Commit to Privacy, Publicly. Privacy by Design Certification Program Ann Cavoukian, Ph.D. CERTIFIED

Similar documents
SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

NOW IS THE TIME. to secure our future

Privacy by Design and the GDPR

Aon Service Corporation Law Global Privacy Office. Aon Client Data Privacy Summary

Cybersecurity. Securely enabling transformation and change

Sage Data Security Services Directory

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

WHO SHOULD ATTEND? ITIL Foundation is suitable for anyone working in IT services requiring more information about the ITIL best practice framework.

Bringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016

BENEFITS of MEMBERSHIP FOR YOUR INSTITUTION

BHConsulting. Your trusted cybersecurity partner

Achieving effective risk management and continuous compliance with Deloitte and SAP

INTELLIGENCE DRIVEN GRC FOR SECURITY

STRATEGIC PLAN

ISACA MOSCOW CHAPTER Chapter meeting 22 September 2016

Uptime and Proactive Support Services

A Checklist for Compliance in the Cloud 1. A Checklist for Compliance in the Cloud

Get more out of technology starting day one. ProDeploy Enterprise Suite

EU General Data Protection Regulation (GDPR) Achieving compliance

Altitude Software. Data Protection Heading 2018

NCSF Foundation Certification

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?

13.f Toronto Catholic District School Board's IT Strategic Review - Draft Executive Summary (Refer 8b)

December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

ROI for Your Enterprise Through ISACA A global IS association helping members achieve organisational success.

Privacy by Design Brendon Lynch, Microsoft Trevor Hughes, IAPP

ISTE SEAL OF ALIGNMENT REVIEW FINDINGS REPORT. Certiport IC3 Digital Literacy Certification

FOR FINANCIAL SERVICES ORGANIZATIONS

Organizational Privacy Transformation: A case study from Critical Issues to Award Winning Success

SELLING YOUR ORGANIZATION ON APPLICATION SECURITY. Navigating a new era of cyberthreats

How icims Supports. Your Readiness for the European Union General Data Protection Regulation

IT Consulting and Implementation Services

Customer Breach Support A Deloitte managed service. Notifying, supporting and protecting your customers through a data breach

Six Sigma in the datacenter drives a zero-defects culture

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

5 Things to Know About Certification

STRATEGIC PLAN. USF Emergency Management

Cyber Security Program

Implementing ITIL v3 Service Lifecycle

Turning Risk into Advantage

PEOPLE INNOVATION CAPITAL INFRASTRUCTURE AGILITY. New Brunswick Growth Opportunity. Cybersecurity

Track 1 // Collaboration & Partnerships

The Role of the Data Protection Officer

How to implement NIST Cybersecurity Framework using ISO WHITE PAPER. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.

Data Management and Security in the GDPR Era

Plan a Pragmatic Approach to the new EU Data Privacy Regulation

Developing your GDPR response for competitive advantage. EU General Data Protection Regulation (GDPR)

Angela McKay Director, Government Security Policy and Strategy Microsoft

NCSF Foundation Certification

International Atomic Energy Agency Meeting the Challenge of the Safety- Security Interface

COBIT 5 With COSO 2013

BPS Suite and the OCEG Capability Model. Mapping the OCEG Capability Model to the BPS Suite s product capability.

ISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

BHConsulting. Your trusted cybersecurity partner

Cyber Security and Cyber Fraud

Accelerate Your Enterprise Private Cloud Initiative

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

ProDeploy Suite. Accelerate enterprise technology adoption with expert deployment designed for you

IMPROVING NETWORK SECURITY

Continuous protection to reduce risk and maintain production availability

RISK MANAGEMENT Education and Certification

Implementation Strategy for Cybersecurity Workshop ITU 2016

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

ENISA EU Threat Landscape

BRING EXPERT TRAINING TO YOUR WORKPLACE.

PCI compliance the what and the why Executing through excellence

TRULY INDEPENDENT CYBER SECURITY SPECIALISTS. Cyber Major

Professional Training Course - Cybercrime Investigation Body of Knowledge -

Global Security Consulting Services, compliancy and risk asessment services

Avanade s Approach to Client Data Protection

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

Cyber Security: Threat and Prevention

Introduction to Device Trust Architecture

General Data Protection Regulation (GDPR) The impact of doing business in Asia

Sustainable Security Operations

Cyber Incident Response. Prepare for the inevitable. Respond to evolving threats. Recover rapidly. Cyber Incident Response

2015 VORMETRIC INSIDER THREAT REPORT

EY s data privacy service offering

Position Description. Engagement Manager UNCLASSIFIED. Outreach & Engagement Information Assurance and Cyber Security Directorate.

CA Security Management

Vulnerability Assessments and Penetration Testing

Information Security Risk Strategies. By

OF ACCOUNTANTS IAASB CAG MEETING MARCH 7, 2011

HPH SCC CYBERSECURITY WORKING GROUP

Cybersecurity in Asia-Pacific State of play, key issues for trade and e-commerce

Continuous auditing certification

A HOLISTIC APPROACH TO IDENTITY AND AUTHENTICATION. Establish Create Use Manage

RED HAT ENTERPRISE LINUX. STANDARDIZE & SAVE.

Grow Your Services Business

Symantec Data Center Transformation

Executive Insights. Protecting data, securing systems

Google Cloud & the General Data Protection Regulation (GDPR)

Protecting your data. EY s approach to data privacy and information security

RSA Solution Brief. The RSA Solution for Cloud Security and Compliance

Case Study. Encode helps University of Aberdeen strengthen security and reduce false positives with advanced security intelligence platform

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

Security. Made Smarter.

STRATEGY ATIONAL. National Strategy. for Critical Infrastructure. Government

Transcription:

Commit to Privacy, Publicly Privacy by Design Certification Program Ann Cavoukian, Ph.D. CERTIFIED RYERSON Privacy Certified by Design UNIVERSITY

We are at a tipping point. With the massive growth of ubiquitous computing, online connectivity and social media, if you don t get ahead of the curve and embed Privacy by Design, you risk losing your customers by allowing their privacy to slip away, and that is simply not an acceptable option. Dr. Ann Cavoukian, Executive Director, Privacy and Big Data Institute at Ryerson University Three-term Information and Privacy Commissioner of Ontario Creator of Privacy by Design 2 Privacy by Design Certification Program

Strive for Privacy by Design Certification Earning PbD certification begins at Ryerson Data breaches are no longer the exception they have become the norm. One of the largest banks in the United States had its database compromised with the names and contact information of 75 million customers stolen. In another similar incident, 56 million customers had their credit card information siphoned after one of North America s largest retailers suffered a malware attack. These types of attacks aren t necessarily initiated on home soil. In the Internet age, they may originate from anywhere in the world, at any time. It is no wonder then, now more than ever, that privacy-conscious consumers want to feel confident that the companies and institutions they entrust with their personal data will manage it with the utmost care. Earning Privacy by Design Certification from the Privacy and Big Data Institute at Ryerson University will enhance consumer confidence and trust. The Privacy and Big Data Institute at Ryerson University is a leader in the research, education and development of big data solutions that will allow organizations to maximize the potential of big data while ensuring that people s privacy is strongly protected. Our Privacy by Design Certification is the firstof-its kind privacy certification that is based on Privacy by Design, a revolutionary privacy framework that has been recognized globally and translated into 37 languages. The certification process we follow brings together a framework created by Dr. Ann Cavoukian, one of the world s leading privacy experts, three-term Privacy Commissioner of Ontario, and now the Executive Director of the Privacy and Big Data Institute at Ryerson University. Dr. Cavoukian s approach seeks to proactively embed privacy into the design specifications of information technologies, networked infrastructure and business practices. We then marry this approach by partnering with the expertise of Deloitte, whose global data protection and privacy practice is comprised of multi-disciplinary professionals specializing in technology, policy, security, law, information governance and management, project management, communications, and privacy regulatory affairs. Deloitte operationalized the 7 Foundational Principles by developing 29 measurable privacy criteria and 109 illustrative privacy controls using a unique scorecard approach that aligns to Privacy by Design. The criteria and controls are based on key requirements derived from national and international privacy regulations and best practices. (ryerson.ca/pbd/certification) Most impressive, when you earn Privacy by Design Certification from the Privacy and Big Data Institute at Ryerson, you ll be raising the bar and meeting a privacy standard that is now recognized in more than 35 countries. Doing so will enable you to gain a competitive advantage over other organizations, which is sustainable over time. 3 Privacy by Design Certification Program

Privacy should not be a one-time compliance exercise. We help our clients innovate and expand their digital footprint by using a risk-based approach to implementing new technologies. Sylvia Kingsmill, BA, LLB, National Partner, Digital Privacy Leader at Deloitte 4 Privacy by Design Certification Program

Achieve the highest level of privacy In October 2010, regulators at the International Conference of Data Protection Authorities and Privacy Commissioners unanimously passed a resolution recognizing Privacy by Design as an essential component of fundamental privacy protection. By qualifying for Privacy by Design Certification, your organization will gain the ability to: Enhance compliance by getting ahead of the legislative curve and minimizing compliance risk. Reduce the likelihood of fines and penalties, including financial losses and/or liability associated with privacy breaches. Build your brand by fostering greater consumer confidence and trust, thereby gaining a sustainable, competitive advantage. Better manage post-breach incidents to regain consumer trust and confidence. Maintain best practices by seeking independent testing of privacy and security controls, which greatly exceeds the trust-me model of selfreporting. 5 Privacy by Design Certification Program

