Privacy and Security Aspects Related to the Use of Big Data Progress of work in the ESS. Pascal Jacques Eurostat Local Security Officer 1

Similar documents
CoE CENTRE of EXCELLENCE ON DATA WAREHOUSING

Data Management Glossary

METADATA MANAGEMENT AND STATISTICAL BUSINESS PROCESS AT STATISTICS ESTONIA

EUROSTAT and BIG DATA. High Level Seminar on integrating non traditional data sources in the National Statistical Systems

Data Management Checklist

Business microdata dissemination at Istat

DEFINITIONS AND REFERENCES

EXAM PREPARATION GUIDE

On the Design and Implementation of a Generalized Process for Business Statistics

Developing a Research Data Policy

Legal, Ethical, and Professional Issues in Information Security

Level 4 Diploma in Computing

2011 INTERNATIONAL COMPARISON PROGRAM

2011 INTERNATIONAL COMPARISON PROGRAM

Cyberspace : Privacy and Security Issues

EXAM PREPARATION GUIDE

EXAMINATION [The sum of points equals to 100]

Database Auditing and Forensics for Privacy Compliance: Challenges and Approaches. Bob Bradley Tizor Systems, Inc. December 2004

SECURITY & PRIVACY DOCUMENTATION

EXAM PREPARATION GUIDE

SOC for cybersecurity

Emergency Compliance DG Special Case DAMA INDIANA

CONCLUSIONS AND RECOMMENDATIONS

About Us. Privacy Policy v1.3 Released 11/08/2017

USER CORPORATE RULES. These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy.

ESSnet on common tools and harmonised methodology for SDC in the ESS

Legal Issues in Data Management: A Practical Approach

Big data privacy in Australia

Bringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016

Information Systems and Tech (IST)

SYDNEY FESTIVAL PRIVACY POLICY

EXAM PREPARATION GUIDE

Business Architecture concepts and components: BA Process Flow

CYBER RESILIENCE & INCIDENT RESPONSE

BPS Suite and the OCEG Capability Model. Mapping the OCEG Capability Model to the BPS Suite s product capability.

This Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) ( GDPR ).

Data Security Standards

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE

Introduction to SURE

Forensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services

EXAM PREPARATION GUIDE

EXAM PREPARATION GUIDE

Virginia State University Policies Manual. Title: Information Security Program Policy: 6110

COBIT 5 With COSO 2013

Latest version, please translate and adapt accordingly!

STAFF REPORT. January 26, Audit Committee. Information Security Framework. Purpose:

What You Need to Know About Addressing GDPR Data Subject Rights in Pivot

LTI Security Services. Intelligent & integrated Approach to Cyber & Digital Security

IoT & SCADA Cyber Security Services

Economic and Social Council

COUNCIL OF THE EUROPEAN UNION. Brussels, 28 January 2003 (OR. en) 15723/02 TELECOM 78 JAI 307 PESC 593

IMF Statistics Department

Compliance Brief: The National Institute of Standards and Technology (NIST) , for Federal Organizations

CERT Symposium: Cyber Security Incident Management for Health Information Exchanges

Security Aspects of Trust Services Providers

Level 5 Diploma in Computing

When Recognition Matters WHITEPAPER CLFE CERTIFIED LEAD FORENSIC EXAMINER.

Privacy Policy. Effective: March 16, 2018.

COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September Table of Contents. 1. Scope, Purpose and Application to Employees 2

Security and Privacy Governance Program Guidelines

Position Title: IT Security Specialist

Privacy Policy. You may exercise your rights by sending a registered mail to the Privacy Data Controller.

Metadata Management in the FAO Statistics Division (ESS) Overview of the FAOSTAT / CountrySTAT approach by Julia Stone

Angela McKay Director, Government Security Policy and Strategy Microsoft

Sarbanes-Oxley Act (SOX)

Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV

Checklist and guidance for a Data Management Plan, v1.0

TERMS & CONDITIONS PLEASE READ THESE TERMS AND CONDITIONS CAREFULLY BEFORE USING THE SITE

Data Protection Policy

Data locations. For our hosted(saas) solution the servers are located in Dallas(USA), London(UK), Sydney(Australia) and Frankfurt(Germany).

Scientific Research Data Management Policy

New Guidance on Privacy Controls for the Federal Government

ENISA EU Threat Landscape

Metadata Framework for Resource Discovery

An Overview of the Gramm-Leach-Bliley (GLB) Act and the Safeguards Rule

SOC-2 Requirement Solution Brief. EventTracker 8815 Centre Park Drive, Columbia MD SOC-2

Electronic Communication of Personal Health Information

EU General Data Protection Regulation (GDPR) Achieving compliance

Fair data and open data: differences and consequences

Finding and Securing ephi in SharePoint and SharePoint Online

EXAM PREPARATION GUIDE

Federal Statistics, Multiple Data Sources, and Privacy Protection: Next Steps

INFORMATION ASSET MANAGEMENT POLICY

STANDARD INFORMATION SHARING FORMATS. Will Semple Head of Threat and Vulnerability Management New York Stock Exchange

PREPARING FOR THE GDPR AT THE UNIVERSITY OF HELSINKI

Driftscape corp. Privacy policy. October 20, 2017

Information technology Security techniques Code of practice for personally identifiable information protection

GDPR data subject rights

Sketching for UX Designers Website & Newsletter Privacy Policy

Cybersecurity & Digital Privacy in the Energy sector

STRATEGY ATIONAL. National Strategy. for Critical Infrastructure. Government

ISO 31000:2009 & COSO ERM

Recruitment Privacy Notice

Startup Genome LLC and its affiliates ( Startup Genome, we or us ) are committed to protecting the privacy of all individuals who ( you ):

Cyber Security Program

Generic Statistical Business Process Model

EXAM PREPARATION GUIDE

EXAM PREPARATION GUIDE

Transcription:

Privacy and Security Aspects Related to the Use of Big Data Progress of work in the ESS Pascal Jacques Eurostat Local Security Officer 1

Current work on privacy and ethics in Big data Privacy Confidentiality Ethics Big Data characteristics Current tools and frameworks for privacy protection and ethics Privacy and ethical challenges linked to Big Data Conclusions 2

Current Big Data Activities UNECE 2014 Project : The Role of Big Data in the Modernisation of Statistical Production Identify, examine and provide guidance for statistical organizations to act upon the main strategic and methodological issues that Big Data poses for the official statistics industry Demonstrate the feasibility of efficient production of both novel products and mainstream official statistics using Big Data sources, and the possibility to replicate these approaches across different national contexts Facilitate the sharing across organizations of knowledge, expertise, tools and methods for the production of statistics using Big Data sources. 4 task teams: Privacy, Partnership, Quality, Sandbox ESTAT Big Data Task Force (TFBD) ESS Big Data Task Force (NSI+ESCB) Scheveningen Memoradum 3

Big Data Action Plan and Roadmap (BDAR) A number of big data sources contain sensitive information and that the use of these sources for official statistics purposes may induce negative perceptions with the general public and other stakeholders. A communication strategy based on an ethical review should be developed whose subsequent implementation should guide the execution of pilot projects and prepare the integration of big data sources into official statistics. 4

Privacy Confidentiality - Ethics Privacy: the control over the extent, timing, and circumstances of sharing oneself (physically, behaviourally, or intellectually) with others About People Confidentiality: treatment of information that an individual has disclosed in a relationship of trust and with the expectation that it will not be divulged to others without permission in ways that are inconsistent with the understanding of the original disclosure About Data Statistical Confidentiality Passive confidentiality Primary confidentiality 5

ETHICS moral principles that govern a person's or group's behavior An ethical problem arises when you are considering an action that : (A. Gelman) (a)benefits you or some cause you support, (b)hurts or reduces benefits to others, and (c)violates some rule http://www.amstat.org/about/ethicalguidelines.cfm + Belmont report 6

Ethical challenges in Official Statistics Sound methodology Protection of confidentiality Integrity of the statistical agencies and the national statistical system Transparency Applies on all GSBPM steps Objectivity versus Advocacy 7

Confidentiality Passive confidentiality For foreign trade statistics : take appropriate measures only at the request of importers or exporters who feel that their interests would be harmed by the dissemination of data. Statistical confidentiality The protection of data that relate to single statistical units and are obtained directly for statistical purposes or indirectly from administrative or other sources against any breach of the right to confidentiality. It implies the prevention of unlawful disclosure. The privacy of data providers (households, enterprises, administrations and other respondents), the confidentiality of the information they provide and its use only for statistical purposes are absolutely guaranteed Primary confidentiality Tabular cell data, whose dissemination would permit attribute disclosure. Main reasons are too few units in a cell or dominance of one or two units in a cell 8

Big Data characteristics 9

Privacy and ethical framework (1) The ESS Code of Practice Principle 1: Professional independence Principle 5: Statistical confidentiality Principle 6: Impartiality and objectivity Principle 7: Sound methodology Principle 15: Accessibility and Clarity 10

Privacy and ethical framework (2) Fundamental Principles of Official Statistics Principle 2. To retain trust in official statistics, the statistical agencies need to decide according to strictly professional considerations, including scientific principles and professional ethics, on the methods and procedures for the collection, processing, storage and presentation of statistical data. Principle 6. Individual data collected by statistical agencies for statistical compilation, whether they refer to natural or legal persons, are to be strictly confidential and used exclusively for statistical purposes http://unstats.un.org/unsd/dnss/gp/fundprinciples.aspx 11

Existing tools for confidentiality protection Protection by anonymisation/de-identification of information or statistical disclosure control (secondary confidentiality) Use of synthetics datasets or subset of information Strong IT Security principles and rules Use of encryption technologies for transfer & storage of information Remote Access vs. Remote Execution vs. ETL vs. Distributed Processing 12

Privacy and ethical challenges linked to Big Data (1) Anonymisation/ De-identification Is anonymous data secure? Risk of re-identification Four random pieces of information enough to re-identify 90% shoppers Gender, birthdata and zipcode could be enough to reidentify people Predictability and uniqueness of individual human behavior Is de-identification workable in the world of Big Data? Group privacy 13

Privacy and ethical challenges linked to Big Data (2) Methodology More algorithmic based than regional expertise and knowledge/judgment Privacy preserving data mining and analytics Big Datasets not originally created for Official Statistical purpose Bias of information and variables Incompleteness of coverage and time frame Data availability over time challenging 14

Privacy and ethical challenges linked to Big Data (3) Variety of data Makes secure access management a challenge Consistency of time frame Different data sources means different data transfer workflows and protection measures Independency: Loss of control and dependancy of NSIs towards data providers/data brokers 15

Privacy and ethical challenges linked to Big Data (4) Infrastructure Distributed environments are more complicated and vulnerable to attacks Hadoop and BD SW tools not built for security Analysing audit logs is also a Big Data Challenge Connections to multiple repositories can increase the attack surface Real time security Storage of info? Of Metadata? IOT security 16

Conclusions Existing tools still needs adaptations and reinforcement Recommendations have been formulated on: Information integration and governance / IT Security Statistical disclosure control Managing risk to reputation and transparency towards stakeholders Work on second revision of CoP to be launched in 2016. Production of coherent and comprehensive set of guidelines to be easily interpretable and applicable in the NSIs' daily activities. 17

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback