SlideShare a Scribd company logo
Privacy, Security &
Access to Data
Cyber Summit 2015
Brian Hamilton, Director, Compliance and Special InvestigationsSeptember 28, 2015
Agenda
• Privacy laws enable your success
• How do privacy regulators analyze
information sharing/analytics/big data
initiatives?
• Regulatory challenges
• Tips for success in working with privacy
regulators
Office of the Information and
Privacy Commissioner of Alberta
• Commissioner – Jill Clayton
• an officer of the Legislative Assembly
• independent of government
• Oversight of Alberta’s access to
information and privacy laws:
• Freedom of Information and Protection of Privacy Act
• Personal Information Protection Act
• Health Information Act
• Provincial government is responsible for
legislation
What we do
How we intersect with research
• Health Research Ethics Boards
• File their approvals with us
• Duty to review research proposals and assess whether
adequate safeguards are in place
• Privacy Impact Assessment review
• Especially data matching
• Recommended for multi-stakeholder initiatives
• Investigations
• Unusual, most people aren’t aware, or have consented
• access to data without agreement
Privacy is an enabler
• Privacy regulators understand benefits of
information sharing and analytics
• Advancement of science, health
• Convenience
• Harmonized, coordinated, targeted services
• Efficiency, cost containment
• Privacy statutes allow appropriate information
sharing and data matching
• Privacy ensures your success
• We are in the freedom of information business
Things privacy laws allow you to do
(as long as you do it right)
• Research
• Planning
• Resource allocation
• Policy development
• Quality improvement
• Auditing
• Evaluation
• Data matching
• Share personal information for service delivery
How we analyze initiatives
• Who are you?
• Nature of organizations
• Jurisdiction
• What are you doing?
• What personal information will you collect, use or disclose?
• Research, data matching
• Is it legal?
• Analysis of legal authorities
• How are you managing risk?
• Information security
• Agreements, policies
• Incident response plans
• Regular review of controls
• Training
Key Privacy Controls
(for big data initiatives)
• Governance, policies, training
• Access controls
• Need to know, least amount principle
• Consent (where necessary)
• Openness, transparency, notification
• Retention and disposition
• Only keep information as long as necessary
• Incident response
• Privacy laws use reasonableness test
• Controls do not need to be perfect
Challenges
for the new data scientist
• We live in a federation and have international
partners
• Managing privacy among multiple stakeholders
(governance)
• Transparency
• Managing consent, citizen expectations
• Trans border legal demands
• Bureaucratic fear, uncertainty and doubt
Tips for success
• Talk to us
• We are happy to consult on any initiative
• Early consultation prevents last-minute pitfalls
• Build privacy into your initiative from the start
• Last-minute, bolt-on privacy is expensive and inefficient
• Engage the public
• Transparency assuages fear
• Conduct a privacy impact assessment
• Our Office is pleased to review and provide comments
• Consider making your PIA public
• Develop privacy expertise
Curriculum
for the new data scientist
• Privacy principles
• Privacy risk assessment and mitigation
strategies
• Information security
• Access to information
• Records management
• Agreements and contracts
OIPC sponsored research on
information sharing
Government Information Sharing
Is Data Going Out of the Silos, Into the Mines?
•http://
www.oipc.ab.ca/Content_Files/Files/Publications/Repor
•Case studies
•Citizen expectations
•Examining risk in data sharing projects
13
Free PIA training
• Calgary: October 16
• Edmonton: October 15
• www.oipc.ab.ca for more info.
Your questions
THANK YOU!
Brian Hamilton
Director, Compliance and Special Investigations
Office of the Information and Privacy Commissioner, Alberta
bhamilton@oipc.ab.ca
www.oipc.ab.ca
780.422.6860

More Related Content

PDF
Energy Data Privacy Presentation
PPT
DPA seminar presentation
PPTX
What is the General Data Protection Regulation (GDPR)?
PPTX
Developing a privacy compliance program
PPTX
Advantage ppt data breaches km approved - final (djm notes)
PPTX
Prepare Your Firm for GDPR
PPTX
Securing your Data, Reporting Recommended Practices
PDF
Game changing legislation
Energy Data Privacy Presentation
DPA seminar presentation
What is the General Data Protection Regulation (GDPR)?
Developing a privacy compliance program
Advantage ppt data breaches km approved - final (djm notes)
Prepare Your Firm for GDPR
Securing your Data, Reporting Recommended Practices
Game changing legislation

What's hot (19)

PPTX
Helen Patton - Governing Big Data: Security, Privacy & Data Management
PPTX
Everyone is talking Cloud - How secure is your data?
PDF
3 minute reading time on how you can comply with GDPR.
PDF
Rent-a-DPO for IT Vendors
PPTX
BISG Rights Summit June 11, 2014 (Michael Healy, Copyright Clearance Center)
PPTX
CERN 5 Things you should know about Data Protection
PDF
IT Perspectives in Implementing Privacy Framework
PPTX
Compliance is an Opportunity: Leveraging Regulation
PPTX
Global Data Privacy Regulation
PPTX
Principles of Holistic Information Governance - Presented to ARMA Edmonton Ja...
PPTX
Embedding GDPR Within Your Information and Library Service
PDF
GDPR - Sink or Swim
PPTX
Online privacy
PPT
Data protection
PDF
Data Protection and Privacy
PPTX
Why We Require GDPR?
PDF
General Data Protection Regulation, May 2017, London
PPTX
GDPR Data Life Cycle
PPTX
The Future of the Modern Workplace Event 2019 - Data Security and Protection
Helen Patton - Governing Big Data: Security, Privacy & Data Management
Everyone is talking Cloud - How secure is your data?
3 minute reading time on how you can comply with GDPR.
Rent-a-DPO for IT Vendors
BISG Rights Summit June 11, 2014 (Michael Healy, Copyright Clearance Center)
CERN 5 Things you should know about Data Protection
IT Perspectives in Implementing Privacy Framework
Compliance is an Opportunity: Leveraging Regulation
Global Data Privacy Regulation
Principles of Holistic Information Governance - Presented to ARMA Edmonton Ja...
Embedding GDPR Within Your Information and Library Service
GDPR - Sink or Swim
Online privacy
Data protection
Data Protection and Privacy
Why We Require GDPR?
General Data Protection Regulation, May 2017, London
GDPR Data Life Cycle
The Future of the Modern Workplace Event 2019 - Data Security and Protection
Ad

Viewers also liked (12)

PPTX
Open access and open data: international trends and strategic context
PPTX
Are MOOC's past their peak?
PDF
Predicting the Future With Microsoft Bing
PDF
Do Universities Dream of Big Data
PDF
Cyber Summit 2016: The Data Tsunami vs The Network: How More Data Changes Eve...
PDF
Cyber Summit 2016: Technology, Education, and Democracy
PPTX
Analytics 101: How to not fail at analytics
PPTX
Cyber Summit 2016: Understanding Users' (In)Secure Behaviour
PPT
Cyber Summit 2016: Using Law Responsibly: What Happens When Law Meets Technol...
PPTX
Open City - Edmonton
PPTX
Opening the doors of the laboratory
PDF
Cyber Summit 2016: Issues and Challenges Facing Municipalities In Securing Data
Open access and open data: international trends and strategic context
Are MOOC's past their peak?
Predicting the Future With Microsoft Bing
Do Universities Dream of Big Data
Cyber Summit 2016: The Data Tsunami vs The Network: How More Data Changes Eve...
Cyber Summit 2016: Technology, Education, and Democracy
Analytics 101: How to not fail at analytics
Cyber Summit 2016: Understanding Users' (In)Secure Behaviour
Cyber Summit 2016: Using Law Responsibly: What Happens When Law Meets Technol...
Open City - Edmonton
Opening the doors of the laboratory
Cyber Summit 2016: Issues and Challenges Facing Municipalities In Securing Data
Ad

Similar to Privacy, Security & Access to Data (20)

PDF
Wayne richard - pia risk management - atlseccon2011
PPTX
Media_644046_smxx (1).pptx
PDF
Preparing your Business for the Data Protection Bill
PPSX
Gdpr demystified - making sense of the regulation
PPT
Data-sharing, individual rights, and the future | Victoria Cetinkaya | Januar...
PPTX
ABM Display Advertising Success in the World of GDPR [PPT]
PPTX
GDPR Breakfast Briefing for Business Advisors
PPTX
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
PDF
Gdpr for business full
PPTX
Privacy Secrets Your Systems May Be Telling
PPTX
Privacy Secrets Your Systems May Be Telling
PPTX
GDPR Breakfast Briefing for Business Advisors
PDF
Hivos and Responsible Data
PPTX
ACEDS-Zylab 4-3-15 Webcast
PPTX
GDPR and Cyber Security LW.pptx
PPTX
LW GDPR and Cyber Security.pptx
PPTX
Introduction to GDPR
PPTX
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
PDF
GDPR for your Payroll Bureau
PDF
1. Security and Risk Management
Wayne richard - pia risk management - atlseccon2011
Media_644046_smxx (1).pptx
Preparing your Business for the Data Protection Bill
Gdpr demystified - making sense of the regulation
Data-sharing, individual rights, and the future | Victoria Cetinkaya | Januar...
ABM Display Advertising Success in the World of GDPR [PPT]
GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
Gdpr for business full
Privacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be Telling
GDPR Breakfast Briefing for Business Advisors
Hivos and Responsible Data
ACEDS-Zylab 4-3-15 Webcast
GDPR and Cyber Security LW.pptx
LW GDPR and Cyber Security.pptx
Introduction to GDPR
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR for your Payroll Bureau
1. Security and Risk Management

More from Cybera Inc. (18)

PPT
Cyber Summit 2016: Insider Threat Indicators: Human Behaviour
PPTX
Cyber Summit 2016: Research Data and the Canadian Innovation Challenge
PPTX
Cyber Summit 2016: Knowing More and Understanding Less in the Age of Big Data
PDF
Cyber Summit 2016: Privacy Issues in Big Data Sharing and Reuse
PPTX
Cyber Summit 2016: Establishing an Ethics Framework for Predictive Analytics ...
PPTX
Unlocking the power of healthcare data
PPT
Checking in on Healthcare Data Analytics
PPTX
I didn't know i was a geomatics company
PPTX
Integrating Geospatial into the Everyday
PPTX
From the Traditional to the Virtual
PPTX
Where is EdTech Heading?
PPTX
Digital Social Innovation and the Impact of Data Analytics
PPTX
Delivering our Data Driven Future
PPTX
Jordan Engbers - Making an Effective Data Scientist
PDF
Calgary OpenStack Meetup January 2015
PDF
Open Government
PDF
Orchestration
PDF
Tactalis: A new way to touch
Cyber Summit 2016: Insider Threat Indicators: Human Behaviour
Cyber Summit 2016: Research Data and the Canadian Innovation Challenge
Cyber Summit 2016: Knowing More and Understanding Less in the Age of Big Data
Cyber Summit 2016: Privacy Issues in Big Data Sharing and Reuse
Cyber Summit 2016: Establishing an Ethics Framework for Predictive Analytics ...
Unlocking the power of healthcare data
Checking in on Healthcare Data Analytics
I didn't know i was a geomatics company
Integrating Geospatial into the Everyday
From the Traditional to the Virtual
Where is EdTech Heading?
Digital Social Innovation and the Impact of Data Analytics
Delivering our Data Driven Future
Jordan Engbers - Making an Effective Data Scientist
Calgary OpenStack Meetup January 2015
Open Government
Orchestration
Tactalis: A new way to touch

Recently uploaded (20)

PPTX
MODULE 8 - DISASTER risk PREPAREDNESS.pptx
PDF
“Getting Started with Data Analytics Using R – Concepts, Tools & Case Studies”
PPTX
IB Computer Science - Internal Assessment.pptx
PPTX
The THESIS FINAL-DEFENSE-PRESENTATION.pptx
PPTX
Major-Components-ofNKJNNKNKNKNKronment.pptx
PPTX
Supervised vs unsupervised machine learning algorithms
PPTX
Business Ppt On Nestle.pptx huunnnhhgfvu
PPTX
CEE 2 REPORT G7.pptxbdbshjdgsgjgsjfiuhsd
PPTX
A Quantitative-WPS Office.pptx research study
PPTX
Global journeys: estimating international migration
PPTX
Logistic Regression ml machine learning.pptx
PDF
Foundation of Data Science unit number two notes
PDF
BF and FI - Blockchain, fintech and Financial Innovation Lesson 2.pdf
PPTX
ALIMENTARY AND BILIARY CONDITIONS 3-1.pptx
PPTX
climate analysis of Dhaka ,Banglades.pptx
PPTX
Acceptance and paychological effects of mandatory extra coach I classes.pptx
PDF
Fluorescence-microscope_Botany_detailed content
PPT
Quality review (1)_presentation of this 21
PDF
22.Patil - Early prediction of Alzheimer’s disease using convolutional neural...
PPTX
Introduction to machine learning and Linear Models
MODULE 8 - DISASTER risk PREPAREDNESS.pptx
“Getting Started with Data Analytics Using R – Concepts, Tools & Case Studies”
IB Computer Science - Internal Assessment.pptx
The THESIS FINAL-DEFENSE-PRESENTATION.pptx
Major-Components-ofNKJNNKNKNKNKronment.pptx
Supervised vs unsupervised machine learning algorithms
Business Ppt On Nestle.pptx huunnnhhgfvu
CEE 2 REPORT G7.pptxbdbshjdgsgjgsjfiuhsd
A Quantitative-WPS Office.pptx research study
Global journeys: estimating international migration
Logistic Regression ml machine learning.pptx
Foundation of Data Science unit number two notes
BF and FI - Blockchain, fintech and Financial Innovation Lesson 2.pdf
ALIMENTARY AND BILIARY CONDITIONS 3-1.pptx
climate analysis of Dhaka ,Banglades.pptx
Acceptance and paychological effects of mandatory extra coach I classes.pptx
Fluorescence-microscope_Botany_detailed content
Quality review (1)_presentation of this 21
22.Patil - Early prediction of Alzheimer’s disease using convolutional neural...
Introduction to machine learning and Linear Models

