You are now in the main content area

Papers

 word fileAI Ethics by Design, opens in new window

 Artificial Intelligence will pave the way to future developments, provided that we embed  an ethical framework into its design: AI and Ethics, by Design.   Win/Win!

PDF fileEmbedding Privacy Into What's Next: Privacy by Design for the Internet of Things, opens in new window

Imagine a world where everything is connected – not only online, but also in the physical world of wireless and wearable devices such as Fitbits, Nymi bands, Google Glass and AppleWatch – with a linking to connected cars, planes, trains and places.

If one adds to that the tracking of activities from one’s monitored home by way of automated thermostats, light fixtures, smart TVs, smart meters and the smart grid, it will lead to the portrayal of the “quantified self,” complete with the personal details of lifestyle, habits and activities all tracked and recorded. And one’s entire lifestyle, containing a detailed set of activities and preferences, would potentially be accessible for all to see and, through the power of “machine learning,” to analyze and make predictions about one’s future behaviour.

Welcome to the Internet of Things, or perhaps more aptly, the Internet of Everything.

Authors: 

Ann Cavoukian, Ph. D. - Executive Director, Privacy and Big Data Institute, Ryerson University

Claudiu Popa, - Executive Director, KnowledgeFlow Cybersafety Foundation

PDF fileThe Importance of ABAC: Attribute-Based Access Control to Big Data: Privacy and Context, opens in new window

There is little doubt that Big Data is an increasingly important topic in recent times as more and more of our data is digitized. Large organizations were quick to realize the enormous potential and value of correlating vast amounts of data to decipher trends, interpret behavior and even formulate predictions. As with many technology advances, there are contingent issues to be addressed and decisions to be made -- not the least of which is the significant potential for big data analysis to flaunt privacy rules and expose the analysts to liabilities. This paper considers the privacy issues relating to big data analysis and investigates how emerging attribute-based access control technology can assist in protecting against the inadvertent or deliberate unauthorized access to personal data in a Big Data context.

Authors: 

Ann Cavoukian - Executive Director, Privacy and Big Data Institute, Ryerson University

Michelle Chibba - Independent Privacy/Strategic Policy Expert

Graham Williams - Global Analyst, KuppingerCole, and Director, KuppingerCole (Asia Pacific) Pte. Ltd.

Andrew Ferguson - Industry Specialist in Identity and Access Management and Director, KuppingerCole (Asia Pacific) Pte. Ltd.

PDF fileA Primer on Metadata: Separating Fact from Fiction, external link, opens in new window

On June 5th, 2013, the media published a secret U.S. Foreign Intelligence Surveillance Act (FISA) Court order requiring Verizon Communications to provide the U.S. National Security Agency (NSA) with all of its customers’ telephony metadata, for all communications between the United States and abroad, as well as those “wholly within the United States, including local telephone calls.”1 Further reports indicated that such classified orders are routinely sought and obtained with respect to virtually all U.S. telecoms. On this basis, it appears that the NSA is collecting and retaining most, if not all, metadata transiting the U.S. – with respect to every telephone, cell phone, or smartphone call, whether attempted or actually made. The surveillance machinery underlying this program, as well as the related PRISM Internet surveillance program, is now beginning to face much-needed public scrutiny.

PDF filehttp://www.ontla.on.ca/library/repository/mon/27007/323352.pdf, external link, opens in new window

A Primer on Metadata: Separating Fact from Fiction
Big Privacy - Bridging Big Data and the personal data ecosystem through privacy by design

PDF fileBig Privacy: Bridging Big Data and the Personal Data Ecosystem Through Privacy by Design, external link, opens in new window

Recent technological and business developments have given rise to a new
understanding of personal information. It is now being compared to currency and energy1—often being referred to as “the new oil.”2 It is an economic asset generated by the identities and behaviors of individuals and their technological surrogates. These metaphors, which express its increasing economic value to organizations, ring especially true in the case of Big Data. Indeed, Big Data derives economic value from its use of personal information to such an extent that if personal information is considered to be “the new oil,” then Big Data is the machinery that runs on it.

PDF filehttp://www.ontla.on.ca/library/repository/mon/27012/325190.pdf, external link, opens in new window

Privacy by Design and the Emerging Personal Data Ecosystem

PDF filePrivacy by Design and the Emerging Personal Data Ecosystem, external link, opens in new window

The collection of personal information in our vastly networked world has grown by several orders of magnitude. Indeed, personal data is being viewed as “the new oil of the Internet and the new currency of the digital world.”1 Much of the data collected is intended to enhance user experience through new services, efficiencies, convenience, etc. Although it is widely recognized that personal data can be used to create economic and social value, some service providers and third parties believe they are the ones who should be controlling our data, rather than serving as its dutiful custodians. Over time, this will contribute to a lack of transparency and erosion of our privacy.

PDF filehttp://www.ontla.on.ca/library/repository/mon/26010/319933.pdf, external link, opens in new window

PDF file7 LAWS OF IDENTITY THE CASE FOR PRIVACY-EMBEDDED LAWS OF IDENTITY IN THE DIGITAL AGE, external link, opens in new window

This work recognizes and is inspired by the “7 Laws of Identity” formulated on an open blog by a global community of experts through the leadership of Kim Cameron, Chief Identity Architect at Microsoft.

We believe that the “7 Laws” (a.k.a. “technologically-necessary principles of identity management”) will profoundly shape the architecture and growth of a universal, interoperable identity system needed to enable the Internet to evolve to the next level of trust and capability.

PDF filehttp://www.ontla.on.ca/library/repository/mon/15000/267376.pdf, external link, opens in new window

7 Laws of Privacy
Privacy by Design and User Interfaces

PDF filePrivacy by Design and User Interfaces: Emerging Design Criteria – Keep it User-Centric, external link, opens in new window

The notion of informational self-determination seems to be collapsing under the weight, diversity and volume of “Big Data” processing in the modern Information Era. Understood as an individual’s ability to exercise a measure of control over the use of his or her personal information by others, it is the basis for many privacy laws, codes of practice, and articulations of Fair Information Practice principles – especially the individual participation principles of informed consent, access, and redress. Individual participation is also expressed as a key Privacy by Design Foundational Principle: “Respect for the User: Keep it User-centric.”

PDF filehttp://www.ontla.on.ca/library/repository/mon/26007/318561.pdf, external link, opens in new window

Privacy and Government 2.0

PDF filePrivacy and Government 2.0: The Implications of an Open World, external link, opens in new window

The advent of the Internet and information and communication technologies has, in one generation, radically changed the ground rules for managing personal and other data. Recently, through the confluence of technological, demographic, social and organizational forces, the World Wide Web has ushered in an age of participation where billions of people can now play active roles in their workplaces, communities, national democracies and the global economy at large. Whether it’s Facebook or Wikipedia, Flickr or YouTube — Web 2.0 is a world where Internet users are creators just as much as they are consumers. 

