OASIS Privacy Management Reference Model TC (#PMRM) presentation about #standards for #privacy policy implementation, enforcement and modelling methods: by Gershon Janssen and John Sabo at #EIC2014 (European Identity Conference) in Munich, May 2014. Source: https://lists.oasis-open.org/archives/pmrm/201405/msg00004.html
This paper deals with the risk assessment of different types of electronics and mobile payment systems as well as the countermeasures to mitigate the identified risk in various electronics and mobile payment synthesis.
Top 10 and Insight into IT Strategic challenges Presented at the IT Strategy Forum organized by IIRME in Dubai, UAE, presented by Jorge Sebastiao for eSgulf
Anonos NTIA Comment Letter letter on ''Big Data'' Developments and How They I...Ted Myerson
Read our NTIA comment letter on ''Big Data'' Developments and How They Impact the Consumer Privacy Bill of Rights. Filed with the NTIA on August 5, 2014.
Anonos has been working for over two years on technology that transforms data at the data element level enabling de-identification and functional obscurity that preserves the value of underlying data. Specifically, Anonos de-identification and functional obscurity risk management tools help to enable data subjects to share information in a controlled manner, enabling them to receive information and offerings truly personalized for them, while protecting misuse of their data; and to facilitate improved healthcare, medical research and personalized medicine by enabling aggregation of patient level data without revealing the identity of patients.
This paper deals with the risk assessment of different types of electronics and mobile payment systems as well as the countermeasures to mitigate the identified risk in various electronics and mobile payment synthesis.
Top 10 and Insight into IT Strategic challenges Presented at the IT Strategy Forum organized by IIRME in Dubai, UAE, presented by Jorge Sebastiao for eSgulf
Anonos NTIA Comment Letter letter on ''Big Data'' Developments and How They I...Ted Myerson
Read our NTIA comment letter on ''Big Data'' Developments and How They Impact the Consumer Privacy Bill of Rights. Filed with the NTIA on August 5, 2014.
Anonos has been working for over two years on technology that transforms data at the data element level enabling de-identification and functional obscurity that preserves the value of underlying data. Specifically, Anonos de-identification and functional obscurity risk management tools help to enable data subjects to share information in a controlled manner, enabling them to receive information and offerings truly personalized for them, while protecting misuse of their data; and to facilitate improved healthcare, medical research and personalized medicine by enabling aggregation of patient level data without revealing the identity of patients.
Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...Damir Delija
One of draft versios of "Concepts and Methodology in Mobile Devices Digital Forensics Education and Training",
Abstract - This paper presents various issues in digital forensics of mobile devices and how to address these issues in the related education and training process. Mobile devices forensics is a new, very fast developing field which lacks standardization, compatibility, tools, methods and skills. All this drawbacks have impact on the results of forensic process and also have deep influence in training and education process. In this paper real life experience in training is presented, with tools, devices, procedures and organization with purpose to improve process of mobile devices forensics and mobile forensic training and education
Social, political and technological considerations for national identity mana...Ravinder (Ravi) Singh
Government agencies face the intricate challenge of effectively and securely controlling population flows,
identifying individuals, and managing their access to services, while aligning their strategies with citizen’s
expectations for convenience, security and privacy. Identity Management initiatives, especially after the
increased frequency of terrorist attacks around the world, have become a political imperative of
unprecedented urgency, for an increasing number of governments around the world. The India’s answer
to this challenge is expressed through the proposed UID Scheme.
This paper details all the architecture considerations and its realizations ...
Abstract: Contactless smart card technology work on a secure microcontroller or embedded in a device that communicates with a reader with use of a contactless radio frequency (RF) interface. Smart Cards are secure portable storage devices used for many applications especially security related which involving access to system’s database. For the future of smart card to be bright, it is important to look into several aspects and factors especially those resulted due to the rapid advancement in communication technology. This paper looks into current trends in smart card technology and highlights what is likely to happen in the future. Moreover, the paper addresses other aspects in order to identify the core concepts that are of interest to smart card developers and researchers. Keywords: contactless, security
Data validation using CDR (Call Detail Records) and real cell tower coverageNicola Chemello
digital forensics acquisition is one of the most important part of any investigation. Granting the results comparing the obtained data with third party information is something the investigator should consider. Fake SMS, wrong parsing of the data, and other issues can be prevented if multiple sources are analysed. In this briefly presentation the results of a correlation with SecurCube Phonelog for the CDR analysis and SecurCube BTS tracker for the real cell towers coverage are highlighted.
An Investigation on Scalable and Efficient Privacy Preserving Challenges for ...IJERDJOURNAL
ABSTRACT:- Big data is a relative term describing a situation where the volume, velocity and variety of data exceed an organization’s storage or compute capacity for accurate and timely decision making. Big data refers to huge amount of digital information collected from multiple and different sources. With the development of application of Internet/Mobile Internet, social networks, Internet of Things, big data has become the hot topic of research across the world, at the same time; big data faces security risks and privacy protection during collecting, storing, analyzing and utilizing. Since a key point of big data is to access data from multiple and different domains security and privacy will play an important role in big data research and technology. Traditional security mechanisms, which are used to secure small scale static data, are inadequate. So the question is which security and privacy technology is adequate for efficient access to big data. This paper introduces the functions of big data, and the security threat faced by big data, then proposes the technology to solve the security threat, finally, discusses the applications of big data in information security. Main expectation from the focused challenges is that it will bring a novel focus on the big data infrastructure.
Privacy and security policies in supply chainVanya Vladeva
Nowadays, Industry 4.0 era and the progress of technologies are moving on the society. Business solutions are aiming to perform cross functional and cross border services. In the years where the e-trade and supply are growing digitally and reaching every spot in the world via technologies, the problem for the security solutions are more than important and contemporary topic
Date Use Rules in Different Business Scenarios: It's All Contextual William Tanenbaum
Arent Fox LLP. Collecting, sharing, aggregating and using data in different business models and scenarios are subject to different rules and depend on the specific context
Date Use Rules in Different Business Scenarios:It's All Contextual William Tanenbaum
All privacy is contextual. Like that, the legal rules for collecting, aggregating, sharing and protecting data, including through IP, are specific to the context. One size does not fit all.
Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...Damir Delija
One of draft versios of "Concepts and Methodology in Mobile Devices Digital Forensics Education and Training",
Abstract - This paper presents various issues in digital forensics of mobile devices and how to address these issues in the related education and training process. Mobile devices forensics is a new, very fast developing field which lacks standardization, compatibility, tools, methods and skills. All this drawbacks have impact on the results of forensic process and also have deep influence in training and education process. In this paper real life experience in training is presented, with tools, devices, procedures and organization with purpose to improve process of mobile devices forensics and mobile forensic training and education
Social, political and technological considerations for national identity mana...Ravinder (Ravi) Singh
Government agencies face the intricate challenge of effectively and securely controlling population flows,
identifying individuals, and managing their access to services, while aligning their strategies with citizen’s
expectations for convenience, security and privacy. Identity Management initiatives, especially after the
increased frequency of terrorist attacks around the world, have become a political imperative of
unprecedented urgency, for an increasing number of governments around the world. The India’s answer
to this challenge is expressed through the proposed UID Scheme.
This paper details all the architecture considerations and its realizations ...
Abstract: Contactless smart card technology work on a secure microcontroller or embedded in a device that communicates with a reader with use of a contactless radio frequency (RF) interface. Smart Cards are secure portable storage devices used for many applications especially security related which involving access to system’s database. For the future of smart card to be bright, it is important to look into several aspects and factors especially those resulted due to the rapid advancement in communication technology. This paper looks into current trends in smart card technology and highlights what is likely to happen in the future. Moreover, the paper addresses other aspects in order to identify the core concepts that are of interest to smart card developers and researchers. Keywords: contactless, security
Data validation using CDR (Call Detail Records) and real cell tower coverageNicola Chemello
digital forensics acquisition is one of the most important part of any investigation. Granting the results comparing the obtained data with third party information is something the investigator should consider. Fake SMS, wrong parsing of the data, and other issues can be prevented if multiple sources are analysed. In this briefly presentation the results of a correlation with SecurCube Phonelog for the CDR analysis and SecurCube BTS tracker for the real cell towers coverage are highlighted.
An Investigation on Scalable and Efficient Privacy Preserving Challenges for ...IJERDJOURNAL
ABSTRACT:- Big data is a relative term describing a situation where the volume, velocity and variety of data exceed an organization’s storage or compute capacity for accurate and timely decision making. Big data refers to huge amount of digital information collected from multiple and different sources. With the development of application of Internet/Mobile Internet, social networks, Internet of Things, big data has become the hot topic of research across the world, at the same time; big data faces security risks and privacy protection during collecting, storing, analyzing and utilizing. Since a key point of big data is to access data from multiple and different domains security and privacy will play an important role in big data research and technology. Traditional security mechanisms, which are used to secure small scale static data, are inadequate. So the question is which security and privacy technology is adequate for efficient access to big data. This paper introduces the functions of big data, and the security threat faced by big data, then proposes the technology to solve the security threat, finally, discusses the applications of big data in information security. Main expectation from the focused challenges is that it will bring a novel focus on the big data infrastructure.
Privacy and security policies in supply chainVanya Vladeva
Nowadays, Industry 4.0 era and the progress of technologies are moving on the society. Business solutions are aiming to perform cross functional and cross border services. In the years where the e-trade and supply are growing digitally and reaching every spot in the world via technologies, the problem for the security solutions are more than important and contemporary topic
Date Use Rules in Different Business Scenarios: It's All Contextual William Tanenbaum
Arent Fox LLP. Collecting, sharing, aggregating and using data in different business models and scenarios are subject to different rules and depend on the specific context
Date Use Rules in Different Business Scenarios:It's All Contextual William Tanenbaum
All privacy is contextual. Like that, the legal rules for collecting, aggregating, sharing and protecting data, including through IP, are specific to the context. One size does not fit all.
Data Mesh is the decentralized architecture where your units of architecture is a domain driven data set that is treated as a product owned by domains or teams that most intimately know that data either creating it or they are consuming it and re-sharing it and allocated specific roles that have the accountability and the responsibility to provide that data as a product abstracting away complexity into infrastructure layer a self-serve infrastructure layer so that create these products more much more easily.
As the confluence of several mature and emerging technologies, the Internet of Things (IoT) is rapidly developing into a vibrant new marketplace. What are important considerations for technology, media, and telecom (TMT) companies as they compete for opportunities? This presentation covers:
• Questions TMT executives should be asking about impacts of IoT technologies, performance improvement opportunities, and where value can be generated.
• Building an IoT ecosystem where all players benefit – defining different players' roles and relationships, and already-successful tactics.
• Security and privacy challenges, including how data protection responsibility is assigned and monitored, and defining appropriate security and privacy standards.
Explore this quickly developing new opportunity for TMT companies.
Get more IoT insights: http://www.deloitte.com/us/iot_ecosystem
Internet of things - Introduction and Variations (Architecture)Mayank Vijh
The slides includes the IOT Architecture introduction and how that is being used in certain use cases around the industries.
Topics include :
Introduction
Trends and Hype cycle
Major IOT Players
Real World Problems
IOT Architecture and variations
Challenges and Tools
Difference between M2M and IOT practice.
KPI and Criteria
Evaluation and Decision
Conclusion
Securing Apps & Data in the Cloud by Spyders & NetskopeAhmad Abdalla
Securing Apps & Data in the Cloud Presented by Spyders & Netskope - a discussion of shadow IT and the emergence of Cloud Access Security Brokers (CASBs) like Netskope, Spyders latest technology partner, have emerged to help solve the issue of shadow IT. Cloud Access Security Brokers were listed as the #1 technology in the Gartner 2014 Top 10 Technologies for Information Security. If your wondering about what cloud access security brokers are, Gartner defines CASBs as “on-premises, or cloud-based security policy enforcement points, placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as the cloud-based resources are accessed. Essentially, CASBs consolidate multiple types of security policy enforcement.”
As organizations embrace cloud applications, new risks and complexities have arisen. Staying on top of the ever-changing policy, legal and tech landscapes is daunting and gives rise to complex legal and business challenges.
Privacy and security expert, Lisa Abe-Oldenburg, and Pranav Shah, a CIO advocate and security specialist, go over latest considerations facing Canadian organizations transitioning to cloud-based apps.
