PS2009 — ePETs

Feb 2nd, 1:00pm

I wasn’t too sure where I’d spend the second part of the workshop day, so I wandered into this panel discussion led by Canadian privacy celebrity Ann Cavoukian and MITRE Corporation’s Dr. Stuart Shapiro:

The MITRE Corporation with the Information and Privacy Commissioner’s Office of Ontario

This session is intended to explore the area of ePETs, which are aimed at supporting privacy within large organizations that must appropriately handle and safeguard large amounts of personally identifiable information (PII) throughout the information life cycle. The dominant focus of traditional PET research and development has been tools to enable data subjects to protect their personal privacy, typically by preventing the collection of PII. There is a growing need, though, for tools that can help data stewards responsibly manage the PII in their possession in accordance with Fair Information Practices.

Okay, so lets start with this: ePETS are electronic Privacy Enhancing Technologies.  Most of the technology discussed was a tool from a researcher named Kaled El Emam from the University of Ottawa.  He has developed a set of tools for anonymizing data for research purposes.  This technology has potential to greatly increase the type of information that a hospital or government organization can share with the research community by quantitatively measuring the degree to which the data has been anonymized before it is released.

The panel discussion produced a number of interesting quotes:

  • ‘Don’t let the perfect get in the way of the good’ — Joseph Alhadeff, Oracle Corp.
  • ‘… an Identity Resolution Service is needed’ — Charmaine Lowe, Director at the BC Ministry of Labour and Citizens’ Services, responding to a question related to resolving mis-information in government registries.
  • ‘Federated Privacy Impact Assessment tools are coming’ — Ann Cavoukian, Information and Privacy Commissioner for Ontario.
  • ‘… [government needs to] consider marginalized citizens who cannot produce the required identity proofing documentation when registering for programs and identity management systems’ — attendee from the Insurance Corporation of British Columbia explaining how he sees many cases each year where, for various reasons, people simply do not have the birth certificates, passports, citizenship cards, etc. required for registration

Overall, I thought this was a well-balanced discussion that reflected on how the practical needs of researchers can be met without eroding the privacy protections we expect organizations to provide us.


Author: code

Mike Waddingham is senior Information Technology management consultant with over 30 years of industry experience. He is the owner of Code Technology Corp.