Examine your privacy practices Ryerson s Privacy and Big Data Institute is collaborating with a global team of Deloitte privacy and information security professionals who will put your organization through a three-step process in order to achieve Privacy by Design Certification. Step 1: Apply Applications for certification may be initiated by applying online via Ryerson s website. (ryerson.ca/pbd/certification) Step 2: Assess Using a set of well-defined assessment criteria, Deloitte s privacy and security professionals will test your product, service or offering against the 7 Foundational Principles of Privacy by Design. An assessment of the strength of your privacy practices will be conducted, following internationally-recognized privacy principles, including privacy regulations, industry self-regulatory requirements and industry best practices (e.g., FIPs, OECD, GAPP, CBR and APEC Privacy Framework) using an assessment methodology based on harmonized privacy and security requirements. Taking a holistic and risk-based approach, Deloitte will test your controls using a quantifiable scorecard. Step 3: Certify Upon review of the assessment report, certification will be granted only when Ryerson is satisfied that no significant gaps exist as identified by Deloitte in the Privacy Scorecard. Taking a comprehensive, risk-based approach to data privacy where globally-defined risks are anticipated and counter-measures are built into systems and operations, by design can be far more effective, and more likely to meet the various requirements of multiple jurisdictions. Dr. Ann Cavoukian 6 Privacy by Design Certification Program

1 Proactive 7 Foundational Principles of Privacy by Design not reactive Preventative not remedial The Privacy by Design (PbD) framework is characterized by the taking of proactive rather than reactive measures. It anticipates the risks and prevents privacy invasive events before they occur. PbD does not wait for privacy risks to materialize, nor does it offer remedies for resolving privacy infractions once they have occurred it aims to identify the risks and prevent the harms from arising. In short, Privacy by Design comes before the fact, not after. 2Lead with privacy as the default setting We can all be certain of one thing the default rules. Privacy by Design seeks to deliver the maximum degree of privacy by ensuring that personal data are automatically protected in any given IT system or business practice as the default. If individuals do nothing, their privacy still remains intact. No action is required on the part of individuals in order to protect their privacy it is already built into the system by default. 3Embed privacy into design Privacy measures are embedded into the design and architecture of IT systems and business practices. These are not bolted on as add-ons after the fact. The result is that privacy becomes an essential component of the core functionality being delivered. Privacy is thus integral to the system without diminishing functionality. 4Retain full functionality (positive-sum, not zero-sum) Privacy by Design seeks to accommodate all legitimate interests and objectives in a positive-sum win-win manner, not through the dated, zero-sum (either/or) approach where unnecessary trade-offs are made. Privacy by Design avoids the pretense of false dichotomies, such as privacy vs. security, demonstrating that it is indeed possible to have both. 5Ensure end-to-end security Privacy by Design, having been embedded into the system prior to the first element of information being collected, extends securely throughout the entire lifecycle of the data involved strong security measures are essential to privacy from start to finish. This ensures that all data are securely collected, used, retained and then securely destroyed at the end of the process in a timely fashion. Thus, Privacy by Design ensures cradle to grave secure lifecycle management of information, end-to-end. 6Maintain visibility and transparency Keep it open Privacy by Design seeks to assure all stakeholders that whatever the business practice or technology involved, it is in fact operating according to the stated promises and objectives, subject to independent verification. The data subject is made fully aware of the personal data being collected and for what purposes. All the component parts and operations remain visible and transparent to users and providers alike. Remember, trust but verify. 7 Respect user privacy Keep it user-centric Above all, Privacy by Design requires architects and operators to keep the interests of the individual uppermost by offering such measures as strong privacy defaults, appropriate notice and empowering user-friendly options. The goal is to ensure user-centred privacy in an increasingly connected world. 7 Privacy by Design Certification Program

Prove to your customers that privacy is one of the highest priorities for your organization. Become Privacy by Design-Certified today. About Dr. Ann Cavoukian Dr. Ann Cavoukian is recognized as one of the world s leading privacy experts. She is presently the Executive Director of the Privacy and Big Data Institute at Ryerson University. Appointed as the Information and Privacy Commissioner of Ontario, Canada in 1997, Dr. Cavoukian served an unprecedented three terms as Commissioner. There she created Privacy by Design, a framework that seeks to proactively embed privacy into the design specifications of information technologies, networked infrastructure and accountable business practices, thereby achieving the strongest protection possible. In October 2010, regulators at the International Conference of Data Protection Authorities and Privacy Commissioners unanimously passed a resolution recognizing Privacy by Design as an essential component of fundamental privacy protection. Since then, Privacy by Design has been translated into 37 languages. Dr. Cavoukian was chosen as one of the Power 50 by Canadian Business magazine for her tireless efforts as a privacy champion. She was also selected for Maclean s Magazine s Power List of the top 50 Canadians, and was chosen as one of the top 10 women in data security, compliance and privacy to follow on Twitter. About Ryerson University and the Privacy and Big Data Institute Ryerson is Canada s leader in innovative, career-focused education. It is a distinctly urban university with a focus on innovation and entrepreneurship. Ryerson has a mission to serve societal need and a long-standing commitment to engaging its community. The Privacy and Big Data Institute at Ryerson was created to serve as a hub for Ryerson faculty, staff and students engaged in data-driven research, innovation and education. The institute s mission is to pursue and promote collaborations with industry to address privacy, security and data analytics challenges. To learn more, visit ryerson.ca/pbd/certification or contact: Dr. Ann Cavoukian Executive Director, Privacy and Big Data Institute ann.cavoukian@ryerson.ca Privacy by Design Certification is being offered by the Privacy and Big Data Institute at Ryerson University and is not affiliated with the Information and Privacy Commissioner of Ontario, nor signifies compliance with Ontario privacy laws.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback