Pbd

A Pre-Conference Seminar of the 33rd International Conference of Data Protection and Privacy Commissioners

Tackling privacy issues upfront and embedding privacy protections directly into new technology, process and architecture – the Privacy by Design approach – is optimal from both a privacy and business perspective. Increasingly, however, privacy must be considered within the context of an organization’s existing infrastructure. Does that limit the relevance of PbD? No, not in the least.

Enter Privacy by ReDesign, a new approach to applying the 7 Foundational Principles of Privacy by Design to existing systems. Clearly, since these are pervasive and already operational throughout organizations, the principles cannot be embedded, from the outset. Instead, the objective must be to Rethink, ReDesign and Revive these systems in a manner approaching the PbD end state.

Hear noted industry and privacy leaders describe their applications of PbRD. Learn strategies that you can take back to your company. Rethink, ReDesign, Revive.

Subscribe to our Twitter feed - www.twitter.com/embedprivacy - for regular updates.

Ken Anderson
Assistant Commissioner, Privacy
Office of the Information & Privacy Commissioner, Ontario, Canada

Dr. Ann Cavoukian
Information & Privacy Commissioner, Ontario, Canada

Dr. Jacqueline Peschard
President Commissioner
Federal Institute for Access to Information & Data Protection (IFAI)

Carlos Chalico
Partner - IT Risk & Assurance
Ernst & Young, Mexico

Privacy by Redesign: A Transformative Process

Dr. Ann Cavoukian
Information & Privacy Commissioner, Ontario, Canada

Information and Privacy Commissioner of Ontario, Canada, Dr. Ann Cavoukian, has taken Privacy by Design (PbD) to a global level where it has been established as the Gold Standard in privacy protection. Following that success, Commissioner Cavoukian is now taking Privacy by Design “back to the future” by introducing the concept of Privacy by ReDesign (PbRD) — retrofitting privacy protection into existing, mature and legacy systems to meet the privacy goals of today and the future. Commissioner Cavoukian launched PbRD with the understanding that organizations are operating with mature IT systems and business practices, into which years of resources have been invested, and that designing and implementing entirely new systems is not practical in many cases. However, she believes that this challenge can be overcome with innovative solutions which will assist organizations in eliminating this roadblock toward embedding privacy as a default condition and reach the essential goal of privacy protection for all.

Privacy by Redesign: Continuous Improvement for Both Mature and State-of-the-Art Systems

Dr. Marilyn Prosch
Associate Professor, W.P. Carey School of Business
Department of Information Systems>
Privacy by Design Research Lab

Privacy by Design is a fantastic philsophy for designing new systems, but many systems are already mature and many new systems get rushed to market without having the appropriate privacy features designed into them. This session will talk about the need for managers of both systems to quickly embrace Privacy by Redesign concepts.

Privacy by Redesign: A Transformative Process — Embedding Privacy into Existing Systems

Carlos Chalico
Partner, IT Risk & Assurance
Ernst & Young, Mexico

Christine R. Ravago
Senior Manager, Advisory Services
Ernst & Young LLP

PbD is often discussed in the context of developing new systems and technologies, but what about existing systems and established technologies? Can an organization retrofit the principles of PbD across multiple systems that make up its current operating environment? Ernst & Young will address the challenges in considering PbD in environments with many existing and legacy systems that are difficult to manage, inefficient, and of varying degrees of compliance with privacy requirements. They will propose a structured approach to a new facet to PbD—Privacy by ReDesign. Ernst & Young will discuss key considerations of integrating Privacy by ReDesign in transformation projects, including the critical decision-making process, stakeholders, organizational impact of changes, costs, and the potential for return on investment.

Technology: Corporate Utility or Innovative Path to Privacy?

Anneke Covell
Vice President
American Express Technologies

Anneke will discuss the vital role that technologists play in driving the inclusion of privacy and safeguarding controls throughout the software development delivery lifecycle and greater alignment with business process management methodologies. By consistently embedding privacy controls, the technologist can play a significant role protecting customer data, honoring their privacy choices and earning customer trust over time. All this can be achieved while still satisfying the business partner’s need for “speed and innovation” to market.

