Podcasts about Cavoukian

EU AI Act – Why, What & How with Dr. Ann Cavoukian, Nicola Fabiano, Punit Bhatia and Raghu Bala   The EU AI Act. Let us demystify the EU AI Act in this podcast that features a panel of experts. Together, they delve into the reasoning behind the Act, its core tenets, why was it needed? What does it entail? How does this legislation benefit society? They also discuss the crucial topics of responsible AI, trustworthy AI, and ethics in AI. The conversation explores critical questions surrounding the Act's effectiveness, the technical preparedness of regulators, and its potential societal benefits. But the discussion doesn't stop there. The panel also tackles broader challenges in AI development, including mitigating bias in data and fostering ethical and responsible AI practices. Join us with Dr. Ann Cavoukian, Nicola Fabiano, Punit Bhatia and Raghu Bala as we embark on a journey to understand the significance of compliance with AI regulations, not just limited to the EU AI Act but within a broader global context.  KEY CONVERSATION POINT   Why did we need this EU AI Act?   What is this EU AI Act all about?  Do Lawmakers and regulators have sufficient technical expertise?  How does this EU AI Act help society?  How do we reach a state wherein data is not biased?  Responsible AI, trustworthy AI and ethics in AI.  How to start the journey to compliance with AI regulation? And when?   ABOUT THE GUEST  Dr. Ann Cavoukian is a globally recognized privacy expert, distinguished academic, and passionate advocate for privacy by design. As the former Information and Privacy Commissioner of Ontario, Canada, she pioneered the concept of Privacy by Design, which emphasizes embedding privacy protections into the design and operation of systems, processes, and technologies. Dr. Cavoukian's groundbreaking work has earned her numerous accolades, including being named as one of the Top 25 Women of Influence in Canada and receiving the Meritorious Service Medal from the Governor General of Canada. Her expertise is sought after globally, and she has served as a consultant, advisor, and speaker for governments, corporations, and academic institutions worldwide. Nicola Fabiano is a distinguished Italian lawyer with a rich background in data protection, privacy, and artificial intelligence (AI) regulation. As an adjunct professor at Ostrava University in Rome and a former President of the San Marino Data Protection Authority, he brings a wealth of expertise to the table. Nicola has served as a national expert for the Republic of San Marino on key committees of the Council of Europe, including those focused on Convention No. 108 and the Ad hoc Committee on Artificial Intelligence. With his extensive experience as a government advisor for drafting legislation on personal data protection and his innovative contributions such as the Data Protection and Privacy Relationships Model (DAPPREMO), Nicola is at the forefront of shaping AI policy and ethics. Raghu Bala is a distinguished technology thought leader, entrepreneur, and author whose expertise spans a broad spectrum of cutting-edge domains, including IoT, AI, blockchain, mobile technologies, cloud computing, and Big Data. With a unique blend of deep technical knowledge and robust business acumen, Raghu has established himself as a visionary in Internet-related ventures. As the CEO of UnifyGPT Agentic Platform and an instructor for MIT Sloan's AI, De-Fi, and Blockchain courses, he is at the forefront of shaping the future of technology. Raghu's impressive resume includes co-authorship of the Handbook on Blockchain and contributions as a Contributing Editor to Step into the Metaverse.  RESOURCES   Websites www.fit4privacy.com, www.punitbhatia.com   Podcast https://www.fit4privacy.com/podcast   Blog https://www.fit4privacy.com/blog   YouTube http://youtube.com/fit4privacy   

Let's talk about digital identity with Oscar Santolalla, Ann Cavoukian and Katryna Dow. In this latest episode within the Identity Story Series, Ann Cavoukian, creator of Privacy by Design and Katryna Dow, CEO at Meeco, join Oscar to explore the road to becoming ISO 31700 for Privacy by Design. They discuss the importance of Privacy by Design and how it can help organisations protect their customers' personal data and comply with data protection regulations and the impact of Privacy by Design becoming an ISO Standard. [Transcript below] “If you don't have a strong foundation of security from end to end with full lifecycle protection, you're not going to have any privacy.” ~ Ann Cavoukian Dr Ann Cavoukian is recognised as one of the world's leading privacy experts. Dr Cavoukian served an unprecedented three terms as the Information & Privacy Commissioner of Ontario, Canada. There she created Privacy by Design, a framework that seeks to proactively embed privacy into the design specifications of information technologies, networked infrastructure and business practices, thereby achieving the strongest protection possible. In 2010, International Privacy Regulators unanimously passed a Resolution recognising Privacy by Design as an International Standard. Since then, PbD has been translated into 40 languages! In 2018, PbD was included in a sweeping new law in the EU: the General Data Protection Regulation. Dr Cavoukian is now the Executive Director of the Global Privacy & Security by Design Centre. She is also a Senior Fellow of the Ted Rogers Leadership Centre at Ryerson University, and a Faculty Fellow of the Centre for Law, Science & Innovation at the Sandra Day O'Connor College of Law at Arizona State University. Listen to Episode 73, where Ann joined the podcast to discuss Privacy by Design, and connect with Ann on LinkedIn. “One of the really challenging things about privacy and security is if you don't bake it in at the lower layers, if you don't build that foundation, it's really hard to go back and put it into a product or service afterwards.” ~ Katryna Dow Katryna Dow is the founder and CEO of Meeco; a personal data & distributed ledger platform that enables people to securely exchange data via the API-of-Me with the people and organisations they trust. Katryna has been pioneering personal data rights since 2002, when she envisioned a time when personal sovereignty, identity and contextual privacy would be as important as being connected. Now within the context of GDPR and Open Banking, distributed ledger, cloud, AI and IoT have converged to make Meeco both possible and necessary. Find out more about Meeco at meeco.me. For the past three years, Katryna has been named as one of the Top 100 Identity Influencers. She is the co-author of the blockchain identity paper ‘Immutable Me' and co-author/co-architect of Meeco's distributed ledger solution and technical White Paper on Zero Knowledge Proofs for Access, Control, Delegation and Consent of Identity and Personal Data. Katryna speaks globally on digital rights, privacy and data innovation. Listen to Episode 30, where Katryna joined the podcast to discuss Data minimisation, and connect with Katryna on LinkedIn. Go to our YouTube to watch the video transcript for episode 89. We'll be continuing this conversation on Twitter using #LTADI – join us @ubisecure! Podcast transcript Let's Talk About Digital Identity, the podcast connecting identity and business. I am your host, Oscar Santolalla. Oscar Santolalla: Today we're happy to bring you a new episode of our Identity Stories Series. Privacy by Design has just become an ISO standard, which we want to celebrate, so let's go back in time and hear moments of this journey. Let's first hear from Privacy by Design's creator herself, Dr Ann Cavoukian. She is recognised as one of the world's leading privacy experts and she served an unprecedented three terms as the Information & ...

