SlideShare une entreprise Scribd logo

User-Centric Privacy of Identity: A Practitioner's Approach to Strategic Privacy

CloudIDSummit
CloudIDSummit

Enterprises increasingly require higher level of assurance credentials for authentication. How do enterprises inspire trust for users? How do they impart that identity management solutions value and uphold privacy best-practices and regulations? Jenn will highlight how the application of a user-experience discipline intersects both legal and trust issues surrounding cloud-based applications. Discussion will underscore legal advantages of user-centric identity management as an authentication compliance strategy. The industry goal of improving trust of a solution by focusing on user control will also be linked to consumer and relying party adoption as a market-differentiating privacy risk mitigation strategy.

Technologie
1  sur  21
Télécharger pour lire hors ligne
User-centric Privacy of Identity Jenn Behrens, MSW, PhD CIPM CIPP/US, CHPSE Contributors: Tim Reiniger, Director of Digital Services Group, FutureLaw Darren Kall, Kall Consulting
Abstract Enterprises increasingly require higher level of assurance credentials for authentication. How do enterprises inspire trust for users? How do they impart that identity management solutions value and uphold privacy best-practices and regulations? Jenn will highlight how the application of a user- experience discipline intersects both legal and trust issues surrounding cloud-based applications. Discussion will underscore legal advantages of user- centric identity management as an authentication compliance strategy. The industry goal of improving trust of a solution by focusing on user control will also be linked to consumer and relying party adoption as a market-differentiating privacy risk mitigation strategy.
Agenda ›  Abstract ›  Background ›  Strategic privacy ›  How to start? ›  UX & UC ›  Privacy toolbox ›  Making the link ›  Legal Implications/Advantages
Background LDSS/VDSS experiences • Working with vulnerable but savvy populations • Providing all sorts of PII to all sorts of people • Dependent upon a trust relationship IRB (Institutional Review Board) • Ethics training (academic/professional) in collecting and handling of human data • “ensure(s) that human research involving VDSS clients does not violate a client’s right to privacy and protects them from harm or risk. The board reviews research proposals and data requests to determine how federal and state human research subject regulations apply to proposed research activities” ww.dss.virginia.gov/about/irb.cgi) NSTIC (National Strategy for Trusted Identities in Cyberspace) • CSDII (Cross-Sector Digital Identity Initiative) • PEM • IDESG Privacy Coordination Committee • CIPP/US, CIPM, CHPSE
Strategic Privacy? ›  Holistic approach ›  Get out of the silo and compliance tunnel ›  Incorporate multiple disciplines into privacy, including security measures and user-experience methodology ›  Consider cross-sector/industry standards and innovations ›  Don’t overcomplicate matters ›  Tell the truth (don’t lie) ›  Meet the business needs ›  Comply with regulations ›  Leave the control of the information to the rightful owner ›  Think like a user
What’s the problem? ›  Historical context: Businesses are realizing the breadth of scope of privacy relevancy to industry collection, handling and disposal of personal information. ›  Current landscape: combination of increasing investigative efforts, administrative promulgations, and the public’s heightening sense of awareness and expectancy of certain privacy controls, businesses are evolving their ad hoc approach to a more advanced and robust privacy protocol. ›  Need: Organizations starting to recognize need for comprehensive privacy programs and integrated privacy and security policies and practices. There is a maturing of policies into strategic approaches to applying privacy principles through a graduated series of steps ranging from remediation to compliance to commitment. What does this look like?
Proposed Solution: ›  Let’s start a discourse around strategic application of particular practices industry and agencies may employ to earn, retain and resolve the public’s trust issues ›  Focus on the maturation of a consent process to a strategy of user-authorization as incorporated by Cloud services ›  Interweaves user-centric design as key to a sound authorization practice ›  Identifies legal consideration and implications
So how do I start? ›  Remember the goal – have people want to use your service or product which means keep them coming back which means earning their trust – these days that means being up front and fair about privacy policies and practices ›  How do I do that? ›  Let’s explore a some of the common privacy practices interwoven with UX methodology and see where that gets us…
User What? ›  User Experience (UX) is a data-driven strategy to making interactive products that meet the needs of the people who use them. It results in greater user adoption and use, increased revenues, reduced costs, and if applied early and consistently in the end-to-end product development cycle it results in shorter time to market. ›  User-Centric Design (UCD) is the operational and tactical approach to implementing a UX strategy. UCD has dozens of techniques, best-practices, and principles that can be applied to the concept-development, user research, product design, and evaluation of existing products and products under development.
UX Principles for Identity Management Products ›  Truth – Don’t lie to users! ›  Who – Let users know who they are interacting with at any given moment ›  Visible – Make as much of the interaction as possible visible to the user ›  Predictable – Ensure that the interactions are predictable to users ›  Trustworthy – Design interactions with product/company to support trust ›  Valuable – Give users a reason to believe sufficiently enough to adopt and use the product ecosystem ›  Efficient Data Requests – Design systems to request information from users once ›  Language – Use the user’s language, not techno-lingo or legal- ease or privacy-geek-babble ›  Remedy – Fix the product, not the user ›  Perspective – Remember: the user’s goal is not your goal
Privacy Toolbox ›  Practitioners of any discipline know that there are particular tools that are better suited for certain works than others to accomplish specific jobs ›  Several well-vetted privacy risk mitigation tools used by businesses and government agencies today. ›  Transparency ›  Authority ›  Auditing & Security ›  Consent (the old stand-by!)
Consent – Get out of jail free card? ›  Consent is “permission, approval, or agreement; compliance; acquiescence.” (www.dictionary.com; noun; #3) ›  Privacy risks are thought to be mitigated or lessened when consent is invoked in identity management solution. ›  What is consent supposed to do for users of Cloud systems? ›  Usually invoked once at the front page or first visit ›  Usually a compound action ›  Mostly all or nothing, with absolute consequences ›  Complicated with legal-ease ›  Related to the user’s interaction with the website or service, but not the activity of the data or information between organizations ›  So, with that, does consent really meet the privacy principles of transparency, individual participation or individual control? ›  Contemporary research into what consent accomplishes point to the need to provide opportunity for authorization for transactions in addition to the consent process.
Authorization is different than consent? ›  Authorization is the more granular process of granting or denying specific requests for access to resources. (IDESG Core Operations). ›  Why is this differentiation between consent and authorization important? ›  How does the incorporation of authorization into the consent process realize strategic privacy risk mitigation? ›  How does this increase user trust and satisfy legal implications of digital identity?
Authorization as a privacy tool? ›  Achieve transparency, adequate notice, individual participation and individual control ›  Mitigated risks ›  breach of trust distortion ›  exclusion ›  induced disclosure ›  loss of liberty ›  power imbalance
Interweaving UCD and Privacy - where are we now? Adoption UCD Authorization
How does a trusting user satisfy my company’s legal risk?
Legal Considerations ›  Enabling each identity owner to excise control over the use and usage of her identity reflects and establishes minimum criteria for issuing, validating, and securing interoperable digital identities. ›  This ensures that communications, digital identities, and records are reliable and resistant to fraud and manipulation ›  Legal controls considered include ›  Reliable identities ›  Independently verified digital signatures and records ›  Authoritative Source Record
Legal Advantages ›  Enables compliance with LoA3 credential assurance level requirements ›  Enables user-centric control of digital identity ›  Enables custodians of records in the cloud to fulfill legal control obligations ›  Enables compliance with signing requirements
Legal Advantages to User- Centric Identity Management ›  The strategic management of digital identity and privacy risk in the networked Cloud environment must be based on evidentiary requirements for and user- controlled methods of identification and authentication. ›  For a digital identity to be deemed legally interoperable over time ›  Must be standards-based ›  Capable of enabling strong two-factor authentication for access ›  Capable of logging of all uses ›  Capable to detecting alterations ›  Ensures relying party compliance with applicable confidentiality and evidentiary requirements ›  Network economics depend on clear legal rights in the form of access and use rights to systems and records. ›  Interoperable digital identity give users the capability of exerting legal control to prevent unauthorized collection, use, and dissemination of personal information in the acts of identification (i.e. linking a specific person to data) and authentication (proving that the person is who she claims to be) and for detecting content-level changes to records stored in the Cloud.
User-Centric Privacy of Identity ›  A practitioner’s approach to strategic privacy
Contributors ›  Jenn Behrens specializes in privacy, governance, and identity management solutions. She was the Commonwealth of Virginia’s "Data Maven" for her expertise in information management for departments of social services. Jennifer was recently the Director of Privacy and Compliance with ID.me; she currently leads privacy compliance for multiple NSTIC pilots, and is the IDESG Privacy Coordination Committee Chair. She may be reached at jenniferbehrens1977@yahoo.com. ›  Tim Reiniger is an attorney currently serving as Special Advisor on Digital Identity for the Commonwealth of Virginia. As Director of the Digital Services Group of FutureLaw, LLC, in Richmond, Virginia, he specializes in digital identity strategy and policy development and information assurance protocols. He is a member of the ABA’s E-Discovery and Digital Evidence Committee and is licensed to practice in California, New Hampshire, and the District of Columbia. He can be reached at treiniger@futurelaw.net. ›  Darren Kall manages SecurityUX, a division of KALL Consulting, which works with technology and technology-enabled companies. SecurityUX designs or improves the user experience of security, privacy, and identity management in products or enterprise implementations. By making products more usable and more secure for all types of users, user-centric design increases user adoption, productivity, and corporate revenues. To discuss your products, Darren can be reached at darrenkall@kallconsulting.com  or darrenkall@secux.com.