Rethink, ReDesign & Revive IP Geolocation — A PbD-Based Approach

Michael Ho
Founder
Bering Media

Michael’s presentation will take a look at the targeted advertising industry and the legacy IP geolocation system. It will examine the evolving targeted advertising industry and the impacts to privacy. It will also describe an approach to redesign the IP geolocation system to improve functionality and enhance privacy — a positive-sum, not zero-sum, approach.

A Guide for Completing a Privacy by Design Privacy Impact Assessment: From Principles to Practice

Anita Fineberg
Barrister & Solicitor
President
Anita Fineberg & Associates Inc.

Pat Jeselon
President
President
Pat Jeselon & Associates Consulting

This presentation will introduce A Guide for Completing a Privacy by Design Privacy Impact Assessment, a document developed to provide organizations with practical guidance on how to conduct a Privacy Impact Assessment based on the 7 Foundational Principles of Privacy by Design. It will address the genesis of the document, the approach taken in the PbD PIA, as well as how it differs from the traditional Privacy Impact Assessments currently in use. Session attendees will be “walked through” the Guide and provided with an explanation on how to use and apply it to organizational business practices, physical design and infrastructure as well as information technology systems and processes. The benefits that will accrue to organizations using the PbD PIA will be highlighted.

Pioneering the Privacy Economy: Privacy by Design in the Era of Big Data

Noah Lang
Head of Corporate Development
Reputation.com

The era of Big Data presents incredible opportunities—robust information, smarter cities, stronger companies, intelligent hospitals and medicine—but just as many challenges. Silicon Valley has facilitated this data-rich and data-hungry environment, but can a new ecosystem of privacy and consumer control businesses become a Silicon Valley game changer?

Mr. Lang provides a first-hand account of the world’s only existing technology solution to embed consumer-controlled data into the world of “big people data”. As an early-stage employee and head of business development at Reputation.com, Lang offers a walkthrough of the technology that has driven a wedge into the Big Data industry. He will speak about the development of a new “Privacy Economy” by displacing the de facto failure to include explicit choice in consumer data experiences. Noah will share a cross-industry perspective on the coming data privacy vault and how organizations can continue to mitigate risk while generating new economies with embedded personal data choice – the ultimate in Privacy by Design.

Dr. Ann Cavoukian
Information & Privacy Commissioner, Ontario, Canada

The Information and Privacy Commissioner of Ontario has taken a global leadership position in partnering with Smart Grid stakeholders Hydro One, GE, IBM and Telvent for the paper \\\"Operationalizing Privacy by Design: The Ontario Smart Grid Case Study.\\\" Learn how the IPC and stakeholders worked together to embed privacy into the architecture of Ontario\\\'s Smart Grid. This implementation will ensure the protection of consumer energy use data.

Moderator: Catherine Thompson
Regulatory & Policy Advisor
Office of the Information and Privacy Commissioner of Ontario

Jim Hall
Manager, Business Development & Support
Hydro One

Peter Ruppert
Solution Architect
ADS Program, IBM

Ryan Vinelli
Privacy Legal Fellow
General Electric

To organizations, personal information is an asset, the value of which is protected and enhanced by a suite of security practices and business processes, including formal risk management discipline. The potential for irreparable harm, however, demands a highly proactive approach, one that is consistent with the principles of Privacy by Design. Ultimately, who is responsible for managing privacy risks? Hear from a panel of risk management and privacy leaders who will share their experiences in applying PbD within various environments.

Moderator: Jeff Kirke
Strategic Advisor to the Commissioner
Office of the Information and Privacy Commissioner of Ontario

Fariba Anderson
Vice President, IT, Lottery and Bingo
Ontario Lottery and Gaming

Yim Chan, CIPP/C
Privacy and Data Protection Executive, IBM Corporation
Chief Privacy Officer, IBM Canada

Dan Ruch
Partner
Ruch & Associates

Mobile computing is dramatically changing our world and the manner in which we interact with it - enabling new services and conveniences, while introucing new privacy and security challenges. Portable computing devices have become an innovative enabling platform, driving benefits on a societal scale. Join this session, led by staffers from the Information and Privacy Commissioner of Ontario\\\\\\\\\\\\\\\'s office, for an insightful look at cutting edge work that applies the principles of Privacy by Design to areas such as WiFi, traffic data assessment, road tolling and the GSMA principles.