PDF filehttp://www.ontla.on.ca/library/repository/mon/23006/293152.pdf, external link, opens in new window

Guidance for Health-Care Providers

PDF fileRFID and Privacy Guidance for Health-Care Providers, external link, opens in new window

Information and communications technologies (ICTs) are transforming the world we live in through revolutionary developments in bandwidth, storage, processing, mobility, wireless, and networking technologies.

The health-care sector has recognized the value of new technology in the delivery of health care. For example, globally, billions of dollars are now spent annually on advanced diagnostic and treatment equipment. Until recently, however, ICTs were limited to administrative and financial applications and played only a small role in direct care for patients. But we are beginning to see an evolutionary – perhaps even revolutionary – change in how health care is delivered.

PDF filehttp://www.ontla.on.ca/library/repository/mon/20000/279038.pdf, external link, opens in new window

Privacy Guidelines for RFID Information Systems

PDF filePrivacy Guidelines for RFID Information Systems (RFID Privacy Guidelines), external link, opens in new window

This document is intended to serve as privacy “best practices” guidance for organizations when designing and operating Radio-Frequency Identification (RFID) information technologies and systems.

The Information and Privacy Commissioner of Ontario (IPC) has a mandate to educate the public and address privacy questions raised by new information technologies, with a view to encouraging effective solutions. Accordingly, the IPC has developed these Guidelines in partnership with industry and other stakeholders1. The Guidelines are not intended to supersede any applicable privacy law or regulation.

PDF filehttp://www.ontla.on.ca/library/repository/mon/14000/263682.pdf, external link, opens in new window

Guidelines for the Use of Video Surveillance

PDF fileGuidelines for the Use of Video Surveillance Cameras in Public Places, external link, opens in new window

Government organizations are considering the implementation of video surveillance technology with increasing frequency for the purposes of general law enforcement and public safety programs. In limited and defined circumstances, video surveillance cameras may be appropriate to protect public safety, detect or deter, and assist in the investigation of criminal activity.

PDF filehttp://www.ontla.on.ca/library/repository/mon/20000/277889.pdf, external link, opens in new window

Best Practices for the Secure Destruction of Personal Health Information

PDF fileGet rid of it Securely to keep it Private Best Practices for the Secure Destruction of Personal Health Information, external link, opens in new window

A single medical record can testify to a great deal. It can speak to the recreational and lifestyle habits of a person, as well as the intimate details about his or her sexual practices and personal hygiene. It can reveal major health issues, the unauthorized access of which could be a devastating blow to an individual, potentially resulting in a loss of dignity, alienation of family and friends, or discrimination by an employer. 

PDF filehttp://www.ontla.on.ca/library/repository/mon/23010/296472.pdf, external link, opens in new window

Encryption by Default and Circles of Trust

PDF fileEncryption by Default and Circles of Trust Strategies to Secure Personal Information in High-Availability Environments, external link, opens in new window

This paper discusses the challenges of assuring strong security of sensitive personal health information (PHI) stored on portable storage media by organizations that require high data availability and use. The loss or theft of unencrypted mobile computing devices or storage media remains the No. 1 cause of breaches – 53 per cent of all U.S. health-care breaches reported since 2009.

PDF filehttp://www.ontla.on.ca/library/repository/mon/26012/320323.pdf, external link, opens in new window

Modelling Cloud Computing

PDF fileModelling Cloud Computing Architecture Without Compromising Privacy: A Privacy by Design Approach, external link, opens in new window

Once the exclusive domain of networked computers at universities and other large organizations, home PCs and modem connections have opened the Internet, evolving it into the information superhighway that we know today. This commercial availability of Internet service, which has allowed individuals access to the vast and multi-faceted resources thereon, has radically changed the flow of information. 

PDF filehttp://www.ontla.on.ca/library/repository/mon/24006/302299.pdf, external link, opens in new window

If you want to Protect Your Privacy, Secure Your Gmail

PDF fileIf You Want To Protect Your Privacy, Secure Your Gmail, external link, opens in new window

Suppose you are one of hundreds of millions of individuals who use a webmail account (Gmail, Hotmail, Yahoo!, AOL, etc.), and you access this account at an Internet café. Later, you find out that your webmail account has been compromised — someone has read your mail, downloaded files you have stored, and sent messages claiming to be you. But you have always taken precautions with your password, so what could have happened?

PDF filehttp://www.ontla.on.ca/library/repository/mon/23007/294146.pdf, external link, opens in new window

Remote Home Heath Care Technologies

PDF fileRemote Home Health Care Technologies: How to Ensure Privacy? Build It In: Privacy by Design, external link, opens in new window

Factors such as paper-based systems, aging populations, and increasing rates of chronic disease are overwhelming even the most efficient health care systems. Technology has the potential to move health care to a more proactive, consumer-centric model of care, capable of improving the cost, quality, and accessibility of health care services.

PDF filehttp://www.ontla.on.ca/library/repository/mon/23011/296578.pdf, external link, opens in new window

Embedding Privacy into the Design of EHRs

PDF fileEmbedding Privacy into the Design of EHRs to Enable Multiple Functionalities – Win/Win, external link, opens in new window

Personal health information comprises some of the most sensitive and intimate details of one’s life, such as those relating to one’s physical or mental health and the health history of one’s family. As such, it requires strong protections to ensure the privacy of the individual to whom it relates. Personal health information must also be accurate, complete, and accessible to healthcare providers in order to deliver necessary health care to individuals. At the same time, health information has long been used for invaluable secondary purposes that go beyond the care and treatment of the individual, for uses that are seen to benefit society as a whole. This includes such varied uses as population health monitoring, quality improvement, health research, and the management of Canada’s publicly-funded healthcare system.

PDF filehttp://www.ontla.on.ca/library/repository/mon/26003/315945.pdf, external link, opens in new window

A Positive-Sum Paradigm in Action in the Health Sector

PDF fileA Positive-Sum Paradigm in Action in the Health Sector, external link, opens in new window

Individual rights are frequently pitted against societal rights or the public interest. When individual and societal rights collide, there is often an attempt to balance one against the other. The zero-sum paradigm dictates that the two goals (in this case, individual versus societal rights) are mutually exclusive and that each of the goals can only be attained at the expense of the other goal – the two goals can never be attained simultaneously.