Recommandé

Cutting To The Chase: Cloud From A Customers Perspective
Cutting To The Chase: Cloud From A Customers PerspectiveCutting To The Chase: Cloud From A Customers Perspective
Cutting To The Chase: Cloud From A Customers PerspectiveJanine Anthony Bowen, Esq.
 
Making Executives Accountable for IT Security
Making Executives Accountable for IT SecurityMaking Executives Accountable for IT Security
Making Executives Accountable for IT SecuritySeccuris Inc.
 
Cyber Resilience - Welcoming New Normal - Eryk
Cyber Resilience - Welcoming New Normal - ErykCyber Resilience - Welcoming New Normal - Eryk
Cyber Resilience - Welcoming New Normal - ErykEryk Budi Pratama
 
CyberSecurity in a World of Connected Devices: IoT Security
CyberSecurity in a World of Connected Devices: IoT SecurityCyberSecurity in a World of Connected Devices: IoT Security
CyberSecurity in a World of Connected Devices: IoT SecurityHaluk Demirkan
 
COBIT 2019 - DIGITAL TRUST FRAMEWORK
COBIT 2019 - DIGITAL TRUST FRAMEWORKCOBIT 2019 - DIGITAL TRUST FRAMEWORK
COBIT 2019 - DIGITAL TRUST FRAMEWORKMaganathin Veeraragaloo
 
The Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarThe Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarEryk Budi Pratama
 
What about having Information Governance (ECM, EIM, IM)
What about having Information Governance (ECM, EIM, IM)What about having Information Governance (ECM, EIM, IM)
What about having Information Governance (ECM, EIM, IM)Perrein Jean-Pascal
 
Information and Identity Protection - Data Loss Prevention, Encryption, User ...
Information and Identity Protection - Data Loss Prevention, Encryption, User ...Information and Identity Protection - Data Loss Prevention, Encryption, User ...
Information and Identity Protection - Data Loss Prevention, Encryption, User ...Symantec APJ
 

Recommandé

Cutting To The Chase: Cloud From A Customers Perspective
Cutting To The Chase: Cloud From A Customers PerspectiveCutting To The Chase: Cloud From A Customers Perspective
Cutting To The Chase: Cloud From A Customers PerspectiveJanine Anthony Bowen, Esq.
 
Making Executives Accountable for IT Security
Making Executives Accountable for IT SecurityMaking Executives Accountable for IT Security
Making Executives Accountable for IT SecuritySeccuris Inc.
 
Cyber Resilience - Welcoming New Normal - Eryk
Cyber Resilience - Welcoming New Normal - ErykCyber Resilience - Welcoming New Normal - Eryk
Cyber Resilience - Welcoming New Normal - ErykEryk Budi Pratama
 
CyberSecurity in a World of Connected Devices: IoT Security
CyberSecurity in a World of Connected Devices: IoT SecurityCyberSecurity in a World of Connected Devices: IoT Security
CyberSecurity in a World of Connected Devices: IoT SecurityHaluk Demirkan
 
COBIT 2019 - DIGITAL TRUST FRAMEWORK
COBIT 2019 - DIGITAL TRUST FRAMEWORKCOBIT 2019 - DIGITAL TRUST FRAMEWORK
COBIT 2019 - DIGITAL TRUST FRAMEWORKMaganathin Veeraragaloo
 
The Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarThe Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarEryk Budi Pratama
 
What about having Information Governance (ECM, EIM, IM)
What about having Information Governance (ECM, EIM, IM)What about having Information Governance (ECM, EIM, IM)
What about having Information Governance (ECM, EIM, IM)Perrein Jean-Pascal
 
Information and Identity Protection - Data Loss Prevention, Encryption, User ...
Information and Identity Protection - Data Loss Prevention, Encryption, User ...Information and Identity Protection - Data Loss Prevention, Encryption, User ...
Information and Identity Protection - Data Loss Prevention, Encryption, User ...Symantec APJ
 
BYOD: Advice for Employers and Employees
BYOD: Advice for Employers and EmployeesBYOD: Advice for Employers and Employees
BYOD: Advice for Employers and EmployeesCassie McGarvey, JD
 
Effective IT Security Governance
Effective IT Security GovernanceEffective IT Security Governance
Effective IT Security GovernanceLeo de Sousa
 
The CISO’s Guide to Data Loss Prevention
The CISO’s Guide to Data Loss PreventionThe CISO’s Guide to Data Loss Prevention
The CISO’s Guide to Data Loss PreventionDigital Guardian
 
Mapping Application Security to Business Value - Redspin Information Security
Mapping Application Security to Business Value - Redspin Information SecurityMapping Application Security to Business Value - Redspin Information Security
Mapping Application Security to Business Value - Redspin Information SecurityRedspin, Inc.
 
