Submission to the OPC’s Consultation on Consent under PIPEDA (Anonos)

Anonos

October 2016

Note: This submission was contributed by the author to the Office of the Privacy Commissioner of Canada’s Consultation on Consent under PIPEDA.

Disclaimer: The opinions expressed in this document are those of the author(s) and do not necessarily reflect those of the Office of the Privacy Commissioner of Canada.

Summary

We propose that next-generation Dynamic Data Obscurity (DDO)^{Footnote 1} principles (as elaborated upon in this Discussion Paper) be endorsed by the OPC as best practices for ensuring information accountability because these principles:

Maximize authorized and minimize unauthorized uses of data by dynamically minimizing re-identification risks.
Facilitate compliance with and auditability against data protection policies by enabling the mathematical, statistical and/or actuarial measurement and monitoring of data use.
Enable common data store(s) to programmatically support data protection and rights management policies applicable to different companies, industries, states, countries, regions, etc. – and to do so simultaneously.
Adjust in real-time to the changing requirements of policies by dynamically modifying the intelligible form of data into which dynamically obscured data are transformed.
Do not suffer from the disadvantages of broadly revealing or broadly concealing data, while providing significant advantages that neither broad revelation nor concealment offers with regard to precision and long-term (i.e., longitudinal) data value.

The full submission is available in the following language(s):

English (PDF document)

Note: As this submission was provided by an entity not subject to the Official Languages Act, the full document is only available in the language provided.

Footnote 1

Appendix I presents a history of the term Dynamic Data Obscurity. Also note that the IAF has undertaken a Dynamic Data Obscurity (DDO) project that “promotes emerging technology solutions for effectively securing data down to the data element level when used in big data and other robust data applications” (see ). As noted by the IAF:

An increasing amount of observational data is available from more and more connected devices and services, coupled with data from millions of sensors. When big data analysis is added, effective polices for when data should be visible to data applications and when it should not are required. The key project objective is defining confidentiality in highly observational environments. The DDO project is built on the long-established concept that effective security is based on the “belts and suspenders” melding of policy controls and technology being used to obscure data elements that should not be visible when using data, particularly for research. Today’s analytical capabilities makes the mandate for the “belt and suspenders” of policy and technology even more compelling. The technologies are challenged internally by organisations’ need for knowledge and externally by criminals. Even with the belt of policy, the suspenders of technology need upgrading to match today’s challenges. If that challenge is not met, real resistance to the information age’s dual mandates for innovation and fairness could be seen.

Return to footnote 1

Date modified:: 2016-10-05

Language selection

Search and menus

Search

Submission to the OPC’s Consultation on Consent under PIPEDA (Anonos)

Summary