Let's talk about digital identity with Ann Cavoukian, Executive Director of the Global Privacy and Security by Design Centre. In our series opener, Ann Cavoukian discusses Privacy by Design – the 7 foundational principles, the issues that it aims to solve and how Privacy by Design has evolved and is being used in today's tech products. [Transcript below] "You want to prevent the privacy harms from arising, not just resolve them after the fact, you want to prevent them." Dr. Ann Cavoukian is recognised as one of the world's leading privacy experts. Dr. Cavoukian served an unprecedented three terms as the Information & Privacy Commissioner of Ontario, Canada. There she created Privacy by Design, a framework that seeks to proactively embed privacy into the design specifications of information technologies, networked infrastructure and business practices, thereby achieving the strongest protection possible. In 2010, International Privacy Regulators unanimously passed a Resolution recognising Privacy by Design as an International Standard. Since then, PbD has been translated into 40 languages! In 2018, PbD was included in a sweeping new law in the EU: the General Data Protection Regulation. Dr. Cavoukian is now the Executive Director of the Global Privacy & Security by Design Centre. She is also a Senior Fellow of the Ted Rogers Leadership Centre at Ryerson University, and a Faculty Fellow of the Center for Law, Science & Innovation at the Sandra Day O'Connor College of Law at Arizona State University. Connect with Ann on LinkedIn. We'll be continuing this conversation on Twitter using #LTADI – join us @ubisecure!     Podcast transcript Let's Talk About Digital Identity, the podcast connecting identity and business. I am your host, Oscar Santolalla. Oscar Santolalla: Hello and welcome to join us a new episode of Let's Talk About Digital Identity. And you might have heard about Privacy by Design before all the influence that has had in products and regulations, et cetera. And today, we'll hear about that from its own creator. So, our guest today is Dr. Ann Cavoukian. She is recognised as one of the world's leading privacy experts. Dr. Cavoukian served an unprecedented three terms as the Information and Privacy Commissioner of Ontario, Canada. There she created Privacy by Design, a framework that seeks to proactively embed privacy into the design specifications of information technologies, network infrastructure, and business practices, thereby achieving the strongest protection possible. Today, Dr. Cavoukian is the Executive Director of the Global Privacy and Security by Design Centre. Good morning. Dr. Ann Cavoukian: Good morning, Oscar. Oscar: Good morning. And it's fantastic having the pleasure of having this conversation with you. Ann: Thank you. It's my pleasure. Oscar: Please tell us shortly how, yeah, your journey to this word of privacy and digital identity? Ann: Well, you know, it's interesting. When I became Privacy Commissioner, for the first term in '97, I think, I joined the office and it was full of brilliant lawyers who wanted to apply the law to data breach or privacy infraction and get a good resolution, which is great. But I wanted something earlier than that. I wanted something that was proactive. That by design could be embedded into the operations that you have, bake it into the code, make it a presence, so that you could prevent the privacy harms from arising. I wanted a model of proactive protection. And it took a while to sell this to my staff, to my lawyers. But I literally created Privacy by Design at my kitchen table over three nights. It was all about being proactive. That's how it came about. Oscar: OK, super interesting. If you can tell us, what is that concept for the ones who are not so completely familiar. Ann: So, Privacy by Design is all about being proactive. You want to prevent the privacy harms from arising,

Join the former Privacy Commissioner of Ontario, Canada and creator of PrivacyByDesign (PbD), translated into 40 languages and incorporated into General Data Protection Regulation (GDPR) and used by many organizations to proactively “bake-in” privacy into our systems. Every CISO needs to pay attention to and support the various country privacy laws. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/05/CISOSTORIES_AnnCavoukian_Article.pdf Cavoukian, A. 2019. Lead with Privacy by Design for Competitive Advantage. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 270-1. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp76

Raising Kids, Naturally is a part of the EcoParent Podcast Network: https://www.ecoparent.ca/podcastsThis episode was generously sponsored by Orange Naturals. www.orangenaturals.comAbout the EpisodeThis conversation starts with the simple question of why music is so important to the health and development of children, then evolves into Raffi's true give to the word - the philosophy of Child Honouring. Leslie and Raffi explore the universality of children's needs and rights, how they parallel the needs of all of us, and the importance of nurturing children and the planet.Guest Bio & LinksSinger, songwriter, ecology advocate, entrepreneur, author, and above all else, children's champion. Raffi, the man who brought music to millions of children and now delights their own children. His string of gold and platinum-selling recordings in North America — including his beloved “Baby Beluga” song — speak for themselves. But at the root of the Raffi story is a pioneering commitment to respect his young fans, a commitment that blossomed into an overarching belief that children who are respected and loved grow into loving, caring adults who, in turn, can help create a more caring world.Listen to the song that says it all: https://www.youtube.com/watch?v=Rvz91BPZvHMFor more on Raffi's Covenant for Honouring Children, its 9 principles for conscious living, and how to manifest it in your world, visit: https://raffifoundation.org/take-the-course/ Host Bio & LinksLeslie is a mother, doctor, and human who seeks to help individuals and communities reach their fullest potential. As a naturopathic doctor, Leslie will help you explore how your kids' health and wellbeing reciprocally intersect with the health of their communities and the planet, and offer practical strategies to optimize both.http://lesliesolomonian.weebly.com/about-me.htmlAbout the EcoParent Podcast NetworkThe EcoParent Podcast Network helps busy families live a healthier, greener lifestyle. Our host experts are imperfect, real, busy parents just like you who share ways to lower our collective carbon footprint and practical strategies that make a difference to your family's health, the planet and to our children's future. We offer raw, honest conversations and actionable advice across our six podcasts: pregnancy & birth, pediatric wellness, kids' nutrition, green beauty, healthy home, and raising greener teens. Join us and get inspired to live a more sustainable, healthy life! www.ecoparent.ca/podcastsFeedback?What questions do you have for Leslie or her guests? What would you like to hear about?This program discusses ideas that sometimes run counter to what is considered typical, or perhaps even acceptable. We invite you to reflect on that before listening with impressionable people - interpret that as you will.PartnershipsAudio magic on this episode was performed by Carlay Ream-Neal. This episode was edited by Emily Groleau.Any advertising within this podcast does not imply endorsement of the product or company by the podcast host. Listeners are encouraged to talk to their healthcare provider about if and which natural healthcare products are appropriate for them and their families.

Debbie Reynolds “The Data Diva” talks to, Dr. Ann Cavoukian, Executive Director at Global Privacy & Security by Design Centre. Dr. Cavoukian is the creator of the “Privacy By Design” framework that has famously been incorporated into the EU's landmark General Data Protection Regulation. We discuss how Dr. Cavoukian created her Privacy By Design framework in the 1990s while she was the Information and Privacy Commissioner of Ontario Canada, the tension between technology and law, third party data risks highlighted in privacy regulations, the relationship between privacy and freedom, the future of Privacy as a profession, Smart Cities, privacy as a human right, privacy and consent, the need for transparency and her hopes for data privacy in the future.

Ann Cavoukian tells John Oakley that freedom cannot exist without privacy, and that both are being rapidly eroded by vaccine mandates. Cavoukian is a former three-term privacy commissioner for Ontario as well as the current executive director of the Global Privacy and Security by Design Centre See omnystudio.com/listener for privacy information.

Learn more about Dr. Cavoukian and the GPS By Design Centre here.About ActiveNav- Visit our website- Follow us on Twitter- Connect with us on LinkedIn

You may recognize Doctor Cavoukian from her books or many media appearances - she is one of the world’s foremost experts on privacy, formerly the Distinguished Expert-in-Residence at Ryerson University, where she led the Privacy by Design Centre of Excellence as well as serving as a Senior Fellow of the Ted Rogers Leadership Centre. During her three terms as Ontario’s Information and Privacy Commissioner, she created Privacy by Design, a framework that proactively embeds privacy into the design specifications of information technologies, networked infrastructure, and business practices, which is the methodology now embedded within the EU’s GDPR. Doctor Cavoukian is currently the Founder and CEO of Global Privacy & Security by Design, where she is working to dispel the myth that we must choose between privacy and public safety or business interests. All that, and more, on this episode of The Strategy of Information with Nick Inglis from InfoGov.net.

Ann Cavoukian, the creator of Privacy By Design, shares how she created Privacy By Design and how it can be made actionable in companies. She also talks about how companies with legacy systems can incorporate Privacy By Design principles into their old legacy systems. Dr. Ann Cavoukian is recognized as one of the world's leading privacy experts. Dr. Cavoukian served an unprecedented three terms as the Information & Privacy Commissioner of Ontario, Canada. There she created Privacy by Design, a framework that seeks to proactively embed privacy into the design specifications of information technologies, networked infrastructure, and business practices, thereby achieving the strongest protection possible. Dr. Cavoukian is the author of two books i.e., “The Privacy Payoff: How Successful Businesses Build Customer Trust” with Tyler Hamilton, and “Who Knows: Safeguarding Your Privacy in a Networked World” with Don Tapscott. She has received numerous awards recognizing her leadership in privacy, including being recognized among the Top 100 Identity Influencers (February 2019), and also awarded the 2020 Canadian Women in Cybersecurity Lifetime Achievement Award In Recognition of Your Outstanding Contributions to Cybersecurity and Privacy in Ontario (March 2020). You can listen to the full conversation at Anchor, iTunes, Spotify, Stitcher. Please do share your comments on what you think and what you like to listen to in the future episodes. --- Send in a voice message: https://anchor.fm/fit4privacy/message

Ann Cavoukian, the creator of Privacy By Design talks to Punit Bhatia in The FIT4PRIVACY Podcast episode that is focussed on Privacy By Design. She shares a perspective on how she got into privacy, what was her rationale when creating privacy by design, and so on. Dr. Ann Cavoukian is recognized as one of the world's leading privacy experts. Dr. Cavoukian served an unprecedented three terms as the Information & Privacy Commissioner of Ontario, Canada. There she created Privacy by Design, a framework that seeks to proactively embed privacy into the design specifications of information technologies, networked infrastructure, and business practices, thereby achieving the strongest protection possible. In 2010, International Privacy Regulators unanimously passed a Resolution recognizing Privacy by Design as an International Standard. Since then, PbD has been translated into 40 languages! In 2018, PbD was included in a sweeping new law in the EU: the General Data Protection Regulation. Dr. Cavoukian is now the Executive Director of the Global Privacy & Security by Design Centre. She is also a Senior Fellow of the Ted Rogers Leadership Centre at Ryerson University, and a Faculty Fellow of the Center for Law, Science & Innovation at the Sandra Day O'Connor College of Law at Arizona State University. Dr. Cavoukian is the author of two books, “The Privacy Payoff: How Successful Businesses Build Customer Trust” with Tyler Hamilton, and “Who Knows: Safeguarding Your Privacy in a Networked World” with Don Tapscott. She has received numerous awards recognizing her leadership in privacy, including being named as one of the Top 25 Women of Influence in Canada, named as one of the Top 10 Women in Data Security and Privacy, and named as one of the ‘Power 50' by Canadian Business. She was awarded the Meritorious Service Medal by the Governor-General of Canada for her outstanding work on creating Privacy by Design and taking it globally (May 2017), named as one of the 50 Most Impactful Smart Cities Leaders (November 2017), named among the Top Women in Tech (December 2017), was awarded the Toastmasters Communication and Leadership Award (April 2018), recognized among the Top 100 Identity Influencers (February 2019), and most recently, she was named among the Top 18 Global AI Influencers within the AI & Tech Space (February 2019), was awarded the 2020 Canadian Women in Cybersecurity Lifetime Achievement Award In Recognition of Your Outstanding Contributions to Cybersecurity and Privacy in Ontario (March 2020). Listen to the conversation and share your views on what you think about it. You can listen to The FIT4PRIVACY Podcast conversations at Anchor, iTunes, Stitcher, Spotify... --- Send in a voice message: https://anchor.fm/fit4privacy/message

Wouldn't it be nice if privacy wasn't an afterthought? What if user privacy was built in from the get go? What if the entire design assumed that you didn't want anyone selling your data - and respected those wishes? That's the world of Privacy by Design - a concept pioneered in the mid-1990's by Dr. Ann Cavoukian. This may seem like an unattainable Utopian future, but Ann's infectious optimism may just convince you otherwise. Adding privacy doesn't mean sacrificing security or functionality, if done properly. Today we discuss the concepts of Privacy by Design and how we can achieve it. Dr. Ann Cavoukian is recognized as one of the world’s leading privacy experts. Dr. Cavoukian served an unprecedented three terms as the Information & Privacy Commissioner of Ontario, Canada. There she created Privacy by Design, a framework that seeks to proactively embed privacy into the design specifications of information technologies. In 2010, International Privacy Regulators unanimously passed a Resolution recognizing Privacy by Design as an International Standard. Since then, PbD has been translated into 40 languages! In 2018, PbD was included in a sweeping new law in the EU: the General Data Protection Regulation. Dr. Cavoukian is now the Executive Director of the Global Privacy & Security by Design Centre. Further Info: Global Privacy & Security: https://gpsbydesigncentre.com/about-us/Fight the EARN IT Act: https://act.eff.org/action/protect-our-speech-and-security-online-reject-the-graham-blumenthal-bill

As technology rapidly develops, the number of security and privacy concerns will only continue to grow. In this episode, we look at how companies can build cybersecurity into their business strategies—instead of scrambling to respond when a breach happens. Even with danger lurking around the corner, today’s guest, cybersecurity expert Ann Cavoukian, argues that companies are turning a blind eye to security and privacy issues until it is too late. Cavoukian is the executive director of the Global Privacy and Security by Design Centre, as well as a senior fellow of the Ted Rogers Leadership Centre at Ryerson University. She’s worked closely with the government in Canada as well as private companies on the best way to defend against security attacks. Cavoukian also says that privacy is vital to our society and an indispensable form of freedom, and that developments such as facial recognition technology are among the most egregious breaches of that freedom. Business Lab is hosted by Laura Ruma, director of insights, the custom publishing division of MIT Technology Review. The show is a production of MIT Technology Review, with production help from Collective Next. Music is by Merlean, from Epidemic Sound.  Show notes and links Ann Cavoukian, Ryerson University Global Privacy and Security by Design “Microsoft presents Dr. Ann Cavoukian on privacy and your business,” YouTube “Dr Ann Cavoukian – Privacy By Design,” YouTube “Will Privacy First Be The New Normal? An Interview With Privacy Guru, Dr. Ann Cavoukian,” by Hessie Jones, Forbes “Dr. Ann Cavoukian: Why Big Business Should Proactively Build for Privacy,” by Hessie Jones, Forbes

Millions know Raffi for his work as a children’s entertainer whose string of gold and platinum-selling recordings in North America includes his classic “Baby Beluga” song with its beloved melody and lyrics. But a very interesting piece of Raffi’s story is not as well known: Raffi’s pioneering commitment to honouring his young fans changed the way we came to view music made for children. Founding his own record label, Troubadour, then folk musician Raffi set out on a path that rescued children’s recordings from bargain bin pricing and sub-par production values.In 1976, with help from Ken Whiteley and Daniel Lanois, Raffi made sure that his recordings met the highest standards. Raffi convinced retailers that parents would pay regular price for quality music for their children, and he was right. Teachers, parents and kids took an immediate liking to the kind of songwriting and recording Raffi offered, perhaps because of the respect that was obvious in his material and the playful delivery that always clicked with the kids. Soon, the media were knocking at Raffi’s door.Because of his belief that children should not be exposed to too much television viewing and that they should not be directly marketed to, during his thirty-year career as a superstar of kid’s music Raffi refused all offers for commercial television shows and commercial endorsements. Even recently, when approached by a Hollywood production company to do a film based on “Baby Beluga,” he declined when told that the film’s marketing would include direct advertising to children. This is only one of a series of lucrative deals Raffi and Troubadour have declined over the years.

In today's podcast, Steve Durbin, Managing Director of the ISF talks with Dr. Ann Cavoukian, the Distinguished Expert-in-Residence of Ryerson University's Privacy by Design Centre of Excellence. Ann Cavoukian is recognised as one of the world's leading privacy experts. Since 2017, Cavoukian has been the distinguished expert in residence of Ryerson University's Privacy by Design Centre of Excellence. In fact, Ann developed the concept of Privacy by Design and its later evolution, Security by Design.  In today's conversation, Dr. Cavoukian will discuss the necessity that businesses "bake in" security and privacy into their business plan. https://www.securityforum.org/videos-podcasts/isf-podcast-dr-ann-cavoukian-privacy-by-design-security-by-design/

In today's podcast, Steve Durbin, MD, ISF talks with Dr. Ann Cavoukian, the Distinguished Expert-in-Residence of Ryerson University's Privacy by Design Centre of Excellence. Ann Cavoukian is recognised as one of the world's leading privacy experts. Since 2017, Cavoukian has been the distinguished expert in residence of Ryerson University's Privacy by Design Centre of Excellence. In fact, Ann developed the concept of Privacy by Design and its later evolution, Security by Design. In today's conversation, Dr. Cavoukian will discuss the necessity that businesses "bake in" security and privacy into their business plan.

