European government in 2016 adopted General Data Protection Regulation (GDPR) and was
put into effect on May 25, 2018, replacing the 1995’s Data Protection Directive to protect the
personal information of EU citizens. GDPR aims to govern personal data processing and ensure
processing is fair and lawful. It is also designed to emphasize the fundamental right to privacy.
The European Union (EU) is implementing GDPR (General Data Protection Regulation) on May 25, 2018. Organizations who offer goods or services to EU residents or monitor the behavior of EU residents must comply, or they may incur significant financial penalties. Are you ready? Time is running out to ensure you comply with the new requirements.
In this webinar presentation, Dean Evans, Satori Consulting to learn what the GDPR requirements mean for your organization, plus get a practical guide to achieving GDPR readiness including how to implement processes to satisfy the privacy rights of individuals. Dean will cover:
=> What is GDPR?
=> Common GDPR misconceptions
=> Key considerations
=> How to develop a plan of action
=> Process owners as data stewards
Key highlights of the General Data Protection Regulation (GDPR), which organisations will need to consider when preparing for its coming into force on 25 May 2018.
For more information visit https://www.brightpay.ie or https://www.thesaurus.ie
Given recent cyber-attacks, an updated security process is definitely required to protect the personal data that we manage. GDPR is not a new concept, it is simply a data protection process that is being upgraded to protect all individuals. Essentially, GDPR is an overhaul of the way we process, manage and store individual’s personal data.
This webinar will uncover the ins and outs of the impact of GDPR on your payroll processing, highlighting the biggest areas of concern including emailing payslips, employee consent and your legal obligation.
We will walk you through some important steps to achieve GDPR compliance by examining the following topics:
Agenda
What does GDPR mean for your payroll processing?
- Understanding GDPR
- The contract between accountants & clients
- Template Data Processor Agreement
- Proof of compliance
- Securely storing employee data
Payslips & GDPR Compliance
- Employee consent
- Emailing payslips
- Recommended self-service access
Breaching GDPR
- Data breach plan of action
- Non-compliance and penalties
BrightPay & GDPR
- BrightPay Connect - online self-service portal
- Enhanced security measures
Full GDPR toolkit: https://quality.eqms.co.uk/gdpr-general-data-protection-regulation-eu-toolkit
This free online training presentation provides you with information about how to comply with the General Data Protection Regulation, managing breaches, engaging employees, key requirements and more.
European government in 2016 adopted General Data Protection Regulation (GDPR) and was
put into effect on May 25, 2018, replacing the 1995’s Data Protection Directive to protect the
personal information of EU citizens. GDPR aims to govern personal data processing and ensure
processing is fair and lawful. It is also designed to emphasize the fundamental right to privacy.
The European Union (EU) is implementing GDPR (General Data Protection Regulation) on May 25, 2018. Organizations who offer goods or services to EU residents or monitor the behavior of EU residents must comply, or they may incur significant financial penalties. Are you ready? Time is running out to ensure you comply with the new requirements.
In this webinar presentation, Dean Evans, Satori Consulting to learn what the GDPR requirements mean for your organization, plus get a practical guide to achieving GDPR readiness including how to implement processes to satisfy the privacy rights of individuals. Dean will cover:
=> What is GDPR?
=> Common GDPR misconceptions
=> Key considerations
=> How to develop a plan of action
=> Process owners as data stewards
Key highlights of the General Data Protection Regulation (GDPR), which organisations will need to consider when preparing for its coming into force on 25 May 2018.
For more information visit https://www.brightpay.ie or https://www.thesaurus.ie
Given recent cyber-attacks, an updated security process is definitely required to protect the personal data that we manage. GDPR is not a new concept, it is simply a data protection process that is being upgraded to protect all individuals. Essentially, GDPR is an overhaul of the way we process, manage and store individual’s personal data.
This webinar will uncover the ins and outs of the impact of GDPR on your payroll processing, highlighting the biggest areas of concern including emailing payslips, employee consent and your legal obligation.
We will walk you through some important steps to achieve GDPR compliance by examining the following topics:
Agenda
What does GDPR mean for your payroll processing?
- Understanding GDPR
- The contract between accountants & clients
- Template Data Processor Agreement
- Proof of compliance
- Securely storing employee data
Payslips & GDPR Compliance
- Employee consent
- Emailing payslips
- Recommended self-service access
Breaching GDPR
- Data breach plan of action
- Non-compliance and penalties
BrightPay & GDPR
- BrightPay Connect - online self-service portal
- Enhanced security measures
Full GDPR toolkit: https://quality.eqms.co.uk/gdpr-general-data-protection-regulation-eu-toolkit
This free online training presentation provides you with information about how to comply with the General Data Protection Regulation, managing breaches, engaging employees, key requirements and more.
Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...TrustArc
Watch the webinar on-demand: https://info.trustarc.com/mastering-article-30-compliance-webinar.html
78% of companies need help with conducting a data inventory.
As businesses grapple with the requirements of the GDPR one of the most challenging is the need to create a comprehensive record of all of your data processing activities as required under Article 30 of the GDPR. Recent research from Dimensional Research/TrustArc found that 78% of companies said they needed help with conducting a data inventory. With a project of this scale why re-invent the wheel when you can learn from other privacy professionals who have gone through the process of scoping, communicating, managing and delivering a comprehensive data inventory and mapping project.
Watch this webinar on-demand to hear from in-house privacy professionals and consultants how to:
- build a business case for the data inventory
- involve other departments across the business
- understand benefits of different methodologies – such as a systems or process-based approach
- review the tools and technologies available to help for you
- maintain the inventory over time
To register for upcoming/on-demand webinars visit: https://www.trustarc.com/events/webinar-schedule/
An introduction to the Data Protection & GDPR Health Check service provided by DVV Solutions. Ensure your compliance with GDPR and understand the gaps you need to fill.
Everything you Need to Know about The Data Protection Officer Role HackerOne
Data privacy and security expert, Debra Farber, presents on the emerging role of the Data Protection Officer (DPO). When the EU's General Data Protection Regulation (GDPR) becomes enforceable on May 25, 2018, companies around the world who process the personal data of EU residents will be required by law to appoint an independent DPO who has specific responsibilities and data protection knowledge.
Teleran Data Protection - Addressing 5 Critical GDPR RequirementsChris Doolittle
Learn how to quickly and cost effectively meet 5 critical General Data Protection Regulation (GDPR) requirements for structured data with Teleran's Data Protection and Compliance solution. Teleran's solution addresses these key GDPR mandates: Impact Assessments, Purpose Limitation, Data Security, Accountability and Documentation, and Breach Notification. Teleran’s software solution delivers integrated sensitive data discovery, audit and controls. There is little time left to address GDPR. Flexibility, automation, integration and flexibility are key to getting there quickly and cost efficiently.
