FYI - Cyber enabled Privacy by Design - harmonize privacy efforts

["Mike Davis" <mike.davis.sd@gmail.com>]

Dr Ann, Naomi, Privacy champions,

FYI - an update of our privacy efforts is offered to share our Cyber enabled
PbD approach, to better harmonize with your efforts, as the privacy
end-state requires all aspects and views synced up.

We're publishing our  "A Cyber model for Privacy by Design" approach in a
major IEEE magazine (Consumer Electronics - CE) in JAN... below email
refers... 
It is basically a shortened version of the paper we've socialized before..
enclosed link below.

We've also shortened our cyber / privacy message into one that simply states
and defines "Privacy PAYS" (enclosed PDF), which is distillation and
refocused privacy protection view of our longer "Cyber 4 PbD" brief (link
also below) 
And we started a PdD / DCS meetup group dedicated to improving privacy now,
build it and security in.

REQUEST - Be glad to share / integrate our efforts in the existing NIST
privacy engineering and OASIS PHD-SE efforts ongoing, as collectively there
is a stronger way forward between all our efforts...I sense a clearer
end-state too..  imho..

As we all know, the typical capability flow down should start with policy,
then operational requirements are developed, from which technical
requirements are distilled / interpreted, and then specifications are
designed to build it. This is true with privacy protection of course, yet we
know that there is no common, enterprise privacy policy; thus requirements
are high-level and widely vary (and much stricter outside the USA); hence no
clear 'buildable' specs are available to develop common, modular, open
architecture based PETs (privacy enhancing technologies) 

Our thesis is that by taking a data centric security (DCS) approach to PbD
principles, within a data centric architecture (which simples the problem
space) and aligning DCS with cloud / PaaS and overall services models &
views, we can then propose a limited set (to start) of services-based
privacy specifications for an initial open privacy framework (OPF). 

This then allows folks to develop to that framework now, while being
'relatively agnostic' to much of the privacy requirements churn.
Additionally, those working privacy requirements can then map their needs to
those initial specifications and see if any need adjusting or new ones
added...so we iterate our way to a more useable, ubiquitous OPF (e.g., using
rapid prototyping methods applied therein).
Thus we collectively establish and improve our privacy way forward with
useable, buildable specifications, while in parallel we align to the various
requirements from many sources (this works well in lieu of no common privacy
policy will likely happen and the many requirements complexity and alignment
needs).  Of note, our "C4P" partners do have capabilities to make this OPF
happen now, and we're not selling them, just using them as one example of
what can be done now.  Other products that meet the specs can plug and play
too - that is the point.

Ciao
Mike

Cyber security is serious business for us all - so ACT accordingly!
http://www.linkedin.com/in/mikedavissd

 


"Cyber enabled / Facilitated Privacy by Design (PbD) ("C4P")" overall paper,
including an open privacy framework (OPF) within an enterprise architecture
- with proposed specifications too -  is at this link  (this is our first
rough draft here - we submitted a shortened / smoothed version to the  IEEE
CE magazine):
http://www.sciap.org/blog1/wp-content/uploads/Cyber-for-Privacy-by-Design.pd
f 

What we're proposing is a specifications based enterprise privacy protection
approach that should apply to most organizations, commercial and government,
and eventually most environments too... be that IoT,  mobile, ICS, PII,
HIPAA, PCI, etc,   
Where our C4P = using data centric security methods on top of the typical
IA/CND/Security suite) - overview brief is here...  
http://www.sciap.org/blog1/wp-content/uploads/Privacy-by-Design-cyber-securi
ty.pdf


From: "Craig Causer" <@ieee.org <mailto:c.causer@ieee.org> >
Date: Dec 2, 2014 4:29 AM
Subject: Re: + Your IEEE CE Proof is ready for your review (MCE2361192)
To: "Mike Davis" 
Cc: "Peter Corcoran" <@ieee.org <mailto:c.causer@ieee.org> >
Mike,
Here is the final version..
Thanks again.
Craig

<<attachment: winmail.dat>>