Privacy Requirements Scoping

Similar documents
NXOS in the Real World Using NX-API REST

Your API Toolbelt Tools and techniques for testing, monitoring, and troubleshooting REST API requests

BGP in the Enterprise for Fun and (fake) Profit: A Hands-On Lab

COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September Table of Contents. 1. Scope, Purpose and Application to Employees 2

Get Hands On With DNA Center APIs for Managing Intent

Cisco Spark Messaging APIs - Integration Platforms as a Service Real World Use-Cases

DevNet Workshop-Hands-on with CloudCenter and Jenkins

CloudCenter for Developers

Cisco Enterprise Agreement

DEVNET Introduction to Git. Ashley Roach Principal Engineer Evangelist

This Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) ( GDPR ).

Hands On Exploration of NETCONF and YANG

Motorola Mobility Binding Corporate Rules (BCRs)

Magical Chatbots with Cisco Spark and IBM Watson

Git, Atom, virtualenv, oh my! Learn about dev tools to live by!

INNOVENT LEASING LIMITED. Privacy Notice

Within the meanings of applicable data protection law (in particular EU Regulation 2016/679, the GDPR ):

Technical Requirements of the GDPR

Finesse APIs: Getting started with the REST APIs and XMPP events

Cloud Mobility: Meraki Wireless & EMM

Orange: Cisco & Orange: a human touch for a digital experience

Deploying Cloud-Agnostic Applications with Cisco CloudCenter

Islam21c.com Data Protection and Privacy Policy

An Introduction to Developing for Cisco Kinetic

Cisco Spark. Questions? Use Cisco Spark to communicate with the speaker after the session. How

Who wants to be a millionaire? A class in creating your own cryptocurrency

This article will explain how your club can lawfully process personal data and show steps you can take to ensure that your club is GDPR compliant.

NetBrain Technologies: Achieving Agile Network Operations: How Automation Can Improve Visibility Across Hybrid Infrastructures

European DevNet Pros Panel

Managing Cisco UCS with the Python SDK

DNA Automation Services Offerings

Customer s journey into the private cloud with Cisco Enterprise Cloud Suite

1 Privacy Statement INDEX

2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

Automation with Meraki Provisioning API

PS Mailing Services Ltd Data Protection Policy May 2018

Data Protection Policy

The British Museum. Data Protection Code of Practise. 1 Introduction

Empower your testing with Cisco Test Automation Solution Featuring pyats & Genie

Cisco UCS Agentless Configuration Management Ansible or Microsoft DSC

Creating a custom gadget using the Finesse JavaScript Library API

General Data Protection Regulation Frequently Asked Questions (FAQ) General Questions

Adkin s Privacy Information Notice for Clients, Contractors, Suppliers and Business Contacts

What is GDPR? Editorial: The Guardian: August 7th, EU Charter of Fundamental Rights, 2000

Kährs Group s Privacy Policy

DEPARTMENT OF JUSTICE AND EQUALITY. Data Protection Policy

Privacy Policy... 1 EU-U.S. Privacy Shield Policy... 2

MBNL Landlord Privacy Notice. This notice sets out how we handle landlord personal data as part of our General Data Protection policies (GDPR).

DATA PROTECTION ISACA MALTA CHAPTER BIENNIAL CONFERENCE Saviour Cachia Commissioner for Information and Data Protection

Government-issued identification numbers (e.g., tax identification numbers)

ADMA Briefing Summary March

NetDevOps Style Configuration Management for the Network

Hands-On with IoT Standards & Protocols

The Role of the Data Protection Officer

USER CORPORATE RULES. These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy.

Cognizant Careers Portal Privacy Policy ( Policy )

Tetration Hands-on Lab from Deployment to Operations Support

Privacy Shield Policy

GDPR Privacy Policy. The data protection policy of AlphaMed Press is based on the terms found in the GDPR.

Privacy Policy. In this data protection declaration, we use, inter alia, the following terms:

Strasbourg, 21 December / décembre 2017

Automation and Programmability using Cisco Open NXOS and DevOps Tools

General Data Protection Regulation (GDPR) Key Facts & FAQ s

PRIVACY POLICY POLICY KEY DEFINITIONS: PROCESSING OF YOUR PERSONAL DATA

GLOBAL DATA PROTECTION POLICY

EU GDPR: The General Data Protection Regulation

About the information we collect We collect and process personal data including but not limited to:-

Simplifying Collaboration Deployments with Prime Collaboration

Data Privacy Notice. Madsen Advisory Limited ("Madsen") is committed to protecting and respecting your privacy.

TRex Realistic Traffic Generator

Privacy Policy GENERAL

Cisco DNA Center and Italtel Netwrapper Evolution: Network and Applications come together

Cisco UCS Director and ACI Advanced Deployment Lab

GLOBAL DATA PROTECTION POLICY

Cisco Container Platform

Georgia Institute of Technology EU GDPR Lawful Basis Form

Privacy Policy Effective May 25 th 2018

It applies to personal information for individuals that are external to us such as donors, clients and suppliers (you, your).

ATHLETICS WORLD CUP PRIVACY NOTICE

Managing The Digital Network Workforce Transformation

Data Protection Policy

Cisco SD-Access Hands-on Lab

GDPR. What is GDPR? GDPR is extraterritorial, meaning it applies to any company, processing EU resident data, irrespective of their location.

the processing of personal data relating to him or her.

Element Finance Solutions Ltd Data Protection Policy

Subject: Kier Group plc Data Protection Policy

IMPLEMENTING SECURITY, PRIVACY, AND FAIR DATA USE PRINCIPLES

Inside Cisco IT: Automated end user services via Cisco Prime Service Catalog, Process Orchestrator and AppDynamics

You will see lots of references in the Checklist to the GDPR Pack if you would like to purchase this, go to

An Introduction to Monitoring Encrypted Network Traffic with "Joy"

This guide is for informational purposes only. Please do not treat it as a substitute of a professional legal

TREND MICRO PRIVACY POLICY

When this policy mentions WanderJaunt, we, us, or our, it refers to the WanderJaunt, Inc.

When you provide personal information to us it will only be used in the ways described in this privacy policy.

GRANDSTREAM PRIVACY STATEMENT

Data Protection Policy

PSOACI Why ACI: An overview and a customer (BBVA) perspective. Technology Officer DC EMEAR Cisco

Migrating Applications with CloudCenter

Cisco Spark Widgets Technical drill down

Introducing Cisco Network Assurance Engine

Transcription:

DEVNET-2016 Privacy Requirements Scoping Jonathan Fox, Director, Privacy Engineering, Cisco Lisa Bobbitt, Privacy Architect, Cisco

Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live Mobile App 2. Click Join the Discussion 3. Install Spark or go directly to the space 4. Enter messages/questions in the space cs.co/ciscolivebot#devnet-2016 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

Agenda Privacy and Privacy Engineering Privacy Requirements Scoping Workshops Context Diagrams and Use Cases Privacy Requirements Mini Privacy Requirements Scoping Workshop Report Out

Privacy and Privacy Engineering

Technology and Innovation Presenting Challenges to Privacy is Not New Printing Press Camera Database DEVNET-2016 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 6

Personally Identifiable Information? Individual s name Individual s phone number National or tax identification number Information about an individual s mental or health conditions Financial information and records Information related to offenses or criminal convictions Racial or ethnic origin Religious or philosophical beliefs A street address PII: If for an individual Not PII: If for a business GEO location PII: If data is the GPS of an end user (i.e., an individual) Not PII: If data is derived from an IP address (i.e., at a large geographical area that is not specific to an individual IP address PII: If for an end user s (i.e., an individual s) device Not PII: If for a system in a rack at a data center Note: The Cisco Data Protection and Privacy Policy defines PII as any information or collection of data that enables identification of an individual. DEVNET-2016 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 7

Privacy engineering is today s answer Process Innovation Data-centricity DEVNET-2016 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 8

A Requirement of What? System Requirement Data Requirement Business Requirement 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

Privacy it s a loaded word Personally Identifiable Information Any information associated with a unique human being. Anything that identifies or can be used to contact an individual, or is reasonably linked to an individual s device Elements of non-personal information, when combined with other information to identify an individual, becomes personal data. Data Privacy Fair and legitimate processing of Personally Identifiable Information (PII) Processing Includes collection, storage, use, organization, recording, alignment, combination, disclosure by transmission, consultation, erasure, destruction, alteration, and so on Fair Information Principles Collection Security limitation Safeguards Data quality Openness Purpose Individual specification participation Use limitation Accountability Legitimate Consent Performance of a contract Compliance with a regulatory obligation Protection the vital interests Public interest or exercise of official, state authority Legitimate interest DEVNET-2016 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 10

Privacy Requirements Scoping Workshops

Privacy requirements workshops are part of the scoping process User Interface Prototype Scoping Develop Class / Data Models Design Solution Construct Solution Quality Assurance Roll Out Solution Develop Requirements Use Cases Project Initiation DEVNET-2016 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 12

Scoping Deliverables Scope of the enterprise List of triggering events List of business drivers List of information flows Scoping mission statement List of business classes Context diagram List of business processes List of context drivers List of potential privacy requirements List of action locations Use case schedule using identified subject matter experts DEVNET-2016 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 13