"NSTIC Pilots on the trust network" Webinar Slides 10-12-2012
"NSTIC Pilots on the trust network" Webinar Slides 10-12-2012"NSTIC Pilots on the trust network" Webinar Slides 10-12-2012
"NSTIC Pilots on the trust network" Webinar Slides 10-12-2012Collaborative Health Consortium
 
Business Objects Security
Business Objects SecurityBusiness Objects Security
Business Objects SecuritySebastien Goiffon
 
Opteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix LLC
 
Assessing the Business Value of SDN Datacenter Security Solutions
Assessing the Business Value of SDN Datacenter Security SolutionsAssessing the Business Value of SDN Datacenter Security Solutions
Assessing the Business Value of SDN Datacenter Security Solutionsxband
 
Introduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber ResilienceIntroduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber ResilienceChristian F. Nissen
 
Vertex_Why_Software_Non_Negotiable_WP
Vertex_Why_Software_Non_Negotiable_WPVertex_Why_Software_Non_Negotiable_WP
Vertex_Why_Software_Non_Negotiable_WPLuke Arrington
 
Top 10 IT Security Issues 2011
Top 10 IT Security Issues 2011Top 10 IT Security Issues 2011
Top 10 IT Security Issues 2011Redspin, Inc.
 
DLP Executive Overview
DLP Executive OverviewDLP Executive Overview
DLP Executive OverviewKim Jensen
 
Mergers & Acquisitions security - (ISC)2 Secure Summit DACH
Mergers & Acquisitions security - (ISC)2 Secure Summit DACHMergers & Acquisitions security - (ISC)2 Secure Summit DACH
Mergers & Acquisitions security - (ISC)2 Secure Summit DACHEQS Group
 
Improving Performance, Efficiency and Information Governance Control of Share...
Improving Performance, Efficiency and Information Governance Control of Share...Improving Performance, Efficiency and Information Governance Control of Share...
Improving Performance, Efficiency and Information Governance Control of Share...Bishop Technologies
 
Security and Privacy in SharePoint 2010: Healthcare
Security and Privacy in SharePoint 2010: HealthcareSecurity and Privacy in SharePoint 2010: Healthcare
Security and Privacy in SharePoint 2010: HealthcareMarie-Michelle Strah, PhD
 
M&A security - E-crime Congress 2017
M&A security - E-crime Congress 2017M&A security - E-crime Congress 2017
M&A security - E-crime Congress 2017EQS Group
 
CSX Megatrends Cloud Risk Assurance Oct 15 FINAL
CSX Megatrends Cloud Risk Assurance Oct 15 FINALCSX Megatrends Cloud Risk Assurance Oct 15 FINAL
CSX Megatrends Cloud Risk Assurance Oct 15 FINALSatchit Dokras
 
Streamlining Identity and Access Management through Unified Identity and Acce...
Streamlining Identity and Access Management through Unified Identity and Acce...Streamlining Identity and Access Management through Unified Identity and Acce...
Streamlining Identity and Access Management through Unified Identity and Acce...happiestmindstech
 
IT Security & Governance Template
IT Security & Governance TemplateIT Security & Governance Template
IT Security & Governance TemplateFlevy.com Best Practices
 
Michael Josephs
Michael JosephsMichael Josephs
Michael JosephsdaveGBE
 
User-Managed Access: Why and How? - Access Control in Digital Contract Contexts
User-Managed Access: Why and How? - Access Control in Digital Contract ContextsUser-Managed Access: Why and How? - Access Control in Digital Contract Contexts
User-Managed Access: Why and How? - Access Control in Digital Contract ContextsForgeRock
 
Audit of related services p7
Audit of related services p7Audit of related services p7
Audit of related services p7Richard Clarke Academy
 

Contenu connexe

Tendances

BYOD: Advice for Employers and Employees
BYOD: Advice for Employers and EmployeesBYOD: Advice for Employers and Employees
BYOD: Advice for Employers and EmployeesCassie McGarvey, JD
 
Effective IT Security Governance
Effective IT Security GovernanceEffective IT Security Governance
Effective IT Security GovernanceLeo de Sousa
 
The CISO’s Guide to Data Loss Prevention
The CISO’s Guide to Data Loss PreventionThe CISO’s Guide to Data Loss Prevention
The CISO’s Guide to Data Loss PreventionDigital Guardian
 
Mapping Application Security to Business Value - Redspin Information Security
Mapping Application Security to Business Value - Redspin Information SecurityMapping Application Security to Business Value - Redspin Information Security
Mapping Application Security to Business Value - Redspin Information SecurityRedspin, Inc.
 
"NSTIC Pilots on the trust network" Webinar Slides 10-12-2012
"NSTIC Pilots on the trust network" Webinar Slides 10-12-2012"NSTIC Pilots on the trust network" Webinar Slides 10-12-2012
"NSTIC Pilots on the trust network" Webinar Slides 10-12-2012Collaborative Health Consortium
 
Opteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix LLC
 
Assessing the Business Value of SDN Datacenter Security Solutions
Assessing the Business Value of SDN Datacenter Security SolutionsAssessing the Business Value of SDN Datacenter Security Solutions
Assessing the Business Value of SDN Datacenter Security Solutionsxband
 
Introduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber ResilienceIntroduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber ResilienceChristian F. Nissen
 
Vertex_Why_Software_Non_Negotiable_WP
Vertex_Why_Software_Non_Negotiable_WPVertex_Why_Software_Non_Negotiable_WP
Vertex_Why_Software_Non_Negotiable_WPLuke Arrington
 
Top 10 IT Security Issues 2011
Top 10 IT Security Issues 2011Top 10 IT Security Issues 2011
Top 10 IT Security Issues 2011Redspin, Inc.
 
