Information Act: A Presentation
The Protection of Personal Information Act: A PresentationThe Protection of Personal Information Act: A Presentation
The Protection of Personal Information Act: A PresentationEndcode_org
 
Data Privacy Act of 2012 implication to cooperatives
Data Privacy Act of 2012 implication to cooperativesData Privacy Act of 2012 implication to cooperatives
Data Privacy Act of 2012 implication to cooperativesjo bitonio
 
Examples of international privacy legislation
Examples of international privacy legislationExamples of international privacy legislation
Examples of international privacy legislationUlf Mattsson
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection ActYizi
 
Freedom of Information and Data Protection
Freedom of Information and Data ProtectionFreedom of Information and Data Protection
Freedom of Information and Data ProtectionEquiGov Institute
 
RIGHT TO INFORMATION ACT 2005 ,FULL THEORY-MANPREET SINGH (B.COM)
RIGHT TO INFORMATION ACT 2005 ,FULL THEORY-MANPREET SINGH (B.COM)RIGHT TO INFORMATION ACT 2005 ,FULL THEORY-MANPREET SINGH (B.COM)
RIGHT TO INFORMATION ACT 2005 ,FULL THEORY-MANPREET SINGH (B.COM)MANPREETSINGHPANESAR1
 
Overview of the Egyptian Personal Data Protection Law
Overview of the Egyptian Personal Data Protection LawOverview of the Egyptian Personal Data Protection Law
Overview of the Egyptian Personal Data Protection LawFatmaAkram2
 

What's hot (20)

The Popi Act 4 of 2013 - Implications for iSCM
The Popi Act 4 of 2013 - Implications for iSCMThe Popi Act 4 of 2013 - Implications for iSCM
The Popi Act 4 of 2013 - Implications for iSCM
 
Data Privacy Act of 2012 (R.A. 10173) Briefing 2017
Data Privacy Act of 2012 (R.A. 10173) Briefing 2017Data Privacy Act of 2012 (R.A. 10173) Briefing 2017
Data Privacy Act of 2012 (R.A. 10173) Briefing 2017
 
Safety And Security Of Data 4
Safety And Security Of Data 4Safety And Security Of Data 4
Safety And Security Of Data 4
 
Crash Course on Data Privacy (December 2012)
Crash Course on Data Privacy (December 2012)Crash Course on Data Privacy (December 2012)
Crash Course on Data Privacy (December 2012)
 
The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013
 
POPI Seminar FINAL
POPI Seminar FINALPOPI Seminar FINAL
POPI Seminar FINAL
 
Data privacy act
Data privacy actData privacy act
Data privacy act
 
FOI Executive Order (Freedom of Information)
FOI Executive Order (Freedom of Information) FOI Executive Order (Freedom of Information)
FOI Executive Order (Freedom of Information)
 
Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)
 
Privacy and Data Protection in South Africa
Privacy and Data Protection in South AfricaPrivacy and Data Protection in South Africa
Privacy and Data Protection in South Africa
 
M.Marusic Dzlp E Society En
M.Marusic Dzlp E Society EnM.Marusic Dzlp E Society En
M.Marusic Dzlp E Society En
 
Data legislation, governance and policy/Abraham M Keetshabe
Data legislation, governance and policy/Abraham M KeetshabeData legislation, governance and policy/Abraham M Keetshabe
Data legislation, governance and policy/Abraham M Keetshabe
 
The Protection of Personal Information Act: A Presentation
The Protection of Personal Information Act: A PresentationThe Protection of Personal Information Act: A Presentation
The Protection of Personal Information Act: A Presentation
 
Data Privacy Act of 2012 implication to cooperatives
Data Privacy Act of 2012 implication to cooperativesData Privacy Act of 2012 implication to cooperatives
Data Privacy Act of 2012 implication to cooperatives
 
Examples of international privacy legislation
Examples of international privacy legislationExamples of international privacy legislation
Examples of international privacy legislation
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection Act
 
Freedom of Information and Data Protection
Freedom of Information and Data ProtectionFreedom of Information and Data Protection
Freedom of Information and Data Protection
 
