karl kopper
play

Karl Kopper Caltrans Privacy and Chief Information Security Officer - PowerPoint PPT Presentation

Karl Kopper Caltrans Privacy and Chief Information Security Officer Four Questions Every Auditor Should Know the Answer To What is What is PII? De- Identification? What is Re-Identification? Privacy Internal Controls & Behavioral


  1. Karl Kopper Caltrans Privacy and Chief Information Security Officer

  2. Four Questions Every Auditor Should Know the Answer To

  3. What is What is PII? De- Identification? What is Re-Identification?

  4. Privacy Internal Controls & Behavioral Analytics

  5. 1973 1973 First VoIP Call First Touch Screen First Computer Monitor First Ethernet Network First UPC Barcode System First Cell Phone Call

  6. 1973 1973 First VoIP Call Touch Screen Developed First Computer Monitor Ethernet Created First UPC Barcode System First Cell Phone Call Martin Cooper Martin Cooper

  7. Personally U.S. Department of Health, U.S. Department of Health, Identifiable Education, and Welfare Education, and Welfare Information “HEW Report” of 1973 “HEW Report” of 1973 • No secret record-keeping systems • Individuals must know what and how • Individuals must be able to correct • Data about individuals must not be reused

  8. Personally Privacy act of 1974 Privacy act of 1974 Identifiable Information The increasing use of computers and sophisticated information technology, while essential to the efficient operations of the Government, has greatly magnified the harm to individual privacy that can occur from any collection, maintenance, use, or dissemination of personal information.

  9. Personally Identifiable Payment Card Industry – Information Data Security Standards  Cardholder Data  Sensitive Authentication Data Financial

  10. Personally Identifiable Information Health Insurance Portability and Accountability Act of 1996  Individually Identifiable Health Information (IIHI) Health

  11. Personally Office of Management and Budget Office of Management and Budget Identifiable M-17-12 2017 M-17-12 2017 Information To determine whether information is PII, the agency shall perform an assessment of the specific risk that an individual can be identified using the information with other information that is linked or linkable to the individual.

  12. Personally Identifiable California Consumer Privacy Act Information “You should have the right to know what personal information businesses collect about you and your children and what they do California with it, including to whom they sell it.”

  13. Personally Identifiable California Consumer Privacy Act Information “It is almost impossible to apply for a job, raise a child, drive a car, or make an appointment without sharing your personal California information..”

  14. Personally Identifiable California Consumer Privacy Act Information  Consuming History or Tendency  Browsing History  Geolocation Data  Audio, Electronic, Visual, Thermal, Olfactory or Similar Information California

  15. Personally Identifiable California Consumer Privacy Act Information  Consuming History or Tendency  Browsing History  Geolocation Data  Audio, Electronic, Visual, Thermal, Olfactory or Similar Information California “Inferences drawn from any of the information identified above”

  16. HIPAA State Gramm-Leach-Bliley GDPR Federa PCI l

  17. Privacy

  18. “The State of California is committed to unlocking the value of government data to propel innovation, improve the delivery of public services and empower the people of California while protecting privacy.” State of California Administrative Manual Section 5160

  19. Privacy Innovation

  20. Innovation 31% of fatal accidents involved alcohol 3,382 fatalities involving a distracted driver Men were drivers in 65% of accidents (2015-2017) 2,790 Lives were saved through the use of Airbags

  21. Innovation De-Identification

  22. Privacy

  23. Governor William Weld Keynote Graduation Address Bentley College 1996

  24. Voter List Health Data Name Visit Date Zip Address Diagnostics Birth Date Party Procedures Gender Voted Latanya Sweeney MIT Graduate Student

  25. Re-Identification

  26. Skiing in Salt Lake

  27. Kiteboarding in La Ventana, Baja, Mexico

  28. Burning Man

  29. 700 million activities 1.4 trillion latitude/longitude points 7.7 trillion pixels 5 terabytes data Activity duration = 100 thousand years Burning Man

  30. “Our global heatmap is the largest, richest, and most beautiful dataset of its kind.” Burning Man

  31. Soldiers, remember, rotate from one assignment to the next…

  32. ITS and Locational Privacy: Suggestions for Peaceful Coexistence Hubert H. Humphrey School of Public Affairs University of Minnesota Frank Douma & Sarah Aue 2011 Speed/Red Light Camera Connected Vehicle Carpool Lane Infrared Scanner Privacy Concerns Automated Toll System Loop Detector Traffic Counter

  33. What is What is PII? De- Identification? What does your What is organization do Re-Identification? to protect PII?

  34. Security Information & Event Management

  35. UEBA

  36. U ser & E ntity B ehavior al A nalytics Executive Assets Accessed Insider Threat Compromised Credentials

  37. What is What is PII? De- Identification? What does your What is organization do Re-Identification? to protect PII?

Recommend


More recommend