privacy compliance: technology - gaps, challenges larry korba national research council of canada...
Post on 19-Dec-2015
216 views
TRANSCRIPT
![Page 1: Privacy Compliance: Technology - Gaps, Challenges Larry Korba National Research Council of Canada Larry.Korba@nrc-cnrc.gc.ca CACR Privacy and Security,](https://reader038.vdocuments.mx/reader038/viewer/2022103022/56649d2a5503460f949fe410/html5/thumbnails/1.jpg)
Privacy Compliance: Technology - Gaps, Challenges
Larry KorbaNational Research Council of Canada
CACR Privacy and Security, Nov. 1-2, 2006Toronto
![Page 2: Privacy Compliance: Technology - Gaps, Challenges Larry Korba National Research Council of Canada Larry.Korba@nrc-cnrc.gc.ca CACR Privacy and Security,](https://reader038.vdocuments.mx/reader038/viewer/2022103022/56649d2a5503460f949fe410/html5/thumbnails/2.jpg)
Outline• About NRC/IIT/IS• What is the problem?
–Backdrop
• Technologies for Compliance:–Types, Snapshot
• Compliance Gaps–Technologies, Other Challenges
• NRC’s Approach–Project Structure, Early Results
• Summary
![Page 3: Privacy Compliance: Technology - Gaps, Challenges Larry Korba National Research Council of Canada Larry.Korba@nrc-cnrc.gc.ca CACR Privacy and Security,](https://reader038.vdocuments.mx/reader038/viewer/2022103022/56649d2a5503460f949fe410/html5/thumbnails/3.jpg)
Caveats…
• My Opinions– No Endorsements by NRC
• Technology Focus, But… Compliance Needs More Than Technology!
• Ask Questions Any Time…
![Page 4: Privacy Compliance: Technology - Gaps, Challenges Larry Korba National Research Council of Canada Larry.Korba@nrc-cnrc.gc.ca CACR Privacy and Security,](https://reader038.vdocuments.mx/reader038/viewer/2022103022/56649d2a5503460f949fe410/html5/thumbnails/4.jpg)
NRC & NRC-IIT
• NRC– $850M, in every province, 20 institutes– Scientific Research one of its Seven Mandates– Goal:
• NRC-IIT– $20M, 4 Cities: Ottawa, Gatineau, Fredericton, Moncton– 9 Groups– http://www.iit-iti.nrc-cnrc.gc.ca
• NRC-IIT-IS– Security and Privacy Research and Development
Increase Competitiveness through Research that gets Exploited
Security and Privacy without Complexity
![Page 5: Privacy Compliance: Technology - Gaps, Challenges Larry Korba National Research Council of Canada Larry.Korba@nrc-cnrc.gc.ca CACR Privacy and Security,](https://reader038.vdocuments.mx/reader038/viewer/2022103022/56649d2a5503460f949fe410/html5/thumbnails/5.jpg)
What is the Problem?
• From the News:– “Feds Often Clueless After Data Losses” – Oct. 18, 2006
– “Business brass ill-prepared for disasters” – Sept. 26, 2006
– “AOL is Sued Over Privacy Search Breach” – Sept. 26, 2006
– “Police warned to improve database security” – Aug. 23, 2006
– “Data Loss is a Major Problem” – Aug. 18, 2006
– “Three-Fifths of Companies Suffer Severe Data Loss” – Aug. 17, 2006
– “2nd VA Data Loss Prompts Resignation” – Aug. 8, 2006
– “Patient Data stolen from Kaiser” – Aug. 8, 2006
– “Sentry Insurance Says Customer Data Stolen” – July 29, 2006
– “Stitching Up Healthcare Records: Privacy Compliance Lags” – April 16, 2006
![Page 6: Privacy Compliance: Technology - Gaps, Challenges Larry Korba National Research Council of Canada Larry.Korba@nrc-cnrc.gc.ca CACR Privacy and Security,](https://reader038.vdocuments.mx/reader038/viewer/2022103022/56649d2a5503460f949fe410/html5/thumbnails/6.jpg)
What is the Problem?Data Explosion
• The Roots of the Problem
ClientsOrganizationOrganization
Data +
Computers Everywhere
+
Expanding Services
+
Marketing,Competition
+
Cheap Storage +
Legislation
-
Regulations/Policies
-Risk Management
-
![Page 7: Privacy Compliance: Technology - Gaps, Challenges Larry Korba National Research Council of Canada Larry.Korba@nrc-cnrc.gc.ca CACR Privacy and Security,](https://reader038.vdocuments.mx/reader038/viewer/2022103022/56649d2a5503460f949fe410/html5/thumbnails/7.jpg)
Technologies for Compliance: The Promise
“Technology makes the world a new place.”