RIGHT TO INFORMATION ACT 2005 ,FULL THEORY-MANPREET SINGH (B.COM)
RIGHT TO INFORMATION ACT 2005 ,FULL THEORY-MANPREET SINGH (B.COM)RIGHT TO INFORMATION ACT 2005 ,FULL THEORY-MANPREET SINGH (B.COM)
RIGHT TO INFORMATION ACT 2005 ,FULL THEORY-MANPREET SINGH (B.COM)
 
Presentation on RTI
Presentation on RTI Presentation on RTI
Presentation on RTI
 
Overview of the Egyptian Personal Data Protection Law
Overview of the Egyptian Personal Data Protection LawOverview of the Egyptian Personal Data Protection Law
Overview of the Egyptian Personal Data Protection Law
 

Similar to Leg4

2019 Bar Notes On Data Privacy Act Data Privacy Act Of 2012
2019 Bar Notes On Data Privacy Act Data Privacy Act Of 20122019 Bar Notes On Data Privacy Act Data Privacy Act Of 2012
2019 Bar Notes On Data Privacy Act Data Privacy Act Of 2012Maria Perkins
 
Protecting and Balancing Access and Privacy Rights, November 7, 2017
Protecting and Balancing Access and Privacy Rights, November 7, 2017 Protecting and Balancing Access and Privacy Rights, November 7, 2017
Protecting and Balancing Access and Privacy Rights, November 7, 2017Andrea Corlett
 
Privacy Information for Nonprofit Organizations in Alberta
Privacy Information for Nonprofit Organizations in AlbertaPrivacy Information for Nonprofit Organizations in Alberta
Privacy Information for Nonprofit Organizations in AlbertaVolunteer Alberta
 
ethcpp04-Unit 3.ppt
ethcpp04-Unit 3.pptethcpp04-Unit 3.ppt
ethcpp04-Unit 3.pptAnil Yadav
 
ethcpp04-Unit 3.ppt
ethcpp04-Unit 3.pptethcpp04-Unit 3.ppt
ethcpp04-Unit 3.pptAnil Yadav
 
The changing face of privacy laws
The changing face of privacy lawsThe changing face of privacy laws
The changing face of privacy lawsRussell_Kennedy
 
What You Need to Know About Privacy
What You Need to Know About PrivacyWhat You Need to Know About Privacy
What You Need to Know About PrivacyNow Dentons
 
What You Need To Know About Privacy - Now!
What You Need To Know About Privacy - Now!What You Need To Know About Privacy - Now!
What You Need To Know About Privacy - Now!Now Dentons
 
Overview of the_data_protection-act
Overview of the_data_protection-actOverview of the_data_protection-act
Overview of the_data_protection-actRodamaeLBaccay
 
The Promotion of Access to Information Act for South African Journalists
The Promotion of Access to Information Act for South African JournalistsThe Promotion of Access to Information Act for South African Journalists
The Promotion of Access to Information Act for South African JournalistsGabriella Razzano
 
Freedom of Information for Local Government Units
Freedom of Information for Local Government UnitsFreedom of Information for Local Government Units
Freedom of Information for Local Government UnitsLawrence Villamar
 
Privacy and data protection in the realm of Internet Governance by Santosh Si...
Privacy and data protection in the realm of Internet Governance by Santosh Si...Privacy and data protection in the realm of Internet Governance by Santosh Si...
Privacy and data protection in the realm of Internet Governance by Santosh Si...Santosh Sigdel
 
2014-04-16 Protection of Personal Information Act Readiness Workshop
2014-04-16 Protection of Personal Information Act Readiness Workshop2014-04-16 Protection of Personal Information Act Readiness Workshop
2014-04-16 Protection of Personal Information Act Readiness WorkshopPaul Jacobson
 
Activity 1 legal issues for business communication
Activity 1 legal issues for business communicationActivity 1 legal issues for business communication
Activity 1 legal issues for business communicationjordanbexx
 
Health Information Privacy: Asia's Viewpoint
Health Information Privacy: Asia's ViewpointHealth Information Privacy: Asia's Viewpoint
Health Information Privacy: Asia's ViewpointNawanan Theera-Ampornpunt
 
Current Privacy and Data Issues (for people who care about open data!)
Current Privacy and Data Issues (for people who care about open data!)Current Privacy and Data Issues (for people who care about open data!)
Current Privacy and Data Issues (for people who care about open data!)EmilyDShaw
 

Similar to Leg4 (20)

Right to information act
Right to information actRight to information act
Right to information act
 
2019 Bar Notes On Data Privacy Act Data Privacy Act Of 2012
2019 Bar Notes On Data Privacy Act Data Privacy Act Of 20122019 Bar Notes On Data Privacy Act Data Privacy Act Of 2012
2019 Bar Notes On Data Privacy Act Data Privacy Act Of 2012
 
Protecting and Balancing Access and Privacy Rights, November 7, 2017
Protecting and Balancing Access and Privacy Rights, November 7, 2017 Protecting and Balancing Access and Privacy Rights, November 7, 2017
Protecting and Balancing Access and Privacy Rights, November 7, 2017
 
4514611.ppt
4514611.ppt4514611.ppt
4514611.ppt
 
Privacy Information for Nonprofit Organizations in Alberta
Privacy Information for Nonprofit Organizations in AlbertaPrivacy Information for Nonprofit Organizations in Alberta
Privacy Information for Nonprofit Organizations in Alberta
 
ethcpp04-Unit 3.ppt
ethcpp04-Unit 3.pptethcpp04-Unit 3.ppt
ethcpp04-Unit 3.ppt
 
ethcpp04-Unit 3.ppt
ethcpp04-Unit 3.pptethcpp04-Unit 3.ppt
ethcpp04-Unit 3.ppt
 
The changing face of privacy laws
The changing face of privacy lawsThe changing face of privacy laws
The changing face of privacy laws
 
What You Need to Know About Privacy
What You Need to Know About PrivacyWhat You Need to Know About Privacy
What You Need to Know About Privacy
 
What You Need To Know About Privacy - Now!
What You Need To Know About Privacy - Now!What You Need To Know About Privacy - Now!
What You Need To Know About Privacy - Now!
 
Ben soltane on Access to Information
Ben soltane on Access to InformationBen soltane on Access to Information
Ben soltane on Access to Information
 
POPI Update 2013
POPI Update 2013POPI Update 2013
POPI Update 2013
 
Overview of the_data_protection-act
Overview of the_data_protection-actOverview of the_data_protection-act
Overview of the_data_protection-act
 
The Promotion of Access to Information Act for South African Journalists
The Promotion of Access to Information Act for South African JournalistsThe Promotion of Access to Information Act for South African Journalists
The Promotion of Access to Information Act for South African Journalists
 
Freedom of Information for Local Government Units
Freedom of Information for Local Government UnitsFreedom of Information for Local Government Units
Freedom of Information for Local Government Units
 
Privacy and data protection in the realm of Internet Governance by Santosh Si...
Privacy and data protection in the realm of Internet Governance by Santosh Si...Privacy and data protection in the realm of Internet Governance by Santosh Si...
Privacy and data protection in the realm of Internet Governance by Santosh Si...
 
2014-04-16 Protection of Personal Information Act Readiness Workshop
2014-04-16 Protection of Personal Information Act Readiness Workshop2014-04-16 Protection of Personal Information Act Readiness Workshop
2014-04-16 Protection of Personal Information Act Readiness Workshop
 
Activity 1 legal issues for business communication
Activity 1 legal issues for business communicationActivity 1 legal issues for business communication
Activity 1 legal issues for business communication
 
Health Information Privacy: Asia's Viewpoint
Health Information Privacy: Asia's ViewpointHealth Information Privacy: Asia's Viewpoint
Health Information Privacy: Asia's Viewpoint
 
Current Privacy and Data Issues (for people who care about open data!)
Current Privacy and Data Issues (for people who care about open data!)Current Privacy and Data Issues (for people who care about open data!)
Current Privacy and Data Issues (for people who care about open data!)
 