Moderator: Ken Anderson
Assistant Commissioner of Privacy
Office of the Information and Privacy Commissioner of Ontario

Fred Carter
Policy & Information Analyst
Office of the Information and Privacy Commissioner of Ontario

Frank Dawson, CIPP/IT
Head of Consumer Data & Privacy Program
Nokia

Patrick Walshe
Director of Privacy
GSMA

Biometric technologies have hit the mainstream, touted as ideal for enhancing identity authentication, access controls and fraud detection. Ironically, the same technologies that can enhance trust can also undermine it when deployed improperly. Biometric data are exceedingly personal data. As this personal data is collected, used, retained and shared across networked environments by more and more actors for more purposes, how will the security threats that undermine the reliability of biometric systems be overcome? How will individual privacy be assured? Privacy risks can undermine user confidence, leading to a lack of acceptance and trust in biometric systems. Is there a positive-sum way out? Explore answers to these current issues and trends in biiometrics research and deployment. One of the thems will be a novel application of face recognition for the Ontario Lottery and Gaming Corporation\\\\\\\\\\\\\\\'s self-exclusion program.

Moderator: Vance Lockton
Policy Analyst
Office of the Information and Privacy Commissioner of Ontario

Les DeSouza
Architect
Ontario Lottery and Gaming

Soren Frederiksen
Vice President, Development
iViewsystems

Karl Martin
President & CEO
KMKP Engineering
Alex Stoianov
Biometrics Scientist
Office of the Information and Privacy Commissioner of Ontario

Privacy must not be an afterthought. Protecting privacy, including the proper stewardship of the personal information entrusted to governments and other bodies, is essential to maintaining the public\\\\\\\\\\\\\\\'s trust and confidence. It also is an essential component of customer service and quality assurance. Regardless of the type of institution or helathcare provider - from a town hall to a police service, a library board to a school board, a university to a hospital, a doctor\\\\\\\\\\\\\\\'s office or a health clinic - protecting personal information is critical. Explore the benefits of embedding privacy into the design of information technology, business practices and physical design and infrastructures, and examine examples of successful Privacy by Design initiatives used in the public sector.

Moderator: Michelle Chibba
Director, Policy and Special Projects
Office of the Information and Privacy Commissioner of Ontario

David Nicholl
Corporate Chief Information & Information Technology Officer
Province of Ontario

Dave Wallace
CIO, Information & Technology Divison, City of Toronto

Ken Anderson

Assistant Commissioner, Privacy

Office of the Information & Privacy Commissioner, Ontario

Yoram Hacohen

Head, Israeli Law, Information and Technology Authority

Dr. Ann Cavoukian

Information & Privacy Commissioner, Ontario

The Honourable Dalton McGuinty

Premier of Ontario, Canada

PbD and the Smart Grid: The Gold Standard

Since a reporter first sounded the alert in 2009. Ontario’s Information and Privacy Commissioner has been working steadily to build awareness and understanding of privacy issues in the design and implementation of Smart Grid technologies.  Learn how worldwide investment in the Smart Grid is growing steadily, and the threat to privacy is mounting, as the Commissioner shares Ontario’s experiences and urges her colleagues to get involved.

Dr. Ann Cavoukian

Information & Privacy Commissioner, Ontario

Applied PbD for the Smart Grid

People talk about “the Smart Grid” but in fact there is more than one model for Smart Grid development across jurisdictions.  In this high-level overview of the basic technologies at work, regulators will learn where to focus discussions with utilities in order to uncover and address privacy issues effectively.

Ken Anderson

Assistant Commissioner, Privacy

Office of the Information & Privacy Commissioner, Ontario

Hydro One’s Commitment to Customer Data Privacy

Hydro One will be represented at the conference through a video discussing the company\\\\\\\\\\\\\\\'s participation in the creation of the Ontario Privacy Commissioner’s Privacy by Design standard for Smart Grid implementation for data protection.  The video will feature Mike Winters, Hydro One’s Chief Information Officer; Myles D’Arcey, Senior Vice President, Customer Operations; and Rick Stevens, Director of Distribution Development and the Project Director of Hydro Ones Smart Meter program.  They will discuss how Hydro One has built the principles of Privacy by Design into its smart grid program and the benefits of this for its customers.