- Shoshana Zuboff, U.S. social scientist. In the Age of the Smart Machine, Conclusion (1988).
“Technology makes the world a new place.”
- Shoshana Zuboff, U.S. social scientist. In the Age of the Smart Machine, Conclusion (1988).
![Page 8: Privacy Compliance: Technology - Gaps, Challenges Larry Korba National Research Council of Canada Larry.Korba@nrc-cnrc.gc.ca CACR Privacy and Security,](https://reader038.vdocuments.mx/reader038/viewer/2022103022/56649d2a5503460f949fe410/html5/thumbnails/8.jpg)
Technologies forCompliance: Market Drivers
• Compliance– Huge market ($10+ Billion)– Healthy Growth Rate (20% - 50% per year)– Compliance areas:
• Payment Cards, Privacy, Financial Information, Security, Privacy…
– Sectors: Diverse• Government• Healthcare• Tourism/Hospitality• Services, Financial• Manufacturing• Transportation• Military• Others
![Page 9: Privacy Compliance: Technology - Gaps, Challenges Larry Korba National Research Council of Canada Larry.Korba@nrc-cnrc.gc.ca CACR Privacy and Security,](https://reader038.vdocuments.mx/reader038/viewer/2022103022/56649d2a5503460f949fe410/html5/thumbnails/9.jpg)
Technologies for Compliance:Market Drivers
• Bandwagon Effect…– Firewall, Intrusion Prevention, Network Management,
Security/Privacy Policy Management– Consultants
• New Technologies…– To Deal with Different Needs
• Sarbanes-Oxley• Privacy• Intellectual Property Management
– And Emerging Needs• Data Purity
![Page 10: Privacy Compliance: Technology - Gaps, Challenges Larry Korba National Research Council of Canada Larry.Korba@nrc-cnrc.gc.ca CACR Privacy and Security,](https://reader038.vdocuments.mx/reader038/viewer/2022103022/56649d2a5503460f949fe410/html5/thumbnails/10.jpg)
Technologies for Compliance:Backdrop: Key Types
• Compliance– Consulting Services– Internet Service– Appliance– Database– Application
• Focus– Enterprise Systems– Enforcement
• Not Policy: Creation/Distribution/Management – Two Types
• Network-Based• Agent Based• And Combinations of the Above
![Page 11: Privacy Compliance: Technology - Gaps, Challenges Larry Korba National Research Council of Canada Larry.Korba@nrc-cnrc.gc.ca CACR Privacy and Security,](https://reader038.vdocuments.mx/reader038/viewer/2022103022/56649d2a5503460f949fe410/html5/thumbnails/11.jpg)
Technologies for Compliance:Types: Network-Based
• Monitor Network Traffic• Dissect packets
– Determine type of traffic, or data mine content• Flag/Prevent activities denied based upon policy
– Encrypted Traffic
A B C
NTM
Network Packet CaptureUnderstand TrafficMine ContentPolicy InterpretationLog or Prevent Inappropriate Activities
Packet CaptureUnderstand TrafficMine ContentPolicy InterpretationLog or Prevent Inappropriate Activities
![Page 12: Privacy Compliance: Technology - Gaps, Challenges Larry Korba National Research Council of Canada Larry.Korba@nrc-cnrc.gc.ca CACR Privacy and Security,](https://reader038.vdocuments.mx/reader038/viewer/2022103022/56649d2a5503460f949fe410/html5/thumbnails/12.jpg)
Technologies for Compliance:Types: Agent-Based
• Installs on Servers, Desktops, Laptops• “Direct” access to activities• Management Console to Coordinate Actions
A B C
NetworkMine Data “at Rest”Mine Computer ActivityPolicy InterpretationLog or Prevent Inappropriate Activities
Mine Data “at Rest”Mine Computer ActivityPolicy InterpretationLog or Prevent Inappropriate Activities
Console
![Page 13: Privacy Compliance: Technology - Gaps, Challenges Larry Korba National Research Council of Canada Larry.Korba@nrc-cnrc.gc.ca CACR Privacy and Security,](https://reader038.vdocuments.mx/reader038/viewer/2022103022/56649d2a5503460f949fe410/html5/thumbnails/13.jpg)
Technologies for Compliance:Types: Combination
• Best of Both Worlds!
A B C
Network
Console
NTM
![Page 14: Privacy Compliance: Technology - Gaps, Challenges Larry Korba National Research Council of Canada Larry.Korba@nrc-cnrc.gc.ca CACR Privacy and Security,](https://reader038.vdocuments.mx/reader038/viewer/2022103022/56649d2a5503460f949fe410/html5/thumbnails/14.jpg)
Technologies for Compliance
“Technology is a servant who makes so much noise cleaning up in the next room that his
master cannot make music. ”
- Karl Kraus (1874–1936)
“Technology is a servant who makes so much noise cleaning up in the next room that his
master cannot make music. ”
- Karl Kraus (1874–1936)
![Page 15: Privacy Compliance: Technology - Gaps, Challenges Larry Korba National Research Council of Canada Larry.Korba@nrc-cnrc.gc.ca CACR Privacy and Security,](https://reader038.vdocuments.mx/reader038/viewer/2022103022/56649d2a5503460f949fe410/html5/thumbnails/15.jpg)
Technologies for Compliance:Implementation Issues
• Dealing with:– Interactions Between Different Laws/Regulations– Structured or Unstructured Data– Data Server Environments– Content Management
• Automation of Policy Controls– Proactive Enforcement– Or Testing/Scanning
• Flexibility of Forensic Tools• Risk Management Tools• Interactions between Compliance & Existing Systems
– Identity, Document, Project Management, etc.– Network Security, Antivirus, Databases…
![Page 16: Privacy Compliance: Technology - Gaps, Challenges Larry Korba National Research Council of Canada Larry.Korba@nrc-cnrc.gc.ca CACR Privacy and Security,](https://reader038.vdocuments.mx/reader038/viewer/2022103022/56649d2a5503460f949fe410/html5/thumbnails/16.jpg)
Technologies for ComplianceChallenges
“Technology is dominated by two types of people: those who understand what they do not manage,
and those who manage what they do not understand. ”
- Putt's Law
“Technology is dominated by two types of people: those who understand what they do not manage,
and those who manage what they do not understand. ”
- Putt's Law
![Page 17: Privacy Compliance: Technology - Gaps, Challenges Larry Korba National Research Council of Canada Larry.Korba@nrc-cnrc.gc.ca CACR Privacy and Security,](https://reader038.vdocuments.mx/reader038/viewer/2022103022/56649d2a5503460f949fe410/html5/thumbnails/17.jpg)
Technologies for Compliance:Underlying Challenges
• Despite the hype… – There is no Instant, Universal, Ever- Adaptable Solution for Automated Compliance
• You cannot rely on technologies alone• Resources will be required
– Purchasing, – Maintenance, – Related SW & HW, – Staff, – Consultants
• As well, there are technology gaps
![Page 18: Privacy Compliance: Technology - Gaps, Challenges Larry Korba National Research Council of Canada Larry.Korba@nrc-cnrc.gc.ca CACR Privacy and Security,](https://reader038.vdocuments.mx/reader038/viewer/2022103022/56649d2a5503460f949fe410/html5/thumbnails/18.jpg)
Technologies for Compliance:Implications & Challenges
• Monitoring Employee/Guest Computer and Network Activity– There may be little privacy
• Little expectation of privacy
– There may be a great deal of data exposure • How well does the compliance technology protect?
– Balancing Legal Obligation with Employer/Employee Trust Relationship
![Page 19: Privacy Compliance: Technology - Gaps, Challenges Larry Korba National Research Council of Canada Larry.Korba@nrc-cnrc.gc.ca CACR Privacy and Security,](https://reader038.vdocuments.mx/reader038/viewer/2022103022/56649d2a5503460f949fe410/html5/thumbnails/19.jpg)
Technologies for Compliance:Some Examples
• Just a sampling of offerings• Market is changing monthly
![Page 20: Privacy Compliance: Technology - Gaps, Challenges Larry Korba National Research Council of Canada Larry.Korba@nrc-cnrc.gc.ca CACR Privacy and Security,](https://reader038.vdocuments.mx/reader038/viewer/2022103022/56649d2a5503460f949fe410/html5/thumbnails/20.jpg)
Technologies for Compliance:Some Examples
• ACM: www.acl.com– SOX, agent-based
• Googgun: www.googgun.com– privacy “compliance” server
• Ilumin: www.ilumin.com – Assentor
• Vontu: www.vontu.com– Discover, Protect, Monitor, Prevent
![Page 21: Privacy Compliance: Technology - Gaps, Challenges Larry Korba National Research Council of Canada Larry.Korba@nrc-cnrc.gc.ca CACR Privacy and Security,](https://reader038.vdocuments.mx/reader038/viewer/2022103022/56649d2a5503460f949fe410/html5/thumbnails/21.jpg)
Technologies for Compliance:Some Examples
• Verdasys: www.verdasys.com– Digital Guardian
• Oakley Networks: www.oakleynetworks.com– Sureview, Coreview
• Axentis: www.axentis.com– Internet service for SOX compliance
• IBM Workplace for Bus. Controls: www.ibm.com
![Page 22: Privacy Compliance: Technology - Gaps, Challenges Larry Korba National Research Council of Canada Larry.Korba@nrc-cnrc.gc.ca CACR Privacy and Security,](https://reader038.vdocuments.mx/reader038/viewer/2022103022/56649d2a5503460f949fe410/html5/thumbnails/22.jpg)
Technologies for Compliance:Some Examples
• Qumas: www.qumas.com– DocCompliance, ProcessCompliance, Portal
• Stellent: www.stellent.com– Enterprise Content Management
• Reconnex: www.reconnex.com– iGuard 3300
• Tablus: www.tablus.com– Content Alarm NW
![Page 23: Privacy Compliance: Technology - Gaps, Challenges Larry Korba National Research Council of Canada Larry.Korba@nrc-cnrc.gc.ca CACR Privacy and Security,](https://reader038.vdocuments.mx/reader038/viewer/2022103022/56649d2a5503460f949fe410/html5/thumbnails/23.jpg)
Technologies for Compliance:Some Examples
• Intrusion: www.intrusion.com– Compliance Commander
• Vericept: www.vericept.com– Enterprise Risk Management Platform
![Page 24: Privacy Compliance: Technology - Gaps, Challenges Larry Korba National Research Council of Canada Larry.Korba@nrc-cnrc.gc.ca CACR Privacy and Security,](https://reader038.vdocuments.mx/reader038/viewer/2022103022/56649d2a5503460f949fe410/html5/thumbnails/24.jpg)
Technologies for Compliance:Some Examples
• Privasoft: www.privasoft.com– AccessPro (Information Access Privacy)
• Enara Technologies: www.enarainc.com– Saperion + Enara Technologies
• Autonomy: www.autonomy.com– Aungate Division– Data mining for email and voice compliance
• And more…
![Page 25: Privacy Compliance: Technology - Gaps, Challenges Larry Korba National Research Council of Canada Larry.Korba@nrc-cnrc.gc.ca CACR Privacy and Security,](https://reader038.vdocuments.mx/reader038/viewer/2022103022/56649d2a5503460f949fe410/html5/thumbnails/25.jpg)
Technologies for ComplianceChallenges
“Having intelligence is not as important as knowing when to use it,
just as having a hoe is not as important as knowing when to plant. ”
- Chinese Proverb
“Having intelligence is not as important as knowing when to use it,
just as having a hoe is not as important as knowing when to plant. ”
- Chinese Proverb
![Page 26: Privacy Compliance: Technology - Gaps, Challenges Larry Korba National Research Council of Canada Larry.Korba@nrc-cnrc.gc.ca CACR Privacy and Security,](https://reader038.vdocuments.mx/reader038/viewer/2022103022/56649d2a5503460f949fe410/html5/thumbnails/26.jpg)
Technologies for Compliance:Technology Gaps
• Visualization Techniques– Minimize Operator Errors– Learn from Operators
• Accountability and Privacy– Audits, Retention, Access Restriction, Data Life, Rule Sets
• Data Mining and Machine Learning– Better Algorithms: Speed, Accuracy, Privacy
• Semantic Analysis, Link Analysis
– Context: Operator, Similar Operators
• Privacy Aspects– Privacy-Aware Data Mining– Limit Collection: Reduce Overhead and “Big Brother Effect”… Intelligence
• Better Workflow Integration– Reflect/Understand what “really happens” in an organization– Forensic Tools
• Security Built-In– Protect Data Discovery and Discovered Data– Privacy-Aware Security Protocols
![Page 27: Privacy Compliance: Technology - Gaps, Challenges Larry Korba National Research Council of Canada Larry.Korba@nrc-cnrc.gc.ca CACR Privacy and Security,](https://reader038.vdocuments.mx/reader038/viewer/2022103022/56649d2a5503460f949fe410/html5/thumbnails/27.jpg)
Technologies for Compliance:NRC’s Approach
• Technology Approach:– Inappropriate Insider Activity Discovery/Prevention
+– Privacy Technology
+– Distributed text/data mining
=– Comprehensive Privacy Compliance Technology– Could be applied for other compliance requirements
• Social Networking Applied to Privacy: SNAP
• Strategic project for NRC’s Institute for Information Technology
![Page 28: Privacy Compliance: Technology - Gaps, Challenges Larry Korba National Research Council of Canada Larry.Korba@nrc-cnrc.gc.ca CACR Privacy and Security,](https://reader038.vdocuments.mx/reader038/viewer/2022103022/56649d2a5503460f949fe410/html5/thumbnails/28.jpg)
SNAP Project:Technologies
• Trusted Human Computer Interaction– Simple, Effective Control of Complex Systems
• Automated Work Flow Discovery– Project Management, Organizational Work Flow
• Security Protocols for Privacy Protection– Scalable, effective, efficient exchanges
• Secure Distributed Computing– Authentication, Authorization, Access Control
• Data/Knowledge Visualization– Effective Security/Privacy posture Display
• Privacy-Enabled Data Mining– Protect data while assuring compliance
![Page 29: Privacy Compliance: Technology - Gaps, Challenges Larry Korba National Research Council of Canada Larry.Korba@nrc-cnrc.gc.ca CACR Privacy and Security,](https://reader038.vdocuments.mx/reader038/viewer/2022103022/56649d2a5503460f949fe410/html5/thumbnails/29.jpg)
SNAP Project:Goals
• Create technology that:– Discovers important data within a
corporation• Wherever it may be
– Discovers and visualizes how people work with the data
– Fills the Technology Gaps
• Exploit Results– Widely
Core TechnologyApplication Areas:- Business- Public Safety- Healthcare- Government- Military
Core TechnologyApplication Areas:- Business- Public Safety- Healthcare- Government- Military
![Page 30: Privacy Compliance: Technology - Gaps, Challenges Larry Korba National Research Council of Canada Larry.Korba@nrc-cnrc.gc.ca CACR Privacy and Security,](https://reader038.vdocuments.mx/reader038/viewer/2022103022/56649d2a5503460f949fe410/html5/thumbnails/30.jpg)
SNAP Project: NRC’s Approach
• User-Centered Research, Development, Design– Identify User, Context, and Needs
– Business, Functional, Data and Usability Requirements
– Early Testing
• Privacy Technology User Group– First Users
• Exploitation Interests
Exploitation
User Group
NRC
SNAP
![Page 31: Privacy Compliance: Technology - Gaps, Challenges Larry Korba National Research Council of Canada Larry.Korba@nrc-cnrc.gc.ca CACR Privacy and Security,](https://reader038.vdocuments.mx/reader038/viewer/2022103022/56649d2a5503460f949fe410/html5/thumbnails/31.jpg)
SNAP Project:Privacy Technology User Group
• Goal:– Identify Essential Product– Determine User– Detect Expectations– Define Use Context
• Four Parts– Business Requirements– Functional Requirements– Data Requirements– Usability Requirements
![Page 32: Privacy Compliance: Technology - Gaps, Challenges Larry Korba National Research Council of Canada Larry.Korba@nrc-cnrc.gc.ca CACR Privacy and Security,](https://reader038.vdocuments.mx/reader038/viewer/2022103022/56649d2a5503460f949fe410/html5/thumbnails/32.jpg)
