DEVNET-2016 Privacy Requirements Scoping Jonathan Fox, Director, Privacy Engineering, Cisco Lisa Bobbitt, Privacy Architect, Cisco
Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live Mobile App 2. Click Join the Discussion 3. Install Spark or go directly to the space 4. Enter messages/questions in the space cs.co/ciscolivebot#devnet-2016 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Agenda Privacy and Privacy Engineering Privacy Requirements Scoping Workshops Context Diagrams and Use Cases Privacy Requirements Mini Privacy Requirements Scoping Workshop Report Out
Privacy and Privacy Engineering
Technology and Innovation Presenting Challenges to Privacy is Not New Printing Press Camera Database DEVNET-2016 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Personally Identifiable Information? Individual s name Individual s phone number National or tax identification number Information about an individual s mental or health conditions Financial information and records Information related to offenses or criminal convictions Racial or ethnic origin Religious or philosophical beliefs A street address PII: If for an individual Not PII: If for a business GEO location PII: If data is the GPS of an end user (i.e., an individual) Not PII: If data is derived from an IP address (i.e., at a large geographical area that is not specific to an individual IP address PII: If for an end user s (i.e., an individual s) device Not PII: If for a system in a rack at a data center Note: The Cisco Data Protection and Privacy Policy defines PII as any information or collection of data that enables identification of an individual. DEVNET-2016 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 7
Privacy engineering is today s answer Process Innovation Data-centricity DEVNET-2016 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
A Requirement of What? System Requirement Data Requirement Business Requirement 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Privacy it s a loaded word Personally Identifiable Information Any information associated with a unique human being. Anything that identifies or can be used to contact an individual, or is reasonably linked to an individual s device Elements of non-personal information, when combined with other information to identify an individual, becomes personal data. Data Privacy Fair and legitimate processing of Personally Identifiable Information (PII) Processing Includes collection, storage, use, organization, recording, alignment, combination, disclosure by transmission, consultation, erasure, destruction, alteration, and so on Fair Information Principles Collection Security limitation Safeguards Data quality Openness Purpose Individual specification participation Use limitation Accountability Legitimate Consent Performance of a contract Compliance with a regulatory obligation Protection the vital interests Public interest or exercise of official, state authority Legitimate interest DEVNET-2016 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Privacy Requirements Scoping Workshops
Privacy requirements workshops are part of the scoping process User Interface Prototype Scoping Develop Class / Data Models Design Solution Construct Solution Quality Assurance Roll Out Solution Develop Requirements Use Cases Project Initiation DEVNET-2016 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
Scoping Deliverables Scope of the enterprise List of triggering events List of business drivers List of information flows Scoping mission statement List of business classes Context diagram List of business processes List of context drivers List of potential privacy requirements List of action locations Use case schedule using identified subject matter experts DEVNET-2016 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
Context Diagrams and Use Cases
Develop the Context Diagram The Enterprise Is the Process Actors Information/Control Flows What Event Triggers the Flow? Participant Actor Ultimate Customer In support of Ultimate Customer Where located? System Interface What Information/Material/ Control does user/system supply us? What Information/Material/ Control do we supply to user/system? What system? Where located? DEVNET-2016 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
Again, stick figures are fine Internet User Call Center Handle Customer Call <<extends>> <<extends>> Handle Internet Sign-on <<actor>> Credit System Collect Initial Profile Information Collect Preference/Profile <<uses>> Shopper/Recommender <<actor>> Product Mgt <<uses>> Information-only Fullfillment <<extends>> Sale Fullfillment <<actor>> Logistics System <<actor>> Purchasing <<actor>> Manufacturing System Order Mgt (UML Use Case) SA/2001 Mon Oct 01, 2001 20:26 Comment DEVNET-2016 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Privacy Requirements
Think of Privacy Notices as Meta Use Case Requirements Realistic technology capabilities and limitations Ethical obligations Enforceability and compliance Economic pressure to create value through efficient sharing / relationship building Usability, access and availability for end users of information systems Industry standards Brand identity Permission marketing / customer relationship management / business intelligence Privacy Policy Local and international legal, jurisdictional and regulatory necessities Organization / business requirements DEVNET-2016 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
Privacy engineering = setting and executing on privacy requirements Data: What data is involved? Are they sensitive? Purpose: How and why is the data being processed? Means of collection: How is the data being gathered? Notice: Where was notice presented? What was in the notice? Choice/consent: What kind of choice is the owner of the data given? Transfer: Is it possible to transfer the data to third parties or another system? Access, correction, deletion: How can data be corrected or removed? Security: How is the data being kept from unauthorized access? Minimization: Is the data collected the minimum necessary to achieve the intended purpose? Proportionality: Is the processing of the data proportional to the need, purpose, and sensitivity of the data? Retention: Is the deletion strategy defined and enforced within the system or the enterprise? If so, how? Third parties: If third parties are involved, what is the relationship? Accountability: Are responsibilities defined and the internal enforcement mechanisms in place? What are they? Who owns the program? How is it managed? DEVNET-2016 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
We use use cases to gather requirements! A use case is a complete course of events initiated by an actor Actors are people, functional roles, or interfacing systems that interact with the enterprise. Develop one or more use cases for each actor. Use cases allow business people to define requirements in business terms (business people can write use cases) Use cases specify interactions between the actor and business processes (automated or not). Use to begin to understand system interfaces. DEVNET-2016 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
Time for a Mini Privacy Requirements Scoping Workshop
Methodology Example Supermarket App Supermarket App Goal Design a privacy sensitive supermarket app that creates shopping lists based on shopping history, maps a user s path in the supermarket to make it more efficient for you to shop, and directs users to bargains (i.e., ties into user s supermarket s affinity program). DEVNET-2016 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Supermarket App Context Diagram Data Steward Marketing/ Sales Team Business Stakeholders Biz Analyst Data Analyst Geo- Location Service Backend Shoppers App Data Subject (Shopper) DEVNET-2016 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 23
In this the Scoping Workshop we will focus on User Experience What PII is needed? What kinds of choices and controls will the shopper be given? How will how will notice and consent be managed? 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Report Out
-All of the data? -Shopper specifics? -Trends? -All of the data? -Shopper specifics? -Trends? -All of the data? -Shopper specifics? -Trends? -All of the data? -All of the data? -Prescriptions? -Credit Cards? Data Steward Marketing/ Sales Team Business Stakeholders Biz Analyst -Prescriptions? -Credit Cards? Data Analyst -In Store? -Out of Store? Geo- Location Service Backend Shoppers App Shopper -All his or her data? -What is all? -To what degree? DEVNET-2016 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Congratulations! You have started on your way to be Privacy Engineers 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Privacy Engineering Based on Privacy Engineer s Manifesto DEVNET-2016 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
Cisco Spark How Questions? Use Cisco Spark to communicate with the speaker after the session 1. Find this session in the Cisco Live Mobile App 2. Click Join the Discussion 3. Install Spark or go directly to the space 4. Enter messages/questions in the space cs.co/ciscolivebot#devnet-2016 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Please complete your Online Session Evaluations after each session Complete 4 Session Evaluations & the Overall Conference Evaluation (available from Thursday) to receive your Cisco Live T-shirt All surveys can be completed via the Cisco Live Mobile App or the Communication Stations Complete Your Online Session Evaluation Don t forget: Cisco Live sessions will be available for viewing on-demand after the event at www.ciscolive.com/global/on-demand-library/. 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public
Continue Your Education Demos in the Cisco campus Walk-in Self-Paced Labs Tech Circle Meet the Engineer 1:1 meetings Related sessions DEVNET-2016 2018 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
Thank you