CPDP Panel in Brussels 1/21/2015
https://www.ispeech.org/text.to.speech
Dynamic Data Obscurity (DDO)
Dynamic [dy·nam·ic, an adjective that means a process or system characterized by constant change, activity, or progress ]
Data [da·ta, a noun that means facts and statistics collected together for reference or analysis ]
Obscurity [ob·scu·ri·ty, a noun that means the state of being unknown or inconspicuous ].
Dynamic Data Obscurity (or DDO) is a new approach to balancing data privacy and data value. A new approach like Dynamic Data Obscurity (or DDO) is necessary because old terms / approaches suffer from shortcomings like those described below:
•Anonymity – this approach / term has a variety of definitions around the world, the strictest of which requires that all identifying elements be eliminated with no elements left that could, by exercising reasonable effort, serve to re-identify any person(s) concerned. This approach / term is supportive of protecting personal privacy rights but is difficult to reconcile with the goal of maximizing innovation and benefits to society.
•De-Identification is a term / approach used in the U.S. Health Insurance Portability and Accountability Act (HIPAA) to refer to data that “does not identify an individual and with respect to which there is no reasonable basis to believe that the information can be used to identify an individual is not individually identifiable health information.” However, jurisdiction of HIPAA is limited within the United States and industry practices vary.
•Encryption – the process of converting information or data into a code, especially to prevent unauthorized access has significant value. However, because encryption systems can fail, end-points (i.e., the identity of the sender and receiver) may still be known, activity (versus encrypted content associated with activity) may still be traceable, and limitations on the use of encrypted data (e.g., data that is protected via encryption is generally not available for use while data that is available for use is generally no longer protected by encryption), the utility of encryption may be limited in a world where you are looking to apply data.
•Data Minimization – this term / approach refers to the practice of companies limiting data they collect and retain. A January 2015 FTC report entitled Internet of Things – Privacy & Security in a Connected World endorsed data minimization but as a result failed to secure unanimous approval from all FTC Commissioners; one FTC Commissioner voted to not release the report and another felt compelled to express public concern over support in the report for data minimization. In addition, numerous organizations objected to FTC support for data minimization, with one group noting that:
“It is disheartening that the FTC staff has failed to propose a forward-looking regulatory approach to technology that narrowly targets actual harms while leaving companies free to innovate. In particular, in calling for companies to reduce their use of data, the FTC misses the point that data is the driving force behind innovation in today’s information economy.”
The next public use of the term Dynamic Data Obscurity (or DDO) took place in an October 20, 2014 International Association of Privacy Professionals (IAPP) Privacy Perspectives article written by Gary LaFever, Co-Founder of Anonos - a pioneer in developing DDO technology, in which he said:
“We’re not discounting the value of anonymization; it powered the growth of the Internet. But today, technology, markets, applications and threats have evolved while the protocols to keep personally identifiable data anonymous have not. If we are to mine the vast potential of data analytics to create high-value products and services that improve and even save lives while meeting the privacy expectations of the public and regulators, we need new tools and thinking.
Dynamic data obscurity improves upon static anonymity by moving beyond protecting data at the data record level to enable data protection at the data element level. Dynamic data obscurity empowers privacy officers to improve the “optics” of data protection for data subjects, regulators and the news media while deploying next-generation technology solutions that deliver more effective data privacy controls while maximizing data value.
Vibrant and growing areas of economic activity—the “trust economy,” life sciences research, personalized medicine/education, the Internet of Things, personalization of goods and services—are based on individuals trusting that their data is private, protected and used only for authorized purposes that bring them maximum value. This trust cannot be maintained using static anonymity. We must embrace new approaches like dynamic data obscurity to both maintain and earn trust and more effectively serve businesses, researchers, healthcare providers and anyone who relies on the integrity of data.”
See http://anonos.com for more information.
source
Gloss