2024: Domino Containers - The Next Step. News from the Domino Container commu...
Privacy is at the heart of data protection
1. Privacy is at the heart of data protection….
RobbieWalker, Security architecture, University of Portsmouth
14/11/2017
2. Privacy is at the heart of data protection….
»Privacy by design is not data protection by design
»‘Privacy by design’ is short on application detail
Putting data protection by design into systems development
(not perfect - but adequate!)
Why? Because this is a key GDPR requirement (Article 25)
(and it’s a big win for data security)
The problem with ‘privacy’
14/11/2017 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all) 2
3. Privacy is at the heart of data protection….
“Successive Information Commissioners have always been clear that
protecting people’s privacy is at the heart of data protection law.”
The Information Commissioner
But you won’t find ‘privacy’ in the GDPR
Information Commissioner’s Response to the Law Commission’s
Protection of Official Data Consultation (May 2017)
14/11/2017 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all) 3
4. Privacy is at the heart of data protection….
eg Privacy is the right to be let alone, or freedom from interference or
intrusion, the right to have some control over how your personal
information is collected and used.
I prefer…“Informational self-determination”
The term informational self-determination was first used in the
context of a German constitutional ruling relating to personal
information collected during the 1983 census.
What do we mean by Privacy?
14/11/2017 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all) 4
5. Privacy is at the heart of data protection….
Informational self-determination
»It’s focus is on information
»It allows privacy to be a matter of personal choice !!!
»Means data controllers/processors have to support that choice
How do you ‘engineer’ privacy into data processing systems ?
What do we mean by Privacy?
14/11/2017 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all) 5
6. Privacy is at the heart of data protection….
“Privacy by design is an engineering and strategic management
approach that commits to selectively and sustainably minimize
information systems’ privacy risks through technical and
governance controls.”
Ann Cavoukian 1995
What about Privacy by Design?
14/11/2017 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all) 6
7. Privacy is at the heart of data protection….
1. Proactive not reactive
2. Privacy by default
3. Privacy embedded into design
4. Full functionality is not impaired
5. Lifecycle protection
6. Visibility and transparency
7. Respect for user privacy
What about Privacy by Design?
14/11/2017 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all) 7
8. Privacy is at the heart of data protection….
As concluded from the 2014 NIST Privacy EngineeringWorkshop,
there is currently a communication gap around privacy between the
legal and policy, design and engineering, and product and project
management teams, which makes it difficult to understand and
manage privacy risks.
However…
14/11/2017 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all) 8
9. Privacy is at the heart of data protection….
There are well known Privacy by Design principles, but you can’t build
information systems by relying on high level principles alone.
Note: P-by-D is not simply a task for application developers.True P-by-
D requires collaboration with and commitment of business leaders,
Senior management, Application and program owners, Line of business
and Process owners.
14/11/2017 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all) 9
10. STOP
What does the GDPR say?
14/11/2017 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all) 10
11. Privacy is at the heart of data protection….
Article 25 “Data Protection by Design and by Default”
Note the use of : ‘Design’ and ‘Default’
What does the GDPR say?
14/11/2017 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all) 11
12. Privacy is at the heart of data protection….
Article 25 “Data Protection by Design and by Default”
By design…
To deal with real-world demands for personal data, while properly
addressing the risks to the rights and freedoms of the data subject,
the controller must apply control measures which implement data-
protection principles. These measures must be integrated at the
earliest stage in the project and at go live - with the aim of protecting
the rights of data subjects.
What does the GDPR say?
14/11/2017 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all) 12
13. Privacy is at the heart of data protection….
Article 25 “Data Protection by Design and by Default”
…and by default
Only process personal data necessary for each specific purpose.
»Limit the amount of personal data collected
»Limit the extent of the processing
»Limit the period of the storage
»Limit the accessibility
What does the GDPR say?
14/11/2017 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all) 13
14. Privacy is at the heart of data protection….
1. Apply controls to implement data-protection principles
2. Integrate these at the earliest stage in the project and at go live
3. Always aim to protect the rights of the data subject
4. Limit the amount of personal data collected, extent of the
processing, period the storage and accessibility – by default
Data Protection by Design - boils down to 4 requirements:
14/11/2017 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all) 14
15. Privacy is at the heart of data protection….
Where does this fit within our ICT GDPR compliance activities ?
We have the luxury of:
»Application Development Group
»Project Support Office
Data Protection by Design boils down to 4 requirements:
14/11/2017 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all) 15
16. Privacy is at the heart of data protection….
1, 2, and 3 are owned by ourApplication developers …but
4. Limit the amount of personal data collected, extent of the
processing, period the storage and accessibility – by default.
This element sits with our “Project Support Office” and is linked with
Data Protection Impact Assessments
Data Protection by Design and Default
14/11/2017 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all) 16
17. Privacy is at the heart of data protection….
1. Apply controls to implement data-protection principles
2. Integrate these at the earliest stage in the project and at go live
3. Always aim to protect the rights of the data subject
Who Why When
Data Protection by Design for developers:
14/11/2017 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all) 17
18. Privacy is at the heart of data protection….
1. Apply controls to implement data-protection principles
2. Integrate these at the earliest stage in the project and at go live
3. Always aim to protect the rights of the data subject
What× Where× How×
Data Protection by Design for Developers:
14/11/2017 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all) 18
19. Privacy is at the heart of data protection….
»What are the ‘controls’ and ‘data protection principles’?
