Difference between revisions of "IoTSec:Privacy Label explanation"
From its-wiki.no
Josef.Noll (Talk | contribs) |
Josef.Noll (Talk | contribs) m (→Process) |
||
| (8 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| − | <span style="color:#009000">Four areas | + | {{TOCright}} |
| + | = Process = | ||
| + | During the [[IoTSec:Consortium_Nov.2017|IoTSec Workshop in Nov2017]] with privacy and security experts we established both process details for considering privacy, influence of data types and parameters, grading of privacy (A-F), and identified open issues. The topics addressed hear are seen as ''work in progress''. | ||
| + | |||
| + | <span style="color:#009000">Four areas regarding the process of data related to privacy | ||
# <span style="color:#009000">which data are collected | # <span style="color:#009000">which data are collected | ||
# <span style="color:#009000">sharing to my phone, my cloud, public cloud,... | # <span style="color:#009000">sharing to my phone, my cloud, public cloud,... | ||
# <span style="color:#009000">data communication integrity and storage | # <span style="color:#009000">data communication integrity and storage | ||
# <span style="color:#009000">further distribution of data, ownership of data, further processing | # <span style="color:#009000">further distribution of data, ownership of data, further processing | ||
| + | In addition come the "right to be forgotten", correction and deleting of "wrong" data | ||
| + | |||
| + | == Influence on data types == | ||
| + | * freshness of data | ||
| + | * consent, | ||
| + | * level of control, | ||
| + | * notion of data sensitivity | ||
| + | * transparency | ||
| + | |||
| + | Influence parameters | ||
| + | * data | ||
| + | * control functionality | ||
| + | * security techniques | ||
| + | * accountability | ||
| + | * access to data | ||
| + | |||
<span style="color:#009000">Open issues | <span style="color:#009000">Open issues | ||
| Line 9: | Line 29: | ||
* <span style="color:#009000"> maintenance and update</span> | * <span style="color:#009000"> maintenance and update</span> | ||
| − | A++ | + | = Level A++ = |
* <span style="color:#009000"> no data are shared | * <span style="color:#009000"> no data are shared | ||
| − | A+ | + | = Level A+= |
| − | A - Very high | + | = Level A - Very high = |
* <span style="color:#009000"> restricted use of data to purpose only (particular service) | * <span style="color:#009000"> restricted use of data to purpose only (particular service) | ||
* supplier should bear the risk of incidents, e.g. they rather than I get penalised when things go wrong - equivalent to finansavtaleloven | * supplier should bear the risk of incidents, e.g. they rather than I get penalised when things go wrong - equivalent to finansavtaleloven | ||
| − | * if device is stolen - nobody else | + | * if device is stolen - nobody else |
| − | B | + | = Level B = |
* <span style="color:#009000"> specify the data to be collected, re-use for statistical data only, ensured integrity | * <span style="color:#009000"> specify the data to be collected, re-use for statistical data only, ensured integrity | ||
* customizable access control, eg.. add stronger authentication or consent requirements | * customizable access control, eg.. add stronger authentication or consent requirements | ||
| Line 27: | Line 47: | ||
* customer can control with how the information is transferred and used by a third party | * customer can control with how the information is transferred and used by a third party | ||
| − | C | + | = Level C = |
* <span style="color:#009000"> data are collected without control (GPS+activity+heart rate), re-use only for statistical, encrypted storage | * <span style="color:#009000"> data are collected without control (GPS+activity+heart rate), re-use only for statistical, encrypted storage | ||
* must be possible to withdraw consent - and that this results in all relevant information being deleted - and proof of deletion | * must be possible to withdraw consent - and that this results in all relevant information being deleted - and proof of deletion | ||
| − | D | + | = Level D = |
* <span style="color:#009000"> data are collected, transparency of re-use | * <span style="color:#009000"> data are collected, transparency of re-use | ||
* Data is not sold without consent/knowledge | * Data is not sold without consent/knowledge | ||
| Line 39: | Line 59: | ||
| − | E | + | = Level E = |
* <span style="color:#009000"> collected data, no transparency of re-use | * <span style="color:#009000"> collected data, no transparency of re-use | ||
* in compliance with GDPR | * in compliance with GDPR | ||
| Line 46: | Line 66: | ||
| − | F - Failure | + | = Level F - Failure= |
* no privacy, no control of data, ''everyone can see'' | * no privacy, no control of data, ''everyone can see'' | ||
* nothing , no expectations | * nothing , no expectations | ||
| − | + | =Other aspects = | |
| − | + | Ongoing discussion that A-F might be too many levels to be considered, and that one should focus on only three levels (A-C), where C is compliance with GDPR. | |
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
Latest revision as of 14:39, 24 January 2019
| Security in IoT for Smart Grids | |||||||
|---|---|---|---|---|---|---|---|
|
|
Process
During the IoTSec Workshop in Nov2017 with privacy and security experts we established both process details for considering privacy, influence of data types and parameters, grading of privacy (A-F), and identified open issues. The topics addressed hear are seen as work in progress.
Four areas regarding the process of data related to privacy
- which data are collected
- sharing to my phone, my cloud, public cloud,...
- data communication integrity and storage
- further distribution of data, ownership of data, further processing
In addition come the "right to be forgotten", correction and deleting of "wrong" data
Influence on data types
- freshness of data
- consent,
- level of control,
- notion of data sensitivity
- transparency
Influence parameters
- data
- control functionality
- security techniques
- accountability
- access to data
Open issues
- access control (authentication) - transparency of authentication level
- maintenance and update
Level A++
- no data are shared
Level A+
Level A - Very high
- restricted use of data to purpose only (particular service)
- supplier should bear the risk of incidents, e.g. they rather than I get penalised when things go wrong - equivalent to finansavtaleloven
- if device is stolen - nobody else
Level B
- specify the data to be collected, re-use for statistical data only, ensured integrity
- customizable access control, eg.. add stronger authentication or consent requirements
- must be able to trade off the various security requirements, e.g. confidentiality agains availability - i.e. I want flexibility
- compliance with other standards - and this be listed (information requirement) - clipper compatible
- anonymity of my interaction with the supplier
- customer can control with how the information is transferred and used by a third party
Level C
- data are collected without control (GPS+activity+heart rate), re-use only for statistical, encrypted storage
- must be possible to withdraw consent - and that this results in all relevant information being deleted - and proof of deletion
Level D
- data are collected, transparency of re-use
- Data is not sold without consent/knowledge
- transparency - I get told about the criteria that the supplier has used in their information classification
- Information is only used for its legitimate purpose
Level E
- collected data, no transparency of re-use
- in compliance with GDPR
- if data is stolen, I will get told
- notification if DSO is hacked
Level F - Failure
- no privacy, no control of data, everyone can see
- nothing , no expectations
Other aspects
Ongoing discussion that A-F might be too many levels to be considered, and that one should focus on only three levels (A-C), where C is compliance with GDPR.