General Data Protection Regulation (GDPR) - Moving from confusion to readinessOmo Osagiede
This GDPR primer highlights key aspects of the new EU regulation regarding the protection of EU citizens data. It also presents a basic approach and key activities for GDPR preparedness. Useful as a discussion starter with senior management.
General Data Protection Regulations (GDPR): Do you understand it and are you ...Cvent
Whether you’re an event or hospitality professional in a small, medium or large organization, the General Data Protection Regulation (GDPR) is going to affect you. Get prepared with Cvent and Debrah Harding of Market Research Society before the 25th May deadline. GDPR is a new EU regulation, designed for the digital age. GDPR will strengthen an individual's rights and increase business accountability for data privacy and holding personal information. Organizations found breaching the regulations can face fines of up to 20 million Euros or up to 4% of annual global turnover. At Cvent we are already on track to becoming GDPR compliant and we want to advise our industry partners on how to become compliant too.
25th May 2018 marks the enforcement date of EU’s General Data Protection Regulation. This new regulation strives to increase privacy for individuals and penalize businesses in breach. The complexity organizations face in managing consumer data is driving the growth of privacy tech solutions that decisively address a slew of privacy compliance challenges.
Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...TrustArc
Watch the webinar on-demand: https://info.trustarc.com/mastering-article-30-compliance-webinar.html
78% of companies need help with conducting a data inventory.
As businesses grapple with the requirements of the GDPR one of the most challenging is the need to create a comprehensive record of all of your data processing activities as required under Article 30 of the GDPR. Recent research from Dimensional Research/TrustArc found that 78% of companies said they needed help with conducting a data inventory. With a project of this scale why re-invent the wheel when you can learn from other privacy professionals who have gone through the process of scoping, communicating, managing and delivering a comprehensive data inventory and mapping project.
Watch this webinar on-demand to hear from in-house privacy professionals and consultants how to:
- build a business case for the data inventory
- involve other departments across the business
- understand benefits of different methodologies – such as a systems or process-based approach
- review the tools and technologies available to help for you
- maintain the inventory over time
To register for upcoming/on-demand webinars visit: https://www.trustarc.com/events/webinar-schedule/
An introduction to the Data Protection & GDPR Health Check service provided by DVV Solutions. Ensure your compliance with GDPR and understand the gaps you need to fill.
Everything you Need to Know about The Data Protection Officer Role HackerOne
Data privacy and security expert, Debra Farber, presents on the emerging role of the Data Protection Officer (DPO). When the EU's General Data Protection Regulation (GDPR) becomes enforceable on May 25, 2018, companies around the world who process the personal data of EU residents will be required by law to appoint an independent DPO who has specific responsibilities and data protection knowledge.
Teleran Data Protection - Addressing 5 Critical GDPR RequirementsChris Doolittle
Learn how to quickly and cost effectively meet 5 critical General Data Protection Regulation (GDPR) requirements for structured data with Teleran's Data Protection and Compliance solution. Teleran's solution addresses these key GDPR mandates: Impact Assessments, Purpose Limitation, Data Security, Accountability and Documentation, and Breach Notification. Teleran’s software solution delivers integrated sensitive data discovery, audit and controls. There is little time left to address GDPR. Flexibility, automation, integration and flexibility are key to getting there quickly and cost efficiently.
General Data Protection Regulation (GDPR) - Moving from confusion to readinessOmo Osagiede
This GDPR primer highlights key aspects of the new EU regulation regarding the protection of EU citizens data. It also presents a basic approach and key activities for GDPR preparedness. Useful as a discussion starter with senior management.
General Data Protection Regulations (GDPR): Do you understand it and are you ...Cvent
Whether you’re an event or hospitality professional in a small, medium or large organization, the General Data Protection Regulation (GDPR) is going to affect you. Get prepared with Cvent and Debrah Harding of Market Research Society before the 25th May deadline. GDPR is a new EU regulation, designed for the digital age. GDPR will strengthen an individual's rights and increase business accountability for data privacy and holding personal information. Organizations found breaching the regulations can face fines of up to 20 million Euros or up to 4% of annual global turnover. At Cvent we are already on track to becoming GDPR compliant and we want to advise our industry partners on how to become compliant too.
25th May 2018 marks the enforcement date of EU’s General Data Protection Regulation. This new regulation strives to increase privacy for individuals and penalize businesses in breach. The complexity organizations face in managing consumer data is driving the growth of privacy tech solutions that decisively address a slew of privacy compliance challenges.
Cyber Security and Data Privacy: Views on Article III Standing LIVE WebcastThomas LaPointe
As cyber security and data privacy concerns continue to evolve, security experts must keep themselves up to date to combat increasingly sophisticated threats to protect their firms and clients. In a two-hour LIVE webcast, a panel of distinguished professionals will address significant issues that will shape up cyber security and data privacy in 2014 along with practical guidance. Our speakers will address the following key issues:
Article III Standing
Latest theories of liability arising out of data breaches and claims of invasion of privacy
Issues surrounding cyber security and data privacy
Best practices to counteract cyber security and data privacy threats
Latest regulatory updates
To view the webcast go to this link: http://youtu.be/Kkyieu9njdw
To learn more about the webcast please visit our website: http://theknowledgegroup.org
Common Security Services. Consolidation patterns for legacy components - Stef...mfrancis
The concept of interface and implementation is not a new idea, but when you need to unify a number of server components that have been developed and refined for years, it might become a difficult pattern to follow. The talk is about the approach Software AG took in consolidating JAAS-based server components including dynamic loading of login modules and dynamic domain configurations. The login modules are bundles or POJO legacy implementations.
Open Services Gateway Initiative (OSGI)Peter R. Egli
OSGi is a component-based technology and was developed to provide a software platform that allows modularization and dynamic linking of application components.
OSGi components are called bundles and can be exported and imported by application bundles.
OSGi implementations like Apache Felix or Eclipse Equinox provide a runtime container which controls the lifecycle of bundles.
Even though OSGi is hardware independent, it is based on the Java Virtual Machine and as such extends the concepts of the underlying Java language.
An OSGi bundle's capabilities and properties are defined in a manifest file that is packed together with the bundle's Java class files. The manifest file allows compatibility checks by the OSGi runtime between the exporting bundle and the importing bundle.
This export and import mechanism allows highly flexible and dynamic application environments where applications and components are installed, linked and started at runtime without the need to restart the entire system.
Modern applications and software solutions increasingly center around loosely coupled and extensible architectures. Component or Service orientation is applied in almost all areas of application development including distributed systems, ubiquitous computing, embedded systems, and client-side applications.
The Java based OSGi framework specification lends itself well as a platform for loosely coupled and extensible applications and is rapidly gaining ground as the de-facto plugin solution for Java based applications. It allows for lightweight implementations that limit themselves to the CDC profile and are ideally suited as embedded plugin frameworks.
