• Home

  • Documents

  • Big Data and the Privacy Implications€¦ · Big Data and Government •but we worry about uses of...
12
Information and Privacy Commissioner of Ontario | www.ipc.on.ca Big Data and the Privacy Implications David Goodis Assistant Commissioner Information and Privacy Commissioner of Ontario February 7, 2018 Ontario Bar Association’s Institute: Privacy and Access Law

Big Data and the Privacy Implications€¦ · Big Data and Government •but we worry about uses of PI that are unexpected invasive inaccurate discriminatory •goes against expectation

  • Upload
    others

  • View
    2

  • Download
    0

Embed Size (px)

Citation preview

Page 1: Big Data and the Privacy Implications€¦ · Big Data and Government •but we worry about uses of PI that are unexpected invasive inaccurate discriminatory •goes against expectation

Information and Privacy Commissioner of Ontario | www.ipc.on.caInformation and Privacy Commissioner of Ontario | www.ipc.on.ca

Big Data and the Privacy Implications

David Goodis

Assistant CommissionerInformation and Privacy Commissioner

of Ontario

February 7, 2018

Ontario Bar Association’s Institute: Privacy and Access Law

Page 2: Big Data and the Privacy Implications€¦ · Big Data and Government •but we worry about uses of PI that are unexpected invasive inaccurate discriminatory •goes against expectation

Information and Privacy Commissioner of Ontario | www.ipc.on.caInformation and Privacy Commissioner of Ontario | www.ipc.on.caInformation and Privacy Commissioner of Ontario | www.ipc.on.caInformation and Privacy Commissioner of Ontario | www.ipc.on.ca

Who is the Information and Privacy Commissioner?

• Brian Beamish appointed by Ontario Legislature (March 2015)

• 5 year term• reports to Legislature, not

government or minister• ensures independence as

government “watchdog”

Page 3: Big Data and the Privacy Implications€¦ · Big Data and Government •but we worry about uses of PI that are unexpected invasive inaccurate discriminatory •goes against expectation

Information and Privacy Commissioner of Ontario | www.ipc.on.caInformation and Privacy Commissioner of Ontario | www.ipc.on.caInformation and Privacy Commissioner of Ontario | www.ipc.on.caInformation and Privacy Commissioner of Ontario | www.ipc.on.ca

Ontario’s Legislative FrameworkPublic Sector Health Sector Private Sector

Governmente.g. ministries, agencies, hospitals, universities, cities,police, schools, hydro

Freedom of Information and Protection of Privacy Act (FIPPA)Municipal Freedom of Information and Protection of Privacy Act (MFIPPA)

Individuals, organizations delivering health care e.g. hospitals, pharmacies, labs, doctors, dentists, nurses

Personal Health Information Protection Act (PHIPA)

Private sector businesses engaged in commercial activities

Personal Information Protection and Electronic Documents Act (PIPEDA)

IPC/O oversight IPC/O oversight Privacy Commissioner of Canada oversight

Page 4: Big Data and the Privacy Implications€¦ · Big Data and Government •but we worry about uses of PI that are unexpected invasive inaccurate discriminatory •goes against expectation

Information and Privacy Commissioner of Ontario | www.ipc.on.caInformation and Privacy Commissioner of Ontario | www.ipc.on.caInformation and Privacy Commissioner of Ontario | www.ipc.on.caInformation and Privacy Commissioner of Ontario | www.ipc.on.ca

Big Data and Government

• governments want to share, link, analyze data across agencies to obtain new insights, to support policy development system planning resource allocation performance monitoring

• sometimes called data integration• benefits may be compelling higher quality evidence better public policy better use of money fraud detection

Page 5: Big Data and the Privacy Implications€¦ · Big Data and Government •but we worry about uses of PI that are unexpected invasive inaccurate discriminatory •goes against expectation

Information and Privacy Commissioner of Ontario | www.ipc.on.caInformation and Privacy Commissioner of Ontario | www.ipc.on.caInformation and Privacy Commissioner of Ontario | www.ipc.on.caInformation and Privacy Commissioner of Ontario | www.ipc.on.ca

Big Data and Government

• but we worry about uses of PI that areunexpected invasive inaccuratediscriminatory

• goes against expectation that governments collect PI directlyfrom us, don’t share with other agencies

• unfortunately, ON government has approached big data in piecemeal fashionnew Child, Youth, Family Services Act, 2017

Page 6: Big Data and the Privacy Implications€¦ · Big Data and Government •but we worry about uses of PI that are unexpected invasive inaccurate discriminatory •goes against expectation

Information and Privacy Commissioner of Ontario | www.ipc.on.caInformation and Privacy Commissioner of Ontario | www.ipc.on.caInformation and Privacy Commissioner of Ontario | www.ipc.on.caInformation and Privacy Commissioner of Ontario | www.ipc.on.ca

We Need Legislative Reform!

• current law (FIPPA) treats government institutions as silos; indirect collection, sharing/linking across government not envisioned

• need single dedicated unit in Ontario to collect PI across government link records securely de-identifymake de-identified data available to public bodies

• this is PHIPA approach [s. 55.9]

• avoids replicating databases, profiles of sensitive PI across government

Page 7: Big Data and the Privacy Implications€¦ · Big Data and Government •but we worry about uses of PI that are unexpected invasive inaccurate discriminatory •goes against expectation

Information and Privacy Commissioner of Ontario | www.ipc.on.caInformation and Privacy Commissioner of Ontario | www.ipc.on.caInformation and Privacy Commissioner of Ontario | www.ipc.on.caInformation and Privacy Commissioner of Ontario | www.ipc.on.ca

We Need Legislative Reform!

• key features of centralized modelethical review at outset [independent?] transparency [is public ok with purpose, methodology,

algorithm?]oversight by independent regulator [IPC; order-making, audit,

inspection powers]• IPC now in discussions with Ontario government about

legislative reform

Page 8: Big Data and the Privacy Implications€¦ · Big Data and Government •but we worry about uses of PI that are unexpected invasive inaccurate discriminatory •goes against expectation

Information and Privacy Commissioner of Ontario | www.ipc.on.caInformation and Privacy Commissioner of Ontario | www.ipc.on.ca

Big Data Guidance

• key issues, best practices when conducting big data projects involving PI

• considerations at each stage: collection integration analysis profiling

Page 9: Big Data and the Privacy Implications€¦ · Big Data and Government •but we worry about uses of PI that are unexpected invasive inaccurate discriminatory •goes against expectation

Information and Privacy Commissioner of Ontario | www.ipc.on.caInformation and Privacy Commissioner of Ontario | www.ipc.on.ca

De-identification• risk-based, step-by-step

process to assist organizations to de-identify

• key issues when publishing• release models • types of identifiers • re-identification attacks

• IPC wins global privacy award for excellence in research [International Conference of Data Protection and Privacy Commissioners, Hong Kong 2017]

Page 10: Big Data and the Privacy Implications€¦ · Big Data and Government •but we worry about uses of PI that are unexpected invasive inaccurate discriminatory •goes against expectation

Information and Privacy Commissioner of Ontario | www.ipc.on.caInformation and Privacy Commissioner of Ontario | www.ipc.on.ca

• tools to identify privacy impacts and risk mitigation strategies

• step-by-step advice on how to conduct a PIA

• not required by legislation, but considered privacy best practice

Planning for Success: Privacy Impact Assessment Guide

Page 11: Big Data and the Privacy Implications€¦ · Big Data and Government •but we worry about uses of PI that are unexpected invasive inaccurate discriminatory •goes against expectation

Information and Privacy Commissioner of Ontario | www.ipc.on.caInformation and Privacy Commissioner of Ontario | www.ipc.on.ca

Questions?

Page 12: Big Data and the Privacy Implications€¦ · Big Data and Government •but we worry about uses of PI that are unexpected invasive inaccurate discriminatory •goes against expectation

Information and Privacy Commissioner of Ontario | www.ipc.on.caInformation and Privacy Commissioner of Ontario | www.ipc.on.ca

HOW TO CONTACT US

2 Bloor Street East, Suite 1400

Toronto, Ontario, Canada M4W 1A8

Phone: (416) 326-3333 / 1-800-387-0073

TDD/TTY: 416-325-7539

Web: www.ipc.on.ca

E-mail: [email protected]

Media: [email protected] / 416-326-3965

Information and Privacy Commissioner of Ontario


E. recognition, on a non discriminatory basis,

E. recognition, on a non discriminatory basis,

Documents
Discriminatory Intent Reconsidered: Folk Concepts of

Discriminatory Intent Reconsidered: Folk Concepts of

Documents
Analysis of unilateral discriminatory liberalization

Analysis of unilateral discriminatory liberalization

Documents
Consumers' Perceptions of Discriminatory Treatment …€¦ · Consumers’ Perceptions of Discriminatory Treatment and Credit Availability, and Access to Consumer Credit Markets

Consumers' Perceptions of Discriminatory Treatment …€¦ · Consumers’ Perceptions of Discriminatory Treatment and Credit Availability, and Access to Consumer Credit Markets