Michael Winters

Senior Vice President & Chief Information Officer

Hydro One Network Inc.

Rick Stevens

Director Distribution Business Development, Hydro One

Project Director, Hydro One Smart Meter / Smart Grid Project

Myles D’Arcey

Senior Vice President, Customer Operations

Hydro One Inc.

Building a Privacy by Design Program: Practical Insights for the Smart Grid

Privacy by Design (PbD) is most easily pursued during times of change — and with more than 205 million smart meters expected to be installed worldwide by the year 2015, change has opened the door to innovation at utilities around the globe.  So forward-looking organizations in this industry increasingly ask:  What are the one or two most important privacy-related actions that will help consumers embrace and trust the Smart Grid?  As one of the business world’s most-experienced privacy and security leaders, Pearson will draw on IBM’s experience as a technology innovator and PbD “early adopter” to highlight the practices that can help utilities address privacy in a smart, proactive way.  To inform these recommendations, Pearson’s presentation will incorporate just-gathered insights from IBM’s internation survey of smart grid consumer attitudes.

Harriet Pearson

Vice President Security Counsel & Chief Privacy Officer

IBM

Google PowerMeter and Privacy by Design

Jane’s talk will focus on how Google PowerMeter utilizes the Privacy by Design principle of Privacy Embedded into the Design.  Google PowerMeter is a free energy monitoring tool that allows you to view your home’s energy consumption from anywhere online.  From the drawing board, the Google PowerMeter team embedded privacy into its functionality.  From sign-on to data sharing to data retention, Google PowerMeter has embedded privacy protections.

Jane Horvath

Global Privacy Counsel

Google

Data Use as a Consumer Feature:  Can Smart Grid Privacy Concerns Be Addressed by Creative Design and Transparency?

For decades businesses have argued that Web analytics, tracking and profiling provide users with a more relevant experience and support free content or services.  Consumers, however, continue to express unease about data collection and use practices and are concerned about who has access to their private information, and for what purposes.  Policy-makers globally continue to press for regulations or codes of conduct that can do more to ensure the protection of user dignity and the avoidance of harm.  Can the designers of the consumer facing aspects of the smart grid learn from the successes and failures of the last decade in order to enable the data flows needed in a privacy-friendly manner?

Jules Polonetsky

Co-chair and Director of the Future of Privacy Forum

Ensuring the Future of Privacy — On and Off the Smart Grid

Dr. Ann Cavoukian

Information & Privacy Commissioner, Ontario

Introductions

Ken Anderson
Assistant Commissioner
Office of the Information and Privacy Commissioner,
Ontario, Canada

Welcome/Opening Remarks

Dr. Ann Cavoukian
Information and Privacy Commissioner,
Ontario, Canada

People are facing an increasingly complex array of demands for their personal information. Governments and companies are finding themselves in uncharted territories as they begin to navigate the new frontier of the Cloud... What do we do? The principles of Privacy by Design, a concept developed by Dr. Cavoukian, offer a roadmap to both public and private sector leaders on how to protect personally identifiable data. Building in user privacy as the default, organizations practicing PbD embed data protection in new technologies and business practices, right from the outset — ensuring that such controls persist through the entire lifecycle of the data. PbD is uniquely characterized by its positive-sum, win-win approach to development — proving that it is possible to enjoy the benefits of both strong privacy and security, or privacy and business, or whatever the functionality.

The Commissioner will reflect on recent developments pertaining to PbD, including its adoption by an ever growing number of organizations who recognize the competitive edge that it uniquely affords.

Managing Privacy in the Evolution of the Internet of Things

Arthur Smith
President and Chief Executive Officer
GS1 Canada

Art Smith is President and CEO of GS1 Canada, an industry-driven organization that enables the development and implementation of global standards for electronic business and supply chain processes. Art will discuss developments in the usage of RFID in the global e-commerce environment, as well as measures being taken at a global level to ensure the integration of privacy fundamentals into these business practices.

