Safeguarding Sensitive Personal Information in the Digital Age

Privacy Dror Feitelson Hebrew University

Sensitive Personal Information Identity ID number, birth date, address, phone Financial Bank account, credit card transactions, insurance Work related Confidential documents, evaluations of personnel, complaints Embarrassing Nude photos

Sharing Personal Information Improved buying experience if we just Share location advice on local businesses Share buying history relevant advertisements Share account info one-click buying New social connections if we just Share pictures Share interests and preferences A bright new world if we just Share everything AI will take care of us

Are you concerned about any of this?

Leaks and Exploitation You enter information about your family tree into geni.com You want to connect to unknown relatives You expose your mother s maiden name and your birthdays You upload pictures of your family to facebook You want to share You expose your pet s name The exposed info can be used in faked profiles and to answer security questions

Leaks and Exploitation A vacation booking company maintains a log of all activity Put it on the web to enable company wide access All data accessible via port 9200 Governmental legal database requires authorization for viewing record details But data is loaded anyway, just not shown Can be seen using view source Exposed personal info plus theft of credit card and maybe options for blackmail

The Main Issue: How to maintain privacy of sensitive personal information While benefitting from using and sharing information

Multiple Dimensions Technical Access controls and security Social What is accepted What is expected Legal Who owns the data about you? The default: opt-in or opt-out Somebody could be making tons of money from this

FIPPs Fair Information Practice Principles Guidelines developed since the 1970s Provide basic vocabulary and concepts used in many current frameworks around the world 5-10 principles in difference formulations

FIPPs 1. People should be given notice of data being collected from them Who is collecting the data What data is being collected What it is being collected for Who will have access to the data

FIPPs 2. People should give consent for data collection Including additional uses of the data Consent is subject to the default policy: opt in explicit consent required opt out default is that collection is performed; users must explicitly decline permissions to prevent this Only the minimal data required will be collected

FIPPs 3. People should be given access to the data collected about them View the data Verify correctness of the data Correct errors in the data

FIPPs 4. The collected data should be secured using reasonable means to prevent unauthorized access and use And data will not be handed over to others 5. The rules should be regulated and enforced, and those responsible held accountable

GDPR European Union General Data Privacy Regulation Went into effect on 25.5.2018 Binding for all companies operating in Europe Including foreign international companies Also covers export of data outside Europe Similar to TIPPs + more Default is that data is strictly protected

GDPR 1. Data collection must have a lawful basis Subjects must be informed 2. Explicit informed consent must be given Opt out is not allowed Consent can be withdrawn at any time 3. Data must be protected and those responsible held accountable 4. Default setting provides high protection 5. Subjects have right of access 6. Subjects have right to erasure 7. Data breaches must be reported within 72 hours

Privacy and Your Work Coding guidelines for preserving privacy e.g. limit access rate to prevent brute-force attacks Monitoring activity to identify suspicious traffic Awareness of legal requirements Not making stupid mistakes that lead to inadvertent data leaks