More from brock55

Csr1 can gan-sum-wood_2011
Csr1 can gan-sum-wood_2011Csr1 can gan-sum-wood_2011
Csr1 can gan-sum-wood_2011brock55
 
Leg2a facial-recognition cga-april-2011-final
Leg2a facial-recognition cga-april-2011-finalLeg2a facial-recognition cga-april-2011-final
Leg2a facial-recognition cga-april-2011-finalbrock55
 
Hr1 cgce-dayna-hinkel-summit-presentation-2011
Hr1 cgce-dayna-hinkel-summit-presentation-2011Hr1 cgce-dayna-hinkel-summit-presentation-2011
Hr1 cgce-dayna-hinkel-summit-presentation-2011brock55
 
Leg2b canadian-gaming-summit
Leg2b canadian-gaming-summitLeg2b canadian-gaming-summit
Leg2b canadian-gaming-summitbrock55
 
Fng1 canadian-gaming-summit-110412-final
Fng1 canadian-gaming-summit-110412-finalFng1 canadian-gaming-summit-110412-final
Fng1 canadian-gaming-summit-110412-finalbrock55
 
Mkt2 building youronlinemktgpresence
Mkt2 building youronlinemktgpresenceMkt2 building youronlinemktgpresence
Mkt2 building youronlinemktgpresencebrock55
 
Mkt3 canadian-gaming-summit-importance-of-branding
Mkt3 canadian-gaming-summit-importance-of-brandingMkt3 canadian-gaming-summit-importance-of-branding
Mkt3 canadian-gaming-summit-importance-of-brandingbrock55
 
Fng5 impact-i gaming-on-landbased-april-2011
Fng5 impact-i gaming-on-landbased-april-2011Fng5 impact-i gaming-on-landbased-april-2011
Fng5 impact-i gaming-on-landbased-april-2011brock55
 
Sec2 on-line-gaming-presentation
Sec2 on-line-gaming-presentationSec2 on-line-gaming-presentation
Sec2 on-line-gaming-presentationbrock55
 
Ops5 building-a-new-entertainment-brand
Ops5 building-a-new-entertainment-brandOps5 building-a-new-entertainment-brand
Ops5 building-a-new-entertainment-brandbrock55
 
Cgc2 cdn gamingsummit-real-time-customer-analytics
Cgc2 cdn gamingsummit-real-time-customer-analyticsCgc2 cdn gamingsummit-real-time-customer-analytics
Cgc2 cdn gamingsummit-real-time-customer-analyticsbrock55
 

More from brock55 (12)

Csr1 can gan-sum-wood_2011
Csr1 can gan-sum-wood_2011Csr1 can gan-sum-wood_2011
Csr1 can gan-sum-wood_2011
 
Leg2a facial-recognition cga-april-2011-final
Leg2a facial-recognition cga-april-2011-finalLeg2a facial-recognition cga-april-2011-final
Leg2a facial-recognition cga-april-2011-final
 
Hr1 cgce-dayna-hinkel-summit-presentation-2011
Hr1 cgce-dayna-hinkel-summit-presentation-2011Hr1 cgce-dayna-hinkel-summit-presentation-2011
Hr1 cgce-dayna-hinkel-summit-presentation-2011
 
Leg2b canadian-gaming-summit
Leg2b canadian-gaming-summitLeg2b canadian-gaming-summit
Leg2b canadian-gaming-summit
 
Fng1 canadian-gaming-summit-110412-final
Fng1 canadian-gaming-summit-110412-finalFng1 canadian-gaming-summit-110412-final
Fng1 canadian-gaming-summit-110412-final
 
Mkt2 building youronlinemktgpresence
Mkt2 building youronlinemktgpresenceMkt2 building youronlinemktgpresence
Mkt2 building youronlinemktgpresence
 
Mkt3 canadian-gaming-summit-importance-of-branding
Mkt3 canadian-gaming-summit-importance-of-brandingMkt3 canadian-gaming-summit-importance-of-branding
Mkt3 canadian-gaming-summit-importance-of-branding
 
