[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [pbd-se] Privacy Engineering Publication and Cyber Model Enabling PbD
Thanks Frank... great looking resource to assist PbD!!! We'd like to sync up with this approach and others on the list with our effort - Cyber Model Enabling Privacy by Design (Cyber 4 PbD = C4P...;-)) See below verbiage and link to our overview brief... Where we have the security capabilities / products to make an overall privacy enterprise architecture work in large part now... also supporting an open privacy framework of sorts.. To those interested, I can send the more technical paper we sent in for the DHS PbD proposal mentioned below. CIAO Mike -----Original Message----- From: frank.dawson@nokia.com Sent: Tuesday, July 29, 2014 11:10 AM To: pbd-se@lists.oasis-open.org Subject: [pbd-se] Privacy Engineering Publication Hey OASIS PbD-SE-ers: Ian Oliver, a Nokia HERE colleague, has just published a book on Privacy Engineerings. See here< http://ijosblog.blogspot.com/2014/07/privacy-engineering-book.html all about it, in his blog. -=-=-=- Topic is "A Cyber Model Enabling Privacy by Design - and why you should play" Where does privacy sit in your organization today? Chances are if you don't have a chief privacy officer or data protection officer, your company is lacking in protecting critical data, let alone all the laws and statutory regulations dealing with privacy (e.g., be they PII, HIPAA, CPI, audit / compliance, etc) In addition, the privacy definitions and policy are themselves are quite varied, complex and change depending on where your data resides - city, state, country (for example, the EU's data protection directorate is much stricter than weak (to non-existent) USA laws (where you should know about "safe harbor" if you have a global product)). So how does one start to protect the both the organizational and individual's critical data and the related privacy aspects with all the many key variables themselves in flux and likely take many more years to sort out - if ever globally? Implement a cyber model that enables the Privacy by Design (PbD) initiative, building in protections using a data centric security (DCS) approach that is relatively agnostic to the digital environment. Thus inherently address the key data and privacy protection aspects from the start, making the actual IT / data space relatively agnostic to the privacy definitions and requirements churn mentioned earlier. We also have a much more detailed community discussion paper that explores the Cyber Model For Privacy by Design (PbD) ("C4P") construct, and how it uses data-centric security to enable PbD for most environments (yes, IoT needs privacy protection as well). Our Cyber 4 PbD overview is at. suggest just SKIM for effect at first. http://www.sciap.org/blog1/wp-content/uploads/Privacy-by-Design-cyber-securi ty.pdf ...... Even DHS is working privacy now. they have a BAA out, in part on making "privacy by design (PbD) " work, as well as mobile, etc.. https://baa2.st.dhs.gov/portal/public/Menu.action?page=baa_current_solicitat ions We put in a proposal on #00014." Data Privacy Technologies Research and Development)" as our cyber model for PbD can do much of that NOW, all it needs is a little more integration and finesse..;-))
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]