OASIS Workshop

Designing Privacy into our ‘Smart’ Systems and Services

  • TYPE: Workshop DATE: May 13, 2014 TIME: 09:00-13:00
Pre-Conference Events

"Smart" technologies are helping to solve many modern day challenges: making our living space "smarter," our cities more efficient and livable, and bringing networked functionality to transportation, public facilities and services. But the networked storage and streams of data associated with these new technologies and their integration into big data systems create new risks for personal privacy. In this sense, privacy is not about having something to hide, it's about transparency and personal control. In the case of smart cities, privacy concerns arise in many ways: when there is the possibility of unauthorized services or when third parties access sensitive information, such as habits and behaviors, personal relationships or account information and use this information without an individual's consent. The increased integration and inter-relationship of smart applications amplify the potential for systemic risks to personal privacy.

0900 – 0905 – WELCOME AND INTRODUCTIONS –Gershon Janssen

0905– 0950 – WORKSHOP CONTEXT, ANN CAVOUKIAN VIDEO, PBD PRINCIPLES – Michelle Chibba

09:50 – 10:35– PRIVACY BY DESIGN AND SOFTWARE ENGINEERING, THE PBD-SE TC – Dawn Jutla

10:35 – 11:00 – PMRM OVERVIEW AND PRIVACY MANAGEMENT ANALYSIS TOOLS DEVELOPMENT – John Sabo, Gershon Janssen

11:00 – 11:15 – BREAK

11:15 – 11:45 – USING XACML AND ABAC TO PROTECT PII AND PHI – David Brossard

11:45 – 12:10 – USE CASES: APPLYING PBD IN SMART GRID SYSTEMS (Hydro One, San Diego Gas & Electric, and Vatenfall) – Michelle Chibba

12:10 – 12:55 – GAPS AND WORKS IN PROGRESS: TECHNICAL STANDARDS TO SUPPORT PRIVACY BY DESIGN IN SMART SYSTEMS – John Sabo, Panelists

12:55 – 13:00 - CONCLUDING REMARKS

 

"Smart" technologies are helping to solve many modern day challenges: making our living space "smarter," our cities more efficient and livable, and bringing networked functionality to transportation, public facilities and services. But the networked storage and streams of data associated with these new technologies and their interaction with big data systems create new risks for personal privacy. In this sense, privacy is not about having something to hide, it's about transparency and personal control. In the case of smart cities, privacy concerns arise in many ways: when there is the possibility of unauthorized services or when third parties access sensitive information, such as habits and behaviors, personal relationships or account information and use this information without an individual's consent. The increased integration and inter-relationship of smart applications amplify the potential for systemic risks to personal privacy.

 

This workshop will help business owners, software developers, and policy makers understand how to move from the abstract PbD principles toward implementation and conformance assessment in “smart” systems and services.  The workshop will include:

 

  • An overview of the seven foundational principles of PbD including its motivation and benefits and how standardization initiatives underway in OASIS are addressing the challenges of Assessing privacy management risks in complex, "smart" systems and applications.
  • A video message to participants from Ontario Privacy Commissioner, Ann Cavoukian, the creator of PbD.
  • An overview of the current work of the OASIS Privacy by Design Documentation for Software Engineers (PbD-SE) technical committee and the relationship of PbD to software engineering, embedded code, and application development.
  • An update on the OASIS Privacy Management Reference Model and Methodology (PMRM) specification and a PMRM-based privacy management analysis template now under development to support the baseline analysis needed for Privacy by Design assessments.  
  • The applicability of Attribute Based Access Controls (ABAC) and privacy profiles developed by the OASIS XACML (eXtensible Access Control Markup Language) Technical Committee in support of technical privacy management solutions and standards where XACML can play an important role.
  • An overview of Smart Meter Use cases: PbD smart meter technical and service implementation projects and the benefits of PbD to business
  • A discussion of the gaps in standards and technology that must be filled to ensure that PbD implementations are possible.

 

It may be impossible to envision all potential risks in the design and implementation phases of "smart" projects, but using Privacy by Design approaches in the development of smart applications and systems can help dramatically.  Developing user-centric, user-driven tools can also ensure that users' privacy rights and preferences are integrated into smart technologies and services, giving individuals greater measures of control of their own personal information and some ability to identify and remedy problems.  As privacy and security risk management practices continue to take center stage in our headlines, and governments enforce stronger privacy laws and regulations, making smart technologies user-centric should be seen as an exciting challenge for industry, and even as a way to generate customer loyalty and revenue growth. 

 

The broader challenge will be to understand the societal values that our communities see as imperatives, such as the fundamental right to privacy and user control, and to ensure their integration as much as possible in the new "smart" architectures, technologies, and business practices surrounding the provision, delivery, and use of services. By doing this, developing badly needed standards, and designing privacy into smart systems, we can achieve improved system functionality, more effective risk management and greater public awareness and confidence.


Organizer

Speakers

David is the VP Customer Relations at Axiomatics AB, the leader in externalized authorization management. In his day-to-day job, David helps customers architect authorization solutions that enable secure data sharing in compliance with compliance and privacy regulations. David's main area of...

Gershon Janssen is an independent consultant and member of the OASIS Open Standards Group. Gershon has a background in software and infrastructure architecture, distributed systems and integration technologies. Gershon works predominantly on projects, designing and building complex information...

Dr. Dawn Jutla is Chief Executive Officer of Peer Ledger, a Blockchain company targeting primarily Pharma, Healthcare, Precious Metals and Industrial Minerals, and other highly-regulated sectors. Her other hat is as the Scotiabank Professor of Technology Entrepreneurship & Innovation program...

John Sabo is an independent consultant on data privacy and cyber security, with a multi-faceted career in government, the IT industry and standards development. In his standards work, John co-chairs the OASIS “Privacy Management Reference Model (PMRM)” Technical Committee. He is...

Continuing Education Credits

Continuing Education Credits

Prerequisites: None
Advance Preparation: None
Learning Level: Intermediate
Field: Computer Science

After attending this workshop you will be able to:

  • Explain how increased integration and inter-relationship of smart applications amplify the potential for systemic risks to personal privacy. Explain why using Privacy by Design - PbD- approaches in the development of smart applications and systems can help dramatically reduce these risks.
  • List the seven foundational principles of PbD
  • Describe its motivation and benefits and how standardization initiatives underway in OASIS are addressing the challenges.
  • Describe how the OASIS Privacy Management Reference Model and Methodology specification can be used.

This workshop qualifies for up to 4 Group Learning based CPEs depending on the number of sessions you attend.

KuppingerCole is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing education on the National Registry of CPE Sponsors. State Boards of accountancy have final authority on the acceptance of individual courses for CPE credits. Complaints regarding registered sponsors may be submitted to the National Registry through its website: www.learningmarket.org

For more information regarding administrative policies such as complaint and refund, please contact Mr. Levent Kara at our office's telephone +49 211 23707710, email: lk@kuppingercole.com

Stay Connected

Information

Workshop

OASIS Workshop

Language:
English
Contact person:

Mr. Levent Kara
+49 211 23707710
lk@kuppingercole.com
  • May 13, 2014 09:00-13:00

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00