In today's podcast, Steve Durbin, MD, ISF talks with Dr. Ann Cavoukian, the Distinguished Expert-in-Residence of Ryerson University's Privacy by Design Centre of Excellence. Ann Cavoukian is recognised as one of the world's leading privacy experts. Since 2017, Cavoukian has been the distinguished expert in residence of Ryerson University's Privacy by Design Centre of Excellence. In fact, Ann developed the concept of Privacy by Design and its later evolution, Security by Design.  In today's conversation, Dr. Cavoukian will discuss the necessity that businesses "bake in" security and privacy into their business plan.

In today's podcast, Steve Durbin, MD, ISF talks with Dr. Ann Cavoukian, the Distinguished Expert-in-Residence of Ryerson University's Privacy by Design Centre of Excellence. Ann Cavoukian is recognised as one of the world's leading privacy experts. Since 2017, Cavoukian has been the distinguished expert in residence of Ryerson University's Privacy by Design Centre of Excellence. In fact, Ann developed the concept of Privacy by Design and its later evolution, Security by Design. In today's conversation, Dr. Cavoukian will discuss the necessity that businesses "bake in" security and privacy into their business plan.

Acclaimed singer, author and child advocate, Raffi Cavoukian, joins Stephen Hurley to talk about his legacy work in Child Honouring and, in particular, a newly-created course that invites others to adopt a powerful respect for the voices of children in our world. Find out more about Raffi's Child Honouring work at http://raffifoundation.org

Armenian-ness, identity, exclusion, diasporas, homeland-diaspora relations are both personal and academic questions for Dr. Kristin Cavoukian of the University of Toronto. Join Salpi Ghazarian, Director, USC Institute of Armenian Studies, in this episode of Unpacking Armenian Studies. To learn more about the USC Institute of Armenian Studies, please visit Armenian.USC.edu

Dr. Ann Cavoukian is recognized as one of the world's leading privacy experts. She has consulted with Facebook, the European Uion and many other on privacy concerns. She is currently the Distinguished Expert-in-Residence, leading the Privacy by Design Centre of Excellence at Ryerson University. Her Privacy by Design framework is now the International Standard and has been translated into 39 languages. Dr. Ann Cavoukian has won numerous awards such as Top 25 Women of Influence in Canada Top 10 Women in Data Security & Privacy, Power 50 by Canadian Business, Top 100 Leaders in Identity. Dr. Ann Cavoukian will be sharing: How her privacy by design framework has become the international standard She'll show us how to create a new competitive advantage And even, how Steve Jobs avoided being tracked Other Resources: Equifax Breach - http://www.cbc.ca/news/business/equifax-canada-cyberbreach-1.4296475 Privacy Enhancing Technologies (PET): http://www.ontla.on.ca/library/repository/mon/27009/324331.pdf  Book: Feel the Fear & Do it Anyways - affiliate link -> http://amzn.to/2zCXjvo GDPR: General Data Protection Regulation: http://www.eugdpr.org/ Danah Boyd - NY University - https://tisch.nyu.edu/itp/itp-people/faculty/adjuncts/danah-boyd Homomorphic Encryption: https://www.networkworld.com/article/3196121/security/how-to-make-fully-homomorphic-encryption-practical-and-usable.html  International Council on Global Privacy & Security by Design: https://gpsbydesign.org/ Privacy-Protective Surveillance - http://www.ontla.on.ca/library/repository/mon/27009/324331.pdf Twitter - @AnnCavoukian Email - ann.cavoukian@ryerson.ca Restaurant - Mayrik - https://www.mayrik.ca/ Hit subscribe & share your thoughts or nominate a Canadian Innovator. As we explore the Canadian landscape & toot the horn for all Canadian Innovators.   There are many ways to connect with us!   Facebook Group: https://www.facebook.com/groups/CanInnovateh/ Facebook Page: https://www.facebook.com/CanInnovateh/   LinkedIn: https://www.linkedin.com/company-beta/22324999/admin/updates/ Instagram: https://www.instagram.com/caninnovateh/ Twitter: @CanInnovateh YouTube: CanInnovateh Website: www.caninnovateh.ca  Email: info@caninnovateh.ca 

What is GDPR? How to turn GDPR into our next competitive advantage & avoid the penalties! Today, we are talking about General Data Protection Regulation (GDPR) and the due date for businesses to be compliant is fast approaching.. May 25th, 2018.   We chat with Dr. Ann Cavoukian who gives us the low-down on the importance of GDPR, the relevance, the implications and some tools that will enable us to be prepared and turn this into our next competitive advantage. Dr. Ann Cavoukian is recognized as one of the world's leading privacy experts. She is currently the Distinguished Expert-in-Residence, leading the Privacy by Design Centre of Excellence at Ryerson University. Her Privacy by Design framework is now the International Standard and has been translated into 39 languages. Dr. Ann Cavoukian has won numerous awards such as Top 25 Women of Influence in Canada Top 10 Women in Data Security & Privacy, Power 50 by Canadian Business, Top 100 Leaders in Identity.   Some highlights: 40% of companies of are prepared for GDPR GDPR will be very positive if you can get ahead of it 92% of consumers are concerned about their privacy and loss of control Consumers don’t want this lack of control Lead by telling your customers that you’re protecting their privacy Make it a win-win prospect, this will build loyalty and customer trust GDPR applies to all 28 EU member countries It’s one overarching regulation GDPR raises privacy dramatically and includes privacy by design Privacy by design is the strongest form of privacy protection because it’s proactive Medical model of prevention Privacy by default, which is the 2nd privacy by design principle is included in GDPR Currently, we need to opt-out, but it’s going to change It says that the companies need to get customer’s positive consent Need to make it clear on how we collect people’s information, what purpose they use it for and the ways in which they process the data Review what you are doing now, identify what customer information that you’re acquiring Consumers now have the right to have their data deleted at any time if they feel that is not required Each element of data collected needs to have a clear purpose and intent, in which consumers have provided their permission Need to get the consent from the customer - need to seek their positive consent Penalties - 4% of your global revenues Imagine 4% of Facebook or Google - it’s going to be billions GDPR is the starting point, but it will impact everyone globally Everyone wants to do business with the EU In Canada, our privacy legislation was pretty good, but now, it’s no now longer adequate. Canadian laws are going to be updated in order to be adequate and consistent with GDPR Personal data is defined as any identifiable information - this includes IP addresses, locations, cookies, preferences etc.. Article: GDPREU.ORG - personal data https://www.gdpreu.org/the-regulation/key-concepts/personal-data/ Do Privacy by Design - do the 7 principles and it will show that you are acting in good faith the be compliant GDPR has been in the process for 5 years, so companies have had lots of time to get ready for May 25th, 2018 deadline GDPR is going to take a hard line on this You can have privacy and marketing and give consumer options Need to revalidate with your existing customers of which data they should be using Shouldn’t be using and keeping personal data forever, we should be purging Security breaches are becoming more and more common Tools: ICO.Org.UK - 12 Steps to take now - https://ico.org.uk/media/1624219/preparing-for-the-gdpr-12-steps.pdf Privacy by Design - Seven Foundational Steps - https://www.ryerson.ca/pbdce/certification/seven-foundational-principles-of-privacy-by-design/ Data Protection Self Assessment - https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment/ Direct Marketing Checklist - https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment/direct-marketing-checklist/  EU GDPR - https://www.eugdpr.org/ Article: Data Privacy deadline looms in EU, and yes, Canadian business must comply http://business.financialpost.com/executive/many-canadian-organizations-unprepared-for-the-eus-gdpr-compliance-deadline ITPRO Article: GDPR Preparation: 2018 data protection changes - http://www.itpro.co.uk/security/27563/how-to-get-ready-for-gdpr-2018-data-protection-changes/page/0/2 Article: GDPREU.ORG - Personal Data https://www.gdpreu.org/the-regulation/key-concepts/personal-data/ I even published a blog about GDPR CanInnovate Blog-  Check out our new website - NEW WEBSITE: www.CanInnovate.io  CanInnovate also has a new resources & tools page, that provides different offers and discounts. Who doesn't love to save money? http://caninnovate.io/offers/  Thanks again for tuning in! Would love to hear/read your thoughts and feedback. If you get a minute, perhaps even leave a review:) I'm still channelling Gary Vee! Ratings and reviews are my oxygen!:) Talk to you all next week. Best Always, Sapna Sapna@CanInnovate.io 

This week my guest is Ann Cavoukian, Distinguished Expert-in-Residence, leading Privacy by Design Centre of Excellence at Ryerson University. Ann and I talk about privacy, GDPR and the concept of privacy by design, which Ann created. Privacy by design was recognized by the International Data Protection and Privacy Commissioners as an essential component of fundamental privacy protection and it is a core part of the European Union GDPR regulations. It is really interesting that GDPR is the next thing, from a privacy prospective, that is hitting security. I like GDPR, the privacy it promotes and freedom it will bring to the individual in a long run. It will ultimately force security to respect the individual right. Listen to the interview and learn more on how to win GDPR with Privacy by Design, Positive Sum Mindset and how to embed privacy and security in your operations. If you have any questions about preparing for GDPR or need help facilitating this process, email privacy@redzonetech.net Major Take-Aways From This Episode: Privacy is not about secrecy. Privacy breathes freedom, innovation, and prosperity. Privacy by Design could be embedded into the design of your technologies, policies, procedures and data architecture. How to get rid of "zero-sum mindset": embed both privacy and security in your operations. The importance of asking how much "baking privacy and security" is going to save you in a long run, not what is it going to cost you. Privacy (and Data Protection) by design and by default ( Article 25 of the EU GDPR) and transparency are the biggest game-changers with preparing for GDPR. Great resource to learn about Privacy by Design is International Council on Global Privacy and Security, By Design that highlights the importance of global privacy and security by design. Practical application of GDPR. How to show that you are serious about abiding by GDPR law? Positive-Sum Mentality in relation to the concept of “Global Privacy and Security by Design”: Positive Sum for Privacy + Security or for Privacy + Business Important Links and Resources: International Council on Global Privacy and Security, By Design TEDx Talk on Privacy and Freedom TrustArc - comprehensive solutions for the EU GDPR, Privacy Shield, etc. Enigma.co – Enigma is a scalable privacy protocol for every blockchain. Nymity.com – Research-based privacy compliance software. ICO - UK's independent body set up to uphold information rights. Wikipedia - Profile Ryerson University Profile - Profile Privacy by Design (Wikipedia) About Ann Cavoukian Dr. Ann Cavoukian is recognized as one of the world's leading privacy experts. She is presently the Distinguished Expert-in-Residence, leading the Privacy by Design Centre of Excellence at Ryerson University. Dr. Cavoukian is also a Senior Fellow of the Ted Rogers Leadership Centre at Ryerson University, and a Faculty Fellow of the Center for Law, Science & Innovation at Sandra Day O'Connor College of Law at Arizona State University. Dr. Cavoukian served an unprecedented three terms as the Information & Privacy Commissioner of Ontario, Canada. There she created Privacy by Design, a framework that seeks to proactively embed privacy into the design specifications of information technologies, networked infrastructure and business practices, thereby achieving the strongest protection possible. In 2010, International Privacy Regulators unanimously passed a Resolution recognizing Privacy by Design as an international standard. Since then, PbD has been translated into 40 languages. Dr. Cavoukian has received numerous awards recognizing her leadership in privacy, including being named as one of the Top 25 Women of Influence in Canada, named among the Top 10 Women in Data Security and Privacy, named as one of the Power 50' by Canadian Business, named as one of the Top 100 Leaders in Identity, she was awarded the Meritorious Service Medal by the Governor General of Canada for her outstanding work on creating Privacy by Design and taking it global (May, 2017), named as one of the 50 Most Impactful Smart Cities Leaders, (November, 2017), and most recently, was named among the Top Women in Tech. Read full transcript here. How to get in touch with Ann Cavoukian Twitter LinkedIn Slideshare Credits: * Outro music provided by Ben’s Sound Other Ways To Listen to the Podcast iTunes | Libsyn | Soundcloud | RSS | LinkedIn Leave a Review If you enjoyed this episode, then please consider leaving an iTunes review here Click here for instructions on how to leave an iTunes review if you're doing this for the first time. About Bill Murphy Bill Murphy is a world renowned Innovation and Transformation (Offense and Defense) Expert dedicated to your success as an IT business leader. Follow Bill on LinkedIn and Twitter.

How do we protect ourselves in the new era of AI? In this episode, hosts Amanda Lang and Jodie Wallis speak with Ann Cavoukian about the privacy of personal data. Cavoukian is the distinguished expert-in-residence leading the Privacy by Design Centre for Excellence at Ryerson University. They also speak with Dr. Foteini Agrafioti, the chief science officer at RBC, and head of Borealis AI, as well as Deb Santiago, co-lead of the Responsible AI practice at Accenture. The conversation continues with Richard Zemel, co-founder and director of research at the Vector Institute for Artificial Intelligence.

Privacy does not have to be a zero-sum game. Dr Ann Cavoukian is a three-term Information and Privacy Commissioner of Ontario, Canada. Dr Cavoukian does not think that we have to choose between privacy and everything else. We can have privacy and meet business interests, security and public safety. She argues that is easier to take a privacy by design approach, taking privacy into account from the beginning than to try to think about privacy after the fact.She argues that is easier to take a Privacy by Design approach than to try to achieve privacy after the fact. If we bake privacy into our design from the beginning, we can prevent many of the privacy breaches. Recently, Cybersecurity breaches have been on the rise. Companies can go bankrupt from the many class action lawsuits that have come about because of security breaches. A security breach can sink a once successful company.In today world, privacy is our sleeping dragon. As a privacy champion, Dr. Cavoukian argues that we need to move away from thinking about privacy as a zero-sum game. We need to change the conversation from it being about either privacy or security.In this podcast, Ann describes German notion of informational self-determination. Informational self-determination refers to the right of the individual to decide what information about him/herself should be communicated to others and under what circumstances. Ann is working to disrupt dualistic thinking around privacy. She wants to open doors so people can have privacy today and well into the future.Links from the show.International Council on Global Privacy and Security by Design: https://gpsbydesign.org/This podcast was recorded via Skype both speakers were in different locations. Music provided by Clint Harewood you contact him on these websites: Facebook: https://www.facebook.com/Tamo.T or LinkedIn: https://www.facebook.com/Tamo.T

Privacy does not have to be a zero-sum game. Dr Ann Cavoukian is a three-term Information and Privacy Commissioner of Ontario, Canada. Dr Cavoukian does not think that we have to choose between privacy and everything else. We can have privacy and meet business interests, security and public safety. She argues that is easier to take a privacy by design approach, taking privacy into account from the beginning than to try to think about privacy after the fact.She argues that is easier to take a Privacy by Design approach than to try to achieve privacy after the fact. If we bake privacy into our design from the beginning, we can prevent many of the privacy breaches. Recently, Cybersecurity breaches have been on the rise. Companies can go bankrupt from the many class action lawsuits that have come about because of security breaches. A security breach can sink a once successful company.In today world, privacy is our sleeping dragon. As a privacy champion, Dr. Cavoukian argues that we need to move away from thinking about privacy as a zero-sum game. We need to change the conversation from it being about either privacy or security.In this podcast, Ann describes German notion of informational self-determination. Informational self-determination refers to the right of the individual to decide what information about him/herself should be communicated to others and under what circumstances. Ann is working to disrupt dualistic thinking around privacy. She wants to open doors so people can have privacy today and well into the future.Links from the show.International Council on Global Privacy and Security by Design: https://gpsbydesign.org/This podcast was recorded via Skype both speakers were in different locations. Music provided by Clint Harewood you contact him on these websites: Facebook: https://www.facebook.com/Tamo.T or LinkedIn: https://www.facebook.com/Tamo.T