Fng5 impact-i gaming-on-landbased-april-2011
Fng5 impact-i gaming-on-landbased-april-2011Fng5 impact-i gaming-on-landbased-april-2011
Fng5 impact-i gaming-on-landbased-april-2011
 
Sec2 on-line-gaming-presentation
Sec2 on-line-gaming-presentationSec2 on-line-gaming-presentation
Sec2 on-line-gaming-presentation
 
Mkt5
Mkt5Mkt5
Mkt5
 
Ops5 building-a-new-entertainment-brand
Ops5 building-a-new-entertainment-brandOps5 building-a-new-entertainment-brand
Ops5 building-a-new-entertainment-brand
 
Cgc2 cdn gamingsummit-real-time-customer-analytics
Cgc2 cdn gamingsummit-real-time-customer-analyticsCgc2 cdn gamingsummit-real-time-customer-analytics
Cgc2 cdn gamingsummit-real-time-customer-analytics
 

Recently uploaded

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 

Recently uploaded (20)

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 

Leg4

  • 1. CANADIAN GAMING SUMMIT 2011 April 19, 2011 Casinos As Public Institutions under the Freedom of Information and Protection of Privacy Act Mary O’Donoghue General Counsel and Manager of Legal Services Information and Privacy Commissioner/Ontario © Information and Privacy Commissioner of Ontario, 2006
  • 2. The Regulator: Information and Privacy Commissioner/Ontario ABOUT US: • The Information and Privacy Commissioner of Ontario (the IPC) is an administrative tribunal as well as a policy making body. • In addition to her powers as an adjudicative tribunal, the IPC has an explicit statutory authority to – Conduct research into access and privacy issues; – Receive information from the public on the operation of the Acts; – Comment on proposed government legislation and programs; and – Educate the public about Ontario’s access and privacy laws. © Information and Privacy Commissioner of Ontario, 2006
  • 3. Information and Privacy Commissioner/Ontario The Acts Information and Privacy Commissioner/Ontario oversees: The Freedom of Information and Protection of Privacy Act (FIPPA) The Municipal Freedom of Information and Protection of Privacy Act (MFIPPA) and The Personal Health Information Protection Act (PHIPA) Under these Acts she resolves access to information appeals and complaints when government or health care practitioners and organizations refuse to grant requests for access or correction or fail to treat personal information in accordance with the statutory Privacy Rules; © Information and Privacy Commissioner of Ontario, 2006
  • 4. The Acts • Each of these Acts provides for access to information and privacy of personal information. • FIPPA came into effect in 1988, MFIPPA in 1991, and PHIPA in 2004 • Under FIPPA and MFIPPA, the general public has a right of access to general records in the custody or control of institutions, as well as to their own personal information • Access rights are subject to both legislated exclusions and exemptions © Information and Privacy Commissioner of Ontario, 2006
  • 5. Purpose of FIPPA/MFIPPA • The purposes of the Freedom of Information and Protection of Privacy Act and the Municipal Freedom of Information and Protection of Privacy Act are: – a) To provide a right of access to information under the control of government organizations in accordance with the following principles: • information should be available to the public; • exemptions to the right of access should be limited and specific; • decisions on the disclosure of government information may be reviewed by the Information and Privacy Commissioner. – b) To protect personal information held by government organizations and to provide individuals with a right of access to their own personal information. © Information and Privacy Commissioner of Ontario, 2006
  • 6. PUBLIC INSTITUTIONS • Which bodies are covered? “Institutions” are the entities subject to the public sector Acts – FIPPA institutions mainly cover provincial ministries and agencies, including entities specially scheduled by regulation – MFIPPA institutions are municipal governments and their agencies, school board, libraries, police services etc. – In Ontario, under the aegis of the Ontario Lottery and Gaming Corporation, Casinos are subject to the privacy and access to information rules of FIPPA © Information and Privacy Commissioner of Ontario, 2006
  • 7. Transparency, Openness and Privacy • Under the two public sector Acts, there are 3 underlying principles: – Citizens are ensured access to the information that allows them to participate meaningfully in the democratic process – Elected officials and public officials remain accountable to the citizenry – Public institutions are responsible for safeguarding personal information and following the privacy rules © Information and Privacy Commissioner of Ontario, 2006
  • 8. The Privacy Rules • Part III of the Freedom of Information and Protection of Privacy Act provides rules for the protection of the privacy of the individuals. “Fair information practices:” – personal information should be collected directly from the individual, unless indirect collection is necessary and authorized; – institutions should collect only personal information which is specifically authorized by statute, necessary for a lawfully authorized activity or for law enforcement; – individuals should be notified by the collecting institution when their personal information is collected; notice should contain legal authority for the collection; name, title and telephone number of institution employee who can answer questions; © Information and Privacy Commissioner of Ontario, 2006
  • 9. The Privacy Rules cont’d. – individuals have a right of access to their personal information held by institutions, subject only to statutory disclosure exemptions; – individuals may request correction of their personal information being held by institutions, or have right to attach statement of disagreement; – institutions only use personal information for the purpose for which it was collected or for consistent purpose; consistent purpose is one reasonably expected by the individual; – individual can consent to new use for the information; information may be collected for more than one use; all potential uses identified prior to collection, and all main uses disclosed to the individual at the time of collection; © Information and Privacy Commissioner of Ontario, 2006
  • 10. The Privacy Rules cont’d. – institutions should not disclose personal information except as permitted under the Act, or upon consent of the individual; – institutions should use only personal information which is accurate and up to date in making decisions affecting an individual; and – institutions must provide for the proper secure custody of personal information © Information and Privacy Commissioner of Ontario, 2006
  • 11. Privacy Rules in the Casino Investigation Report PC-010005-1, February 26, 2001 • Hamilton Spectator reporter contacted the IPC for information on biometric facial scanning by OPP in casinos. • The Alcohol and Gaming Commission (AGCO) Investigations Branch, (seconded OPP officers) closely monitors Ontario casinos to enforce section 209 of the Criminal Code, which criminalizes cheating while playing a game or betting . The OPP was using Facial Recognition Technology. © Information and Privacy Commissioner of Ontario, 2006
  • 12. Facial Recognition Technology in the Casino • The OPP used Facial Recognition Technology to detect suspicious behaviour by customers. If reasonable suspicion that individual is engaging in criminal activity, uses the face recognition software to determine if the individual is a known or suspected casino cheat. • Facial template is compared for matching purposes against two databases (the first is the casino based database of suspected casino cheats throughout North America, the second is the OPP database which contains convicted casino cheats in Ontario and ongoing investigations) • Incident report is prepared and facial scan only retained if investigation leads to a criminal conviction. © Information and Privacy Commissioner of Ontario, 2006
  • 13. Facial Recognition in Casinos • If conviction, scan retained in OPP database at casino where criminal activity took place. OPP may also send facial scans to OPP teams at other casinos in the province for their database. OPP in Ontario casinos did not send their facial scans to other jurisdictions, however others may send their scans to Ontario casinos. • Where the investigation resulted in no conviction the data was deleted and no copy maintained on file. In addition, contrary to media allegations, the OPP did not engage in the scanning of all casino customers. © Information and Privacy Commissioner of Ontario, 2006
  • 14. IPC Findings • Template was personal information • Collection was for purpose of law enforcement and so proper; officers gather information in accordance with duties under the Police Services Act. Used only for law enforcement and access restricted to OPP. • Notice - Posted Notice was required under s. 39(2). Imaging was publicly known and disclosure would not reveal unknown investigative technique. • Law enforcement provisions “would not apply to exempt institution from requirement for general notice to inform the public entering a casino that OPP may be collecting their personal information through the use of face recognition technology… An individual’s face displays unique and highly personal information about that individual, including her or her race, colour, age and sex. In our view, members of the public should be made aware that this information could be collected if they choose to enter a casino in Ontario.” © Information and Privacy Commissioner of Ontario, 2006