Context Diagrams and Use Cases

Develop the Context Diagram The Enterprise Is the Process Actors Information/Control Flows What Event Triggers the Flow? Participant Actor Ultimate Customer In support of Ultimate Customer Where located? System Interface What Information/Material/ Control does user/system supply us? What Information/Material/ Control do we supply to user/system? What system? Where located? DEVNET-2016 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 15

Again, stick figures are fine Internet User Call Center Handle Customer Call <<extends>> <<extends>> Handle Internet Sign-on <<actor>> Credit System Collect Initial Profile Information Collect Preference/Profile <<uses>> Shopper/Recommender <<actor>> Product Mgt <<uses>> Information-only Fullfillment <<extends>> Sale Fullfillment <<actor>> Logistics System <<actor>> Purchasing <<actor>> Manufacturing System Order Mgt (UML Use Case) SA/2001 Mon Oct 01, 2001 20:26 Comment DEVNET-2016 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 16

Privacy Requirements

Think of Privacy Notices as Meta Use Case Requirements Realistic technology capabilities and limitations Ethical obligations Enforceability and compliance Economic pressure to create value through efficient sharing / relationship building Usability, access and availability for end users of information systems Industry standards Brand identity Permission marketing / customer relationship management / business intelligence Privacy Policy Local and international legal, jurisdictional and regulatory necessities Organization / business requirements DEVNET-2016 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 18

Privacy engineering = setting and executing on privacy requirements Data: What data is involved? Are they sensitive? Purpose: How and why is the data being processed? Means of collection: How is the data being gathered? Notice: Where was notice presented? What was in the notice? Choice/consent: What kind of choice is the owner of the data given? Transfer: Is it possible to transfer the data to third parties or another system? Access, correction, deletion: How can data be corrected or removed? Security: How is the data being kept from unauthorized access? Minimization: Is the data collected the minimum necessary to achieve the intended purpose? Proportionality: Is the processing of the data proportional to the need, purpose, and sensitivity of the data? Retention: Is the deletion strategy defined and enforced within the system or the enterprise? If so, how? Third parties: If third parties are involved, what is the relationship? Accountability: Are responsibilities defined and the internal enforcement mechanisms in place? What are they? Who owns the program? How is it managed? DEVNET-2016 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 19

We use use cases to gather requirements! A use case is a complete course of events initiated by an actor Actors are people, functional roles, or interfacing systems that interact with the enterprise. Develop one or more use cases for each actor. Use cases allow business people to define requirements in business terms (business people can write use cases) Use cases specify interactions between the actor and business processes (automated or not). Use to begin to understand system interfaces. DEVNET-2016 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 20

Time for a Mini Privacy Requirements Scoping Workshop

Methodology Example Supermarket App Supermarket App Goal Design a privacy sensitive supermarket app that creates shopping lists based on shopping history, maps a user s path in the supermarket to make it more efficient for you to shop, and directs users to bargains (i.e., ties into user s supermarket s affinity program). DEVNET-2016 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 22

Supermarket App Context Diagram Data Steward Marketing/ Sales Team Business Stakeholders Biz Analyst Data Analyst Geo- Location Service Backend Shoppers App Data Subject (Shopper) DEVNET-2016 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 23

In this the Scoping Workshop we will focus on User Experience What PII is needed? What kinds of choices and controls will the shopper be given? How will how will notice and consent be managed? 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

Report Out

-All of the data? -Shopper specifics? -Trends? -All of the data? -Shopper specifics? -Trends? -All of the data? -Shopper specifics? -Trends? -All of the data? -All of the data? -Prescriptions? -Credit Cards? Data Steward Marketing/ Sales Team Business Stakeholders Biz Analyst -Prescriptions? -Credit Cards? Data Analyst -In Store? -Out of Store? Geo- Location Service Backend Shoppers App Shopper -All his or her data? -What is all? -To what degree? DEVNET-2016 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 26

Congratulations! You have started on your way to be Privacy Engineers 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

Privacy Engineering Based on Privacy Engineer s Manifesto DEVNET-2016 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 28

Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live Mobile App 2. Click Join the Discussion 3. Install Spark or go directly to the space 4. Enter messages/questions in the space cs.co/ciscolivebot#devnet-2016 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

Please complete your Online Session Evaluations after each session Complete 4 Session Evaluations & the Overall Conference Evaluation (available from Thursday) to receive your Cisco Live T-shirt All surveys can be completed via the Cisco Live Mobile App or the Communication Stations Complete Your Online Session Evaluation Don t forget: Cisco Live sessions will be available for viewing on-demand after the event at www.ciscolive.com/global/on-demand-library/. 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public

Continue Your Education Demos in the Cisco campus Walk-in Self-Paced Labs Tech Circle Meet the Engineer 1:1 meetings Related sessions DEVNET-2016 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 31

Thank you

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback