I been looking through the OIC's latest consultation on Medical Data and the
document refers to PETs on page 8. Am I correct in thinking that stands for
Privacy Enhancing Technology?
Mike Lloyd
************************************8
The following is from http://www.dataprotection.gov.uk/extpets.htm
When I keyed it in it couldnt find it so I have pasted the whole page in to
this mail. Sorry for those that are not interested.
PRIVACY ENHANCING TECHNOLOGIES
ODPR POSITION
1. What are PETs?
At the International Data Protection and Privacy Commissioners' Conference
in Copenhagen in September 1994, our Dutch and Ontario colleagues launched
their report on Privacy Enhancing Technologies.
The Report poses as a key question to data users: "How much personal
information/data is truly required for the proper functioning of the
information system involving this transaction?" It adopts as a policy
position the view that: "minimising identifying data would restore privacy
considerably, but would still permit the collection of needed information."
Our colleagues assert that "the technology needed to achieve this goal
exists today." The Report goes on to discuss techniques for pseudonymising
data so that a data user can have access to true identity when necessary,
but an individual can routinely have "anonymous" use of a service.
2. Do the technologies exist?
There are examples of specific technical developments which are calculated
to achieve a privacy-enhancing objective. MYTEC, a Canadian company, has
produced a system of biometric encryption which permits a data user to
authenticate the identity of an individual uniquely by using finger patterns
to call information, but preventing data users from accessing any
fingerprints (since no identifiable fingerprints are ever retained). David
Birch of Hyperion, an IT consultancy, has explained how encryption
techniques and certified public keys can be used in smart card applications
to provide multiple pseudonymous identities which protect the true identity
of individuals but give proper assurance to commercial bodies with whom they
deal.
3. Are these the only techniques?
The Registrar has consulted her Advisory Board. Professor R Needham of
University of Cambridge and Ron McQuaker, President of the British Computer
Society, both took the view that the notions underlying PETs were perfectly
practical and did not necessarily imply any novel technical developments.
Conventional information systems can be transformed to have a
privacy-enhancing effect, if they are designed in the right way.
It is worth emphasising that PETs do not always have to be sophisticated
applications of cryptography, biometrics or other schemes to hide the
individual's identity. Some of the simplest techniques (such as access
controls) for securing the confidentiality and proper handling of data can
be part of this approach.
4. Is all this practical?
The answers to questions 2 and 3 answer this question. Leading technical
designers, academics and IT practitioners assert that PETs are perfectly
practical.
5. The Registrar's Position
The Registrar wholeheartedly supports PETs. The Office position is that this
is a matter not of novel technical development, but of design philosophy:
one that encourages the removal of identifiers linked to personal data
thereby anonymising the data. Of course the design approach recognises that
its applicability will vary with circumstances. What is important is to
emphasise as a design standpoint the protection of individual privacy.
A system designer approaching a task in this way might ask the following
questions as an essential part of the task:
"How can I best enhance the privacy of individuals involved in this system?"
"Do I need to collect any personal data at all?"
"If so, what is the minimum needed?"
"Who will have access to which data?"
"Can individuals make total or partial use of the system anonymously?"
The PET label is a useful means of promoting a privacy-friendly approach to
IS design. The Registrar is seeking to encourage the notion of the 'ethical
engineer'.
The Registrar is positively searching for pilot schemes in which to promote
the PET philosophy and techniques. We are, for example, encouraged that the
NHS IMG (Information Management Group) are willing to explore whether there
are ways in which we can work with them to encourage the implementation of
PETs. Further, the Government has proposed in its recent Green Paper
'government.direct' a move towards the greater provision of electronic
service delivery; we hope that these developments will provide further
opportunities for the adoption of a privacy enhancing philosophy.
Return to the News Page
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|