We continue our discussion with Dr. Ann Cavoukian. She is currently Executive Director of Ryerson University’s Privacy and Big Data Institute and is best known for her leadership in the development of Privacy by Design (PbD). In this segment, Cavoukian tells us that once you’ve involved your customers in the decision making process, “You won’t believe the buy-in you will get under those conditions because then you’ve established trust and that you’re serious about their privacy.” We also made time to cover General Data Protection Regulation (GDPR) as well as three things organizations can do to demonstrate that they are serious about privacy. Learn more about Dr. Cavoukian: Follow her on Twitter: @AnnCavoukian Read her book: Who Knows: Safeguarding Your Privacy in a Networked World Transcript Cindy Ng: Dr. Cavoukian, besides data minimalization, de-identification, user access control, what are some other concrete steps that businesses can take to benefit from protecting privacy? Dr. Cavoukian: I think one of the things businesses don't do very well is involve their customers in the decisions that they make, and I'll give you an example. Years ago I read something called "Permission Based Marketing" by Seth Godin, and he's amazing. And I read it, and I thought, "Oh this guy must have a privacy background," because it was all about enlisting the support of your customers, gaining their permission and getting them to, as Godin said, "Put their hand up and say 'count me in.'" So I called him, he was based in California at the time, and I said, "Oh Mr. Godin, you must have a privacy background?" And he said something like, "No, lady, I'm a marketer through and through, but I can see the writing on the wall. We've gotta engage customers, get them involved, get them to wanna participate in the things we're doing." So, I always tell businesses that are serious about privacy, "First of all, don't be quiet about it. Shout it from the rooftops, the lengths you're going to, to protect your customer's privacy. How much you respect it, how user-centric your programs are, and you're focused on their needs in delivering." And, then, once they understand this is the background you're bringing, and you have great respect for privacy, in that context you say, "We would like you to consider giving us permission to allow it for these additional secondary uses. Here's how we think it might benefit you, but we won't do it without your positive consent." You wouldn't believe the buy-in you will get under those conditions because then you have established a trusted business relationship. They can see that you're serious about privacy, and then they say, "Well by all means, if this will help me, in some way, use my information for this additional purpose." You've gotta engage the customers in an active dialog. Cindy Ng: So ask, and you might receive. Dr. Cavoukian: Definitely, and you will most likely receive. Cindy Ng: In sales processes they're implementing that as well, "Is it okay if I continue to call you, or when can I call you next?" So they're constantly feeling they're engaged and part of the process, and it's so effective. Dr. Cavoukian: And I love that. Myself, as a customer... I belong to this air miles program, and I love it, because they don't do anything without my positive consent. And, yet, I benefit because they send me targeted ads and things I'm interested in. And I'm happy to do that, and then I get more points and then it just continues to be a win-win. Cindy Ng: Did you write anything about user access controls? What are your thoughts on that? Dr. Cavoukian: We wrote about it in the context of that you've gotta have restricted access to those who have... I was gonna say, "Right to know." Meaning there are some business purpose for which they're accessing the data. And that can be...when I say, "business purpose," I mean that broadly, in a hospital. People who are taking care of a patient, in whatever context, it can be in the lab. They go there for testing. Then they go for an MRI, and then they go... So there could be a number of different arms that have legitimate access to the data, because they've gotta process it in a variety of different ways. That's all legitimate, but those people who aren't taking care of the patient, in some broad manner, should have absolutely complete restricted access to the data. Because that's when the snooping and the rogue employee... Cindy Ng: Curiosity. Dr. Cavoukian: ...picture, the curiosity, takes you away, and it completely distorts the entire process in terms of the legitimacy of those people who should have access to it, especially in a hospital context, or patient context. You wanna enable easy access for those who have a right to know because they're treating patients. And then the walls should go up for those who are not treating in any manner. It'd be difficult to do, but it is imminently doable, and you have to do it because that's what patients expect. Patients have no idea that someone might be just, out of curiosity, looking at their file. You've had a breast removed, you had... I mean horrible things happen. Cindy Ng: Tell us about GDPR, and it's implications on Privacy by Design. Dr. Cavoukian: For the first time, right now the EU has the General Data Protection Regulation, which passed for the first time, ever. It has the words, the actual words, "Privacy by Design" and "Privacy as the default" in the stature. Cindy Ng: That's great. Dr. Cavoukian: It's a first, it's really huge, but what that means, it will strengthen those laws far higher than the U.S. laws. We talked about privacy as the default. It's the model of positive consent. It's not just looking for the opt out box. It's gonna really raise the bar, and that might present some problems in dealing with laws in the states. Cindy Ng: Then there's also their right to be forgotten, and we live in such a globalized world, people both doing business in the states and in Europe, it's been complicated. Dr. Cavoukian: It does get very complicated. What I tell people everywhere that I go to speak is that if you follow the principles of Privacy by Design, which in itself raised the bar dramatically from most legislation, you will virtually be assured of complying with your regulations, whatever jurisdiction you're in. Because you're following the highest level of protection. So that's another attractive feature about Privacy by Design is it offers such a high level of protection that you're virtually assured of regulatory compliance, whatever jurisdiction you're in. And in the U.S., I should say, that the FTC, the Federal Trade Commission, a number of years ago, under Jon Leibowitz, when he was Chair, they made Privacy by Design the first of three best practices that the FTC recommended. And since he's left, and Chairwoman Edith Ramirez is the Chair, she has also followed Privacy by Design and Security by Design, which are absolutely, interchangeably critical, and they are holding this high bar. So, I urge companies always to follow this to the extent that they can, because it will elevate their standing, both with the regulatory bodies, like the FTC, and with commissioners, and jurisdictions, and the EU, and Australia, and South America, South Africa. There's something called GPN, the Global Privacy Network, and a lot of the people who participate in these follow these discussions. Cindy Ng: What are three things that organizations can do in terms of protecting their consumers' privacy? Dr. Cavoukian: So, when I go to a company, I speak to the board of directors, their CEO, and their senior executive. And I give them this messaging about, "You've gotta be inclusive. You have to have a holistic approach to protecting privacy in your company, and it's gotta be top down." If you give the messaging to your frontline folks that you care deeply about your customer's privacy, you want them to take it seriously, that message will emanate. And, then what happens from there, the more specific messaging is, what you say to people, is you wanna make sure that customers understand their privacy is highly respected by this company. "We go to great lengths to protect your privacy." You wanna communicate that to them, and then you have to follow up on it. Meaning, "We use your information for the purpose intended that we tell you we're gonna use it for. We collect it for that purpose. We use it for that purpose." And then, "Privacy is the default setting. We won't use it for anything else without your positive consent after that, for secondary uses." So that's the first thing I would do. Second thing I would do is I would have at least quarterly meetings with staff. You need to reinforce this message. It's gotta be spread across the entire organization. It can't just be the chief privacy officer who's communicating this to a few people. You gotta get everyone to buy into this, because you... I was gonna say the lowest. I don't mean low in terms of category, but the frontline clerk might be low on the totem pole, but they may have the greatest power to breach privacy. So they have to understand, just like the highest senior manager has to understand, how important privacy is and why and how you can protect it. So have these quarterly meetings with your staff. Drive the message home, and it can be as simple as them understanding that this is... You're gonna get what I call, "privacy payoff." By protecting your customer's privacy, it's gonna yield big returns for your company. It will increase customer confidence and enhance customer trust, and that will increase our bottom line. And the third thing, I know this is gonna a little pompous, but I would invite, and only because this happened to me, I've been invited in to speak to a company, like, once a year. And you invite everybody, from top to bottom. You open it up and... People need to have these ideas reinforced. It has to be made real. "Is this really a problem?" So, you bring in a speaker. I'm using myself as an example because I've done it, but it can be anybody who can speak to what happens when you don't protect your customer's privacy. It really helps for people inside a company, especially those doing a good job, to understand what can happen when you don't do it right and what the consequences are to both the company and to employees. They're huge. You can lose your jobs. The company could go under. You could be facing class action lawsuits. And I find that it's not all a bad news story. I give the bad news, what's happening out there and what can happen, and then I applaud the behavior of the companies. And what they get is this dual message of, "Oh my God, this is real. This has real consequences when we fail to protect customer's privacy, but look at the gains we have, look at the payoff in doing so." And it makes them feel really good about themselves and the job that they're doing, and it underscores the importance of protecting customer's privacy.