» Where in the SDLC should all this come together?
»How do we protect the rights of the data subject?
Data Protection by Design for Developers:
14/11/2017 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all) 19
20. Privacy is at the heart of data protection….
Three steps…
1. Apply controls to implement data-protection principles
2. Integrate these at the earliest stage in the project and at go live
3. Always aim to protect the rights of the data subject
Data Protection by Design for Developers:
14/11/2017 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all) 20
21. Privacy is at the heart of data protection….
Control measures include:
Firewall
Network Segregation
Password Policy
Access Control
Encryption
Secure configuration
Anti-malware
Patch management
14/11/2017 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all) 21
22. Privacy is at the heart of data protection….
»Lawfulness (consent), fairness and transparency
»Specified, explicit and legitimate purposes
»Accurate and, where necessary, kept up to date;
»Adequate, relevant and limited to what is necessary
»Kept in for no longer than is necessary
»Processed in a manner that ensures appropriate security of the
personal data
› psudonymisation, data minimisation, account management
Data Protection Principles (Article 5):
14/11/2017 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all) 22
23. Privacy is at the heart of data protection….
What ‘rights’ are the developers able to protect?
»Article 16 - Right to rectification (65)
»Article 17 - Right to erasure ('right to be forgotten') (65, 66)
»Article 18 - Right to restriction of processing (67)
»Article 19 - Notification obligation regarding rectification or erasure
of personal data or restriction of processing
»Article 20 - Right to data portability (68)
Rights of the Data Subject (Articles 12 - 23):
14/11/2017 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all) 23
24. Privacy is at the heart of data protection….
»Is about finding the security problems before you write the code
»Vulnerabilities are eliminated before they ever see the light of day
»The design can be modified to eliminate or reduce security risks -
without compromising functionality ooooooh!
»Reworking (patching) efforts are reduced
»Security is greatly improved
Surely, this underpins DP by D
Threat modelling – (Microsoft SDL)
14/11/2017 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all) 24
25. Privacy is at the heart of data protection….
1. Proactive not reactive
2. Privacy by Default
3. Privacy embedded into design
4. Full functionality not impaired
5. Lifecycle protection
6. Visibility and transparency
7. Respect for user privacy
Threat modelling – resonates with Privacy by Design
14/11/2017 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all) 25
26. Privacy is at the heart of data protection….
Builds on theThreat Modelling (STRIDE) process from Microsoft.
It recognises the value of threat modelling for security - finding the
security problems before you write the code - but security
improvements don’t always bring privacy benefits, so it attempts to
accommodate Rights of the Data Subject as a goal within theThreat
Modelling process.
Threat Modelling using STRIDER
14/11/2017 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all) 26
27. Privacy is at the heart of data protection….
STRIDE(R) - is fundamentally good for DP by D
14/11/2017 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all) 27
Threat Property challenged Rights of data subject likely to be challenged
Spoofing Authentication
Rec.57, 64; Art.12(2), (6)The GDPR explicitly enables controllers to require data
subjects to provide proof of identity before giving effect to their rights.
Tampering Integrity Art.18(1)a (accuracy contested by the data subject)
Repudiation Non-repudiation Art.14 …data have not been obtained from data subj.
Information Disclosure Confidentiality Art. 32 - Security of Processing
Denial of Service Availability Art.15 - Right of Access
Elevation of Privilege Authorization Art. 32 - Security of Processing
Rights of Data Subject Privacy Art. 16 – 20
28. Privacy is at the heart of data protection….
Data flow diagram
14/11/2017 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all) 28
29. Privacy is at the heart of data protection….
14/11/2017 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all) 29
sr-app-01
scms-db-01
SCMS Apex Quercus
Front End
https://srapp.port.ac.uk
External Apex Apps
(confirma place, Apply
Online etc)
https://
register.port.ac.uk
https://srapp-
uat.port.ac.uk
Internal Users
External Users
A10 (Load Balancer/SSL offload)
http
A10 (Load Balancer/SSL offload)
scms-web-01
scms-web-02
SCMS
Windows 2012 R2
Oracle Forms and
Reports 11.2
Oracle mod_plsql
(Apex WebServer)
Java 6 and 7
ORDS
SLES 11 SP3
ORDS Rest
webServices 2.0
SLES 11 SP3
Oracle RDBMS
11.2.0.4
Apex 4.2.6
Oracle Discoverer
Users (Reporting)
Interface-db-03
(interfaces)
finlive-db-03
(Finance)
cmis-db-03
(CMIS)
odbclinkprod.ucas.com
(UCAS)
cron-02
(cron server)
30. Privacy is at the heart of data protection….
Applying STRIDER
14/11/2017 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all) 30
Data Flow Element Example S T R I D E R
Data Flow
Function call, RPC,
Network Traffic
Source/Destination
Users, Admins,
other systems
Data Store
Database, File, Registry, Shared
Memory, Queue
Process
DLL, EXE, COM Obj,
Components, Services,
31. Privacy is at the heart of data protection….
»Microsoft - Security Development Lifecycle (SDL)
»Bird and Bird - Guide to the GDPR (May 2017)
Any Questions ?
Thanks to:
14/11/2017 Title of presentation (Insert > Header & Footer > Slide > Footer > Apply to all) 31