One of the main drawbacks of dynamically extensible applications, however, are the potential security issues that arise due to executing untrusted code without appropriated safety-measures in place. Secure sandboxes and their restrictions are difficult to get right and often hard to deal with in the development of applications. The OSGi specifications have an extensive and very powerful security model that eases this difficult task.
This presentation focuses on embedding various OSGi framework implementations namely, Eclipse Equinox and Apache Felix, into applications as a means of plugin mechanism while taking advantage of the often overlooked benefits of this solution: security.
What Churches (and other religious organizations) need to do to comply with the Personal Data Protection Act (Singapore). Churches collect and use a lot of personal data from members as well as visitors, and need to be careful about the data privacy and legal issues that arise because the current Singapore legislation.
These are adapted from a presentation that I gave to a local church that was concerned about what the law required them to do.
Personal Information Protection and Electronic Documents Act (PIPEDA) and Imp...Michael Sukachev
In this document, private information (PI) handling rules for software systems are based on the PIPEDA principles and guide analysis.
It's recommended to include these rules as high-level requirements to any framework that implements privacy-by-design principals in Canada.
The Personal Information Protection and Electronic Documents Act (PIPEDA) is the federal privacy law for private-sector organizations in Canada. It sets out the ground rules for how businesses must handle personal information in the course of commercial activity.
Data Privacy Protection Competrency Guide by a Data SubjectJohn Macasio
Data Privacy Protection Competency Guide shares the belief that the valid, verifiable, and actionable demonstration of respect on the data privacy rights of a data subject, and that the privacy and security of personal information are protected, comes from open guidance that presents the share-able practice standards that guide the right content of understanding, decision, and work of data privacy law compliance.
The workplace view of data privacy risks, policy, organization, process, and documentation have to be easily and consistently created and improved with freely available knowledge on the rules and standards of practice.
The directly accountable and responsible in the personal data collection, retention, use, sharing, and disposal have to be engaged to experience the applicability of data privacy rules and standards in their filing system, automation program, and technology services.
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...Harrison Clark Rickerbys
Slideshow from GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Directors, IT Directors & Ops Directors, on 7th March 2018 at Hilton Puckrup Hall
On 25 May 2018 the new General Data Protection Regulation (GDPR) will come into force, replacing all existing data protection regulations.
Payroll bureaus process large amounts of personal data in relation to their customers, their customers’ employees, and their own employees. Consequently, the GDPR will impact most if not all areas of the business and the impact it will have cannot be overstated.
BrightPay hosted a free CPD accredited webinar alongside Bright Contracts where we discussed everything that accountants, bookkeepers and payroll bureaus need to know about GDPR.
For more information visit https://www.brightpay.co.uk
How to Build and Implement your Company's Information Security ProgramFinancial Poise
Data is one of your business’s most valuable assets and requires protection like any other asset. How can you protect your data from unauthorized access or inadvertent disclosure?
An information security program is designed to protect the confidentiality, integrity, and availability of your company’s data and information technology assets. Federal, state, or international law may also require your business to have an information security program in place.
This webinar will provide the basics of how to create and implement an information security program, beginning with identifying your incident response team, putting applicable insurance policies into place, and closing any gaps in the security of your data.
To view the accompanying webinar, go to: https://www.financialpoise.com/financial-poise-webinars/how-to-build-and-implement-your-companys-information-security-program-2021/
For more information visit https://www.thesaurus.ie or https://www.brightpay.ie
The General Data Protection Regulation (GDPR) comes into effect on 25 May 2018 with the aim of protecting all EU citizens from privacy and data breaches in an increasingly data driven world.
Payroll bureaus process large amounts of personal data, not least in relation to their customers, their customers’ employees, and their own employees. Consequently, the GDPR will impact most if not all areas of the business and the impact it will have cannot be overstated.
In this CPD accredited webinar, we will peel back the legislation to outline clearly:
What is GDPR and why is it being implemented?
Why employers need to take it seriously
How it will impact payroll bureaus
How to prepare for GDPR
How we are working to help you
EMMA’s EMEA Regional Director Joseph Yammine explains how the EU’s General Data Protection Regulation applies to the Health Care Industry and how you can prepare your team to follow the regulation and avoid any data breaches.
The Tsaaro Academy offers CT DPO Intermediate Certification to privacy enthusiasts who want to be certified to handle GDPR and ePrivacy compliance. Click here to learn more and get started today.
In this presentation, 10 steps (10 P's of POPI) are introduced as essential ingredients of meeting Protection of Personal Information (POPI) requirements. As a privacy law, POPI relies heavily on sound information management principles. The COR Concepts Integrated Information Governance model is also discussed, providing a framework for ensuring that POPI is not treated in isolation, and that it forms part of a cohesive approach to managing enterprise-wide information.
Similar to Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127 (20)
2. Privacy Engineering &Assurance
2
1. WHAT – Information Privacy
− Terminology
− Roles within the Privacy Framework
− Privacy Principles
− Essence of privacy
− Privacy data lifecycle
− Personally Identifiable Information
and Identifiability
2. HOW – Compliance or Accountability
− Elements of an ACCOUNTABLE
privacy program
− Privacy activities across the product
life cycle
− Privacy program roles &
responsibilies
3. HOW - Privacy Engineering & Assurance
simplified
− Applying Privacy Engineering
− Privacy Engineering steps
− Privacy Assurance steps
− Design activities across the product
life cycle
− Privacy impact assessment
− Privacy risk management
− Assessing privacy maturity
− Privacy related business processes
4. Use case
− Initial description
− Assessment planning
− Kickoff meeting
− Use case & DFD
− Data inventory & classification
− Threat analysis
− Security considerations
− Privacy Policy template
− Assessment findings
− Final assessment review
3. Information privacy
The right of an individual to control the processing of their
personal data such that there is:
No hidden, unwanted, uncontrolled,
excessive or insecure
Collection, processing and disclosure of
consumer’s personal data
3
4. EU GDPR and ISO 29100
• TheEU data protection regulations will soon be based on the
proposed General Data Protection Regulation
• Potential harmonizing DP effect across EU businesses
• ISO 29100 defines a Privacy Framework that reflects many of
the proposed components of the GDPR
• The PDF of the standard is freely available here
• Privacy Framework includes:
• Terminology
• Roles and interactions
• Recognizing PII
• Privacy safeguarding requirements
• Privacy policy
• Privacy controls
• Privacy principles
4
5. Terminology (29100 §2)
• Identifiability - condition which
results in a PII principal being
identified, directly or indirectly,
on the basis of a given set of PII
• Personally Identifiable
Information (PII) - any
information that (a) can be used
to identify the PII principal to
whom such information relates,
or (b) is or might be directly or
indirectly linked to a PII principal
• PII Controller - privacy
stakeholder (or privacy
stakeholders) that determines
the purposes and means for
processing personally identifiable
information (PII) other than
natural persons who use data for
personal purposes
• PII Principal - natural person to
whom the personally identifiable
information (PII) relates
• PII Processor - privacy stakeholder
that processes personally
identifiable information (PII) on
behalf of and in accordance with
the instructions of a PII controller
• Privacy Breach - situation where PII
is processed in violation of one or
more relevant privacy safeguarding
requirements
• Privacy Safeguarding
Requirements - set of
requirements an organization has
to take into account when
processing personally identifiable
information (PII) with respect to the
privacy protection of PII
5
6. Roles within the privacy framework
• DPA, Data Privacy Authority,
Information Privacy
Commissioner, etc is the
independent legal authority for
administering privacy rules within
a country
• The consumer is the PII Principal
• The PII Controller is entity that
determines purposes and means
of processing consumer’s
personal data and is
RESPONSIBLE for data
processing of data subject’s PII
• The PII Processor performs
information processing on behalf
of the Data Controller
Data Protection
Authority (DPA)
PII
Principal
PII
Processor
PII
Controller
Sometimes a reference is also
made to a Third Party, which can
be viewed as outside this privacy
framework, but the
responsibility of the Data
Controller.
6
7. Privacy Principles (ISO 29100 §5)
# Principle Description
1 Consent and choice PII Principal has choice on and has Opt-In to PII processing
2 Purpose legitimacy and specification Processing complies with laws, giving notice before
processing
3 Collection limitation Within laws and necessary for specified purposes
4 Data minimization Minimize the processing of PII
5 Use, retention and disclosure limitation Also applies to limitation on cross-border transfers
6 Accuracy and quality Measure to assure validity and correctness of PII
processing
7 Openness, transparency and notice Clear, complete and accessible information on PII
processing
8 Individual participation and access PII Principal access to review their PII and correct
inaccuracies
9 Accountability Demonstrate care in duty toward PII Principal for PII
stewardship
10 Information security Protecting PII under its authority with appropriate controls
11 Privacy compliance Verifying and demonstrating adherence to laws with
internal or 3rd party audits
7
8. Essence of privacy
Privacy emerges from personally identifiable data
Personal data or information
• Any information relating to an identified or identifiable
natural person, an individual
+
Identifiability
• (Nymity) The measure of the degree that personal data can
be associated with an individual
8
9. Privacy data lifecycle
• Also called the Consumer Data
Lifecycle , it is a fundamental
component of the privacy
knowledge base
• Define the actions related to
personal data within the privacy
framework
• When analyzing the data flow in
your specifications, you should
also consider the complete
lifecycle for the associated PII
• Within the EU, collection, itself is
considered to be an act of
processing !
Deletion
Storage
Processing
Transfer
Collection
x
9
10. Personal data/information
• Relates to information about a
natural person
• When the data can be associated
with an individual, it is referred to as
Personally Identifiable Information
(PII)
• Criteria for linkability of data to an
individual is a hot-topic within the
privacy community
• Sensitive PII must be treated
specially
• Generally, if PII is of a racial,
religious, political, sexual
orientation, medical nature, it is
characterized as Sensitive; but
other categories should also be
consisted
• Also commonly referred to as
Personal Data
Basic data (E.G. first
name, last name, mobile
number)
Address data (E.G. postal
code, email address)
Restricted categories of
data (E.G. racial or ethnic
origin, religion, trade
union membership – if
allowed by applicable law)
Social networking related
data (E.G.. metadata of
pictures uploaded, site
activity information)
Location data (E.G. GPS
coordinates or mobile
network base station ID)
Identifiers (E.G. IMEI,
device identifiers, IP-
address)
System data is
information about how
individual users are using
the system (E.G. log files)
Monetary data
transactions (E.G. credit
card number, account
information)
These are some of the
categories of personal
data to consider when
identifying the PII in your
particular project
10
11. Privacy Engineering &Assurance
11
1. WHAT – Information Privacy
− Terminology
− Roles within the Privacy Framework
− Privacy Principles
− Essence of privacy
− Privacy data lifecycle
− Personally Identifiable Information
and Identifiability
2. HOW – Compliance or Accountability
− Elements of an ACCOUNTABLE
privacy program
− Privacy activities across the product
life cycle
− Privacy program roles &
responsibilies
3. HOW - Privacy Engineering & Assurance
simplified
− Applying Privacy Engineering
− Privacy Engineering steps
− Privacy Assurance steps
− Design activities across the product
life cycle
− Privacy impact assessment
− Privacy risk management
− Assessing privacy maturity
− Privacy related business processes
4. Use case
− Initial description
− Assessment planning
− Kickoff meeting
− Use case & DFD
− Data inventory & classification
− Threat analysis
− Security considerations
− Privacy Policy template
− Assessment findings
− Final assessment review
12. Compliance orAccountability
• Goal of being privacy compliance may not be sufficient for
avoiding regulatory actions against your company
• Data protection authorities (DPA) now expect
organizations to demonstrate their good intentions
• Accountability has roots in 1980 OECD privacy guidelines
• Accountability framework builds trust between DPA and
organizations for the handling of personal data
• Accountability means being able to show how your
company has holistically integrated privacy best practices
• Centre for Information & Policy Leadership (CIPL) has
defined a global DPA endorsed approach to Accountability
Data Protection Accountability: The Essential Elements
12
13. Elements of anAccountable privacy program
1. Executive accountability and oversight
Internal senior executive oversight and responsibility for data privacy and data protection
2. Policies and processes to implement them
Binding and enforceable written policies and procedures that reflect applicable laws, regulations and industry
standards, including procedures to put those policies into effect
3. Staffing and delegation
Allocation of resources to ensure that the organization's privacy program is appropriately staffed by
adequately trained personnel
4. Education and awareness
Existence of up-to-date education and awareness programs to keep employees and on-site contractors
aware of data protection obligations
5. Risk assessment and mitigation
Ongoing risk assessment and mitigation planning for new products, services, technologies and business
models.