Privacy, Security & Access to Data

  • 1. Privacy, Security & Access to Data Cyber Summit 2015 Brian Hamilton, Director, Compliance and Special InvestigationsSeptember 28, 2015
  • 2. Agenda • Privacy laws enable your success • How do privacy regulators analyze information sharing/analytics/big data initiatives? • Regulatory challenges • Tips for success in working with privacy regulators
  • 3. Office of the Information and Privacy Commissioner of Alberta • Commissioner – Jill Clayton • an officer of the Legislative Assembly • independent of government • Oversight of Alberta’s access to information and privacy laws: • Freedom of Information and Protection of Privacy Act • Personal Information Protection Act • Health Information Act • Provincial government is responsible for legislation
  • 5. How we intersect with research • Health Research Ethics Boards • File their approvals with us • Duty to review research proposals and assess whether adequate safeguards are in place • Privacy Impact Assessment review • Especially data matching • Recommended for multi-stakeholder initiatives • Investigations • Unusual, most people aren’t aware, or have consented • access to data without agreement
  • 6. Privacy is an enabler • Privacy regulators understand benefits of information sharing and analytics • Advancement of science, health • Convenience • Harmonized, coordinated, targeted services • Efficiency, cost containment • Privacy statutes allow appropriate information sharing and data matching • Privacy ensures your success • We are in the freedom of information business
  • 7. Things privacy laws allow you to do (as long as you do it right) • Research • Planning • Resource allocation • Policy development • Quality improvement • Auditing • Evaluation • Data matching • Share personal information for service delivery
  • 8. How we analyze initiatives • Who are you? • Nature of organizations • Jurisdiction • What are you doing? • What personal information will you collect, use or disclose? • Research, data matching • Is it legal? • Analysis of legal authorities • How are you managing risk? • Information security • Agreements, policies • Incident response plans • Regular review of controls • Training
  • 9. Key Privacy Controls (for big data initiatives) • Governance, policies, training • Access controls • Need to know, least amount principle • Consent (where necessary) • Openness, transparency, notification • Retention and disposition • Only keep information as long as necessary • Incident response • Privacy laws use reasonableness test • Controls do not need to be perfect
  • 10. Challenges for the new data scientist • We live in a federation and have international partners • Managing privacy among multiple stakeholders (governance) • Transparency • Managing consent, citizen expectations • Trans border legal demands • Bureaucratic fear, uncertainty and doubt
  • 11. Tips for success • Talk to us • We are happy to consult on any initiative • Early consultation prevents last-minute pitfalls • Build privacy into your initiative from the start • Last-minute, bolt-on privacy is expensive and inefficient • Engage the public • Transparency assuages fear • Conduct a privacy impact assessment • Our Office is pleased to review and provide comments • Consider making your PIA public • Develop privacy expertise
  • 12. Curriculum for the new data scientist • Privacy principles • Privacy risk assessment and mitigation strategies • Information security • Access to information • Records management • Agreements and contracts
  • 13. OIPC sponsored research on information sharing Government Information Sharing Is Data Going Out of the Silos, Into the Mines? •http:// www.oipc.ab.ca/Content_Files/Files/Publications/Repor •Case studies •Citizen expectations •Examining risk in data sharing projects 13
  • 14. Free PIA training • Calgary: October 16 • Edmonton: October 15 • www.oipc.ab.ca for more info.
  • 16. THANK YOU! Brian Hamilton Director, Compliance and Special Investigations Office of the Information and Privacy Commissioner, Alberta bhamilton@oipc.ab.ca www.oipc.ab.ca 780.422.6860