DLP Executive Overview
DLP Executive OverviewDLP Executive Overview
DLP Executive OverviewKim Jensen
 
Mergers & Acquisitions security - (ISC)2 Secure Summit DACH
Mergers & Acquisitions security - (ISC)2 Secure Summit DACHMergers & Acquisitions security - (ISC)2 Secure Summit DACH
Mergers & Acquisitions security - (ISC)2 Secure Summit DACHEQS Group
 
Improving Performance, Efficiency and Information Governance Control of Share...
Improving Performance, Efficiency and Information Governance Control of Share...Improving Performance, Efficiency and Information Governance Control of Share...
Improving Performance, Efficiency and Information Governance Control of Share...Bishop Technologies
 
Security and Privacy in SharePoint 2010: Healthcare
Security and Privacy in SharePoint 2010: HealthcareSecurity and Privacy in SharePoint 2010: Healthcare
Security and Privacy in SharePoint 2010: HealthcareMarie-Michelle Strah, PhD
 
M&A security - E-crime Congress 2017
M&A security - E-crime Congress 2017M&A security - E-crime Congress 2017
M&A security - E-crime Congress 2017EQS Group
 
CSX Megatrends Cloud Risk Assurance Oct 15 FINAL
CSX Megatrends Cloud Risk Assurance Oct 15 FINALCSX Megatrends Cloud Risk Assurance Oct 15 FINAL
CSX Megatrends Cloud Risk Assurance Oct 15 FINALSatchit Dokras
 
Streamlining Identity and Access Management through Unified Identity and Acce...
Streamlining Identity and Access Management through Unified Identity and Acce...Streamlining Identity and Access Management through Unified Identity and Acce...
Streamlining Identity and Access Management through Unified Identity and Acce...happiestmindstech
 
Michael Josephs
Michael JosephsMichael Josephs
Michael JosephsdaveGBE
 

Tendances (20)

BYOD: Advice for Employers and Employees
BYOD: Advice for Employers and EmployeesBYOD: Advice for Employers and Employees
BYOD: Advice for Employers and Employees
 
Effective IT Security Governance
Effective IT Security GovernanceEffective IT Security Governance
Effective IT Security Governance
 
The CISO’s Guide to Data Loss Prevention
The CISO’s Guide to Data Loss PreventionThe CISO’s Guide to Data Loss Prevention
The CISO’s Guide to Data Loss Prevention
 
Mapping Application Security to Business Value - Redspin Information Security
Mapping Application Security to Business Value - Redspin Information SecurityMapping Application Security to Business Value - Redspin Information Security
Mapping Application Security to Business Value - Redspin Information Security
 
"NSTIC Pilots on the trust network" Webinar Slides 10-12-2012
"NSTIC Pilots on the trust network" Webinar Slides 10-12-2012"NSTIC Pilots on the trust network" Webinar Slides 10-12-2012
"NSTIC Pilots on the trust network" Webinar Slides 10-12-2012
 
Business Objects Security
Business Objects SecurityBusiness Objects Security
Business Objects Security
 
Opteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdf
 
Assessing the Business Value of SDN Datacenter Security Solutions
Assessing the Business Value of SDN Datacenter Security SolutionsAssessing the Business Value of SDN Datacenter Security Solutions
Assessing the Business Value of SDN Datacenter Security Solutions
 
Introduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber ResilienceIntroduction to RESILIA and Cyber Resilience
Introduction to RESILIA and Cyber Resilience
 
Vertex_Why_Software_Non_Negotiable_WP
Vertex_Why_Software_Non_Negotiable_WPVertex_Why_Software_Non_Negotiable_WP
Vertex_Why_Software_Non_Negotiable_WP
 
Top 10 IT Security Issues 2011
Top 10 IT Security Issues 2011Top 10 IT Security Issues 2011
Top 10 IT Security Issues 2011
 
DLP Executive Overview
DLP Executive OverviewDLP Executive Overview
DLP Executive Overview
 
Mergers & Acquisitions security - (ISC)2 Secure Summit DACH
Mergers & Acquisitions security - (ISC)2 Secure Summit DACHMergers & Acquisitions security - (ISC)2 Secure Summit DACH
Mergers & Acquisitions security - (ISC)2 Secure Summit DACH
 
Improving Performance, Efficiency and Information Governance Control of Share...
Improving Performance, Efficiency and Information Governance Control of Share...Improving Performance, Efficiency and Information Governance Control of Share...
Improving Performance, Efficiency and Information Governance Control of Share...
 
Security and Privacy in SharePoint 2010: Healthcare
Security and Privacy in SharePoint 2010: HealthcareSecurity and Privacy in SharePoint 2010: Healthcare
Security and Privacy in SharePoint 2010: Healthcare
 
M&A security - E-crime Congress 2017
M&A security - E-crime Congress 2017M&A security - E-crime Congress 2017
M&A security - E-crime Congress 2017
 
CSX Megatrends Cloud Risk Assurance Oct 15 FINAL
CSX Megatrends Cloud Risk Assurance Oct 15 FINALCSX Megatrends Cloud Risk Assurance Oct 15 FINAL
CSX Megatrends Cloud Risk Assurance Oct 15 FINAL
 
Streamlining Identity and Access Management through Unified Identity and Acce...
Streamlining Identity and Access Management through Unified Identity and Acce...Streamlining Identity and Access Management through Unified Identity and Acce...
Streamlining Identity and Access Management through Unified Identity and Acce...
 
IT Security & Governance Template
IT Security & Governance TemplateIT Security & Governance Template
IT Security & Governance Template
 
Michael Josephs
Michael JosephsMichael Josephs
Michael Josephs
 

En vedette

User-Managed Access: Why and How? - Access Control in Digital Contract Contexts
User-Managed Access: Why and How? - Access Control in Digital Contract ContextsUser-Managed Access: Why and How? - Access Control in Digital Contract Contexts
User-Managed Access: Why and How? - Access Control in Digital Contract ContextsForgeRock
 
Adapting Levels of Assurance for NSTIC
Adapting Levels of Assurance for NSTICAdapting Levels of Assurance for NSTIC
Adapting Levels of Assurance for NSTICJim Fenton
 
OpenAM - Fast SSO
OpenAM - Fast SSOOpenAM - Fast SSO
OpenAM - Fast SSOYros
 
Fido u2 f in 10 minutes (cis 2015)
Fido u2 f in 10 minutes (cis 2015)Fido u2 f in 10 minutes (cis 2015)
Fido u2 f in 10 minutes (cis 2015)CloudIDSummit
 
CIS 2015 The Ethics of Personal Data - Robin Wilton
CIS 2015 The Ethics of Personal Data - Robin WiltonCIS 2015 The Ethics of Personal Data - Robin Wilton
CIS 2015 The Ethics of Personal Data - Robin WiltonCloudIDSummit
 
CIS 2015 Identity and Data Security : Breaking the Boundaries - Nathanael Cof...
CIS 2015 Identity and Data Security : Breaking the Boundaries - Nathanael Cof...CIS 2015 Identity and Data Security : Breaking the Boundaries - Nathanael Cof...
CIS 2015 Identity and Data Security : Breaking the Boundaries - Nathanael Cof...CloudIDSummit
 
CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man
CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'manCIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man
CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'manCloudIDSummit
 
CIS 2015 How to Maximize the Business Value of Identity and Preference Manage...
CIS 2015 How to Maximize the Business Value of Identity and Preference Manage...CIS 2015 How to Maximize the Business Value of Identity and Preference Manage...
CIS 2015 How to Maximize the Business Value of Identity and Preference Manage...CloudIDSummit
 
CIS 2015- The Last Mile - Delivering All the Solutions to All the Application...
CIS 2015- The Last Mile - Delivering All the Solutions to All the Application...CIS 2015- The Last Mile - Delivering All the Solutions to All the Application...
CIS 2015- The Last Mile - Delivering All the Solutions to All the Application...CloudIDSummit
 
CIS 2015- SSO for Mobile and Web Apps- Ashish Jain
CIS 2015- SSO for Mobile and Web Apps- Ashish JainCIS 2015- SSO for Mobile and Web Apps- Ashish Jain
CIS 2015- SSO for Mobile and Web Apps- Ashish JainCloudIDSummit
 
CIS 2015-Rationing Identity in the Internet of Things- Steve Wilson
CIS 2015-Rationing Identity in the Internet of Things- Steve WilsonCIS 2015-Rationing Identity in the Internet of Things- Steve Wilson
CIS 2015-Rationing Identity in the Internet of Things- Steve WilsonCloudIDSummit
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CloudIDSummit
 
CIS 2015- Rethinking Your Authorization Strategy- Gerry Gebel
CIS 2015- Rethinking Your Authorization Strategy- Gerry GebelCIS 2015- Rethinking Your Authorization Strategy- Gerry Gebel
CIS 2015- Rethinking Your Authorization Strategy- Gerry GebelCloudIDSummit
 
CIS 2015b FIDO U2F in 10 minutes - Dirk Balfanz
CIS 2015b FIDO U2F in 10 minutes - Dirk BalfanzCIS 2015b FIDO U2F in 10 minutes - Dirk Balfanz
CIS 2015b FIDO U2F in 10 minutes - Dirk BalfanzCloudIDSummit
 
CIS 2015- Understanding & Managing Discretionary Access: The TAO of Entitleme...
CIS 2015- Understanding & Managing Discretionary Access: The TAO of Entitleme...CIS 2015- Understanding & Managing Discretionary Access: The TAO of Entitleme...
CIS 2015- Understanding & Managing Discretionary Access: The TAO of Entitleme...CloudIDSummit
 
UMA as Authorization mechanism for IoT: a healthcare scenario
UMA as Authorization mechanism for IoT: a healthcare scenarioUMA as Authorization mechanism for IoT: a healthcare scenario
UMA as Authorization mechanism for IoT: a healthcare scenarioDomenico Catalano
 
CIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCloudIDSummit
 
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCloudIDSummit
 
CIS 2015 User Managed Access - George Fletcher
CIS 2015 User Managed Access - George FletcherCIS 2015 User Managed Access - George Fletcher
CIS 2015 User Managed Access - George FletcherCloudIDSummit
 

En vedette (20)

User-Managed Access: Why and How? - Access Control in Digital Contract Contexts
User-Managed Access: Why and How? - Access Control in Digital Contract ContextsUser-Managed Access: Why and How? - Access Control in Digital Contract Contexts
User-Managed Access: Why and How? - Access Control in Digital Contract Contexts
 
Audit of related services p7
Audit of related services p7Audit of related services p7
Audit of related services p7
 
Adapting Levels of Assurance for NSTIC
Adapting Levels of Assurance for NSTICAdapting Levels of Assurance for NSTIC
Adapting Levels of Assurance for NSTIC
 
OpenAM - Fast SSO
OpenAM - Fast SSOOpenAM - Fast SSO
OpenAM - Fast SSO
 
Fido u2 f in 10 minutes (cis 2015)
Fido u2 f in 10 minutes (cis 2015)Fido u2 f in 10 minutes (cis 2015)
Fido u2 f in 10 minutes (cis 2015)
 
CIS 2015 The Ethics of Personal Data - Robin Wilton
CIS 2015 The Ethics of Personal Data - Robin WiltonCIS 2015 The Ethics of Personal Data - Robin Wilton
CIS 2015 The Ethics of Personal Data - Robin Wilton
 
CIS 2015 Identity and Data Security : Breaking the Boundaries - Nathanael Cof...
CIS 2015 Identity and Data Security : Breaking the Boundaries - Nathanael Cof...CIS 2015 Identity and Data Security : Breaking the Boundaries - Nathanael Cof...
CIS 2015 Identity and Data Security : Breaking the Boundaries - Nathanael Cof...
 
CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man
CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'manCIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man
CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man
 
CIS 2015 How to Maximize the Business Value of Identity and Preference Manage...
CIS 2015 How to Maximize the Business Value of Identity and Preference Manage...CIS 2015 How to Maximize the Business Value of Identity and Preference Manage...
CIS 2015 How to Maximize the Business Value of Identity and Preference Manage...
 
CIS 2015- The Last Mile - Delivering All the Solutions to All the Application...
CIS 2015- The Last Mile - Delivering All the Solutions to All the Application...CIS 2015- The Last Mile - Delivering All the Solutions to All the Application...
CIS 2015- The Last Mile - Delivering All the Solutions to All the Application...
 
CIS 2015- SSO for Mobile and Web Apps- Ashish Jain
CIS 2015- SSO for Mobile and Web Apps- Ashish JainCIS 2015- SSO for Mobile and Web Apps- Ashish Jain
CIS 2015- SSO for Mobile and Web Apps- Ashish Jain
 
CIS 2015-Rationing Identity in the Internet of Things- Steve Wilson
CIS 2015-Rationing Identity in the Internet of Things- Steve WilsonCIS 2015-Rationing Identity in the Internet of Things- Steve Wilson
CIS 2015-Rationing Identity in the Internet of Things- Steve Wilson
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
 
CIS 2015- Rethinking Your Authorization Strategy- Gerry Gebel
CIS 2015- Rethinking Your Authorization Strategy- Gerry GebelCIS 2015- Rethinking Your Authorization Strategy- Gerry Gebel
CIS 2015- Rethinking Your Authorization Strategy- Gerry Gebel
 
CIS 2015b FIDO U2F in 10 minutes - Dirk Balfanz
CIS 2015b FIDO U2F in 10 minutes - Dirk BalfanzCIS 2015b FIDO U2F in 10 minutes - Dirk Balfanz
CIS 2015b FIDO U2F in 10 minutes - Dirk Balfanz
 
CIS 2015- Understanding & Managing Discretionary Access: The TAO of Entitleme...
CIS 2015- Understanding & Managing Discretionary Access: The TAO of Entitleme...CIS 2015- Understanding & Managing Discretionary Access: The TAO of Entitleme...
CIS 2015- Understanding & Managing Discretionary Access: The TAO of Entitleme...
 
UMA as Authorization mechanism for IoT: a healthcare scenario
UMA as Authorization mechanism for IoT: a healthcare scenarioUMA as Authorization mechanism for IoT: a healthcare scenario
UMA as Authorization mechanism for IoT: a healthcare scenario
 
CIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of ThingsCIS 2015 Identity Relationship Management in the Internet of Things
CIS 2015 Identity Relationship Management in the Internet of Things
 
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve ToutCIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
 
CIS 2015 User Managed Access - George Fletcher
CIS 2015 User Managed Access - George FletcherCIS 2015 User Managed Access - George Fletcher
CIS 2015 User Managed Access - George Fletcher
 

Similaire à User-Centric Privacy of Identity: A Practitioner's Approach to Strategic Privacy

Why IAM is the Need of the Hour
Why IAM is the Need of the HourWhy IAM is the Need of the Hour
Why IAM is the Need of the HourTechdemocracy
 
2009 iapp-the corpprivacydeptmar13-2009
2009 iapp-the corpprivacydeptmar13-20092009 iapp-the corpprivacydeptmar13-2009
2009 iapp-the corpprivacydeptmar13-2009asundaram1
 
Cost benefit analysis vs confidentiality
Cost benefit analysis vs confidentialityCost benefit analysis vs confidentiality
Cost benefit analysis vs confidentialityPrithvi Ghag
 
Mobility innovation and unknowns
Mobility innovation and unknownsMobility innovation and unknowns
Mobility innovation and unknownsLisa Marie Martinez
 
Capgemini ses - security po v (gr)
Capgemini ses - security po v (gr)Capgemini ses - security po v (gr)
Capgemini ses - security po v (gr)Gord Reynolds
 
Greater Than X: Presentation for CX Workstream Workshop on Consumer Control 2...
Greater Than X: Presentation for CX Workstream Workshop on Consumer Control 2...Greater Than X: Presentation for CX Workstream Workshop on Consumer Control 2...
Greater Than X: Presentation for CX Workstream Workshop on Consumer Control 2...Mathew Mytka
 
Nurturing User Trust_ Designing Privacy-Centric Websites in a Data-Driven Wor...
Nurturing User Trust_ Designing Privacy-Centric Websites in a Data-Driven Wor...Nurturing User Trust_ Designing Privacy-Centric Websites in a Data-Driven Wor...
Nurturing User Trust_ Designing Privacy-Centric Websites in a Data-Driven Wor...Gerryspeck
 
Mitigating Data Security Risks at Broker Dealers
Mitigating Data Security Risks at Broker DealersMitigating Data Security Risks at Broker Dealers
Mitigating Data Security Risks at Broker DealersBroadridge
 
Managing Privacy Risk and Promoting Ethical Culture in the Digital Age
Managing Privacy Risk and Promoting Ethical Culture in the Digital AgeManaging Privacy Risk and Promoting Ethical Culture in the Digital Age
Managing Privacy Risk and Promoting Ethical Culture in the Digital AgePerficient, Inc.
 
Psycology of Digital Trust
Psycology of Digital TrustPsycology of Digital Trust
Psycology of Digital TrustBahaa Al Zubaidi
 
Ciso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data securityCiso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data securityPriyanka Aash
 
ETHICAL WEB DEVELOPMENT: BALANCING USER PRIVACY AND INNOVATION
ETHICAL WEB DEVELOPMENT: BALANCING USER PRIVACY AND INNOVATIONETHICAL WEB DEVELOPMENT: BALANCING USER PRIVACY AND INNOVATION
ETHICAL WEB DEVELOPMENT: BALANCING USER PRIVACY AND INNOVATIONBeliev-In Technologies
 
1Running Header ORGANIZATIONAL SECURITY 4ORGANIZATIONAL SEC.docx
1Running Header ORGANIZATIONAL SECURITY 4ORGANIZATIONAL SEC.docx1Running Header ORGANIZATIONAL SECURITY 4ORGANIZATIONAL SEC.docx
1Running Header ORGANIZATIONAL SECURITY 4ORGANIZATIONAL SEC.docxvickeryr87
 

Similaire à User-Centric Privacy of Identity: A Practitioner's Approach to Strategic Privacy (20)

Protect Your Firm: Knowledge, Process, Policy and Action
Protect Your Firm: Knowledge, Process, Policy and ActionProtect Your Firm: Knowledge, Process, Policy and Action
Protect Your Firm: Knowledge, Process, Policy and Action
 
Security review using SABSA
Security review using SABSASecurity review using SABSA
Security review using SABSA
 
Why IAM is the Need of the Hour
Why IAM is the Need of the HourWhy IAM is the Need of the Hour
Why IAM is the Need of the Hour
 
California Consumer Privacy Act (CCPA)
California Consumer Privacy Act (CCPA)California Consumer Privacy Act (CCPA)
California Consumer Privacy Act (CCPA)
 
2009 iapp-the corpprivacydeptmar13-2009
2009 iapp-the corpprivacydeptmar13-20092009 iapp-the corpprivacydeptmar13-2009
2009 iapp-the corpprivacydeptmar13-2009
 
Cost benefit analysis vs confidentiality
Cost benefit analysis vs confidentialityCost benefit analysis vs confidentiality
Cost benefit analysis vs confidentiality
 
Data security and privacy
Data security and privacyData security and privacy
Data security and privacy
 
Mobility innovation and unknowns
Mobility innovation and unknownsMobility innovation and unknowns
Mobility innovation and unknowns
 
Capgemini ses - security po v (gr)
Capgemini ses - security po v (gr)Capgemini ses - security po v (gr)
Capgemini ses - security po v (gr)
 
InsiderAttack_p3.ppt
InsiderAttack_p3.pptInsiderAttack_p3.ppt
InsiderAttack_p3.ppt
 
Greater Than X: Presentation for CX Workstream Workshop on Consumer Control 2...
Greater Than X: Presentation for CX Workstream Workshop on Consumer Control 2...Greater Than X: Presentation for CX Workstream Workshop on Consumer Control 2...
Greater Than X: Presentation for CX Workstream Workshop on Consumer Control 2...
 
Nurturing User Trust_ Designing Privacy-Centric Websites in a Data-Driven Wor...
Nurturing User Trust_ Designing Privacy-Centric Websites in a Data-Driven Wor...Nurturing User Trust_ Designing Privacy-Centric Websites in a Data-Driven Wor...
Nurturing User Trust_ Designing Privacy-Centric Websites in a Data-Driven Wor...
 
