OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

pbd-se message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [pbd-se] Privacy Engineering Publication and Cyber Model Enabling PbD

Thanks Frank... great looking resource to assist PbD!!!

We'd like to sync up with this approach and  others on the list with our
effort - Cyber Model Enabling Privacy by Design (Cyber 4 PbD = C4P...;-))
See below  verbiage and link to our overview brief...  
Where we have the security capabilities / products to make an overall
privacy enterprise architecture work in large part now... also supporting an
open privacy framework of sorts..

To those interested, I can send the more technical paper we sent in for the
DHS PbD proposal mentioned below.

CIAO
Mike


-----Original Message-----
From: frank.dawson@nokia.com
Sent: Tuesday, July 29, 2014 11:10 AM
To: pbd-se@lists.oasis-open.org
Subject: [pbd-se] Privacy Engineering Publication

Hey OASIS PbD-SE-ers:
Ian Oliver, a Nokia HERE colleague, has just published a book on Privacy
Engineerings. See here<
http://ijosblog.blogspot.com/2014/07/privacy-engineering-book.html 
all about it, in his blog.

-=-=-=-

Topic is "A Cyber Model Enabling Privacy by Design - and why you should
play"
Where does privacy sit in your organization today? 
Chances are if you don't have a chief privacy officer or data protection
officer, your company is lacking in protecting critical data, let alone all
the laws and statutory regulations dealing with privacy (e.g., be they PII,
HIPAA, CPI, audit / compliance, etc)
In addition, the privacy definitions and policy are themselves are quite
varied, complex and change depending on where your data resides - city,
state, country (for example, the EU's data protection directorate is much
stricter than weak (to non-existent)  USA laws (where you should know about
"safe harbor" if you have a global product)).
So how does one start to protect the both the organizational and
individual's critical data and the related privacy aspects with all the many
key variables themselves in flux and likely take many more years to sort out
- if ever globally?  Implement a cyber model that enables the Privacy by
Design (PbD) initiative, building in protections using a data centric
security (DCS) approach that is relatively agnostic to the digital
environment. Thus inherently address the key data and privacy protection
aspects from the start, making the actual IT / data space relatively
agnostic to the privacy definitions and requirements churn mentioned
earlier.

We also have  a much more detailed community discussion paper that explores
the Cyber Model For Privacy by Design (PbD) ("C4P") construct, and how it
uses data-centric security  to enable PbD for most environments (yes, IoT
needs privacy protection as well).    Our Cyber 4 PbD overview is at.
suggest just SKIM for effect at first.
http://www.sciap.org/blog1/wp-content/uploads/Privacy-by-Design-cyber-securi
ty.pdf 

......

Even DHS is working privacy  now. they have a BAA out, in part on making
"privacy by design (PbD) " work, as well as mobile, etc..  
https://baa2.st.dhs.gov/portal/public/Menu.action?page=baa_current_solicitat
ions
We put in a proposal on #00014." Data Privacy Technologies Research and
Development)" as our cyber model for PbD can do much of that  NOW, all it
needs is a little more integration and finesse..;-))

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]