Privacy Special Interest Group

Latest updates

This area contains all of the latest information about this group.

• Outputs from the group can be downloaded from the resources area.
• Further information about the group can be found below.

Found 2 articles.

The Cyber Security KTN along with the Sensors KTN and the Location and Timing KTN hosted a debate and workshop at the Royal Society to discuss emerging technologies and the safeguards required to protect individual and commercial privacy. The objective was to encourage rational debate around how the benefits of sensing and location technologies might continue to be realised whilst still recognising and mitigating against their associated privacy hazards.

One of the outcomes of this event was the recognition of the need for privacy to be 'designed in' to systems where a privacy risk was evident. This led to the suggestion of a privacy engineering methodology to ensure that a suitable process and principles could be applied in order to manage this, and potentially other, privacy risks.

The Cyber Security KTN has established a Special Interest Group to take this issue forward.

The Challenge

Organisations are increasingly impacted by a broad array of legal, regulatory and ethical constraints on their business, and specifically on their collection, use and dissemination of information that might be deemed private. Achieving compliance to privacy and data protection regulations is an important component of good corporate governance but there are also issues where the introduction of new technologies might generate new privacy concerns from the public.

Issues to be addressed include:

• Understanding the potential privacy impact of new technologies or products;
• How to plan mitigating factors;
• Understand consultations and how to manage the public interface;
• How to engage with stakeholders;
• The need to consider privacy enhancing technologies; How to design for privacy;
• How to provide user friendly privacy - e.g. to allow users to understand and control what happens to their personal data.

Privacy and Security

There are a number of synergies between privacy protection and information security. Information security has for many years recognized the importance of the process of achieving security and that it is not just about technology. Security experts also extol the need for security to be considered at the outset and not bolted on after a project has started. Security also begins with a risk assessment. These attributes are also applicable to the privacy domain.

The Approach

The Privacy Engineering Methodology SIG seeks membership from those in industry, academia and government who have an interest and expertise in compliance and privacy issues. Membership is especially sought from those who will bring a business-oriented approach to the subject so that a practical methodology to address new privacy risks can be developed. Given the parallels between privacy protection and information security this SIG will take its membership from the cyber security KTN in order to produce a first draft of the relevant engineering principles. These will then be validated by technologists in the Sensors, and Location and Timing KTNs.

The Chair

The group Chairman is Steve Marsh, Cabinet Office.

Return to top of page

• Overview
• Introduction
• Activity Group ideas
• 08 Competition Winners
• Overview
• E-Crime prevention
• Outsourcing and Offshore Risk
• SOA Security
• Special Interest Groups
• Overview
• A.I. and Forensics
• Economics of Information Security
• Metrics
• Trusted Computing
• Secure software development
• Privacy
• Human Vulnerabilities