Mitigating Data Security Risks at Broker Dealers
Mitigating Data Security Risks at Broker DealersMitigating Data Security Risks at Broker Dealers
Mitigating Data Security Risks at Broker Dealers
 
Managing Privacy Risk and Promoting Ethical Culture in the Digital Age
Managing Privacy Risk and Promoting Ethical Culture in the Digital AgeManaging Privacy Risk and Promoting Ethical Culture in the Digital Age
Managing Privacy Risk and Promoting Ethical Culture in the Digital Age
 
Psycology of Digital Trust
Psycology of Digital TrustPsycology of Digital Trust
Psycology of Digital Trust
 
Ciso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data securityCiso round table on effective implementation of dlp & data security
Ciso round table on effective implementation of dlp & data security
 
Intro To Secure Identity Management
Intro To Secure Identity ManagementIntro To Secure Identity Management
Intro To Secure Identity Management
 
ETHICAL WEB DEVELOPMENT: BALANCING USER PRIVACY AND INNOVATION
ETHICAL WEB DEVELOPMENT: BALANCING USER PRIVACY AND INNOVATIONETHICAL WEB DEVELOPMENT: BALANCING USER PRIVACY AND INNOVATION
ETHICAL WEB DEVELOPMENT: BALANCING USER PRIVACY AND INNOVATION
 
1Running Header ORGANIZATIONAL SECURITY 4ORGANIZATIONAL SEC.docx
1Running Header ORGANIZATIONAL SECURITY 4ORGANIZATIONAL SEC.docx1Running Header ORGANIZATIONAL SECURITY 4ORGANIZATIONAL SEC.docx
1Running Header ORGANIZATIONAL SECURITY 4ORGANIZATIONAL SEC.docx
 
Mobileprivacyazahir
MobileprivacyazahirMobileprivacyazahir
Mobileprivacyazahir
 

Plus de CloudIDSummit

CIS 2016 Content Highlights
CIS 2016 Content HighlightsCIS 2016 Content Highlights
CIS 2016 Content HighlightsCloudIDSummit
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016CloudIDSummit
 
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CloudIDSummit
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2CloudIDSummit
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CloudIDSummit
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CloudIDSummit
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CloudIDSummit
 
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCloudIDSummit
 
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCloudIDSummit
 
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CloudIDSummit
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCloudIDSummit
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCloudIDSummit
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCloudIDSummit
 
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...CloudIDSummit
 
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCloudIDSummit
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCloudIDSummit
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCloudIDSummit
 
CIS 2015 What’s next? Discovery, Dynamic Registration, Mobile Connect and mor...
CIS 2015 What’s next? Discovery, Dynamic Registration, Mobile Connect and mor...CIS 2015 What’s next? Discovery, Dynamic Registration, Mobile Connect and mor...
CIS 2015 What’s next? Discovery, Dynamic Registration, Mobile Connect and mor...CloudIDSummit
 
CIS 2015 OpenID Connect and Mobile Applications - David Chase
CIS 2015 OpenID Connect and Mobile Applications - David ChaseCIS 2015 OpenID Connect and Mobile Applications - David Chase
CIS 2015 OpenID Connect and Mobile Applications - David ChaseCloudIDSummit
 
CIS 2015 OpenID Connect Workshop Part 1: Challenges for mobile - B. Allyn Fay
CIS 2015 OpenID Connect Workshop Part 1: Challenges for mobile - B. Allyn FayCIS 2015 OpenID Connect Workshop Part 1: Challenges for mobile - B. Allyn Fay
CIS 2015 OpenID Connect Workshop Part 1: Challenges for mobile - B. Allyn FayCloudIDSummit
 

Plus de CloudIDSummit (20)

CIS 2016 Content Highlights
CIS 2016 Content HighlightsCIS 2016 Content Highlights
CIS 2016 Content Highlights
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016Top 6 Reasons You Should Attend Cloud Identity Summit 2016
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
 
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2Mobile security, identity & authentication reasons for optimism 20150607 v2
Mobile security, identity & authentication reasons for optimism 20150607 v2
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
 
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian PuhlCIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
 
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian KatzCIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
 
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes TschofenigCIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean DeubyCIS 2015 The IDaaS Dating Game - Sean Deuby
CIS 2015 The IDaaS Dating Game - Sean Deuby
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish JainCIS 2015 SSO for Mobile and Web Apps Ashish Jain
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
 
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...The Industrial Internet, the Identity of Everything and the Industrial Enterp...
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
 
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John DasilvaCIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid KhosravianCIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John DasilvaCIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
 
CIS 2015 What’s next? Discovery, Dynamic Registration, Mobile Connect and mor...
CIS 2015 What’s next? Discovery, Dynamic Registration, Mobile Connect and mor...CIS 2015 What’s next? Discovery, Dynamic Registration, Mobile Connect and mor...
CIS 2015 What’s next? Discovery, Dynamic Registration, Mobile Connect and mor...
 
CIS 2015 OpenID Connect and Mobile Applications - David Chase
CIS 2015 OpenID Connect and Mobile Applications - David ChaseCIS 2015 OpenID Connect and Mobile Applications - David Chase
CIS 2015 OpenID Connect and Mobile Applications - David Chase
 
CIS 2015 OpenID Connect Workshop Part 1: Challenges for mobile - B. Allyn Fay
CIS 2015 OpenID Connect Workshop Part 1: Challenges for mobile - B. Allyn FayCIS 2015 OpenID Connect Workshop Part 1: Challenges for mobile - B. Allyn Fay
CIS 2015 OpenID Connect Workshop Part 1: Challenges for mobile - B. Allyn Fay
 

Dernier

Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 

Dernier (20)

Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 

User-Centric Privacy of Identity: A Practitioner's Approach to Strategic Privacy

  • 1. User-centric Privacy of Identity Jenn Behrens, MSW, PhD CIPM CIPP/US, CHPSE Contributors: Tim Reiniger, Director of Digital Services Group, FutureLaw Darren Kall, Kall Consulting
  • 2. Abstract Enterprises increasingly require higher level of assurance credentials for authentication. How do enterprises inspire trust for users? How do they impart that identity management solutions value and uphold privacy best-practices and regulations? Jenn will highlight how the application of a user- experience discipline intersects both legal and trust issues surrounding cloud-based applications. Discussion will underscore legal advantages of user- centric identity management as an authentication compliance strategy. The industry goal of improving trust of a solution by focusing on user control will also be linked to consumer and relying party adoption as a market-differentiating privacy risk mitigation strategy.
  • 3. Agenda ›  Abstract ›  Background ›  Strategic privacy ›  How to start? ›  UX & UC ›  Privacy toolbox ›  Making the link ›  Legal Implications/Advantages
  • 4. Background LDSS/VDSS experiences • Working with vulnerable but savvy populations • Providing all sorts of PII to all sorts of people • Dependent upon a trust relationship IRB (Institutional Review Board) • Ethics training (academic/professional) in collecting and handling of human data • “ensure(s) that human research involving VDSS clients does not violate a client’s right to privacy and protects them from harm or risk. The board reviews research proposals and data requests to determine how federal and state human research subject regulations apply to proposed research activities” ww.dss.virginia.gov/about/irb.cgi) NSTIC (National Strategy for Trusted Identities in Cyberspace) • CSDII (Cross-Sector Digital Identity Initiative) • PEM • IDESG Privacy Coordination Committee • CIPP/US, CIPM, CHPSE
  • 5. Strategic Privacy? ›  Holistic approach ›  Get out of the silo and compliance tunnel ›  Incorporate multiple disciplines into privacy, including security measures and user-experience methodology ›  Consider cross-sector/industry standards and innovations ›  Don’t overcomplicate matters ›  Tell the truth (don’t lie) ›  Meet the business needs ›  Comply with regulations ›  Leave the control of the information to the rightful owner ›  Think like a user
  • 6. What’s the problem? ›  Historical context: Businesses are realizing the breadth of scope of privacy relevancy to industry collection, handling and disposal of personal information. ›  Current landscape: combination of increasing investigative efforts, administrative promulgations, and the public’s heightening sense of awareness and expectancy of certain privacy controls, businesses are evolving their ad hoc approach to a more advanced and robust privacy protocol. ›  Need: Organizations starting to recognize need for comprehensive privacy programs and integrated privacy and security policies and practices. There is a maturing of policies into strategic approaches to applying privacy principles through a graduated series of steps ranging from remediation to compliance to commitment. What does this look like?
  • 7. Proposed Solution: ›  Let’s start a discourse around strategic application of particular practices industry and agencies may employ to earn, retain and resolve the public’s trust issues ›  Focus on the maturation of a consent process to a strategy of user-authorization as incorporated by Cloud services ›  Interweaves user-centric design as key to a sound authorization practice ›  Identifies legal consideration and implications
  • 8. So how do I start? ›  Remember the goal – have people want to use your service or product which means keep them coming back which means earning their trust – these days that means being up front and fair about privacy policies and practices ›  How do I do that? ›  Let’s explore a some of the common privacy practices interwoven with UX methodology and see where that gets us…
  • 9. User What? ›  User Experience (UX) is a data-driven strategy to making interactive products that meet the needs of the people who use them. It results in greater user adoption and use, increased revenues, reduced costs, and if applied early and consistently in the end-to-end product development cycle it results in shorter time to market. ›  User-Centric Design (UCD) is the operational and tactical approach to implementing a UX strategy. UCD has dozens of techniques, best-practices, and principles that can be applied to the concept-development, user research, product design, and evaluation of existing products and products under development.
  • 10. UX Principles for Identity Management Products ›  Truth – Don’t lie to users! ›  Who – Let users know who they are interacting with at any given moment ›  Visible – Make as much of the interaction as possible visible to the user ›  Predictable – Ensure that the interactions are predictable to users ›  Trustworthy – Design interactions with product/company to support trust ›  Valuable – Give users a reason to believe sufficiently enough to adopt and use the product ecosystem ›  Efficient Data Requests – Design systems to request information from users once ›  Language – Use the user’s language, not techno-lingo or legal- ease or privacy-geek-babble ›  Remedy – Fix the product, not the user ›  Perspective – Remember: the user’s goal is not your goal
  • 11. Privacy Toolbox ›  Practitioners of any discipline know that there are particular tools that are better suited for certain works than others to accomplish specific jobs ›  Several well-vetted privacy risk mitigation tools used by businesses and government agencies today. ›  Transparency ›  Authority ›  Auditing & Security ›  Consent (the old stand-by!)
  • 12. Consent – Get out of jail free card? ›  Consent is “permission, approval, or agreement; compliance; acquiescence.” (www.dictionary.com; noun; #3) ›  Privacy risks are thought to be mitigated or lessened when consent is invoked in identity management solution. ›  What is consent supposed to do for users of Cloud systems? ›  Usually invoked once at the front page or first visit ›  Usually a compound action ›  Mostly all or nothing, with absolute consequences ›  Complicated with legal-ease ›  Related to the user’s interaction with the website or service, but not the activity of the data or information between organizations ›  So, with that, does consent really meet the privacy principles of transparency, individual participation or individual control? ›  Contemporary research into what consent accomplishes point to the need to provide opportunity for authorization for transactions in addition to the consent process.
  • 13. Authorization is different than consent? ›  Authorization is the more granular process of granting or denying specific requests for access to resources. (IDESG Core Operations). ›  Why is this differentiation between consent and authorization important? ›  How does the incorporation of authorization into the consent process realize strategic privacy risk mitigation? ›  How does this increase user trust and satisfy legal implications of digital identity?
  • 14. Authorization as a privacy tool? ›  Achieve transparency, adequate notice, individual participation and individual control ›  Mitigated risks ›  breach of trust distortion ›  exclusion ›  induced disclosure ›  loss of liberty ›  power imbalance
  • 15. Interweaving UCD and Privacy - where are we now? Adoption UCD Authorization
  • 16. How does a trusting user satisfy my company’s legal risk?
  • 17. Legal Considerations ›  Enabling each identity owner to excise control over the use and usage of her identity reflects and establishes minimum criteria for issuing, validating, and securing interoperable digital identities. ›  This ensures that communications, digital identities, and records are reliable and resistant to fraud and manipulation ›  Legal controls considered include ›  Reliable identities ›  Independently verified digital signatures and records ›  Authoritative Source Record
  • 18. Legal Advantages ›  Enables compliance with LoA3 credential assurance level requirements ›  Enables user-centric control of digital identity ›  Enables custodians of records in the cloud to fulfill legal control obligations ›  Enables compliance with signing requirements
  • 19. Legal Advantages to User- Centric Identity Management ›  The strategic management of digital identity and privacy risk in the networked Cloud environment must be based on evidentiary requirements for and user- controlled methods of identification and authentication. ›  For a digital identity to be deemed legally interoperable over time ›  Must be standards-based ›  Capable of enabling strong two-factor authentication for access ›  Capable of logging of all uses ›  Capable to detecting alterations ›  Ensures relying party compliance with applicable confidentiality and evidentiary requirements ›  Network economics depend on clear legal rights in the form of access and use rights to systems and records. ›  Interoperable digital identity give users the capability of exerting legal control to prevent unauthorized collection, use, and dissemination of personal information in the acts of identification (i.e. linking a specific person to data) and authentication (proving that the person is who she claims to be) and for detecting content-level changes to records stored in the Cloud.
  • 20. User-Centric Privacy of Identity ›  A practitioner’s approach to strategic privacy
  • 21. Contributors ›  Jenn Behrens specializes in privacy, governance, and identity management solutions. She was the Commonwealth of Virginia’s "Data Maven" for her expertise in information management for departments of social services. Jennifer was recently the Director of Privacy and Compliance with ID.me; she currently leads privacy compliance for multiple NSTIC pilots, and is the IDESG Privacy Coordination Committee Chair. She may be reached at jenniferbehrens1977@yahoo.com. ›  Tim Reiniger is an attorney currently serving as Special Advisor on Digital Identity for the Commonwealth of Virginia. As Director of the Digital Services Group of FutureLaw, LLC, in Richmond, Virginia, he specializes in digital identity strategy and policy development and information assurance protocols. He is a member of the ABA’s E-Discovery and Digital Evidence Committee and is licensed to practice in California, New Hampshire, and the District of Columbia. He can be reached at treiniger@futurelaw.net. ›  Darren Kall manages SecurityUX, a division of KALL Consulting, which works with technology and technology-enabled companies. SecurityUX designs or improves the user experience of security, privacy, and identity management in products or enterprise implementations. By making products more usable and more secure for all types of users, user-centric design increases user adoption, productivity, and corporate revenues. To discuss your products, Darren can be reached at darrenkall@kallconsulting.com  or darrenkall@secux.com.