Documents
Effects of Inaccurate Drilling

Effects of Inaccurate Drilling

Documents
Using Inaccurate Models in Reinforcement Learning

Using Inaccurate Models in Reinforcement Learning

Documents
Laws in India With Discriminatory Provisions

Laws in India With Discriminatory Provisions

Documents
MLMC for inaccurate SDE calculations

MLMC for inaccurate SDE calculations

Documents
Discriminatory Access to Loans, Credit

Discriminatory Access to Loans, Credit

Documents
Cy Pres and the Discriminatory Trust

Cy Pres and the Discriminatory Trust

Documents
Non-Discriminatory Interviews at UCF

Non-Discriminatory Interviews at UCF

Documents
Accent, Standard Language Ideology, and Discriminatory

Accent, Standard Language Ideology, and Discriminatory

Documents
High School Diploma Discriminatory

High School Diploma Discriminatory

Business
Criminal Law - Discriminatory Use of Peremptory Challenges

Criminal Law - Discriminatory Use of Peremptory Challenges

Documents
NON-DISCRIMINATORY FREQUENTLY ASKED LAWS QUESTIONS

NON-DISCRIMINATORY FREQUENTLY ASKED LAWS QUESTIONS

Documents
Big Data and Technology’s Impact on Market Research...Big data realities Location data still quite inaccurate Numbers of people we have passive data about (eg geolocation) are still

Big Data and Technology’s Impact on Market Research...Big data realities Location data still quite inaccurate Numbers of people we have passive data about (eg geolocation) are still

Documents
Inaccurate assessment of temperature impacts

Inaccurate assessment of temperature impacts

Documents
Political Connections, Discriminatory Credit Constraint ... · Munich Personal RePEc Archive Political Connections, Discriminatory Credit Constraint and Business Cycle Peng, Yuchao

Political Connections, Discriminatory Credit Constraint ... · Munich Personal RePEc Archive Political Connections, Discriminatory Credit Constraint and Business Cycle Peng, Yuchao

Documents
New Discriminatory Laws and Bills in Israel

New Discriminatory Laws and Bills in Israel

Documents
Analysis Disproportionate and discriminatory: the European

Analysis Disproportionate and discriminatory: the European

Documents
Failure to Accommodate, Discriminatory Intent, and the

Failure to Accommodate, Discriminatory Intent, and the

Documents
Is Multiculturalism Discriminatory?203 1 3 Is Multiculturalism Discriminatory? Toavoidconfusion,itbearsemphasisthatstatepoliciesonlyqualifyasmulticul

Is Multiculturalism Discriminatory?203 1 3 Is Multiculturalism Discriminatory? Toavoidconfusion,itbearsemphasisthatstatepoliciesonlyqualifyasmulticul

Documents
Optimal Bidding in Multi-Unit Discriminatory Auctions: Two ...fm · Optimal Bidding in Multi-Unit Discriminatory Auctions: Two Bidders ... Optimal Bidding in Multi-Unit Discriminatory

Optimal Bidding in Multi-Unit Discriminatory Auctions: Two ...fm · Optimal Bidding in Multi-Unit Discriminatory Auctions: Two Bidders ... Optimal Bidding in Multi-Unit Discriminatory

Documents
DISCRIMINATORY CITIZENSHIP LEGISLATION AND MIGRATION: …

DISCRIMINATORY CITIZENSHIP LEGISLATION AND MIGRATION: …

Documents
Discriminatory Religious Schools and Tax Exempt Status

Discriminatory Religious Schools and Tax Exempt Status

Documents
Reconsidering the Discriminatory Motive Requirement in

Reconsidering the Discriminatory Motive Requirement in

Documents
Big Data Proceedings - School of Nursing€¦ · of nursing knowledge in big data. As a result, health care data remains incomplete, and incomplete data can lead to inaccurate research

Big Data Proceedings - School of Nursing€¦ · of nursing knowledge in big data. As a result, health care data remains incomplete, and incomplete data can lead to inaccurate research

Documents
Selling “Performance” Assessments with Inaccurate Pictures · PDF fileSelling ‘Performance’ Assessments with Inaccurate Pictures ... to solve applied problems, and writing

Selling “Performance” Assessments with Inaccurate Pictures · PDF fileSelling ‘Performance’ Assessments with Inaccurate Pictures ... to solve applied problems, and writing

Documents
Accounting Automation Solutions. Is Bookkeeping Stressful and Costly? Inaccurate Data Low Productivity Inaccurate Data Low Productivity Storage Cost Resource

Accounting Automation Solutions. Is Bookkeeping Stressful and Costly? Inaccurate Data Low Productivity Inaccurate Data Low Productivity Storage Cost Resource

Documents
Monitoring offensive and discriminatory signs in European

Monitoring offensive and discriminatory signs in European

Documents