Certified Banking Data Privacy Law and Regulation - Module 2.pptx

Data Privacy Law and Regulation Certification Dr. Kevin F. Streff Founder and Managing Partner 1

2 Testified to Congress several times on behalf of banking and cyber Author of Data Privacy textbook Conducted training and education for examiners Done cybersecurity work in almost all states in the U.S. banking system for over 20 years Published in both banking and academic magazines and journals Regular speaker at banking conferences Leading technology, cyber, and privacy educator at Dakota State University and the ASP Academy™ Dr. Kevin Streff

Dr. Streff is not an attorney and is not providing legal advice 3

Agenda 4

Module 2 Data privacy harms 5

Harm Defined Privacy Harm – which may also be called a violation or threat – are problematic actions that can result in a loss of privacy and adverse consequences for a person. Security has threats…privacy has harms Type Cause Possible Results Objective Harms Forced or unanticipated uses of personal data Non-psychological (external) disturbances, such as losing one’s job, financial loss, or a tarnished reputation Subjective Harms Unwanted interactions Psychological (internal) disturbances, such as embarrassment, changes in behavior, or committing suicide 6

Group Harm Harm Definition Information Collection Surveillance Watching, listening to, or recording of an individual’s activities Interrogation Questioning or probing individuals for personal information Information Processing Aggregation Combining of various pieces of personal information Identification Linking of information to an individual Insecurity Carelessness in protecting information from leaks or improper access Secondary Use Using personal information for a purpose other than for which it was collected Exclusion Failing to let an individual know about the data that others have about them or participate in its handling or use Information Dissemination Breach of Confidentiality Breaking a promise to keep an individual’s information confidential Disclosure Revealing truthful information about an individual that impacts their security or the way others judge their character Exposure Revealing an individual’s nudity, grief or bodily functions Increased Accessibility Amplifying the accessibility of personal information Blackmail Threatening to disclose personal information Appropriation Using an individual’s identity to serve the aims and interests of another Distortion Disseminating false or misleading information about an individual Invasion Intrusion Disturbing an individual’s tranquility or solitude Decisional Interference Intruding into an individual’s decision making regarding their private affairs Privacy Harms 7

Surveillance Type of Information Collection harm Watching, listening to, or recording of an individual’s activities How surveillance can be harmful: Surveillance can lead to self-censorship of speech, behavior, thought, emotion, and individuality (Cronk, 2018; Solove, 2006). Being surveilled can cause anxiety and discomfort. The prevalence of surveillance can stoke fears that can aggravate mental health issues such as paranoia and psychosis (Dahl, 2014). Surveillance, along with interrogation, are the precursors to all other data privacy harms. Example: 2013 NSA 8

Interrogation Type of Information Collection harm Questioning or probing individuals for personal information How Interrogation can be harmful: Being asked excessively personal questions can make a person uncomfortable A person may feel compelled to answer personal questions for fear of losing out on some opportunity or being seen as someone with something to hide Interrogation can limit freedom of association and belief, as the McCarthy era Communist interrogations illustrates. Manipulation or bias can distort the accuracy of information obtained during interrogations, leading to self-incrimination or deceptive judgements. Interrogation, along with surveillance, are the precursors to all other data privacy harms . 9

Aggregation Type of Information Processing harm Combining of various pieces of personal information How Aggregation can be harmful: Data combined together reveals more than the sum of individual pieces of data do in isolation, and these revelations are hard for the individual to anticipate or control. Aggregation upsets expectations about what people can discover about us. Building dossiers on people leads to power imbalances and the potential for the aggregator to influence the data subject in powerful ways. Since aggregated data and the revelations it provides is often disconnected from its original context, aggregation can lead to distortion. 10

Identification Type of Information Processing harm Linking of information to an individual How Identification can be harmful: Identification leads to “informational baggage” which hinders a person’s ability to grow out of a past they are trying to escape. Certain identification markers may carry stigma. Attaching information to individuals can lead to power imbalances, as it can be used for social control, such as governments rounding up groups of individuals who are radicals or disfavored. Identification can restrict anonymity or pseudonymity, preventing people from protecting themselves against bias and prejudice in their expression, discouraging whistleblowing, and making it riskier to read, listen to, or spread unpopular ideas. 11

Insecurity Type of Information Processing harm Carelessness in protecting information from leaks or improper access How Insecurity can be harmful: Insecurity can lead to identity theft, which involves a distortion of a person’s financial reputation. “Insecurity exposes people to potential future harm… insecurity is the injury of being placed in a weakened state”. Insecurity feeds into the privacy harm of disclosure. 12

Secondary Use Type of Information Processing harm Using personal information for a purpose other than for which it was collected How Secondary Use can be harmful: The data subject may feel betrayed at being deceived about how personal data is used. Secondary use upsets expectations around how data will be managed. People may have reservations about giving out their data if they suspect secondary use to be a possibility. Normalizing secondary use exploits an asymmetry of knowledge – individuals are likely to be ignorant around how their data is processed, so they may not be able to fully understand the ramifications of organizations mentioning secondary use in their privacy notices. The potential for secondary use can induce uncertainty and fear, leading to feelings of vulnerability and powerlessness. Data used for secondary purposes may be taken out of context and could lead to misunderstandings 13

Exclusion Type of Information Processing harm Failing to let an individual know about the data that others have about them or participate in its handling or use How Exclusion can be harmful: Exclusion makes it harder to hold governments and businesses accountable for their privacy practices because concerned parties will have less visibility into data processing. Individuals may feel vulnerable, uncertain, powerless and/or frustrated from exclusion . 14

Breach of Confidentiality Type of Information Dissemination harm Breaking a promise to keep an individual’s information confidential How Breach of Confidentiality can be harmful: A person may lose trust in the party who disclosed secrets. When trust is violated, a person can have strong feelings of betrayal. Individuals may be reluctant to disclose personal data after a breach of confidentiality because of the loss of trust and sense of betrayal. All the harms associated with disclosure can also occur during breaches of confidentiality because breach of confidentiality is a special type of disclosure. 15

Disclosure Type of Information Dissemination harm Revealing truthful information about an individual that impacts their security or the way others judge their character How Disclosure can be harmful: An individual’s safety is put at risk. The threat of disclosure can prevent people from pursuing self-development. Since “a substantial amount of political discourse” occurs in private places, too much disclosure could inhibit democracy. Disclosure can limit autonomy and freedom of association. Disclosure can distort assessments of people, since gossip rarely paints a complete picture of someone. Disclosure can subject people to irrational judgements based on stereotypes. Disclosure can make a person a “prisoner of their past,” preventing them from growing and changing. Disclosure can cause information to spread beyond expected boundaries and revealed information can be used in unforeseeable ways 16

Exposure Type of Information Dissemination harm Revealing an individual’s nudity, grief or bodily functions What about revealing their data? How Exposure can be harmful: A person can have strong or debilitating feelings of embarrassment, shame, or humiliation with regards to exposure. Exposure can hinder our sense of human dignity. Exposure and the feelings associated with it can prevent a person from participating in society. Certain forms of exposure can lead to suicide 17

Increased Accessibility Type of Information Dissemination harm Amplifying the accessibility of personal information How Increased Accessibility can be harmful: Increased accessibility can increase the possibility of the disclosure privacy harm. Increased accessibility can make it more difficult for people to escape their past as that information becomes increasingly searchable and discoverable by others. 18

Blackmail Type of Information Dissemination harm Threatening to disclose personal information How Blackmail can be harmful: Blackmail creates a power imbalance by allowing a person to dominate and control another person. Ransomware 19

Appropriation Type of Information Dissemination harm Using an individual’s identity to serve the aims and interests of another How Appropriation can be harmful: Scholars have proposed that having one’s identity appropriated can be humiliating and demeaning. Scholars have proposed that appropriation can impinge upon publicity or personality rights, the commercialization of one’s personality. Appropriation can rob a person of their freedom and interfere with their self-development. People who are appropriated may experience unwanted notoriety, along with all of its problems – like harassment. Severe forms of appropriation, such as identity theft, can be financially devastating and psychologically traumatizing. 20

Distortion Type of Information Dissemination harm Disseminating false or misleading information about an individual How Distortion can be harmful: Victims of distortion may experience embarrassment, humiliation, stigma, as well as reputational or financial harm as a result of false information being spread about them. Personal freedom or safety can be harmed, such as when distortion confuses well-meaning law enforcement officers (e.g., in swatting incidents. Distortion prevents us from making accurate judgements of others’ character and trustworthiness. Distortion can result in “arbitrary and undeserved” disintegration of social relationships. As the gaslighting example shows, distortion is a core aspect of psychological abuse. 21

Intrusion Type of Invasion harm Disturbing an individual’s tranquility or solitude How Intrusion can be harmful: Intrusion can disturb a person’s daily activities and routines. Solitude can be interrupted by intrusion. Intrusion can make people feel uneasy and uncomfortable. 22

Decisional Interference Type of Invasion harm Intruding into an individual’s decision making regarding their private affairs How Decisional Interference can be harmful: Decisional interference results in restricted personal freedom and autonomy. Commercial entities with a significant monopoly or those who are very powerful can negatively affect the freedom and autonomy of people because of the power imbalance. Decisional interference can result in a decline of democracy in a society – malicious actors can manipulate peoples’ minds, tricking citizens into allowing aspects of totalitarianism to creep into their society. 23

Group Harm Harm Definition Information Collection Surveillance Watching, listening to, or recording of an individual’s activities Interrogation Questioning or probing individuals for personal information Information Processing Aggregation Combining of various pieces of personal information Identification Linking of information to an individual Insecurity Carelessness in protecting information from leaks or improper access Secondary Use Using personal information for a purpose other than for which it was collected Exclusion Failing to let an individual know about the data that others have about them or participate in its handling or use Information Dissemination Breach of Confidentiality Breaking a promise to keep an individual’s information confidential Disclosure Revealing truthful information about an individual that impacts their security or the way others judge their character Exposure Revealing an individual’s nudity, grief or bodily functions Increased Accessibility Amplifying the accessibility of personal information Blackmail Threatening to disclose personal information Appropriation Using an individual’s identity to serve the aims and interests of another Distortion Disseminating false or misleading information about an individual Invasion Intrusion Disturbing an individual’s tranquility or solitude Decisional Interference Intruding into an individual’s decision making regarding their private affairs Privacy Harms 24

Security has threats, privacy has harms Library of harms was developed by an attorney and useful in the privacy risk assessment process 25

Dr. Kevin Streff American Security and Privacy, LLC Founder & Managing Partner www.americansecurityandprivacy.com [email protected] 605.270.4427 www.drstreff.com 26 ASP Academy ™

Certified Banking Data Privacy Law and Regulation - Module 2.pptx

About This Presentation

Slide Content

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

Certified Banking Data Privacy Law and Regulation - Module 2.pptx

About This Presentation

Slide Content

Slide 1

Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14

Slide 15

Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

FM I Chapter 3: Time Value of Money .ppt

Financial Management I Chapter Three.pdf

Md. Sirajuddwla Vs. The State and Ors. [2016] 1LNJ(HCD)177.

business finance-2nd quarter week 1.pptx

bank-reconciliation-2-240226133520-7f66bb8a.pptx

Create_a_Portfolio_Website_Showcasing_Projects_Skills_and_Contact_Info_Presentation.pdf.pdf