Privacy-Protected Video Surveillance: Security and Privacy by Design

Karl Martin
President
KMKP Engineering

Video surveillance has become ubiquitous, but the public does not have to accept the invasion of their privacy. Mr. Martin presents a new technology, called Secure Visual Object-Based Coding, that uses encryption to protect the face and body images of people, but does not hinder security enforcement. This work has come out of the research lab and is now being developed into a commercial product.

Respect by Design

Dr. L. Jean Camp
Associate Professor of Informatics
Indiana University

Ambient and ubiquitous computing systems offer to empower us all, but could be particularly useful to elders who could stay at home longer with technologically assisted living. Simultaneously, they threaten a nightmare of perfect surveillance with no control over highly sensitive data. Clearly, ubiquitous in-home computing calls for Privacy by Design. However, design for participant control is challenging and therefore, empowering individuals is particularly problematic. Dr. Camp describes the designs and associated research methods for developing and evaluating privacy-aware ubiquitous computing for in-home use.

Going for the Gold — PbD is a Team Sport

Joseph H. Alhadeff
Chief Privacy Officer,
Vice President, Global Public Policy,
Oracle

Privacy by Design is a concept that is closely linked to technology, but needs to be enabled across people and processes as well. Some of the most important aspects of “going for the gold” involve developing the right consultative and collaborative processes. Getting the right people together at the outset with the proper motivation is critical to creating the right culture to enable Privacy by Design. PbD, when done right, yields value to all participants in the process and helps create a whole that is greater than the sum of its parts.

The Art of ∑ncryption

Nandini Jolly
President / CEO and Co-Founder
CryptoMill Technologies

Liberating data can be a competitive advantage. Unleashing the ability of both individuals and organizations, in a practical and secure fashion, is the Art of Encryption. Proactive data protection encourages mobility, builds confidence, and preserves privacy.

Privacy and Commercialization: Learn how MaRS is helping technology start-ups navigate this intersection

Krista Jones
Practice Lead, Information and Communication Technology
MaRS Discovery District

Learn how MaRS advises companies to incorporate the principles of Privacy by Design into the formation and development of their technology and business. Through the use of case studies of current Ontario based start-ups, the intersection between privacy and commercialization will be explored. The benefits of Privacy by Design principles will be discussed highlighting the advantages of early adherence.

2009 Privacy Technologies Research Award

Designing Privacy Architecture for Personal Health Records (PHRs)

Reza Samavi

When Your Brand Matters

Dr. Parry Aftab
Managing Director
WiredTrust, home of the Socially Safe Best Practices Seal

All press is good press – so they say. Except when you end up on the front page of the Globe and Mail or the Wall Street Journal for mishandling your customers’, users’ and clients’ personal information. The time to think about what that could mean to you and your business is before it happens. And the time to design your privacy practices and procedures to support your business model and respect your stakeholders at the same time is before anyone starts to code. It’s more than compliance. It’s more than best practices. It’s more than wanting to be a poster child for safety. It’s brand protection.

Closing Remarks

Dr. Ann Cavoukian
Information and Privacy Commissioner,
Ontario, Canada

Introductions

Ken Anderson
 Assistant Commissioner
 Office of the Information and Privacy Commissioner,
 Ontario, Canada

 
Welcome/Opening Remarks

Dr. Ann Cavoukian
 Information and Privacy Commissioner,
 Ontario, Canada

Yoram Hacohen
 Head of the Israeli Law, Information and Technology Authority (ILITA)

 
Privacy by Design – Delivering the Promises

This presentation will look back at the origins of Privacy by Design, notably the publication of the first report on “Privacy Enhancing Technologies” by a joint team of the Information and Privacy Commissioner of Ontario, Canada, and the Dutch Data Protection Authority in 1995. It will also attempt to look ahead and address the question how the promises of these concepts could be delivered in practice.

Peter Hustinx
 European Data Protection Supervisor


Remote Health Management and Privacy

Remote health care technologies designed for in-home use are poised to become a vital part of the overall health care environment, allowing many seniors and chronic care patients to live longer in their own homes — with their privacy fully protected. This talk will cover an understanding of how Privacy by Design can be implemented in a technology company’s development processes, and will provide specific examples of the real benefits to individuals from use of Privacy by Design on specific health care technologies.