Lisa provides insight and guidance from a legal perspective, and Pranav addresses the business challenges related to architecture, technology, and human capital. Participants also gain insight into how organizations are successfully leveraging one of Gartner's newest categories, Cloud Access Security Brokers (CASB), as an integral component of their secure, SaaS business and security strategies.
Visit http://www.spyders.ca to learn more about Netskope and Cloud Access Security Brokers.
Strategic, Privacy and Security Considerations for Adoption of Cloud and Emer...Marie-Michelle Strah, PhD
Prepared for Ministers and Senior Officials from the Caribbean and distinguished participants and attendees of the Caribbean Telecommunications Union (CTU), the Commonwealth Secretariat, the Organization of American States (OAS), and the International Telecommunication Union (ITU) on the occasion of the Caribbean Stakeholders’ Meeting: The Importance of ICTs and their Impact on Regional Development, May 26-28, 2014 in Port of Spain, Trinidad.
Not Your Father's Platform - How to Connect the Internet of ThingsLaurie Lamberth
Based on my February/March column in Connected World Magazine, this presentation:
1. provides an overview of the Internet of Things (definition, market size and growth rate, supporting technologies) and
2. digs into four "new school" platforms supporting the IoT that use tools and techniques more common in smartphone apps and websites than most of today's "Industrial Internet" platforms
Platforms profiled are machineshop.io, Xively, Kii and ThingWorx.
Presentation made to Women Who Code, Denver/Boulder chapter, on February 3, 2015. Joint presenter Allison Jones from machineshop.io. (Unfortunately, Allison's demonstration was live and so there are no slides for this part of the presentation.)
How to Safely Scrape Data from Social Media Platforms and News Websites.pdfRobertBrown631492
This guide will explore the principles and practices that ensure safe data scraping. Navigating data scraping from social media platforms and news websites requires a delicate balance between extracting valuable insights and respecting ethical and legal boundaries.
In this presentation, Shushyam introduces the topic of SMAC and associated trends. Shushyam already has experience in machine learning using "R" and he intends to build on that to build customer profiles for targeting with right products and services.
Similar to OASIS PMRM overview and tools #EIC2014: Sabo and Janssen (20)
NSTIC IDESG Baseline Requirements for Security, Privacy, UX and InteropJames Bryce Clark
Developed in the US-NIST-sponsored "IDESG" program as the consensus product of over 100 identity, privacy, security, UX, standards and apps experts in 2015. OASIS staffed this project and served as primary editor.
Rutkowski OASIS CTI F2F Cybersecurity Act Preso 20160115James Bryce Clark
Shared with permission from author. Analysis from individual members of OASIS, presented at a recent meeting of the OASIS Cyber Threat Intelligence TC (the development platform for STIX/TAXII). Extracted from a broader set posted to: https://lists.oasis-open.org/archives/cti/201601/msg00000/_cybersecurity_act_reference-model_1.1.pptx
This information is provided for information, but does not represent the output or official views of OASIS or its technical committees..
Struse 2015 A funny thing happened on the way to OASIS: standarising STIX +...James Bryce Clark
Thoughts as DHS takes STIX and TAXII through the open standards process - from the WorldBank / OASIS Borderless Cybersecurity conference. Author = Richard Struse
NSTIC IDESG Functional Requirements status report from FMOJames Bryce Clark
Slides from the Atlanta (12th) IDESG plenary, on progress towards the IDESG Functional Requirements for supporting implementable NSTIC principles. From the IDESG Framework Management Office (OASIS).
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
Understanding User Behavior with Google Analytics.pdfSEO Article Boost
Unlocking the full potential of Google Analytics is crucial for understanding and optimizing your website’s performance. This guide dives deep into the essential aspects of Google Analytics, from analyzing traffic sources to understanding user demographics and tracking user engagement.
Traffic Sources Analysis:
Discover where your website traffic originates. By examining the Acquisition section, you can identify whether visitors come from organic search, paid campaigns, direct visits, social media, or referral links. This knowledge helps in refining marketing strategies and optimizing resource allocation.
User Demographics Insights:
Gain a comprehensive view of your audience by exploring demographic data in the Audience section. Understand age, gender, and interests to tailor your marketing strategies effectively. Leverage this information to create personalized content and improve user engagement and conversion rates.
Tracking User Engagement:
Learn how to measure user interaction with your site through key metrics like bounce rate, average session duration, and pages per session. Enhance user experience by analyzing engagement metrics and implementing strategies to keep visitors engaged.
Conversion Rate Optimization:
Understand the importance of conversion rates and how to track them using Google Analytics. Set up Goals, analyze conversion funnels, segment your audience, and employ A/B testing to optimize your website for higher conversions. Utilize ecommerce tracking and multi-channel funnels for a detailed view of your sales performance and marketing channel contributions.
Custom Reports and Dashboards:
Create custom reports and dashboards to visualize and interpret data relevant to your business goals. Use advanced filters, segments, and visualization options to gain deeper insights. Incorporate custom dimensions and metrics for tailored data analysis. Integrate external data sources to enrich your analytics and make well-informed decisions.
This guide is designed to help you harness the power of Google Analytics for making data-driven decisions that enhance website performance and achieve your digital marketing objectives. Whether you are looking to improve SEO, refine your social media strategy, or boost conversion rates, understanding and utilizing Google Analytics is essential for your success.
Italy Agriculture Equipment Market Outlook to 2027harveenkaur52
Agriculture and Animal Care
Ken Research has an expertise in Agriculture and Animal Care sector and offer vast collection of information related to all major aspects such as Agriculture equipment, Crop Protection, Seed, Agriculture Chemical, Fertilizers, Protected Cultivators, Palm Oil, Hybrid Seed, Animal Feed additives and many more.
Our continuous study and findings in agriculture sector provide better insights to companies dealing with related product and services, government and agriculture associations, researchers and students to well understand the present and expected scenario.
Our Animal care category provides solutions on Animal Healthcare and related products and services, including, animal feed additives, vaccination
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfFlorence Consulting
Quattordicesimo Meetup di Milano, tenutosi a Milano il 23 Maggio 2024 dalle ore 17:00 alle ore 18:30 in presenza e da remoto.
Abbiamo parlato di come Axpo Italia S.p.A. ha ridotto il technical debt migrando le proprie APIs da Mule 3.9 a Mule 4.4 passando anche da on-premises a CloudHub 1.0.
2.Cellular Networks_The final stage of connectivity is achieved by segmenting...JeyaPerumal1
A cellular network, frequently referred to as a mobile network, is a type of communication system that enables wireless communication between mobile devices. The final stage of connectivity is achieved by segmenting the comprehensive service area into several compact zones, each called a cell.
OASIS PMRM overview and tools #EIC2014: Sabo and Janssen
1. PMRM Overview and Privacy
Management Analysis Tools
Development
John Sabo
John.annapolis@verizon.net
Gershon Janssen
gershon.janssen@gmail.com @gershonjanssen
2. “Smart” and Privacy
• Smart Grid: “A smart grid is a modernized electrical grid that uses analog or digital
information and communications technology to gather and act on information, such as
information about the behavior of suppliers and consumers , in an automated fashion, to
improve the efficiency, reliability, economics and sustainability of the production and
distribution of electricity.”
• Smart City: “A city can be defined as „smart‟ when investments in human and social
capital and traditional (transport) and modern (ICT) communication infrastructure fuel
sustainable economic development and a high quality of life…through participatory
action and engagement….. Online collaborative sensor data management platforms are
on-line database services that allow sensor owners to register and connect their devices
to feed data into an online database for storage and also allow developers to connect to
the database and build their own applications based on that data.
• Smart Phone: “A smart phone … is a mobile phone with more advanced computing
capability and connectivity than basic feature phones.”
• Internet of Things: “The Internet of Things (IoT) refers to uniquely identifiable objects and
their virtual representations in an Internet-like structure. Today …IoT… is used to denote
advanced connectivity of devices, systems and services and covers a variety of
protocols, domains and applications.”
(Definitions: Wikipedia)
3. Smart: Connectivity, Information and Context
• “Your phone is constantly gathering what app developers call signals.
These could be your commuting habits, which the phone can glean from
its internal GPS, often within a few feet. Your phone could also gather
your meetings, your future trips, your friends and family, your favorite
sports team, the type of news you usually read and even things like your
heart rate. Things really get interesting when the apps that gather these
signals start to be predictive. When that happens, your phone can start
anticipating your needs, interests and habits ….” Examples: Google
Now, Cortana, EverythingMe, Mynd, EasilyDo….”
• “Contextual is a whole world,” said Ami Ben David, co-founder of the
company EverythingMe. “We‟re going to start looking at computers as
being smart, as having infinite computing power and infinite access to
databases, and therefore able to talk to us and give us what we want.”
(Molly Wood, New York Times, May 7, 2014: http://www.nytimes.com/
2014/05/08/technology/personaltech/the-app-that-knows-
you.html?emc=eta1
Smart: How do We Design in Privacy?
4. Understanding “Smart” Applications and
Designing in Privacy
• Gaps
o Discontinuity between policies and technology
o Speed to market – innovation
o Complexity and scale
o Lack of standards
o Privacy Focus: macro or micro?
• Work Underway in OASIS
o OASIS PBD-SE Technical Specification (under development)
o OASIS PMRM Committee Specification v1.0 and use case work
o XACML Profiles
• Emerging Tools
o “Privacy by Design Use Case Template”
• Derived from PMRM and PbD technical committee collaboration
5. Privacy Use Case Template as Tool
Supporting Privacy by Design
• Provides all stakeholders associated with the specified software
development project within an organization a common picture and a
clearer understanding of all relevant privacy components of the project
• Can expose gaps where PbD analysis has not been carried out where
implementation has not been initiated or completed
• A tool to map privacy policies, requirements and control objectives to
technical functionality
• Facilitates the re-use of knowledge for new applications and the
extension of Privacy by Design principles more broadly throughout an
organization
• Where code must bridge to external systems and applications, a
standardized template will help ensure that Privacy by Design principles
extend to the transfer of personal information across system and
organizational boundaries.
• A standards-based use case template can reduce the time and cost of
operationalizing PbD and improve the quality and reusability of
documentation
7. PMRM-Based Template Benefits
• Provides an inventory of Privacy Use Case components and the responsible
parties that directly affect software development for the Use Case
• Segments Privacy Use Case components in a manner generally consistent
with the OASIS PMRM v1.0 Committee Specification
• Enables understanding of the relationship of the privacy responsibilities of
software developers vis-à-vis other relevant Privacy Use Case stakeholders
• Bring insights to the privacy aspect when moving through the different stages
of the privacy lifecycle and across interconnected applications
• May be extended to address predicates for software developers (training,
privacy management maturity, etc.)
• Does not specify an implementer‟s SDLC methodology, development
practices or in-house data collection, data analysis or modeling tools
• Valuable as a tool to increase opportunities to achieve Privacy by Design in
applications by extracting and making visible required privacy properties
• Enables Capability Maturity Model analysis for an organization
9. Template Helps Address Challenge of Mapping Privacy Analysis
to Software Development Lifecycle Processes
SDLC Graphic Source: Wikipedia Commons
10. PMRM Template
Privacy Management Analysis (PMA)
Use Case Title
Use Case
Categorization
Use case
Description
Applications
associated with
Use Case
Data Subjects
PI/PII
Legal/Reg
Domains and
Owners
Data Flows and
Touch Points
Systems
Controls
Services
Functions
Baseline
Information
Applications
and Data
Subjects
Technical,
Managerial and
Boundary Data
Policies,
Controls
and
Supporting
Services/Fu
nctions
11. Baseline Information
Use Case Title
A short descriptive title for the use case
ACME Insurance Company Vehical Data Tracking for Reduced
Premiums
12. Baseline Information
Category of Use Case
e.g. Application categories such as
“Online Banking” or Model categories
such as “Two Domain”.
Mobile-Vehicular
14. Applications and Data Subjects
Applications associated with Use Case
Relevant applications and products where
personal information is communicated, created,
processed, stored or deleted and requiring
software development
15. Applications and Data Subjects
Data subject(s) associated with Use Case
Include any data subjects associated with
any of the applications in the use case.
• The registered Insured person associated with the vehicle VIN
• Other drivers designated by the vehicle owner
16. The PI and PII collected, created, communicated,
processed, stored or deleted within privacy domains
or systems, applications or products.
• per domain, system, application or product
depending on level of use case development
• including incoming, internally generated and
outgoing PI
Technical, Managerial and Boundary Data
PI and PII covered by the Use Case
• Registered driver name, Account Number, VIN
• Registered driver contact information
• Linked vehicle operational data
• Linked vehicle time and location data
• Linked evaluation assessment and summary information
17. The policies and regulatory requirements governing
privacy conformance within use case domains or
systems and links to their sources.
Technical, Managerial and Boundary Data
Legal, regulatory and/or business policies
governing PI and PII in the Use Case
• Government(s) regulations
• Vehicle Manufacturer privacy policies
• Telecom Carrier privacy policies
• Insurance Company privacy policies
• Data Subject Consent preferences
• Specific policies governing apps (e.g., “Data Communications to
Manufacturer”
• Links to policies ….
• http://acmeinsurancegroupinc.biz/vehicle privacy/
• http://HudsonCarCompany.biz/privacy_vehicle….
18. • Domains - both physical areas (such as a customer site or home) and
logical areas (such as a wide-area network or cloud computing
environment) that are subject to the control of a particular domain owner
• Domain Owners - the stakeholders responsible for ensuring that privacy
controls and functional services are defined or managed in business
processes and technical systems within a given domain
Note: Identifying stakeholders is essential for clarifying the intersection of
privacy requirements and software development.
• Roles - the roles and responsibilities assigned to specific stakeholders and
their relationship to systems within a specific privacy domain
Technical, Managerial and Boundary Data
Domains, Domain Owners, and Roles
associated with Use Case
19. Technical, Managerial and Boundary Data
Domains, Domain Owners, and Roles
associated with Use Case
Domain 1: Hudson Motor Company’s Vehicle
Communications Data Center, Vehicle Owner’s Web
Portal and Backend Data Collection Application
Domain 1 Owner: VP, Vehicle Manufacturer’s Vehicle
Communication and Data Division
Role: Application design, development, content,
testing, integration testing with external systems, and
adherence to corporate security and privacy policies,
management of raw datasets of vehicle information.
20. • Touch points - the points of intersection of data flows with privacy
domains or systems within privacy domains
• Data flows – data exchanges carrying PI and privacy policies among
domains in the use case
Technical, Managerial and Boundary Data
Data Flows and Touch Points Linking
Domains or Systems
Hudson Motors
Communications
Division
Vehicle
Backend
Data
Operations
Vehicle
Web
Portal
Vehicle
Communications
System
Acme
Insurance
Customer
Vehicle
Programs
Customer
Profile
Dept.
Analytics
Domain
Customer
Portal
Software
Development
Group
Data
Communications
Local
Agent
portal
22. • Control - a process designed to provide reasonable assurance regarding
the achievement of stated objectives
• per specific domain, system, or applications as required by internal
governance policies and regulations
• including inherited, internal and exported privacy controls
Policies, Controls and Supporting Services/Functions
Privacy controls required for developer
implementation
Acme
Insurance
Customer
Vehicle
Programs
Customer
Profile
Dept.
Analytics
Domain
Customer
Portal
Software
Development
Group
Data
Communications
Local
Agent
portal
Incoming PI
(Driving patterns
and assessed risk
linked to VIN)
Inherited Control
DM-1:
Minimization of
PII
Outgoing PI
(Name, account
number, driving
pattern and
assessment
summaries)
Exported Control
AR-3:
Requirements for
Contractors
23. • Service - a collection of related functions and
mechanisms that operate for a specified purpose
• Identify Services satisfying privacy controls
Policies, Controls and Supporting Services/Functions
Services
Inherited Control
DM-1:
Minimization of
PII
Exported Control
AR-3:
Requirements for
Contractors
24. • Define technical functionality and business processes
supporting selected services
Policies, Controls and Supporting Services/Functions
Functions
• Inherited Control DM-1: Minimization of PII
• Usage service
• Automated interfaces to maintain separation of data using
identifier with relatively inaccessible auxiliary info
• Security service
• Role-based access control
• Exported Control AR-3: Requirements for Contractors
• Agreement service
• Chain-of-trust contract clause
26. A Work in Process
• PbD-SE TC and PMRM TC working in parallel to
develop practical standards and standards-derived
tools
• Open to broader participation from business, policy
and technical experts
• Contact today‟s workshop speakers or email:
join@oasis-open.org