  • 15. Consultation • Though it is not a requirement for the IPC to be consulted on every project which may have privacy implications, it is however within the spirit and intent of the Act to consult. In addition, consultation with the IPC will ensure the compliance with the Act. Neither the AGCO nor the OPP consulted with the IPC on the development of facial recognition technology. As well, neither institution established a privacy impact assessment before the implementation of this technology. It is the view of the IPC that consultations are highly recommended and especially important when the use of biometric programs may impinge upon privacy. © Information and Privacy Commissioner of Ontario, 2006
  • 16. Casino Investigation Information - Access • IPC Order PO-2796, AGCO, 2009 • http://www.ipc.on.ca/images/Findings/PO-2796.pdf • Alcohol and Gaming Commission of Ontario received FOI request for 1) “plan to investigate” 2) “report of investigation” – ...any other AGCO document which mentions the [requester] or relates to the [date] Casino [name] incident. © Information and Privacy Commissioner of Ontario, 2006
  • 17. Investigation Information - Access • Records denied by AGCO included some about investigation of the casino’s “operational and performance aspects of a surveillance system”. • The IPC Adjudicator found that the records contained “more than an internal review of a surveillance incident as claimed by the appellant…This information at issue in the records concerns a sensitive subject, namely the surveillance system in a named casino which is related to both the security system in that casino, as well as the protection of the public who frequent that casino. While there may be a public interest in disclosure of this information, the significant and sensitive nature of this information outweighs both the public’s interest in disclosure as well as the appellant’s need to receive this information for his own private interest to assist him in his court action.” • Refusal of access upheld - section 49(a) (requester’s own p.i.) in conjunction with section 13(1) (Advice to gov’t) as well as section 14(2)(a) (law enforcement report). © Information and Privacy Commissioner of Ontario, 2006
  • 18. The Future of Privacy With onslaught of new technological programs involving personal information and new privacy risks, the Commissioner’s challenge is to Change the Paradigm to Positive-Sum, NOT Zero-Sum © Information and Privacy Commissioner of Ontario, 2006
  • 19. Privacy by Design: The Trilogy of Applications Information Technology Accountable Physical Design Business Practices & Infrastructure © Information and Privacy Commissioner of Ontario, 2006
  • 20. PRIVACY BY DESIGN: THE 7 FOUNDATIONAL PRINCIPLES • 1. Proactive not Reactive: Preventative, not Remedial; • 2. Privacy as the Default setting; • 3. Privacy Embedded into Design; • 4. Full Functionality: Positive-Sum, not Zero-Sum; • 5. End-to-End Security: Full Lifecycle Protection; • 6. Visibility and Transparency: Keep it Open; • 7. Respect for User Privacy: Keep it User-Centric. • www.ipc.on.ca/images/Resources/7foundationalprinciples.pdf © Information and Privacy Commissioner of Ontario, 2006
  • 21. Embedding Privacy at the Design Stage: The Obvious Route • Cost-effective • Proactive • User-centric • It’s all about control – preserving personal control and freedom of choice over one’s data flows © Information and Privacy Commissioner of Ontario, 2006
  • 22. Privacy by Design in Action in Casinos © Information and Privacy Commissioner of Ontario, 2006
  • 23. Biometric Encryption (BE) What is Biometric Encryption? • Class of emerging “untraceable biometrics” technologies that seek to translate the biometric data provided by the user; • Special properties: - uniqueness - irreversibility © Information and Privacy Commissioner of Ontario, 2006
  • 24. Biometric Encryption: A Positive-Sum Technology that Achieves Strong Authentication, Security AND Privacy • Privacy-enhanced uses of biometrics, with a particular focus on the privacy and security advantages of BE over other uses of biometrics; • How BE technology can help to overcome the prevailing “zero- sum” mentality by effectively transforming one’s biometric to a private key. www.ipc.on.ca/images/Resources/up-1bio_encryp.pdf © Information and Privacy Commissioner of Ontario, 2006
  • 25. Advantages of Biometric Encryption BE Embodies core privacy practices: 1. Data minimization: no retention of biometric image or template, minimizing potential for unauthorized secondary uses, loss, or misuse; 2. Maximal individual control: Individuals may keep their biometric data private, and can use it to generate or change unique (“anonymous”) account identifiers, and encrypt own data; 3. Improved security: authentication, communication and data security are enhanced. © Information and Privacy Commissioner of Ontario, 2006