David Hoffman
 Intel Corporation - Director of Security Policy &
 Global Privacy Officer

Built-in Privacy: No panacea, but a Necessary Element of Privacy Protection

Built-in privacy seems to be the magic technical fix for most current privacy problems. Obviously one should not get carried away since there is no “privacy button” on the next generation computers. But, for too long, Privacy Commissioners have tried to tackle privacy issues in a reactive manner. Their efforts lead to nowhere if manufacturers simply do not deliver the right, i.e. privacy-friendly goods. How can they be made to deliver?

Dr. Alexander Dix
 Commissioner for Data Protection & Freedom of Information,
 Berlin, Germany

 
Trust & Privacy in the Future Internet: A research perspective

The transformations brought on society by the evolution of the Internet over the last decade raise many societal challenges in relation to the handling of identity, trust and privacy. Technology research programmes must prioritise work that take these challenges into account at all phases of development, from conceptual design to implementation

Dr. Jacques Bus
 Head of Unit - Trust and Security in ICT Research,
 European Commission

 
Privacy and the SmartGrid: Risks and opportunities

Upgrading our power system by introducing two-way data flows could lead to a cleaner environment, reduced power costs, and more reliable utility service. At the same time, this new information-dependent system could collect personal and intimate data and could create grave risks of intrusion into the home domain. Understanding the data pathways of the smart grid and pressing for early attention to Privacy by Design could ensure a future of smart power and smart privacy.

Jules Polonetsky
 Co-chair & Director,
 The Future of Privacy Forum

 
Google’s PowerMeter: An Example of Privacy by Design

A demonstration of Google PowerMeter, a software application developed by the Google’s philanthropic arm, Google.org, to help consumers track their home electricity usage. From the start, privacy was part of the design of PowerMeter.

Jane Horvath
 Global Privacy Counsel, Google

Luncheon Keynote Adresses

Baking in Privacy: Consumers as the Most Important Ingredient!

Increasingly, consumers are demanding greater control over their online experience. While recent studies demonstrate that consumers are often uninformed about the level of privacy protections offered by a given good or service, they establish that consumers genuinely care about privacy. If privacy is truly good business, why don’t we see more companies competing on privacy? The recent furor over the privacy dimensions of the Google Books settlement is a prime example of a developing product that has garnered vocal criticism for the level of privacy protections baked into the good. I view the creation of products like Google Books, electronic health records, and cloud computing applications as prime tests of user-centered design. My remarks will share some thoughts about the importance of Privacy by Design and the fundamental role of transparency to consumers.

The Honorable Pamela Jones Harbour
 Commissioner, U.S. Federal Trade Commission

 
Privacy by Design: German Experiences

For years, data reduction and data minimisation have been enshrined in the German Federal Data Protection Act. To that aim, pseudonymisation and anonymisation should be possibly used, however only to the extent that any related efforts are adequate in relation to the aspired purpose of data protection. In practice, however, when it comes to the conception of IT systems, the implementation of these provisions often proves difficult.

Peter Schaar
 Federal Commissioner for Data Protection and Freedom of Information,
 Republic of Germany

Privacy Designed as a Competitive Advantage — the Case of Social Networks

The Honorable Mozelle W. Thompson
 CEO, Thompson Strategic Consulting and former FTC Commissioner


Accountability Panel

Privacy by Design: HP’s Accountability Model Tool

Scott Taylor will be sharing a newly deployed program at HP that guides employees to integrate privacy into products, services, programs and processes that collect, use or store personal information. It is an example of Privacy by Design and meant to improve responsible decision-making and accountability at all levels within the enterprise.

Scott Taylor
 Chief Privacy Officer, Hewlett-Packard Company


The Essential Elements of Accountability Require Privacy by Design

A group of international privacy experts met in Ireland this year as the Galway Project to draft the essential elements of privacy accountability. Martin Abrams, who co-ordinated that process will show how Privacy by Design is necessary for an organization to be accountable.

Martin Abrams
 Executive Director, Centre for Information Policy Leadership

Privacy by Design & ID Management South of the Equator

A number of recent initiatives in identity management in Australia and New Zealand have included Privacy by Design as part of more comprehensive strategies to respect privacy. These include the health identifier soon to be issued for all Australians, eGov in New Zealand and other initiatives in the private sector. Malcolm Crompton will give his perspective on these developments.

