back to article Want to avoid all private-data breaches, ever? Here's how

As information and privacy commissioner of Ontario, Ann Cavoukian's jurisdiction is limited to the Canadian province. But that doesn't mean the effects of her post don't extend into territories across the globe. “What I always say is privacy transcends jurisdiction,” she says. “It knows no boundaries. So if I'm going to protect …

COMMENTS

This topic is closed for new posts.
  1. John Latham

    Right to be forgotten

    "I'm not going to suggest that I'm opposed to it, because I respect the Europeans' wish to have that right. I think realistically, it's very difficult, in this day and age, not impossible."

    Really? I think the problem is a lack of will not a lack of ability. For businesses whose market cap is based on registered users there is little incentive to prune data.

    There are surely all sorts of quibbles about recovery from backup media or magnetic platters or intercepts passed to the black helicopter people, but at a basic level it really isn't difficult. If data can be inserted, it can be deleted.

  2. Anonymous Coward
    Anonymous Coward

    "you have a duty of care to protect that information as long as you hold it"

    That's the damn truth right there.

    Companies have a tendency to horde information - both internal and client information - and they always seem to focus on the (usually imagined, with no legal basis) liability of not keeping [everything forever]*, while ignoring the very real liability presented by keeping [everything forever]*.

    Strangely enough, I've found that very few General Councils Offices actually understand what their legal requirements are around data retention - and I've almost never seen the business side of the house take a hard look at what, and how long they actually need to retain information for.

    * not literal

    1. Anonymous Coward
      Anonymous Coward

      The principal problem..

      .. is that companies tend to horde data, but not the time it was collected. No, really. The only thing they do is collect, collect, collect - but never expire, because that was not part of the original design. I get email on accounts I have not used in years.

      The result is a forever growing mass of out of date information which makes a mess. Personally, I think it should become law for data to expire after x amount of years. No idea how many, say 5 (as crime seems to expire along that time, might as well use a common value). Want to keep it longer? Give a damn good reason, and get permission from the subject.

      I can see situations where this is not possible, like police databases, but I think they have other problems to clean up first, like illegally holding on to DNA data when there is no evidence of a crime, and, in a twist worthy of Kafka, use your presence in that database as a sign that you're up to no good. No wonder the EU told them to stop this - which they're happily ignoring.

      Oh, and while I'm at it, it's ll jolly well stating that "it ought to be so", but the Information Commissioners Office had its teeth pulled under New Labour. Unless they get some powers to kick the crap out both business AND government when they get it wrong I see no reason to realistically expect any change. Would you, given an option between a light fine and expensive business change?

      Yup, thought so.

  3. Steve Knox
    Boffin

    Wow.

    Long interview about a very simple question, and still got it wrong.

    Want to avoid all private-data breaches, ever? Here's how: DON'T STORE IT IN THE FIRST PLACE. That's the ONLY way to avoid a data breach.

    The fact is, most systems store much more private information than they actually need to, simply because they can. Cleaning up that would go much further towards securing private data than any technological solution.

    So I would add a 0th* principle to PbD: Minimize First -- don't include any private information that you don't actually need. This would help simplify the application of all of the other principles.

    * Geek Pop Quiz: What other set of principles has a 0th entry, and what is it?

    1. John Riddoch
      Terminator

      Law of Robots by Asimov - "do no harm to humanity" or something like that.

      The idea of only storing a "hash" of the biometric data does the same as not storing it to all intents and purposes. It's (nearly) impossible to reverse engineer the data to be identifiable; of course, it was seen to be impossible to reverse engineer hashed passwords, but that's largely been overtaken by CPU speed advances.

    2. saned
      Linux

      Copyleft, 0th entry:

      0. the freedom to use the work

      From the FSF.

  4. Anonymous Coward
    Anonymous Coward

    I would never entrust my data to anyone who uses the word 'holistic'.

    Also, this whole biometric thing is best avoided right now...if the system is compromised (and it will be) then you have absolutely no way of resetting your biometrics...you're stuck with them. Sure, use it for fairly low-key stuff like a thumbprint instead of a signature to start your laptop, for instance but in that case the biometric data would 1) Only be locally used by the owner of said data (there is no reason for it to be published anywhere) and 2) You'd still need a backup method as people can and do occasionally lose thumbs.

    If the police -or whoever- want the encoded information, all they have to do is drag you in and extract an involuntary biometric sample from you, as in the case of all those involuntary DNA samples.

  5. Pascal Monett Silver badge

    Interesting method

    Use the biometric data to has the encryption key used to encrypt the private data.

    Not only is the private data protected by the length of the encryption key (which can be extended as processing power increases), but being hashed by the biometric data that is not stored ensures that strictly no one can legally access the private data which is thus protected against intrusion and against police meddling.

    I like that idea a lot.

  6. Adam Inistrator

    "The key can be retrieved only when a fresh biometric sample from one of the problem gamblers is presented, making it hard for the data to be tapped for other purposes."

    The lady is an expert on philosophy and talks very nicely but the hard encryption doesn't add up for me. What does "hard for the data to be tapped" mean? Is the person's rough facial structure used as the decryption key? I would think there aren't enough reliably measurable bits of info in a face to defeat brute force decryption.

  7. Anonymous Coward
    FAIL

    You have to laugh...

    ....when a site that claims to be improving privacy uses Google Analytics to track visitors.

This topic is closed for new posts.

Other stories you might like