PDF filehttp://www.ontla.on.ca/library/repository/mon/24003/300358.pdf, external link, opens in new window

Positive-Sum is Paramount

PDF fileAbandon Zero-Sum, Simplistic either/or Solutions − Positive-Sum is Paramount: Achieving Public Safety and Privacy, external link, opens in new window

There is great interest in how the Office of the Information and Privacy Commissioner of Ontario, Canada (IPC) has approached privacy and public safety issues, by bringing them together in a positive-sum manner. In this paper, the IPC shares its approach to applying Privacy by Design (PbD) which is relevant in the context of public safety and law enforcement, including the application of PbD to surveillance programs and the use of associated technologies. The hallmarks of this approach include an emphasis on communication, understanding divergent points of view, and focusing on protecting, preserving and enhancing individuals’ privacy. 

PDF filehttp://www.ontla.on.ca/library/repository/mon/26011/320090.pdf, external link, opens in new window

Privacy and Video Surveillance in Mass Transit Systems

PDF filePrivacy and Video Surveillance in Mass Transit Systems: A Special Investigation Report – Privacy Investigation Report MC07-68, external link, opens in new window

The significant growth of video surveillance cameras throughout the world, especially as witnessed in the United Kingdom, has created considerable concerns with respect to privacy. This Report was prompted by a complaint received from Privacy International regarding the Canadian
expansion of the use of video surveillance cameras in the City of Toronto’s mass transit system. In light of the divergent points of view on video surveillance, in addition to investigating this complaint, my office decided to expand our Report to include a review of the literature, as
well as an examination of the role that privacy-enhancing technologies can play in mitigating the privacy-invasive nature of video surveillance cameras. As such, this Report is longer than most, attempting to provide a comprehensive analysis examining the broader context of video
surveillance. Given the enormous public support for the use of video surveillance cameras in mass transit systems and by the law enforcement community, addressing this issue broadly, with a view to seeking a positive-sum paradigm through the use of privacy-enhancing technologies, is our ultimate goal.

PDF filehttp://www.ontla.on.ca/library/repository/mon/21000/279882.pdf, external link, opens in new window

Privacy-Protective Facial Recognition

PDF filePrivacy-Protective Facial Recognition: Biometric Encryption Proof of Concept, external link, opens in new window

The rapid, accurate authentication of individuals has become a challenge across many sectors and jurisdictions, as organizations express a need to know who they are dealing with. Current security models allow for three primary forms of authentication: something you know (e.g. a password or other shared secret), something you have (e.g. an identification card), or something you are (e.g. biometrics). Increasingly, the third type of authentication — biometrics — is being viewed as the ultimate means of verification or identification, and many agencies begin to deploy biometric
systems (such as fingerprinting or facial recognition) across a broad range of applications.

PDF filehttp://www.ontla.on.ca/library/repository/mon/24011/305830.pdf, external link, opens in new window

Privacy by Design in Law, Policy and Practice

PDF filePrivacy by Design in Law, Policy and Practice A White Paper for Regulators, Decision-makers and Policy-makers, external link, opens in new window

Privacy by Design (PbD) is an approach to protecting privacy by embedding it into the design specifications of information technologies, accountable business practices, and networked infrastructures, right from the outset. It was developed by Ontario’s Information and Privacy Commissioner, Dr. Ann Cavoukian, in the 1990s, as a response to the growing threats to online privacy that were beginning to emerge at that time. 

PDF filehttp://www.ontla.on.ca/library/repository/mon/25008/312239.pdf, external link, opens in new window

Applying Privacy by Design

PDF fileApplying Privacy by Design Best Practices to SDG&E’s Smart Pricing Program, external link, opens in new window

Utilities and regulators have developed a keen awareness of the importance of proactively building privacy directly into the Smart Grid over the past two years. For example, the U.S. National Institute of Standards and Technology’s (NIST) Smart Grid Privacy Working Group endorsed Privacy by
Design (PbD) in their report entitled, “NISTIR 7628, Guidelines for Smart Grid Cyber Security: Vol. 2, Privacy and the Smart Grid.” In addition, the California Public Utilities Commission (CPUC) adopted a comprehensive set of privacy rules related to energy use data in July, 2011 applicable to electric investor-owned utilities (IOUs) in California.

PDF filehttps://www.sdge.com/sites/default/files/documents/pbd-sdge_0.pdf, external link, opens in new window

Implement Privacy by Design

Implementing Privacy by Design: The Smart Meter Case, external link, opens in new window

The principles of Privacy by Design are gaining increasing support by policymakers and regulators and have been put forth as guidelines for smart meter deployments both in Europe and North America. For concrete implementations, however, it can be daunting as to what an electricity network operator should do to design privacy principles into their system. In the following paper, we outline the case of smart meter implementations, and propose aggregation protocols and cryptographic technologies that can be used to concretely implement Privacy by Design at the level of meter data, leading to not only privacy protection but at the same time, achieving a positive business impact.

http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6463977, external link, opens in new window

Privacy by Design

PDF filePrivacy by Design at Population Data BC: a case study describing the technical, administrative, and physical controls for privacy-sensitive secondary use of personal information for research in the public interest, external link, opens in new window

Population Data BC (PopData) is an innovative leader in facilitating access to linked data for population health research. Researchers from academic institutions across Canada work with PopData to submit data access requests for projects involving linked administrative data, with or without their own researcher-collected data. PopData and its predecessor—the British Columbia Linked Health Database—have facilitated over 350 research projects analyzing a broad spectrum of population health issues. PopData embeds privacy in every aspect of its operations. This case study focuses on how implementing the Privacy by Design model protects privacy while supporting access to individual level data for research in the public interest. It explores challenges presented by legislation, stewardship, and public perception and demonstrates how PopData achieves both operational efficiencies and due diligence.

PDF filehttp://www.ncbi.nlm.nih.gov/pmc/articles/PMC3555322/pdf/amiajnl-2012-001011.pdf, external link, opens in new window

Privacy by Design in the Age of Big Data

PDF filePrivacy by Design in the Age of Big Data, external link, opens in new window

Ninety per cent of the data in the world today was created in the last two years. It has been remarked, for example, that “[t]here was 5 exabytes of information created between the dawn of civilization through 2003, but that much information is now created every two days, and the pace is increasing.”1 Welcome to the age of Big Data. This data is being generated by sensors and humans, from practically everywhere, and at a blistering pace that surely will continue to only increase. As some refrigerators are now sold Internet-ready and prescription pill vials are now reporting on their status via the cellular network, there are big changes on the horizon.