Malcolm Crompton
 Managing Director, Information Integrity Solutions P/L


Data Privacy — Asian Cultural Perspectives

This presentation looks at personal data privacy from the Asian historical and contemporary cultural perspectives, focusing on China and Chinese as a dominant reference, and how Privacy by Design can help in battling data privacy issues.

Stephen Lau
 Adviser, HP-EDS Hong Kong and former Privacy Commissioner for Personal Data


Carrot Not Stick: Leading the Way to a Privacy Culture

New Zealand’s approach to designing for good privacy protection has spanned both industry and government. Agencies are encouraged to pursue good practices, for example: encryption for government data matching; protocols around PSD use; industry involvement in the development of guidelines for CCTV; or codes of practice for health, telecommunications and credit reporting. Privacy Commissioner Marie Shroff will also briefly outline the active privacy law reform work in the Asia-Pacific region at present.

Marie Shroff
 New Zealand Privacy Commissioner

The Need for PbD in Biometrics: Biometric Encryption

More and more countries are implementing the use of biometric solutions for the purpose of authentication. In the case of travel documents, although the photo or facial image may be considered the global biometric standard, many countries are choosing multimodal approaches, with fingerprints being the most common secondary biometric over the iris. The primary issue here is the retention of these templates, usually maintained in a central database. But there is an ideal solution: Biometric Encryption (BE) offers an alternative positive-sum solution that achieves authentication AND privacy — additionally, with BE there is no need to retain the biometric data.

Dr. Ann Cavoukian
 Information and Privacy Commissioner,
 Ontario, Canada


Biometrics for Public Administrations

The new generation of passport biometrics have entered the domain of public administration. The step to store the biometric data into a central database (next to the passport chip) seems to be small and very tempting, as being proven in the Netherlands by the recently adapted new Passport Act. Requirements for identity fraud and law enforcement are being mixed into one scheme. What guidelines do we need to protect misuse and function creep? How do we conduct a cost/benefit analysis and a proportionality check? How do we involve the citizens? How can we assess such schemes against Art.8 of the Human Rights Convention and to what extent can we take guidance from the “Marper Case”?

Max Snijder
 Managing Director, European Biometric Group


Israel’s Biometric Database Legislation: Risks and Opportunities

The Israeli government is promoting legislation which would introduce biometric features into national identity cards and retain them in a centralized database. Which legal and technological safeguards are put in place to avert data breaches and function creep? Is there a right way to manage a national biometric database?

Dr. Omer Tene
 Associate Professor, College of Management School of Law

Privacy Protected Video Surveillance: Security and Privacy by Design

Video surveillance has become ubiquitous, but the public does not have to accept the invasion into their privacy. I will present a new technology, called Secure Visual Object-Based Coding, that uses encryption to protect the face and body images of people, but does not hinder security enforcement. This work has come out of the research lab and is now being developed into a commercial product.

Dr. Karl Martin
 University of Toronto


Layering Privacy Platforms by Design

Pervasive, easy-to-use privacy services are keys to enabling users to maintain control of their private data in the online environment. We examine a privacy life cycle from a user perspective, a layered platform design solution for online privacy, and a strategy to use platform network effects for increasing wide-scale user adoption of privacy platform services.

Dr. Dawn Jutla
 Professor, Saint Mary’s University


The First-Ever Privacy by Design Research Lab

This session presents a model of Privacy by Design Value Chain. This model exposes the PbD issues and opportunities both within an organization and in federated environments, identifying structural impediments with the goal of developing mechanisms to overcome them. Research questions are proposed that can assist researchers interested in studying PbD in more realistic, complex institutional settings with multiple stakeholders and incentives.

Dr. Marilyn Prosch
 Professor, Arizona State University


Privacy Risk Optimization - Privacy by Design for Business Practices

This session introduces Nymity’s Privacy Risk Optimization Process, a process that enables the implementation of privacy into operational policies and procedures, which results in Privacy by Design for business practices

Terry McQuay
 President, Nymity



Closing Remarks

Dr. Ann Cavoukian
 Information and Privacy Commissioner,
 Ontario, Canada

Yoram Hacohen
 Head of the Israeli Law, Information and Technology Authority (ILITA)

Privacy Enhancing Technologies Exhibition