Periodic Program risk assessment to review the totality of the accountability program
6. Event management and complaint handling
Procedures for responding to inquiries, complaints and data protection breaches
7. Internal enforcement
Internal enforcement of the organization's policies and discipline for non-compliance
8. Redress
Provision of remedies for those whose privacy has been put risk
Not just compliant but accountable
13
15. Privacy program roles & responsibilities
Executive privacy owner
• The senior executive with oversight and responsibility for data privacy
and data protection in the organization
Chief privacy officer
• The senior manager with responsibility for the implementation and
operation of the privacy program in the organization
Privacy officer
• The privacy professional responsible for implementation and
operation of the privacy program within an organizational unit
Privacy champ
• The program or product member with sufficient privacy competence
to be responsible for transposing privacy requirements into product
requirements
Data Protection Officer
• A privacy professional required by some organizational entities with
reporting accountability to the local Data Protection Authority
15
These are minimal privacy program roles
16. Privacy Engineering &Assurance
16
1. WHAT – Information Privacy
− Terminology
− Roles within the Privacy Framework
− Privacy Principles
− Essence of privacy
− Privacy data lifecycle
− Personally Identifiable Information
and Identifiability
2. HOW – Compliance or Accountability
− Elements of an ACCOUNTABLE
privacy program
− Privacy activities across the product
life cycle
− Privacy program roles &
responsibilies
3. HOW - Privacy Engineering & Assurance
simplified
− Applying Privacy Engineering
− Privacy Engineering steps
− Privacy Assurance steps
− Design activities across the product
life cycle
− Privacy impact assessment
− Privacy risk management
− Assessing privacy maturity
− Privacy related business processes
4. Use case
− Initial description
− Assessment planning
− Kickoff meeting
− Use case & DFD
− Data inventory & classification
− Threat analysis
− Security considerations
− Privacy Policy template
− Assessment findings
− Final assessment review
17. Privacy Engineering &Assurance simplified
Principles,
Policies,
Requirements,
Procedures,
Guidelines,
Patterns
Design, Implement, Test
Map privacy requirements into product
features
Select guidelines, patterns
Review
Against requirements
Can be standalone
Release Assessment
Sign-off
Evidence
Evidence
Evidence
Privacy Engineering
Privacy Assurance
Privacy
Knowledge
Base
Planning & Concepting
Threat Assessment and Mitigation
Privacy requirements identification
17
19. Privacy Engineering steps
• Define the product context
− Define product in terms of main
functions, assets, stakeholders,
business model, sales estimates,
deployment target countries,
release schedule(s), strategic
importance, risk summary
• Document the data flows
and classify the data
− Inventory of all the personal data
& data clusters
− Classification of each data
element
− User story/epic based diagram
of the flow of data through
product components,
interactors
• Analyze the threats and
risks
− Identification of applicable
privacy principles and underlying
requirements
− Definie inherent threats to key
privacy & security principles
− Analysis of attack surface and
minimization
− Identification of root cause or
vulnerability
• Mitigation
− Selection of privacy & security
safeguarding controls
− Identification of key test causes
and test tools to verify control
fidelity
− Identification of residual risk
Implementing Privacy by Design
19
20. Privacy Assurance steps
• Purpose of assurance is to verify that Privacy Engineering
activities have been implemented as agreed, operational, as well
as any required staffing is in place
• Kick-off the assessment process with Privacy Officer early to
understand what will be needed for final sign-off
• Privacy & security assessment is based on a thorough
assessment of the Product Team evidence that Privacy
Engineering activities has been implemented and is operational
• Final sign-off recommendation is made by Privacy Officer with
approval by Product Management & Chief Privacy Officer
• Escallation process may be needed to address disagreements
over findings between Privacy Officer and Product Management
• Non-compliance with privacy regulations SHOULD NOT be
approved
A final assessment of all product or service that
have a privacy impact is a necessity
20
21. Threat model
• Threats exploit Vulnerabilities and damage Assets
• Controls mitigate Vulnerabilities and therefore might
mitigate Threats
• Attacks manifest Threats
Asset 1
Threat
Vulnerability 1
Vulnerability 2
Control
Control
Control
Asset 2
damages
damages
exploits
exploits
mitigates
mitigates
mitigates
mitigates
mitigates
mitigates
21
22. What is threat analysis
• Threat analysis is about understanding privacy threats to a system, determining
harm from those threats and establishing appropriate migitations (privacy controls
or safeguards) against those harms
• Analyzes threats to underlying Privacy Principles at each stage of the Privacy Data
Lifecycle
• Analysis results facilitate selection of mitigation Privacy Safeguards/Controls
Why follow this practice?
• A structured approach better ensures PbD than an ad hoc approach
• Threat analysis allows development teams to effectively find potential privacy
design issues. Mitigation of privacy issues is less expensive when performed during
design
• By knowing the threats, privacy testing efforts can be focused more effectively
• This is a prerequisite to conducting a Risk Analysis to mitigate associated harm
22
23. Threats come with data – DFD can identify them
• Therefore we model the data using a data flow diagram
(DFD)
• Scope is the processes (your code), all neighbouring actors,
data stores and the trust boundaries between them
Data store
External
interactor
Process
External
interactor
Process
Data flow
External
interactor
Trust boundary
References: Open Web
Application Security Project,
Microsoft TMA
Trust boundary
23
24. Threat analysis modeling
1. Getting ready
− Product description, data inventory, data flow diagram
2. Identify assets
− Digital, physical, reputational, operational
3. Identify entry points
− Entry or exit through a trust boundary in DFD
4. Identify vulnerabilities
− A weakness or failing
5. Define attacker types
− Threats exploit vulnerabilities, attack manifests a threat
6. Define controls
− A countermeasure or safeguard
7. Build threat scenarios and mitigation plans
− Possibly by making use of an attack tree/threat tree
24
25. Illustrative table to capture privacy threats table
Lifecycle Principle Threat Controls Harm
Collection Transparency
Notice & Consent
Unauthorized
collection
Data analysis
Purpose verification
Hidden data bases
Collection Collection limitation Unlimited collection Purpose verification
Collection method
analysis
Lack of
proportionality
Processing Purpose
specification
Legitimate purpose
Processing
unrelated to
purpose
Function limits
User participation
Processing with
llegitimate purpose
Processing Processing Lack of consumer
control
Opt-out, Platform
privacy control
Automatic
processing
Processing Security Data integrity fault
or data
misrepresentation
Data integrity check
on read, write
Misrepresentation
Transfer Legal obligations Transfer PII outside
EU without consent
Notice & Consent Violation of EU
citizens’ basic rights
Maintenance Access &
participation,
Individual
participation,
Redress
Lack of consumer
redress
Privacy policy
includes process for
user redress
Inability to rectify
errors
25
26. Documenting controls and validation tests
• Selected controls should be documented in a reliable
storage as a part of the evidence of applying Privacy
Engineering
• It is good practice to also define test cases for validating
that the controls are implemented, operating as intended
and effect against the associated threat(s)
• This documentation forms part of the compliance
evidence, and it has to be reviewed by a privacy & product
security officers
26
27. Privacy risk assessment
• Produces evidence of minimization of possible privacy risk
• Residual risk = Fn (Harm, Impact, Probability, Mitigations)
• Re-conducted when material changes made to product
• ISO 31000 – A reference risk management framework
Context
establish external, internal context for risk, risk management
process and risk assessment criteria to be used
Identify
identify sources of risk, areas of impact, events and causes,
potential consequences
Analyze
consider causes and sources of risk, positive & negative
consequences, both tangible and intangible
Evaluate
make decisions based on risk analysis, which risks need treatment
and the priority for treatment implementation
Treat
select remediation based on avoiding, taking on, removing,
changing potential for, changing harm of, sharing of risk
Monitor &
Review
assures controls effective, learn and improve, detect context
changes, identify new risks, measure KPI
Improve commit to constant improvement of the overall risk footprint
Identify the
RESIDUAL RISK in
your product.
