Jason Cronk

Chair:
Jason Cronk, Privacy and Trust Consultant, Enterprivacy Consulting Group

Session A – 09:00am – 10:15am
Building a privacy model
In this module, participants learn the importance of designing for privacy and how to create a privacy model by identifying at-risk individuals, privacy threat actors, types of personal information, and potential privacy violations. Through guided exercises participants will use these components to model a product, service or process.

Session B – 10:45am – 12:00pm
Controls
Participants will learn the eight Hoepman privacy design strategies and 26 underlying tactics to mitigate privacy violations. They will explore the hierarchy between strategies, tactics and techniques. Guided exercises will be present to allow participants to understand how the various tactics can reduce privacy violations identified in the privacy model.

Session C – 1:30pm – 2:45 pm
Privacy risk assessments
Participants will learn how to use the FAIR Privacy risk model to think about privacy risks and adverse consequence arising from those risks and how controls map against the various factors contributing to privacy risk.  Guided exercises will allow participants to refine their use of controls to pinpoint specific privacy risk factors, such as opportunities created by the product, service or process, threat actor motivations, and adverse consequences to at-risk populations.

Session D – 3:15pm – 04:30pm
Putting it all together
In this final module, participants will learn how to integrate privacy by design into a development lifecycle. Guided exercises will walk participants through the entire process of designing for privacy.

Readings:

Privacy by Design — The 7 Foundational Principles
Cavoukian, Ann (Information and Privacy Commissioner of Ontario) (2009)

 A Taxonomy of Privacy
Solove, Dan (University of Pennsylvania Law Review, Vol. 154, No. 3, p. 477) (2006)

Privacy Design Strategies
Hoepman, Jaap-Henk (Radbound University – Institute for Computing and Information) Sciences (2013)

Jason Cronk
Jason Cronk

Privacy & Trust Consultant
Enterprivacy Consulting Group