PDF filehttp://www.ontla.on.ca/library/repository/mon/26006/318163.pdf, external link, opens in new window

Wi-Fi Positioning Systems

PDF fileWi-Fi Positioning Systems: Beware of Unintended Consequences Issues Involving the Unforeseen Uses of Pre-existing Architecture, external link, opens in new window

There are times when information architectures, developed by engineers to ensure the smooth functioning of computer networks and connectivity, lead to unforeseen uses that have an impact on identity and privacy. Against a backdrop of the popularity of smartphones and other mobile devices, there continues to be intense scrutiny of the capability of these mobile systems to track our lives, without our knowledge. The mobile ecosystem is extremely complex. It is no wonder that smartphone researchers state that “[t]oday’s smartphone operating systems frequently fail to provide users with adequate control over and visibility into how third-party applications use their private data.” Often, these third parties operate outside of the telecommunications regulatory framework.

PDF filehttp://www.ontla.on.ca/library/repository/mon/25006/310611.pdf, external link, opens in new window

The Ontario Smart Grid Case Study

PDF fileOperationalizing Privacy by Design:The Ontario Smart Grid Case Study, external link, opens in new window

The rate of change in the electrical industry today continues to accelerate, as does the complexity of that change. With the evolution of the Smart Grid, Hydro One and local distribution companies are undertaking large and complex initiatives that will transform our technologies, processes and organization. Because the Smart Grid will potentially encompass the entire utility infrastructure, it is critical to ensure that the proposed solution meets not only electricity infrastructure needs, but also customers’ needs.

PDF filehttp://www.ontla.on.ca/library/repository/mon/25002/307374.pdf, external link, opens in new window

PDF fileTransformative Technologies Deliver Both Security and Privacy: Think Positive-Sum not Zero-Sum, external link, opens in new window

Privacy, in the form of informational privacy, refers to an individual’s ability to exercise personal control over the collection, use and disclosure of one’s recorded information. Thus far, a “zero-sum” approach has prevailed over the relationship between surveillance technologies and privacy. A zero-sum paradigm describes a concept or situation in which one party’s gains are balanced by another party’s losses – win/lose. In a zero-sum paradigm, enhancing surveillance and security would necessarily come at the expense of privacy; conversely, adding user privacy controls would be viewed as detracting from system performance. I am deeply opposed to this viewpoint – that privacy must be viewed as an obstacle to achieving other technical objectives. Similarly, it is unacceptable for the privacy community to reject all forms of technology possessing any surveillance capacity and overlook their growing applications.

PDF filehttp://www.ontla.on.ca/library/repository/mon/22000/284374.pdf, external link, opens in new window

Enhanced Driver's Licenses

PDF fileAdding an On/Off Device to Activate the RFID in Enhanced Driver’s Licences: Pioneering a Made-in-Ontario Transformative Technology that Delivers Both Privacy and Security, external link, opens in new window

There are well-known privacy and security vulnerabilities associated with Radio Frequency Identification (RFID) technology. So when I learned that the inclusion of an RFID would be a non-negotiable feature of Ontario’s Enhanced Driver’s Licence (EDL), my first thought was, “How can we transform the RFID into a technology that performs its functionality and is protective of privacy?” The RFID technology chosen by the U.S. Government for the EDL will respond not only to the authorized readers at the Canada-U.S. border, but also to any number of commercially available RFID readers which may be used surreptitiously. Therefore, it is imperative that holders of an EDL be able to prevent the RFID from being read by unauthorized third parties and disengage the RFID when not required for border-crossing purposes.

PDF filehttps://www.ipc.on.ca/images/Resources/edl.pdf, external link, opens in new window

Anonymous Video Analysis

PDF fileWhite Paper: Anonymous Video Analytics (AVA) technology and privacy, external link, opens in new window

Networked digital screens are now prevalent in the retail and public spaces landscape in North America and globally, displaying information and marketing messages to consumers throughout their busy days.

Hundreds of networks, operating hundreds of thousands of Internet-connected screens, have been deployed by everyone from pure startup companies to major media corporations. An entirely new medium has bubbled up and now competes for the advertising budgets of major brands and their media planning agencies. Just a decade old, the Digital Out Of Home (or DOOH) advertising category was estimated by research firm PQ Media to be a $6.5 US billion business in 2010.

PDF filehttp://www.ontla.on.ca/library/repository/mon/25005/309565.pdf, external link, opens in new window

Redesigning IP Geolocation

PDF fileRedesigning IP Geolocation: Privacy by Design and Online Targeted Advertising, external link, opens in new window

Advertisements displayed to potential customers through traditional media – newspapers, magazines, television, and radio – are based on what is known about the demographics of the target audience as a whole. If a particular magazine is known to be generally purchased and read by males aged 35-50, advertisements will naturally be tailored to that group. Mail-based advertising adds location data to this information, allowing tailoring based on local businesses or neighbourhood demographics.

PDF filehttp://www.ontla.on.ca/library/repository/mon/24010/304984.pdf, external link, opens in new window

Building Privacy into Ontario's Smart Meter Data

PDF fileBuilding Privacy into Ontario’s Smart Meter Data Management System: A Control Framework, external link, opens in new window

This paper describes how the framework of Privacy by Design is being applied by Ontario’s Smart Metering Entity, responsible for operating a central meter data repository, in support of the province’s Smart Metering Initiative.

PDF filehttp://www.ontla.on.ca/library/repository/mon/26005/317398.pdf, external link, opens in new window

A Pragmatic Approach

PDF fileA Pragmatic Approach to Privacy Risk Optimization Privacy by Design for Business Practices, external link, opens in new window

In 2004, Nymity, a global privacy and data protection research firm, recognized that traditional approaches to implementing privacy often placed constraints on organizations’ business practices. Nymity initiated a research project with the objective of creating an approach to privacy compliance which would enable business to prosper while advancing privacy. Multiple approaches were developed and tested1 and ultimately, a process was developed which enabled organizations to effectively build privacy into their business practices.

PDF filehttp://www.ontla.on.ca/library/repository/mon/23011/296670.pdf, external link, opens in new window

Privacy Risk Management

PDF filePrivacy Risk Management Building privacy protection into a Risk Management Framework to ensure that privacy risks are managed, by default, external link, opens in new window

The idea that privacy – an individual’s right to control the collection, use and disclosure of information about him or herself – may present risk, seems to be a new one to many. That it should be a novel concept to those responsible for managing risk, however, needs to be addressed. Personal information is an asset, the value of which is protected and enhanced by a suite of security practices and business processes. Like other operational risks, those related to the protection of personal information benefit from the scrutiny of a formal risk management discipline.

PDF filehttp://www.ontla.on.ca/library/repository/mon/24004/301120.pdf, external link, opens in new window

Privacy by Design: From Policy to Practice

PDF filePrivacy by Design: From Policy to Practice, external link, opens in new window

Privacy leaders know that even the best and most forward-looking privacy and data protection policies must be operationalized throughout an organization – by design – in order to be effective. International organizations face the additional challenge of meeting the requirements of multiple and disparate national and regional privacy laws. The challenge is magnified at an enterprise such as IBM, whose business processes and operations span the globe, and whose workforce is geographically dispersed and culturally diverse. To meet such an enterprise-wide challenge, privacy and data protection policies must be embedded into the organizational fabric. At each level, lines of business and support functions (such as privacy and IT staff) need meaningful metrics to understand how the areas for which they are accountable are performing. Armed with these insights, they can then better manage how their part of the organization handles personal information.

PDF filehttp://www.ontla.on.ca/library/repository/mon/25009/313067.pdf, external link, opens in new window

Essential for Organizational Accountability and Strong Business Practices

PDF filePrivacy by Design: Essential for Organizational Accountability and Strong Business Practices, external link, opens in new window

Professor Paul A. Schwartz recently wrote:

“Companies are now putting internal policies in place, centered on forward looking rules of information management and training of personnel. Such policies are, at the very least, a necessary precondition for an effective accountability regime that develops a high level of privacy protection.”

An accountability-based regulatory structure is one where organizations are charged with societal objectives, such as using information in a manner that maintains individual autonomy and protecting the individual from social, financial and physical harms that might come from the mismanagement of information, while leaving the actual mechanisms for achieving those objectives to the organization. One of the best conceptual models for building in the types of controls suggested by Professor Schwartz is Privacy by Design. The best in class companies in Schwartz’s study, “Managing Global Data Privacy: Cross-Border Information Flows in a Networked Environment,” are using Privacy by Design concepts to build business process that use personal information robustly with clear privacy-protective controls built into every facet of the business process. In other words, Privacy by Design and accountability go together in much the same way that innovation and productivity go together.

PDF filehttp://www.ontla.on.ca/library/repository/mon/23011/296573.pdf, external link, opens in new window

Mobile Near Field Communications

PDF fileMobile Near Field Communications (NFC) “Tap ‘n Go” Keep it Secure & Private, external link, opens in new window

Near Field Communications (NFC) is a short-range wireless technology that allows mobile devices to actively interact with passive physical objects and other active mobile devices, connecting the physical world to mobile services in ways that empower and benefit users. We will also be using the term “Tap ‘n Go” because it clearly conveys a visual image in which this technology is intended to be used.

Authors:

Ann Cavoukian, Ph.D.
Office of the Information and Privacy Commissioner
Ontario, Canada

 

PDF filehttp://www.ontla.on.ca/library/repository/mon/25011/314183.pdf, external link, opens in new window

Privacy by Design in Mobile Communications

PDF fileThe Roadmap for Privacy by Design in Mobile Communications: A Practical Tool for Developers, Service Providers, and Users, external link, opens in new window

Privacy by Design is a concept that is virally spreading around the globe. The powerful concept of engineering privacy directly into the design of new technologies, business practices and networked infrastructure, in order to achieve the doubly-enabled pairing of functionality and privacy, has gained significant adoption by governments, researchers and industry, in any
number of sectors. Now that the PbD paradigm has achieved this high level of acceptance, the next major question to be addressed is – how can PbD best be operationalized?

PDF filehttp://www.ontla.on.ca/library/repository/mon/25003/308516.pdf, external link, opens in new window

The New Federated Privacy Impact Assessment

PDF fileThe New Federated Privacy Impact Assessment (F-PIA) Building Privacy and Trust-enabled Federation, external link, opens in new window

Our world is becoming increasingly interconnected. Distributed networks of service and information providers are operating across global information and value chains. Observing, with greater frequency, dense inter-networking, large scale data sharing, and the constant evolution of relationships between organizations, it becomes clear that firms are moving from “multinational” to “global” in nature, and that the concept of enterprise has morphed into the concept of an ecosystem.3 We are seeing the emergence of more than just Web 2.0 – we are, in fact, seeking out the World of 2.0.

 

PDF filehttp://www.ontla.on.ca/library/repository/mon/23002/289897.pdf, external link, opens in new window

A Policy is Not Enough

PDF fileA Policy is Not Enough: It Must be Reflected in Concrete Practices, external link, opens in new window

A privacy policy cannot, by itself, protect personal information1 held by an
organization. Privacy policies that are not reflected in actual practice through
strong implementation, training, and auditing will fail to safeguard personal
information against privacy risks. But if we return to the true meaning of “policy,” we will be reminded that it was always intended to be rooted in action. The Concise Oxford Dictionary defines policy as: “a course, or general plan of action adopted or proposed…”

Authors:

Ann Cavoukian, Ph.D.
Office of the Information and Privacy Commissioner
Ontario, Canada

 

PDF filehttp://www.ontla.on.ca/library/repository/mon/26009/319435.pdf, external link, opens in new window

Privacy and Board of Directors

PDF filePrivacy and Boards of Directors: What You Don’t Know Can Hurt You, external link, opens in new window

Today, corporate directors are faced with a wide array of responsibilities arising from their board membership. For example, the far-reaching Sarbanes-Oxley Act passed in 2002 significantly reformed corporate responsibility in the United States by introducing requirements aimed at improving the accuracy and reliability of corporate disclosures to investors. Directors also have a fiduciary duty to act in the best interests of the corporation and a duty to maintain an appropriate standard of care. In Canada, the statutory standard for the amount of care, diligence and skill required of directors is codified at section 134(1) of the Ontario Business
Corporations Act1 and section 122(1) of the Canadian Business Corporations Act.2 Both Acts state directors must “exercise the care, diligence and skill that a reasonably prudent person would exercise in comparable circumstances.”

Authors:

Ann Cavoukian, Ph.D.
Office of the Information and Privacy Commissioner
Ontario, Canada

 

PDF filehttps://www.ipc.on.ca/images/Resources/director.pdf, external link, opens in new window

Fingerprint Biometrics: Address Privacy Before Deployment

PDF fileFingerprint Biometrics:
Address Privacy Before Deployment, external link, opens in new window

This paper discusses privacy-enhanced uses of biometrics, with a particular focus on the privacy and security advantages of Biometric Encryption (BE) over other uses of biometrics. The paper is intended to engage a broad audience to consider the merits of the Biometric Encryption approach to verifying identity, protecting privacy, and ensuring security. Our central message is that BE technology can help to overcome the prevailing “zero-sum” mentality, namely, that adding privacy to identification and information systems will necessarily weaken security and functionality. This paper explains how and why BE technology promises a “positive-sum,” win-win scenario for all stakeholders involved.

Authors:

Ann Cavoukian, Ph.D.
Office of the Information and Privacy Commissioner
Ontario, Canada

 

PDF filehttp://www.ontla.on.ca/library/repository/mon/22011/287573.pdf, external link, opens in new window

Biometric Encryption: A Positive-Sum Technology that Achieves Strong Authentication, Security AND Privacy

PDF fileBiometric Encryption:
A Positive-Sum Technology that Achieves Strong Authentication, Security AND Privacy, external link, opens in new window

This paper discusses privacy-enhanced uses of biometrics, with a particular focus on the privacy and security advantages of Biometric Encryption (BE) over other uses of biometrics. The paper is intended to engage a broad audience to consider the merits of the Biometric Encryption approach to verifying identity, protecting privacy, and ensuring security. Our central message is that BE technology can help to overcome the prevailing “zero-sum” mentality, namely, that adding privacy to identification and information systems will necessarily weaken security and functionality. This paper explains how and why BE technology promises a “positive-sum,” win-win scenario for all stakeholders involved.

Authors:

Ann Cavoukian, Ph.D.
Office of the Information and Privacy Commissioner
Ontario, Canada

Alex Stoianov, Ph.D.
Biometrics Scientist
Ontario, Canada

 

PDF filehttp://www.ontla.on.ca/library/repository/mon/16000/271420.pdf, external link, opens in new window

Creation of a Global Privacy Standard

PDF fileCreation of a Global Privacy Standard, external link, opens in new window

In 2005, at the 27th International Data Protection Commissioners Conference in Montreux, Switzerland, I chaired a Working Group of Commissioners. This Working Group was convened for the sole purpose of creating a single Global Privacy Standard. Faced with globalization and convergence of business practices, regardless of borders, I thought there was a pressing need to harmonize various sets of fair information practices into one Global Privacy Standard. Once such a foundational policy piece was in place, then businesses and technology companies could turn to a single instrument for evaluating whether their practices or systems were actually privacy enhancing, in nature and substance.

Authors:

Ann Cavoukian, Ph.D.
Office of the Information and Privacy Commissioner
Ontario, Canada

 

PDF filehttps://www.ipc.on.ca/images/resources/gps.pdf, external link, opens in new window

Privacy and Video Surveillance in Mass Transit Systems

PDF filePrivacy and Video Surveillance in Mass Transit Systems: A Special Investigation Report, external link, opens in new window

The significant growth of video surveillance cameras throughout the world, especially as witnessed in the United Kingdom, has created considerable concerns with respect to privacy. This Report was prompted by a complaint received from Privacy International regarding the Canadian expansion of the use of video surveillance cameras in the City of Toronto’s mass transit system. In light of the divergent points of view on video surveillance, in addition to investigating this complaint, my office decided to expand our Report to include a review of the literature, as well as an examination of the role that privacy-enhancing technologies can play in mitigating the privacy-invasive nature of video surveillance cameras. As such, this Report is longer than most, attempting to provide a comprehensive analysis examining the broader context of video surveillance. Given the enormous public support for the use of video surveillance cameras in mass transit systems and by the law enforcement community, addressing this issue broadly, with a view to seeking a positive-sum paradigm through the use of privacy-enhancing technologies, is our ultimate goal.

PDF filehttp://www.ontla.on.ca/library/repository/mon/21000/279882.pdf, external link, opens in new window

Privacy by Design The 7 Foundational Principles: Implementation and Mapping of Fair Information Practices

PDF fileThe 7 Foundational Principles
Implementation and Mapping of Fair Information Practices, external link, opens in new window

With the shift from industrial manufacturing to knowledge creation and service delivery, the value of information and the need to manage it responsibly have grown dramatically. At the same time, rapid innovation, global competition and increasing system complexity present profound challenges for informational privacy.

While we would like to enjoy the benefits of innovation − new conveniences and efficiencies − we must also preserve our freedom of choice and personal control over our data flows. Always a social norm, privacyhas nonetheless evolved over the years, beyond being viewed solely as a legal compliance requirement, to also being recognized as a market imperative and critical enabler of trust and freedoms in our present-day information society.

Authors:

Ann Cavoukian, Ph.D.
Office of the Information and Privacy Commissioner
Ontario, Canada

PDF filehttp://www.ontla.on.ca/library/repository/mon/24005/301946.pdf, external link, opens in new window

Facial Recognition with Biometric Encryption in Match-on-Card Architecture for Gaming and Other Computer Applications

PDF file, external link, opens in new windowPDF fileFacial Recognition with Biometric Encryption in Match-on-Card Architecture for Gaming and Other Computer Applications (Feasibility Study), external link, opens in new window

Last year, as part of improvements in the Responsible Gambling program, the Ontario Lottery and Gaming Corporation (OLG) completed the implementation of facial recognition technology utilizing Biometric Encryption techniques in most of its casino facilities [1, 2]. Biometric Encryption or BE (a.k.a. biometric template protection, biometric cryptosystem, fuzzy extractor, etc.) is a process that binds a digital key to, or generates a key from, a biometric so that no biometric image or template is stored. This work was a result of a partnership with the University of Toronto, Ontario’s Information and Privacy Commissioner (IPC) and OLG. The process employed Privacy by Design (PbD) techniques to ensure the privacy of the public and self-excluded players, while at the same time improving the overall detection rate of self-excluded patrons.

While the facial recognition with BE has delivered the best practice solutions for authentication, responsible gambling, player protection and privacy, there is an opportunity to determine if it is feasible to apply biometric authentication for other contexts. Some examples include authentication for online gaming, strengthening the lottery retail sales security (i.e. making sure that the person logged into the retail terminal is actually being verified for conducting each sales transaction), etc. Outside of the gaming industry, there are a countless number of applications where strong remote or local authentication is required, such as accessing electronic health records or other government-held personal records, online banking, etc.

Authors:

Ann Cavoukian, Ph.D.
Michelle Chibba, M.A.
Alex Stoianov, Ph.D.

Office of the Information and Privacy Commissioner of Ontario, Canada

Tom Marinelli, P.Eng.
Klaus Peltsch, M.Sc., M.B.A.

Ontario Lottery and Gaming Corporation

Hervé Chabanne, Ph.D.
Olivier Beiler, M.Sc.
Julien Bringer, Ph.D.
Vincent Despiegel, Ph.D.

Morpho (Safran)

PDF file , external link, opens in new window

PDF filehttp://www.ontla.on.ca/library/repository/mon/28009/328004.pdf, external link, opens in new window

Privacy by Design Solutions for Biometric One-to-Many Identification Systems

PDF file, external link, opens in new windowPDF filePrivacy by Design Solutions for Biometric One-to-Many Identification Systems, external link, opens in new window

Over the last two decades there has been an increase in the interest in, and uptake of, automated biometric systems. Biometrics are now commonly being integrated into a range of large and complex information communication technology systems and processes, and access to this data is becoming virtual rather than physical. We see the use of contemporary biometric systems being implemented throughout the world in areas such as national ID systems, border security control, crime prevention, fraud detection, forensics, war zone applications, attendance recording, access control and financial transactions.

These advanced automated systems use a scanner to take a biometric sample or what is known as a digital image from an individual during enrolment. Data are then extracted from the sample image to create a unique biometric template. The biometric data, either in image form or the template or both, can then be stored centrally in a database or in a distributed environment, such as a smart card. The biometric data can now serve to either verify or identify an enrolled individual. 

Authors:

Ann Cavoukian, Ph.D.
Information and Privacy Commissioner
Ontario, Canada

Alex Stoianov, Ph.D.
Senior Policy Specialist –
Surveillance, Biometrics, IT Security

 

PDF filehttp://www.ontla.on.ca/library/repository/mon/28006/327359.pdf, external link, opens in new window

Unintended Consequences of Privacy Paternalism

PDF file, external link, opens in new windowPDF fileThe Unintended Consequences of Privacy Paternalism, external link, opens in new window

This paper sets out to reinforce the fundamental privacy principles of purpose specification and use limitation that prescribe limits to the collection and use of personal data. We respond to a recent proposal to dramatically revise the OECD Fair Information Practice Principles (FIPPs) in the era of Big Data, Cloud Computing and the Internet of Things. The co-authors of the proposal argue that the current practice of “Notice and Choice” is deeply flawed in today’s era of ubiquitous data availability, and that the principles of Purpose Specification, Collection Limitation and Use Limitation be diminished in favor of greater emphasis on ensuring accountability by data users/ controllers. We believe the proposal reflects a paternalistic approach to data protection that, if implemented, will likely weaken rather than strengthen privacy in the 21st century. Leaving it up to companies and governments to determine the acceptable secondary uses of personal data is a flawed proposition, that will no doubt lead to greater privacy infractions. If the history of privacy has taught us anything, it is that an individual’s loss of control over their personal data leads to greater privacy abuses, not fewer. Inadequate restraints and a paternalistic approach could lead to what privacy advocates fear most — ubiquitous mass surveillance, facilitated by extensive and detailed profiling, sharpened information asymmetries and power imbalances, ultimately leading to various forms of discrimination, old and new.

Authors:

Ann Cavoukian, Ph.D.
Information and Privacy Commissioner
Ontario, Canada

Dr. Alexander Dix, LL.M.
Commissioner for Data Protection and Freedom of Information
Berlin, Germany

Khaled El Emam, Ph.D.
Canada Research Chair in Electronic Health Information
University of Ottawa

 

PDF filehttp://www.ontla.on.ca/library/repository/mon/28003/326077.pdf, external link, opens in new window

Real Privacy means Oversight

Real privacy means oversight, external link, opens in new window

A steady stream of revelations from U.S. National Security Agency whistle-blowing continues to trickle out, and Canada’s most secretive intelligence agency made a cameo appearance last week.

Among the documents describing the top-secret “Bullrun” project was a reference, external link to Communications Security Establishment Canada. The documents show that in the NSA’s covert quest to weaken Internet encryption standards, its long-standing Canadian partner played the part of a willing accomplice.

Authors:

Ann Cavoukian

Ron Deibert

Andrew Clement

Nathalie Des Rosiers

http://www.theglobeandmail.com/opinion/real-privacy-means-oversight/article14332825/, external link, opens in new window

Surveillance, Then and Now: Securing Privacy in Public Spaces

PDF file, external link, opens in new windowPDF fileSurveillance, Then and Now: Securing Privacy in Public Spaces, external link, opens in new window

Surveillance is growing, as are the technologies that extend its reach. But surveillance that facilitates the sustained monitoring of people engaged in everyday activities in public is, in Justice Gérard La Forest’s unforgettable words, “an unthinkable prospect in a free and open society such as ours.”

Unthinkable as it may be, the prospect of close and continuous surveillance is no longer simply the stuff of science fiction. Governments now have access to precise and affordable technologies capable of facilitating broad programs of indiscriminate monitoring. The unfettered use of these technologies raises the spectre of a true surveillance state. To freedom-loving people, that is an unacceptable prospect.

Author:

Ann Cavoukian, Ph.D.
Information and Privacy Commissioner
Ontario, Canada

 

PDF filehttps://www.ipc.on.ca/images/Resources/pbd-surveillance.pdf, external link, opens in new window

Introducing Privacy-Protective Surveillance: Achieving Privacy and Effective Counter-Terrorism

PDF fileIntroducing Privacy-Protective Surveillance: Achieving Privacy and Effective Counter-Terrorism, external link, opens in new window

 

This paper introduces the concept of Privacy-Protective Surveillance (PPS) – a positive-sum, “win-win” alternative to current counter-terrorism surveillance systems – and proposes a methodology for its implementation within the framework of Privacy by Design. Section 1 discusses the current context of counter-terrorism surveillance and presents the need for an alternative solution. Section 2 introduces the objectives and functionality of PPS, showing its relevance to the private sector and distinguishing its data analytics from others. Section 3 describes the feature detection abilities of the intelligent virtual agents used by PPS. Section 4 presents homomorphic encryption within the context of PPS’s analytics. Section 5 describes PPS’s ability to contextualize information through the use of probabilistic graphical models. Section 6 presents the two main phases of PPS in terms of its development and implementation. Section 7 highlights the main issues addressed by PPS and calls for the involvement of additional stakeholders to work towards refining and implementing its proposed methodology.

Authors:

Ann Cavoukian, Ph.D.
Information and Privacy Commissioner
Ontario, Canada

Khaled El Emam, Ph.D.
Canada Research Chair in Electronic Health Information
University of Ottawa

 

PDF filehttp://www.ontla.on.ca/library/repository/mon/27009/324331.pdf, external link, opens in new window

De-Identification Protocols: Essential for Protecting Privacy

PDF fileDe-identification Protocols: Essential for Protecting Privacy, external link, opens in new window

 

Information is the new currency of our economy. Since the dawn of the digital era, information has become increasingly available, and at a scale previously unimaginable. According to IBM, each day, 2.5 quintillion bytes of information are being created and, over 90 percent of the information currently in existence has been created in the past two years.1 With technological advances, this information is also becoming easier to collect, retain, use, disclose and leverage for a wide range of secondary uses.