Product
management
must accept
residual risk!
27
28. Understanding privacy risks
Threats/Vulnerabilities (examples)
• “Hidden, uncontrolled, excessive or unsecure processing”
• Improper collection, use, disclosure
• Globally accepted privacy principles and laws often articulate these in more detail
• Privacy requirements and guidelines act as controls to these threats/vulnerabilities
Impacts to individuals (examples)
• Tangible (e.g. credit card fraud, discrimination)
• Intangible (e.g. embarrasement)
• Societal (e.g. chilling effect on freedom of speach)
Impacts/consequences to companies (in general)
• Bad publicity, erosion of trust
• Fines up to millions (new EU proposal: up to 2% of annual global turnover)
• Penalties, including personal criminal liability
• Forced privacy program with 20 year external audit obligation
• Data breach notifications (~$200 per lost record in US, similar in e.g. Germany)
• Deletion of unlawfully collected data
• Sales stops, recalls, cost of remediation
• Human rights, ethics challenges
28
29. Privacy risk assessment
• Objective is to reduce the business impact from exploitation of a set
of threats
• Process utilizes the results of the threat analysis and mitigation activity
• Product team is responsible for completion of risk analysis
• Technical team provides complementary support
• Residual Risk = Fn (Harm, Impact, Probability of Occurrence,
Mitigations)
• Risk migitation = actionable steps to reduce harm, impact or
probability
• Migitation approaches include:
• Do nothing, hope for the best
• Mitigate the risk by putting countermeasures in place
• Reduce impact or probability
• Accept the risk after evaluating the business impact
• Transfer the risk with contractual agreements or insurance
• Remove the risk, for example shutdown the product, remove feature
Security risk is about harm to the company, but privacy risk is about harm to the consumer
29
30. Example risk assessment report
ID Event Root causes Consequences Impact Probability
Treatment
actions
Monitoring
measures
Action
Deadline
Action owner
Privacy
breaches,
privacy
related loss
of
business,
compliance
including
corruption
and fraud
- Failures to
design
privacy into
products
and
services.
- NSA
espionage:
Cloud
services
concentrate
d to US
based cloud
providers
- User privacy
vs. benefits
of analytics
- Privacy
program and
resourcing
and
maturity
- Data
breaches
- Regulatory
enforcement
- Business
interruptions
, requests to
delete data,
sales stops.
- -End user
and business
customers
lost with US
based cloud
services
100-150 MEUR
Anything up to
$200 USD per
record in US
Up to 100 euro
per record in
Germany
Reputational
damage and lost
business
opporutnity
~15% -
Medium
Insurance
policy?
Training,
security
scanning and
audits
including
corrective
actions
MS
integrations
project
actions
Progress
measures,
milestones
followed
2Q2015 Alice
30
31. Privacy impact assessment
• EU GDPR Article 33 promulgates PIA for public/privacy orgs
• Produces evidence of implementation of Privacy by Design
• Conducted by staff when personal data is collected, used or
disclosed in a product or service
• Re-conducted if material changes made to product or service
• ISO 29134 (WD) will standardize methodology
31
Identify
describe the project, including the aims, whether any personal
information will be handled, inherent privacy principles
Analyze
identify the personal information flows, classify data, identify
relevant regulations, privacy requirements, privacy impact
Verify
validate that only essential data is collected and processed
for legitimate purposes required by the product or service
Simplify
change system and processes to only collect/store/process
essential data for minimum period with a data deletion plan
Secure
use industry best practices for safeguarding personal data
through life cycle, providing consumer control over their data
Remediate
identify remaining risk, level of harm and mitigation plan to
eliminate or reduce risk to acceptable level
Attest
record findings, gain sponsor commitment to implement any
needed changes, report results to management
32. Privacy capability assessment
• Provides a method for advancement of your privacy program
• Conducted to measure baseline and incremental changes
• Part of a commitment to accountability, constant improvement
• ISO 29190 (new IS) will standardize a methodology
32
Plan
agree on privacy capability assessment model (e.g., context
or business process based) and assessment scale to be used
Assess rate the current capability against target capability
Review
identify sub-optimal capabilities to be improved and overall
improvement plan
Report
communicate to management the assessment activity,
results, improvement actions and next scheduled assessment
Improve implement improvement plan
33. Privacy related business processes
• Quality management process
• Risk management process
• Assessment process
• Security engineering process
• Business continuity process
• Customer care process
• Incident response management process
• External communications process
• Authority request/lawful intercept process
33
34. Privacy Engineering &Assurance
34
1. WHAT – Information Privacy
− Terminology
− Roles within the Privacy Framework
− Privacy Principles
− Essence of privacy
− Privacy data lifecycle
− Personally Identifiable Information
and Identifiability
2. HOW – Compliance or Accountability
− Elements of an ACCOUNTABLE
privacy program
− Privacy activities across the product
life cycle
− Privacy program roles &
responsibilies
3. HOW - Privacy Engineering & Assurance
simplified
− Applying Privacy Engineering
− Privacy Engineering steps
− Privacy Assurance steps
− Design activities across the product
life cycle
− Privacy impact assessment
− Privacy risk management
− Assessing privacy maturity
− Privacy related business processes
4. Use case
− Initial description
− Assessment planning
− Kickoff meeting
− Use case & DFD
− Data inventory & classification
− Threat analysis
− Security considerations
− Privacy Policy template
− Assessment findings
− Final assessment review
35. Use case – Globetrotter Tech WeatherApp
You work as the privacy officer for Globetrotter Technologies, a
technology start-up. The business intends to rule the world of
mobile software apps to aid business travellers. You report to the
CPO Elliot.
You just finished giving a privacy training to the software staff and
Alice, a program manager, approached you to get some guidance,
as her Android Weather App is planning on going Live at the end of
the month. You have just reminded her that corporate policy is
that no product goes live without satisfactory recommendation
from the privacy officer after a final privacy assessment. Alice
designated Bob on her team as the privacy champ. Her dev
manager is Chuck. She reports to VP of programs, David.
She wants to get started ASAP.
What is your course of action?
35
36. 5. Gather
feedback
Review &
communicate
lessons learned
1. Plan & Prepare 2. Conduct 3. Report
Assessment planning
What is your course of action?
Generic role Purpose of the role
Assessment sponsor Has the authority in Nokia to decide Go/No go for assessments. Authorizes plan
and resourcing, specifies requirements. Ensures actions on findings
Lead assessor Ensures the successful execution of the assessment
Assessment team Team of people assessing the interviewees. Assessment team is headed by lead
assessor
Interviewees The sample of people from the audited/assessed organization that are
interviewed for the audit/ assessment
Assessment roles
Define scope, objectives,
Review and agree plan
with sponsors
Brief Assessment Team
Communicate
purpose to persons
to be assessed
Schedule & run
interviews per plan
Write report, agree
with all assessed then
report to sponsors &
stakeholders
Follow up
improvement
actions
4. Follow Up
• Get sponsor agreement for assessment and scope
• Identify and secure support of key assessor roles
• Follow the “Plan, Do, Check, Act” (PDCA) steps
36
37. Next steps
• Confirm assessment sponsorship with David, VP Programs
• Confirm assessment request with Elliot, CPO
• Email confirmation of availability to provide assessment
assistance to Alice, PM and request meeting to identify
assessment team and participants
• At subsequent meeting with Alice, verify role of Bob,
Privacy Champ and agree on Kickoff meeting purpose and
agenda
• Introductions, Purpose of assessment, Activities/Evidence
• Email invite to assessment Kickoff meeting to participants
• Req: Alice, PM; Bob, Privacy Champ; Chuck, Dev Mgr; You
• Opt: David, VP Programs; Elliot, CPO
37
38. Kickoff meeting
• At the kickoff meeting you learn
the following about the Weather
App project
• Alice is the program manager
• Bob is her privacy champ
• Chuck is the development
manager
• David is the program VP and
business owner
• Elliot is your CPO
• Android 4.4 app for Google Play
Store distribution
• Wave 1: EU countries
• Wave 2: US and CA
• 3rd party partners:
− OpenWeatherMap – Forecast
data
− CrashDaddy – Crash analytics
• Features
− Lookup city from GPS lat-lon
− Lookup forecast from city name
− History of last 12 forecasts
− Admin console for crash
analytics
What is your next course of action?
38
39. Next steps
• Schedule periodic meetings to progress assessment with
Alice, PM; Bob, Dev Mgr; and Chuck, Privacy Champ
• Verify product description through Team provided
evidence
• Perform/create System diagram, Data flow diagram, Data
inventory & classification, Threat analysis & mitigation
with Alice, PM; Bob, Dev Mgr; and Chuck, Privacy Champ
39
41. Weather app use case DFD
Open Weather
Map
Get
City
API Token,
Lat-Lon
Trust boundary
City
GPS
Sensor
Lat-Lon
City
Data
Store
Lat-Lon,
City
Get
Fore
cast
Forecast
API Token,
City
Forecast
Data
StoreLat-Lon, City
City
Look
up
Fore
cast
Forecast
Lat-Lon,
City
What findings can you infer?
• Forecast for current
position displayed
• User can enter city
name and get forecast
for that city
• Previous forecasts
kept to avoid data
charges from
unnecessary lookup
Mobile App
41
42. Web BrowserMobile App
Crash analytics use case DFD
Crash Daddy
Transfer
Crash
Data
API Token, Device ID,
Crash Payload
Trust boundary
Crash
Data
Store
Analytic
Request
What findings can you infer?
• Crash Payload pushed
on app restart after
crash recovery
• Web browser access to
crash analytics console
with admin credentials
• Crash analytics console
functions include
display of reports
based on crash-type
specific requestsCrash
Analytics
Console
Function
Analytic
Response
Crash
Payload
42
48. Threat analysis notes – Weather app
• No plan for product information to be provided to consumer in Google Play Store
entry
• No plan for supporting consumer inquiry
• No notice & consent given consumer on Terms or Privacy Policy
• Verify use of Globbetrotter Technologies Terms & Privacy Policy
• Google Play Store
• First-Use-Experience
• Within App
• No prior notice & consent of consumer on Location Data collection and use
• No data minimization effort
• Unclear vetting of Open Weather Map for 3rd party services
• Unclear how location/forecast history secured in device
• Unclear if uninstall will delete app data
• Unclear how API token secured in device
• Unclear product security plans
• Need product security training & awareness
• Unclear if app hardening will include tamper-prevention
• Unclear legal review plans
• Unclear service continuity plans
• Unclear reactive vulnerability & incident response plans
• No data retention/deletion plan
• Unclear coordination between Weather App & other business traveller app Teams
48
49. Threat analysis notes – Crash analytics
• No data minimization effort
• Unclear purpose for device id in crash payload
• Unclear purpose for memory dump in crash payload
• Unclear vetting of Crash Daddy for 3rd party services
• Unclear how API token secured in device
• Unclear product security plans
• Need product security training & awareness
• Unclear if app hardening will include tamper-prevention
• Unclear legal review plans
• Unclear service continuity plans
• No data retention/deletion plan
• Unclear if crash analytics planned only for Beta phase
49
50. Next steps
• Connect Alice, PM with Product Security Team to plan for
product security assessment
• Draft and share privacy assessment findings with Alice,
PM; Bob, Dev Mgr; and Chuck, Privacy Champ
• Coordinate assessment findings with Product Security
Team
• Assist and encourage Alice, PM; Bob, Dev Mgr; and Chuck,
Privacy Champ with documenting evidence of privacy
engineering activities
• Plan & schedule final assessment review with Alice, PM
50
51. Security considerations
Define
• OWASP Top-10 Security Threats
• Google Android Developer Security Guidelines
• Japan Smartphone Security Association Guidelines
Develop
• Static & dynamic code scanner
• Peer code review
• 3rd party security review
Deploy
• Hardening guidelines
• Vulnerability testing (eg, NMAP)
• Tamper-proofing, security distribution code
• Penetration testing
• Google Hacking
• Reactive vulnerability response
Roles & responsibility for drafting & approval of Privacy Policy should be clearly defined
51
52. Privacy policy template
• Title
• Change control/effective date
• Business privacy vision
• Define categories of applicable personal data
• Organization to which policy applies
• Why the defined categories of personal data is collected
• Limits on collection, use & disclosure of the personal data
• Define circumstance for disclosure of the personal data
• How consent for personal data collection & processing is
obtained
• How long the personal data is retained
• How the personal data is secured
• How the accuracy of the personal data is ensured
• How individuals can access their personal data
• How individuals can complain or make an inquiry
• Your identity and contact information
Roles & responsibility for drafting & approval of
Privacy Policy should be clearly defined52
53. Assessment report – Major findings
ID Category Title of finding Description of requirement Action Status
01 Major Notice & Consent Provide notice prior to initial collection,
Provide Opt-Out of data processing
Privacy notice and Terms need to be
provided in Google Play Store, First User
Experience and Settings
Major Notice & Consent Provide notice & consent prior to use of
location data
Add notice & consent control for location
data
03 Major Data minimization Minimum data collection & processing
for stated primary purposes
Conduct data minimization review of