  • 26. Facial recognition a system problem gamblers can’t beat? This coming May facial recognition technology will be used to scan the faces of every patron entering an Ontario casino. This scan will then be compared with a database of 15 000 individuals who have placed themselves on a self- excluded list. When there is a match found the casino security is notified, if no match is found the image is discarded. Privacy mechanisms have been implemented into this technology through a biometric encryption algorithm. This algorithm assures the public that there is “no permanent link between a biometric template of a person’s face and their private information.” According to Commissioner Cavoukian measures must be taken to ensure the privacy of those who come to the casino and have not placed themselves on this list. • Toronto Star, January 12, 2011 © Information and Privacy Commissioner of Ontario, 2006
  • 27. OLG’s new 4 step self-exclusion program • Enrolment process - Images are taken for facial recognition process, conversation between the self-excluder and security is documented, and a digital form is signed agreeing to the terms of self-exclusion. • Detection – Cameras are located at the entrance and exit of each casino. Faces are scanned in real time and encrypted into a unique algorithm. • Tracking and identification – the self-excluded database is searched for a match of that algorithm. If detected, the self-excluder’s information is distributed to security. Security personnel double- check to make sure the system has identified a self-excluded person, and that no one has been falsely identified. • Enforcement – If a self-excluded person is detected the casino, they are asked to leave and the incident is recorded in the database. © Information and Privacy Commissioner of Ontario, 2006
  • 28. OLG Facial Recognition Program • The system is designed to detect only self-excluded people – not cheaters or organized crime; • Legacy, photograph-based system, needs to be maintained without the need for re-enrolment of individuals; • Automated facial recognition system is the only technology that produces remote identification and is compatible with the legacy photograph-based system. © Information and Privacy Commissioner of Ontario, 2006
  • 29. OLG Self-Exclusion program • Completely voluntary self-excluded individuals – more than 12,000 in Ontario and growing; • Great Need for reliable detection of those attempting to enter a gaming site – manual comparison alone does not work; • Privacy of all casino patrons must be protected; • Solution: Facial recognition in watch-list scenario with the use of Biometric Encryption; • Novel “Made in Ontario” PbD application: collaboration of OLG, IPC, UofT, and iView Systems © Information and Privacy Commissioner of Ontario, 2006
  • 30. OLG Facial Recognition Program • OLG is subject to Ontario’s privacy legislation; • OLG contacted us at the earliest stage and adopted the Privacy-by- Design approach – embedding the privacy protection means directly into the core technology; • The research project was successfully completed at the University of Toronto, developing an essentially new variant of a BE algorithm called Quantized Index Modulation (QIM); • The database tests showed that BE may be integrated with conventional facial recognition, with little or no accuracy degradation. © Information and Privacy Commissioner of Ontario, 2006
  • 31. Facial Recognition with Biometric Encryption • Biometric Encryption (BE): securely binds a person’s identifier (pointer to personal information) with facial biometrics; • The pointer is retrieved only if a correct (i.e., self-excluded) person is present; • The link between facial templates and personal information is controlled by BE; • Final comparison is done manually; • Privacy of both the general public and self-excluded individuals is protected. © Information and Privacy Commissioner of Ontario, 2006
  • 32. Proof of Concept • Live field test at Woodbine facilities: Correct Identification Rate (CIR) is 91% without BE, and 90% with BE – negligible accuracy impact; • BE reduces False Acceptance Rate (FAR) by up to 50% – a huge improvement in accuracy; • Accuracy exceeds state-of-the-art for facial recognition; • Triple-win: privacy, security, and accuracy (unexpected) – all improved; • Next: production version of facial recognition with BE. © Information and Privacy Commissioner of Ontario, 2006
  • 33. How to Contact Us Mary O’Donoghue General Counsel and Manager of Legal Services Information and Privacy Commissioner/Ontario 2 Bloor Street East, Suite 1400 Toronto, Ontario M4W 1A8 mary.o’donoghue@ipc.on.ca 416 326-3922 © Information and Privacy Commissioner of Ontario, 2006