PRIVACY INNOVATION IN CANADIAN LAW, TECHNOLOGY, AND CORPORATE CULTURE I invite you and other privacy leaders to join me in co-authoring a privacy-affirmative position paper, the Privacy Accord. This statement will propose new relationships between government, technology entrepreneurs, and corporate and business leaders to strengthen and enhance privacy in Canada and around the world. WHY…
We received great feedback on our recently about hacking on LinkedIn . LinkedIn, as a business social network, offers a forum for members to post and view live resumes. It promises opportunities to connect with potential employers, employees, business partners, and clients. On a more psychological level, it appeals to the desire to “see and be seen” – to showcase…
This is an event announcement. Register Here On January 28, 2016, Canada, along with many countries, will celebrate Data Privacy Day. Recognized by privacy professionals, corporations, government officials, academics and students around the world, Data Privacy Day highlights the impact that technology is having on our privacy rights and underlines the importance of valuing and protecting personal…
In this series of posts, we review recommendations for workplace cyber security published by the Communications Security Establishment Canada. Today, we offer commentary on CSEC’s Top 10 recommendations for strengthening cyber security. The Communications Security Establishment Canada’s (CSEC) Top 10 IT Security Actions bulletin offers ten recommendations that promise to eliminate the vast majority of cyber threats…
With the increasing popularity of agile IT, privacy officers responsible for assessing new software programs are finding it difficult to keep track of changes and ensure that proper checks are in place. We propose an agile approach to privacy assessment that can reduce confusion, increase compliance, and improve relationships between privacy and IT. Privacy Impact…
Has encryption protect google and yahoo against NSA snooping, simply not. Was the NSA protected against data extract by an ‘authorized’ user who threatened the nations security? not really. Hence we say that best encryption ceases to work upon the first authorized access. wael
Identity and Access Management (IAM) has two seemingly opposed purposes: to enable user access to information, and to block user access to restricted information. In fact, strong security and user-friendly access are by no means mutually exclusive: a mature IAM solution provides both. Read a summary of my IAM Maturity Model.
Governance Analysis is a logic-based, computer assisted framework for validating legal compliance of enterprise governance models. This framework is intended to help check whether governance systems are consistent with the law. My approach to Governance Analysis includes legal and enterprise models, a governance analysis method (GAM), a governance analysis language (GAL), and an implemented governance…
Recently I have been working on a formal framework for evaluating the maturity of de-identification services within an organization. The framework gauges the level of an organization’s readiness and experience with respect to de-identification, in terms of people, processes, technologies and consistent measurement practices. The De-Identification Maturity Model (DMM) is used as a measurement tool…
We have developed an enterprise reference model used to conceptualize enterprise elements. The model suggests three planes: Subject and role-grouping plane: In this plane, the subjects are grouped into roles. Roles reflect subject access rights into the processes and activities of the middle plane. Process and activity plane: Here, processes are organized in a hierarchy…