Information is becoming far more valuable as businesses, big and small, seek to learn more about their customers and those of their competitors, and as advertisers seek to gain a competitive advantage by finding new and innovative ways to use information to target advertisements that are most relevant to their consumers. Information is also increasingly being sought for secondary uses that are seen to be in the public interest. For example, the health sector is seeking to use information to support evidence-based decision-making, to improve the quality of care provided, and to identify and achieve cost efficiencies. 

Authors:

Ann Cavoukian, Ph.D.
Information and Privacy Commissioner
Ontario, Canada

Khaled El Emam, Ph.D.
Canada Research Chair in Electronic Health Information
University of Ottawa

PDF file , external link, opens in new window

PDF filehttp://www.ontla.on.ca/library/repository/mon/28011/328475.pdf, external link, opens in new window

Dispelling the Myths Surrounding De-identification: Anonymization Remains a Strong Tool for Protecting Privacy

PDF fileDispelling the Myths Surrounding De-identification: Anonymization Remains a Strong Tool for Protecting Privacy, external link, opens in new window

 

Recently, the value of de-identification of personal information as a tool to protect privacy has come into question. Repeated claims have been made regarding the ease of re-identification. We consider this to be most unfortunate because it leaves the mistaken impression that there is no point in attempting to de-identify personal information, especially in cases where de-identified information would be sufficient for subsequent use, as in the case of health research.

The goal of this paper is to dispel this myth — the fear of re-identification is greatly overblown. As long as proper de-identification techniques, combined with re-identification risk measurement procedures, are used, de-identification remains a crucial tool in the protection of privacy. De-identification of personal data may be employed in a manner that simultaneously minimizes the risk of re-identification, while maintaining a high level of data quality. De-identification continues to be a valuable and effective mechanism for protecting personal information, and we urge its ongoing use.

Authors:

Ann Cavoukian, Ph.D.
Information and Privacy Commissioner
Ontario, Canada

Khaled El Emam, Ph.D.
Canada Research Chair in Electronic Health Information
University of Ottawa

 

PDF filehttp://www.ontla.on.ca/library/repository/mon/25006/310614.pdf, external link, opens in new window

Operationalizing Privacy by Design: A Guide to Implementing Strong Privacy Practices

PDF fileOperationalizing Privacy by Design: A Guide to Implementing Strong Privacy Practices, external link, opens in new window

 

It has been almost 20 years since I developed the concept of Privacy by Design (PbD). Reflecting on the widespread acceptance it currently enjoys within the public and private sectors, as well as its endorsement by the International Association of Data Protection Authorities and Privacy Commissioners, the U.S. Federal Trade Commission, the European Union and privacy professionals, is particularly gratifying. While much has been accomplished, much work still remains. The time has come to give deeper expression to PbD’s 7 Foundational Principles. Over the past several years, my Office has produced over 60 PbD papers with many well-known subject matter experts ranging from executives, risk managers, legal experts, designers, analysts, software engineers, computer scientists, applications developers in telecommunications, health care, transportation, energy, retail, marketing, and law enforcement. 

Author:

Ann Cavoukian, Ph.D.
Information and Privacy Commissioner
Ontario, Canada

 

PDF filehttp://www.ontla.on.ca/library/repository/mon/26012/320221.pdf, external link, opens in new window

White Paper: Using Privacy by Design to Achieve Big Data Innovation Without Compromising Privacy

PDF fileUsing Privacy by Design to Achieve Big Data Innovation Without Compromising Privacy, external link, opens in new window

The argument that privacy stifles Big Data innovation reflects a dated, zero-sum mindset. It is a false dichotomy, consisting of unnecessary trade-offs between the benefits of Big Data and the protection of personal information within Big Data sets. In fact, the opposite is true—privacy drives innovation and it forces innovators to think creatively to find solutions that serve multiple functionalities. We need to abandon zero-sum thinking and adopt a positive-sum paradigm where both Big Data innovation and privacy may be achieved. 


PDF filehttp://www.ontla.on.ca/library/repository/mon/28006/327266.pdf, external link, opens in new window

Authors:

Ann Cavoukian, Ph.D.
Information and Privacy Commissioner
Ontario, Canada

David Stewart
National Advanced Analytics Leader
Deloitte

Beth Dewitt
Manager and Privacy Specialist
Deloitte

White Paper: De-Identification Protocols: Essential for Protecting Privacy

PDF fileDe-Identification Protocols: Essential for Protecting Privacy, external link, opens in new window

Information is the new currency of our economy. Since the dawn of the digital era, information has become increasingly available, and at a scale previously unimaginable. According to IBM, each day, 2.5 quintillion bytes of information are being created and, over 90 percent of the information currently in existence has been created in the past two years.1 With technological advances, this information is also becoming easier to collect, retain, use, disclose and leverage for a wide range of secondary uses.

One of the most effective ways to protect the privacy of individuals is through strong de-identification. Despite suggestions to the contrary, de-identification, using proper de-identification techniques and reidentification risk management procedures, remains one of the strongest and most important tools in protecting privacy.


PDF filehttp://www.ontla.on.ca/library/repository/mon/28011/328475.pdf, external link, opens in new window

Authors:

Ann Cavoukian, Ph.D.
Information and Privacy Commissioner
Ontario, Canada

Khaled El Emam, Ph.D.
Canada Research Chair in Electronic Health Information
University of Ottawa

 

 

White Paper: BYOD: (Bring Your Own Device) Is Your Organization Ready?

PDF fileBYOD: (Bring Your Own Device) Is Your Organization Ready?, external link, opens in new window

Today across our nation, more than 27 million Canadians use mobile devices, including smartphones and tablets, to stay in touch, study, work and shop. With 63 per cent of all wireless service subscribers using a smartphone, Canada has the third highest level of smartphone penetration in the world. Thanks to the significant private investments of national wireless carriers such as TELUS, 99 per cent of Canadians from coast-to-coast-to-coast now benefit from world-leading wireless networks and technology.


PDF filehttp://www.ontla.on.ca/library/repository/mon/27012/325215.pdf, external link, opens in new window

Author:

Ann Cavoukian. Ph.D.
Information and Privacy Commissioner
Ontario, Canada

Publications & Books

The Privacy Payoff Book

The Privacy Payoff: How Successful Business Build Customer Trust

McGraw-Hill Ryerson, August 2002



View at Amazon, external link, opens in new window

Smart Data Book

SmartData: Privacy Meets Evolutionary Robotics

Springer, March 2013



View at Amazon, external link, opens in new window

Who Knows Book

Who Knows: Safeguarding Your Privacy in a Networked World

McGraw-Hill, September 1996



View at Amazon, external link, opens in new window