Data Privacy

1
Data Privacy

• Joe Frate Aruna Prensai

2
Data Security

• Goals of data security Authentication
• Access Control
• Data Confidentiality
• Data Integrity
• Non-repudiation
• Security implementations
• User roles
• Passwords
• Encryption and hashing

3
Data Privacy

• Data management of data to whom access to the
  data is given
• To whom is personal data revealed
• How data is used
• How long data is retained
• Unidentifiable data
• Personal control over ones own data

4
IBM Hippocratic Database

• Built upon ten principles to protect and manage
  private information in the database
• 1. Purpose specification
• 2. Consent
• 3. Limited collection
• 4. Limited use
• 5. Limited disclosure
• 6. Limited retention
• 7. Accuracy
• 8. Safety
• 9. Openness
• 10. Compliance

5
Middleware Manager

• Active Enforcer
• IBMs middleware component to manage privacy
• Database agnostic
• Enforces privacy based on privacy language
• Privacy Manager
• Our middleware component to manage privacy

6
P3P

• Platform for Privacy Preferences Project
• Used to communicate data privacy policies
• Part of W3 standard
• We use to express individuals privacy policies

7

• ltPOLICIES xmlns"http//www.w3.org/2000/12/P3Pv1"gt
  
• ltPOLICY discuri"http//www.stevesstore.com/priva
  cy.html" name"policy1"gt
• ltENTITYgt
• ltDATA-GROUPgt
• ltDATA ref"business.name"gtSteve's
  Storelt/DATAgt
• ltDATA ref"business.contact-info.postal.city"
  gtBethesdalt/DATAgt
• ltDATA ref"business.contact-info.postal.statep
  rov"gtMDlt/DATAgt
• lt/DATA-GROUPgt
• lt/ENTITYgt
• ltACCESSgtltnonident/gtlt/ACCESSgt
• ltDISPUTES-GROUPgt
• ltDISPUTES resolution-type"independent
  servicehttp//www.priv.orggt
• ltREMEDIESgtltcorrect/gtlt/REMEDIESgt
• lt/DISPUTESgt
• lt/DISPUTES-GROUPgt
• ltSTATEMENTgt
• ltPURPOSEgtltadmin/gtltdevelop/gtlt/PURPOSEgt
• ltRECIPIENTgtltours/gtlt/RECIPIENTgt
• ltRETENTIONgtltstated-purpose/gtlt/RETENTIONgt

8

• ltPOLICIES xmlns"http//www.w3.org/2000/12/P3Pv1"gt
  
• ltPOLICY discuri"http//www.ourmedctr.com/privacy
  .html" nameour_policy"gt
• ltENTITYgt
• ltDATA-GROUPgt
• ltDATA refpatient.idgt101lt/DATAgt
• ltDATA ref"patient.name"gtJane Doelt/DATAgt
• lt/DATA-GROUPgt
• lt/ENTITYgt
• ltACCESSgtltident/gtlt/ACCESSgt
• ltDISPUTES-GROUPgt
• ltDISPUTES resolution-type"independent
  servicehttp//www.priv.orggt
• ltREMEDIESgtltcorrect/gtlt/REMEDIESgt
• lt/DISPUTESgt
• lt/DISPUTES-GROUPgt
• ltSTATEMENTgt
• ltPURPOSEgtltadmin/gtltresearch/gtlt/PURPOSEgt
• ltRECIPIENTgt
• ltother-recipientgtHarvard Pilgrimlt/other-recipi
  entgt
• ltother-recipientgtBCBS MAlt/other-recipientgt