data inventory against primary purpose
Major Data minimization No cross-border transfer of personal
data without user's Active Consent
Include cross-border transfer purpose in
Privacy Policy, as needed
Major Use, retention and
disclosure limitation
Provide method for consumer requests
for information & redress
Data Retention & Deletion Plan, Privacy
policy includes instructions for consumer
redress
Major Security Provide product security to protection
personal data
Verify no open major product security
assessment findings
Major 3rd Party Privacy &
Security
Management
Vetting of 3rd party service providers Email from PM verifying vetting of 3rd
party vendors by sourcing/legal
Not Ok Ok53
54. Assessment report – Minor findings
ID Category Title of finding Description of requirement Action Statu
s
Minor Service Continuity No service continuity plan Agree on service continuity strategy
and define and resource a plan
aligned with strategy
Minor Reactive
Vulnerability &
Incident Response
Management
No RV&IR plan Agree on reactive vulnerability &
incident response strategy and define
and resource a plan aligned with
strategy
Minor Requirements
alignment
Privacy & security
requirements alignment
across GT app teams
Coordinate privacy & security
requirements across app Teams
Not Ok Ok54
55. Assessment report – Recommendations
ID Category Title of finding Description of requirement Action Status
Recommend Requirements alignment Privacy & security requirements
alignment across GT app teams
Coordinate privacy & security
requirements across app Teams
Recommend App Hardening Harden install file with tamper-
detection, encryption of token handling
Integrate hardening tool such as
DEXGuard
Recommend Security Training &
Awareness
Train key team members on product
security
Product security training completed for
PM, Dev, QA, Req Mgmt
Recommend Legal Review Comply with local laws & regulations Complete legal review with legal counsel
Not Ok Ok55
56. Next steps
• Distribute final assessment report with Alice, PM; Bob, Dev
Mgr; and Chuck, Privacy Champ
• Work to close open action items with Alice, PM; Bob, Dev
Mgr; and Chuck, Privacy Champ
• Schedule and meet to conclude perform final assessment
review with Alice, PM
• Share final assessment recommendation with Alice, PM;
Elliot, CPO; and David, VP Programs
• Support Elliot, CPO on any resulting escallation
56
57. Final assessment review
Category Activity Requirement Criteria Status
Development Business Impact Overall product business
criticality & risks assessed
Risk assessment report
Product information Defined product
description, responsible
roles identified
Product description document
Data flows, System
architecture
Use cases identified, data
flows documented
Data inventory & classification
spreadsheet
Threat Analysis Privacy & security threats
and mitigating controls
documented
Threat assessment report
Code review Security code scan of
software. Manual security
code reviews also
recommended.
No open major code scan report
items or action items from manual
code review
Third party privacy &
security management
Contracts with 3rd parties
reference privacy &
security requirements.
Sign-off email from sourcing/legal
counsel
Not Ok Ok57
58. Final assessment review
Category Activity Requirement Criteria Status
Deployment Business continuity
plan
Defined, resourced &
tested plan, supporting
agreed RTO (Recovery
Time Objective)
Business continuity plan approved
by business accountable
Backup/recovery plan Defined, resourced &
tested plan, supporting
agreed RPO (Recovery
Point Objective)
Backup/recovery plan approved by
business accountable
Reactive Vulnerability
& Incident Response
Plan
Defined, resourced &
tested plan, supporting
agreed vulnerability &
incident mgmt. objectives
Reactive Vulnerability & Incident
Response plan approved by
business accountable
Audit logs Key activities logged and
according to retention &
deletion plan. No PII in logs
without legitimate purpose
Sign-off email from responsible
development manager
Access control Access to system admin
functions and to
sensitive/personal data
follows AAA best practices
Sign-off email from responsible
development manager
Software hardening Hardening to remove
insecure, unnecessary
software, features, test
data, accounts and similar
from the product
Sign-off email from responsible
development manager
Not Ok Ok58
59. Final assessment review
Category Activity Requirement Criteria Status
Compliance Privacy assessment Privacy controls selected in
threat analysis must be
implemented and verified
No open major findings, FUE
screenshots, Privacy Policy UX Test
Report
Security assessment Security controls selected
in threat analysis must be
implemented and verified
No open major findings
Not Ok Ok59
61. References
EU Proposed General Data Protection Regulation
ISO 29100 from ISO (PDF version is freely available)
CIPL Implementing Accountability
CIPL Accountability Self-Assessment Tool
Android Developer Security Tips
Android Secure Design/Secure Coding Guidelines
Privacy policy generator
UK Privacy Commissioner guidelines
frank.dawson at nokia.com
61
63. Q1: Which is not correct about Privacy Risk?
a. Related to harm to the individual’s personal data rights
b. Involves categories of tangible, intangible & ethical harm
c. Can be mitigated by accepting, transferring risk,
eliminating the harm or diminishing the probability or
impact of the harm
d. None of these
63
64. Q2: Which is not correct about the Data Flow
Diagram used in Privacy Engineering?
a. Visualizes internal and external interactors
b. Evidence of application of Privacy Engineering
c. Identifies the flow and category of personal data
d. Identifies threats to personal data
e. Can be useful in Product Security Assessment
64
65. Q3: What does best practice say should be
included in a Privacy Policy?
a. Business privacy vision
b. Categories of personal data that are collected and
processed
c. Purposes for which personal data is collected and
processed
d. Name & address for contacting the Data Controller
e. All of the above
65
66. Q4: What is the essence of privacy?
a. Personal data
b. Privacy data lifecycle
c. Identifiability of personal data
d. a and c
e. Nymity
f. a and c and e
66
67. Q5: Which statement about Privacy Engineering and
PrivacyAssurance is not correct?
a. Privacy Engineering involves implementation of Privacy by
Design
b. Privacy Assurance involves the acceptance of any residual
product privacy risk
c. Privacy Engineering includes activities at all stages of the
product life cycle and should begin as early as feasible
d. Privacy Assurance should include a final verification that
the findings from the Privacy Engineering have been
implemented and are operational in the product
e. Privacy Engineering is an emerging discipline
67
68. Q6: What is not a purpose of PrivacyAssurance?
a. Verify that identified privacy safeguards are implemented
b. Determine if the product is ready to ”Go Live”
c. Document residual privacy risks
d. Ensure there is evidence of Privacy Engineering in the
event a privacy audit is required
e. Identify possible areas of privacy non-compliance
68
69. QuizAnswers
1. d
2. d, Threats are identified as a result of the Threat
Assessment process
3. e
4. f
5. b, It is the responsibility of the business owners to accept
residual risk in the product
6. b, The decision to ”Go-Live” with a product involves more
than just successful conclusion to a Privacy Assurance
review.
69