I recently had the chance to speak with former Ontario Information and Privacy Commissioner Dr. Ann Cavoukian about big data and privacy. Dr. Cavoukian is currently Executive Director of Ryerson University’s Privacy and Big Data Institute and is best known for her leadership in the development of Privacy by Design (PbD). What’s more, she came up with PbD language that made its way into the GDPR, which will go into effect in 2018. First developed in the 1990s, PbD addresses the growing privacy concerns brought upon by big data and IoT devices. Many worry about PbD’s interference with innovation and businesses, but that’s not the case. When working with government agencies and organizations, Dr. Cavoukian’s singular approach is that big data and privacy can operate together seamlessly. At the core, her message is this: you can simultaneously collect data and protect customer privacy. Transcript Cindy Ng With Privacy by Design principles codified in the new General Data Protection Regulation, which will go into effect in 2018, it might help to understand the intent and origins of it. And that's why I called former Ontario Information and Privacy Commissioner, Dr. Ann Cavoukian. She is currently Executive Director of Ryerson University's Privacy and Big Data Institute and is best known for her leadership in the development of Privacy by Design. When working with government agencies and organizations, Dr. Cavoukian's singular approach is that big data and privacy can operate together seamlessly. At the core, her message is this, you can simultaneously collect data and protect customer privacy. Thank you, Dr. Cavoukian for joining us today. I was wondering, as Information and Privacy Commissioner of Ontario, what did you see what was effective when convincing organizations and government agencies to treat people's private data carefully? Dr. Cavoukian The approach I took...I always think that the carrot is better than the stick, and I did have order-making power as Commissioner. So I had the authority to order government organizations, for example, who were in breach of the Privacy Act to do something, to change what they were doing and tell them what to do. But the problem...whenever you have to order someone to do something, they will do it because they are required to by law, but they're not gonna be happy about it, and it is unlikely to change their behavior after that particular change that you've ordered. So, I always led with the carrot in terms of meeting with them, trying to explain why it was in both their best interest, in citizens' best interest, in customers' best interest, when I'm talking to businesses. Why it's very, very important to make it...I always talk about positive sum, not zero sum, make it a win-win proposition. It's gotta be a win for both the organization who's doing the data collection and the data use and the customers or citizens that they're serving. It's gotta be a win for both parties, and when you can present it that way, it gives you a seat at the table every time. And let me explain what I mean by that. Many years ago I was asked to join the board of the European Biometrics Forum, and I was honored, of course, but I was surprised because in Europe they have more privacy commissioners than anywhere else in the world. Hundreds of them, they're brilliant. They're wonderful, and I said, "Why are you coming to me as opposed to one of your own?" And they said, "It's simple." They said, "You don't say 'no' to biometrics. You say 'yes' to biometrics, and 'Here are the privacy protective measures that I insist you put on them.'" They said, "We may not like how much you want us to do, but we can try to accommodate that. But what we can't accommodate is if someone says, 'We don't like your industry.'" You know, basically to say "no" to the entire industry is untenable. So, when you go in with an "and" instead of a "versus," it's not me versus your interests. It's my interests in privacy and your interests in the business or the government, whatever you're doing. So, zero sum paradigms are one interest versus another. You can only have security at the expense of privacy, for example. In my world, that doesn't cut it. Cindy Ng Dr. Cavoukian, can you tell us a little bit more about Privacy by Design? Dr. Cavoukian I really crystallized Privacy by Design really after 9/11, because at 9/11 it became crystal clear that everybody was talking about the vital need for public safety and security, of course. But it was always construed as at the expense of privacy, so if you have to give up your privacy, so be it. Public safety's more important. Well, of course public safety is extremely important, and we did a position piece at that point for our national newspaper, "The Globe and Mail," and the position I took was public safety is paramount with privacy embedded into the process. You have to have both. There's no point in just having public safety without privacy. Privacy forms the basis of our freedoms. You wanna live in free democratic society, you have to be able to have moments of reserve and reflection and intimacy and solitude. You have to be able to do that. Cindy Ng Data minimalization is important, but what do you think about companies that do collect everything with hopes that they might use it in the future? Dr. Cavoukian See, what they're asking for, they're asking for trouble, because I can bet you dollars to doughnuts that's gonna come back to bite you. Because, especially with data, that you're not clear about what you're gonna do with it, so you got data sitting there. What data does is in identifiable form is attracts hackers. It attracts rogue employees on the inside who will make inappropriate use of the data, sell the data, do something with the data. It just...you're asking for trouble, because keeping data in identifiable form, once the uses have been addressed, just begs trouble. I always tell people, if you wanna keep the data, keep the data, but de-identify it. Strip the personal identifiers, make sure you have the data aggregated, de-identified, encrypted, something that protects it from this kind of rogue activity. And you've been reading lately all about the hackers who are in, I think they were in the IRS for God's sakes, and they're getting in everywhere here in my country. They're getting into so many databases, and it's not only appalling in terms of the data loss, it's embarrassing for the government departments who are supposed to be protecting this data. And it fuels even additional distrust on the part of the public, so I would say to companies, "Do yourself a huge favor. You don't need the data, don't keep it in identifiable form. You can keep it in aggregate form. You can encrypt it. You can do lots of things. Do not keep it in identifiable form where it can be accessed in an unauthorized manner, especially if it's sensitive data." Oh my god, health data...Rogue employees, we have a rash of it here, where...and it's just curiosity, it's ridiculous. The damage is huge, and for patients, and I can tell you, I've been a patient in hospitals many times. The thought that anyone else is accessing my data...it's so personal and so sensitive. So when I speak this way to boards of directors and senior executives, they get it. They don't want the trouble, or I haven't even talked costs. Once these data breaches happen these days, it's not just lawsuits, they're class action lawsuits that are initiated. It's huge, and then the damage to your reputation, the damage to your brand, can be irreparable. Cindy Ng Right. Yeah, I remember Meg Whitman said something about how it takes years and years to build your brand and reputation and seconds ruined. Dr. Cavoukian Yeah, yes. That is so true. There's a great book called "The Reputation Economy" by Michael Fertik. He's the CEO of reputation.com. It's fabulous. You'd love it. It's all about exactly how long it takes to build your reputation, how dear it is and how you should cherish it and go to great lengths to protect it. Cindy Ng Can you speak about data ownership? Dr. Cavoukian You may have custody and control over a lot of data, your customer's data, but you don't own that data. And with that custody and control comes an enormous duty of care. You gotta protect that data, restrict your use of the data to what you've identified to the customer, and then if you wanna use it for additional purposes, then you've gotta go back to the customer and get their consent for secondary uses of the data. Now, that rarely happens, I know that. In Privacy by Design, one of the principles talks about privacy as the default setting. The reason you want privacy to be the default setting...what that means is if a company has privacy as the default setting, it means that they can say to their customers, "We can give you privacy assurance from the get-go. We're collecting your information for this purpose," so they identify the purpose of the data collection. "We're only gonna use it for that purpose, and unless you give us specific consent to use it for additional purposes, the default is we won't be able to use it for anything else." It's a model of positive consent, it gives privacy assurance, and it gives enormous, enormous trust and consumer confidence in terms of companies that do this. I would say to companies, "Do this, because it'll give you a competitive advantage over the other guys." As you know, because you sent it to me, the Pew Research Center, their latest study on Americans' attitudes, you can see how high the numbers are, in the 90 percents. People have had it. They want control. This is not a single study. There have been multiple surveys that have come out in the last few months like this. Ninety percent of the public, they don't trust the government or businesses or anyone. They feel they don't have control. They want privacy. They don't have it, so you have, ever since, actually, Edward Snowden, you have the highest level of distrust on the part of the public and the lowest levels of consumer confidence. So, how do we change that? So, when I talk to businesses, I say, "You change that by telling your customers you are giving them privacy. They don't even have to ask for it. You are embedding it as the default setting which means it comes part and parcel of the system." They're getting it. I do what I call my neighbors test. I explain these terms to my neighbors who are very bright people, but they're not in the privacy field. So, when I was explaining this to my neighbor across the street, Pat, she said, "You mean, if privacy's the default, I get privacy for free? I don't have to figure out how to ask for it?" And I said, "Yes." She said, "That's what I want. Sign me up!" See, people want to be given privacy assurance without having to go to the lengths they have to go to now to find the privacy policy, search through the terms of service, find the checkout box. I mean, it's so full of legalese. It's impossible for people to do this. They wanna be given privacy assurance as the default. That's your biggest bet if you're a private-sector company. You will gain such a competitive advantage. You will build the trust of your customers, and you will have enormous loyalty, and you will attract new opportunity. Cindy Ng What are your Privacy by Design recommendations for wearables and IoT innovators and developers? Dr. Cavoukian The internet of things, wearable devices and new app developers and start up...they are clueless about privacy, and I'm not trying to be disrespectful. They're working hard, say an app developer, they're working hard to build their app. They're focused on the app. That's all they're thinking about, how to deliver what the app's supposed to deliver on. And then you say, "What about privacy?" And they say, "Oh, don't worry about it. We've got it taken care of. You know, the third-party security vendor's gonna do it. We got that covered." They don't have it covered, and what they don't realize is they don't know they don't have it covered. "Give it to the security guys and they're gonna take care of it," and that's the problem. When I speak to app developers...I was at Tim O'Reilly's Web 2.0 last year or the year before, and there's 800 people in the room, I was talking about Privacy by Design, and I said, "Look, do yourself a favor. Build in privacy. Right now you're just starting your app developing, build it in right now at the front end, and then you're gonna be golden. This is the time to do it, and it's easy if you do it up front." I had dozens of people come up to me afterwards because they didn't even know they were supposed to. It had never appeared on their radar. It's not resistance to it. They hadn't thought of it. So our biggest job is educating, especially the young people, the app developers, the brilliant minds. My experience, it's not that they resist the messaging, they haven't been exposed to the messaging. Oh, I should just tell you, we started Privacy by Design certification. We've partnered with Deloitte and I’ll send you the link and we're, Ryerson University, where I am housed, we are offering this certification for Privacy by Design. But my assessment arm, my audit arm, my partner, is Deloitte, and we're partnering together, and we've had a real, real, just a deluge of interest. Cindy Ng So, do you think that's also why people are also hiring Chief Privacy Officers? Dr. Cavoukian Yes. Cindy Ng What are some qualities that are required in a Chief Privacy Officer? Is it just a law background? Dr. Cavoukian No, in fact, I'm gonna say the opposite, and this is gonna sound like heresy to most people. I love lawyers. Some of my best friends are lawyers. Don't just restrict your hiring of Chief Privacy Officers to lawyers. The problem with hiring a lawyer is they're understandably going to bring a legal regulatory compliance approach to it, which, of course, you want that covered. I'm not saying...You have to be in compliance with whatever legislation is in your jurisdiction. But if that's all you do, it's not enough. I want you to go farther. When I ask you to do Privacy by Design, it's all about raising the bar. Doing technical measures such as embedding privacy into the design that you're offering into the data architecture, embedding privacy as a default setting. That's not a legalistic term. It's a policy term. It's computer science. It's a... You need a much broader skill set than law alone. So, for example, I'm not a lawyer, and I managed to be Commissioner for three terms. And I certainly valued my legal department, but I didn't rely on it exclusively. I always went farther, and if you're a lawyer, the tendency is just to stick to the law. I want you to do more than that. You have to have an understanding of computer science, technology, encryption, how can you... De-identification protocols are critical, combined with the risk of re-identification framework. When you look at the big data world, the internet of things, they're going to do amazing things with data. Let's make sure it's strongly de-identified and resist re-identification attacks. Cindy Ng There have been reports that people can re-identify people without data. Dr. Cavoukian That's right, but if you examine those reports carefully, Cindy, a lot of them are based on studies where the initial de-identification was very weak. They didn't use strong de-identification protocols. So, like anything, if you start with bad encryption, you're gonna have easy decryption. So, it's all about doing it properly at the outset using proper standards. There's now four standards of de-identification that have all come out that are risk-based, and they're excellent. Cindy Ng Are you a fan of possibly replacing privacy policies with something simpler, like a nutrition label? Dr. Cavoukian It's a very clever idea. They have tried to do that in the past. It's hard to do, and I think your simplest one for doing the nutrition kinda label would be if you did embed privacy as the default setting. Because then you could have a nutrition label that said, "Privacy built in." You know how, I think, Intel had something years ago where you had security built it or something. You could say, "Privacy embedded in the system."

This Wednesday I was very privileged to interview Dr. Ann Cavoukian. Dr. Cavoukian is the information and privacy commissioner of the province of Ontario (Canada) as well as the creator and foremost global champion of the privacy by design philosophy. She has been one of the most vocal proponents of privacy and the fact that […]

Dr. Ann Cavoukian is recognized as one of the leading privacy experts in the world. Noted for her seminal work on Privacy Enhancing Technologies (PETs) in 1995, her concept of Privacy by Design seeks to proactively embed privacy into the design specifications of information technology and accountable business practices, thereby achieving the strongest protection possible. In October, 2010, regulators from around the world gathered at the annual assembly of International Data Protection and Privacy Commissioners in Jerusalem, Israel, and unanimously passed a landmark Resolution recognizing Privacy by Design as an essential component of fundamental privacy protection. This was followed by the U.S. Federal Trade Commission's inclusion of Privacy by Design as one of its three recommended practices for protecting online privacy a major validation of its significance. An avowed believer in the role that technology can play in the protection of privacy, Dr. Cavoukian's leadership has seen her office develop a number of tools and procedures to ensure that privacy is strongly protected, not only in Canada, but around the world. She has been involved in numerous international committees focused on privacy, security, technology and business, and endeavours to focus on strengthening consumer confidence and trust in emerging technology applications. Dr. Cavoukian also serves as the Chair of the Identity, Privacy and Security Institute at the University of Toronto, Canada. She is also a member of several Boards including, the European Biometrics Forum, Future of Privacy Forum, RIM Council, and has been conferred as a Distinguished Fellow of the Ponemon Institute. Dr. Cavoukian was also named by Intelligent Utility Magazine as one of the Top 11 Movers and Shakers for the Global Smart Grid industry for 2011, and has been honoured with the prestigious Kristian Beckman Award for her pioneering work on Privacy by Design and privacy protection in modern international environments.

Dr. Cavoukian is Ontario's first Information and Privacy Commissioner to be reappointed for a second term. Initially appointed in 1997, her role in overseeing the operations of the freedom of information and privacy laws in Canada's most populous province was extended to 2009. Like the provincial auditor, she serves as an officer of the legislature, independent of the government of the day. Mr. Hope-Tindall is Technical Director and Chief Privacy Architect of dataPrivacy Partners Ltd., a Canadian based privacy consultancy. Formerly, he was special advisor to the Information and Privacy Commissioner/Ontario for biometrics and cryptography where he conducted privacy audits and assessments and monitored the development of large government systems having a significant privacy component. Mr. Hope-Tindall also represented the province of Ontario at the 1998 Canadian encryption policy discussions from which the template for Canada's national encryption policy arose.