SNAP Project:Privacy Technology User Group
• Analysis– Document– Stakeholder Interviews– Stakeholder Workshops– Observations in Context– Scenarios and Use Cases– Focus Groups with End Users
• Demonstrations, simulation and prototypes
• Targets:– Shared understanding - End User Involvement– Project Scope/Risk Reduction - Requirements Specification
Fully Understand Problem
![Page 33: Privacy Compliance: Technology - Gaps, Challenges Larry Korba National Research Council of Canada Larry.Korba@nrc-cnrc.gc.ca CACR Privacy and Security,](https://reader038.vdocuments.mx/reader038/viewer/2022103022/56649d2a5503460f949fe410/html5/thumbnails/33.jpg)
Product 4Product 3
SNAP Project
SNAPTechnologies
SNAP Project:Organization Picture
Trusted HCI
Automated WorkflowAnalysis
SecurityTechnologiesFor PrivacyProtection
Private DataDiscovery
EffectiveKnowledge
Visualization& Analysis
SNAPDemo
Product 1 Product 2
Privacy Technology User GroupRequirements Focus
NRC-IIT
Company
Background Research
RequirementsGathering
Org. 1-Org. 6
![Page 34: Privacy Compliance: Technology - Gaps, Challenges Larry Korba National Research Council of Canada Larry.Korba@nrc-cnrc.gc.ca CACR Privacy and Security,](https://reader038.vdocuments.mx/reader038/viewer/2022103022/56649d2a5503460f949fe410/html5/thumbnails/34.jpg)
SNAP Project:Some Results(Current Prototype)
• Private data, – SIN, Credit Card number, Address, Email
• Find it anywhere– Any action, any context, any file, any application
• Automated private data workflow discovery– Locate what went wrong and when for automated compliance or
forensics
• Determine normal and abnormal workflow– Correct workflow, discover experts
• Compare flow/operations against policy• Prevent inappropriate operations
– Automatically
![Page 35: Privacy Compliance: Technology - Gaps, Challenges Larry Korba National Research Council of Canada Larry.Korba@nrc-cnrc.gc.ca CACR Privacy and Security,](https://reader038.vdocuments.mx/reader038/viewer/2022103022/56649d2a5503460f949fe410/html5/thumbnails/35.jpg)
![Page 36: Privacy Compliance: Technology - Gaps, Challenges Larry Korba National Research Council of Canada Larry.Korba@nrc-cnrc.gc.ca CACR Privacy and Security,](https://reader038.vdocuments.mx/reader038/viewer/2022103022/56649d2a5503460f949fe410/html5/thumbnails/36.jpg)
Attempting to Open Documents with Private Data
![Page 37: Privacy Compliance: Technology - Gaps, Challenges Larry Korba National Research Council of Canada Larry.Korba@nrc-cnrc.gc.ca CACR Privacy and Security,](https://reader038.vdocuments.mx/reader038/viewer/2022103022/56649d2a5503460f949fe410/html5/thumbnails/37.jpg)
![Page 38: Privacy Compliance: Technology - Gaps, Challenges Larry Korba National Research Council of Canada Larry.Korba@nrc-cnrc.gc.ca CACR Privacy and Security,](https://reader038.vdocuments.mx/reader038/viewer/2022103022/56649d2a5503460f949fe410/html5/thumbnails/38.jpg)
![Page 39: Privacy Compliance: Technology - Gaps, Challenges Larry Korba National Research Council of Canada Larry.Korba@nrc-cnrc.gc.ca CACR Privacy and Security,](https://reader038.vdocuments.mx/reader038/viewer/2022103022/56649d2a5503460f949fe410/html5/thumbnails/39.jpg)
![Page 40: Privacy Compliance: Technology - Gaps, Challenges Larry Korba National Research Council of Canada Larry.Korba@nrc-cnrc.gc.ca CACR Privacy and Security,](https://reader038.vdocuments.mx/reader038/viewer/2022103022/56649d2a5503460f949fe410/html5/thumbnails/40.jpg)
![Page 41: Privacy Compliance: Technology - Gaps, Challenges Larry Korba National Research Council of Canada Larry.Korba@nrc-cnrc.gc.ca CACR Privacy and Security,](https://reader038.vdocuments.mx/reader038/viewer/2022103022/56649d2a5503460f949fe410/html5/thumbnails/41.jpg)
![Page 42: Privacy Compliance: Technology - Gaps, Challenges Larry Korba National Research Council of Canada Larry.Korba@nrc-cnrc.gc.ca CACR Privacy and Security,](https://reader038.vdocuments.mx/reader038/viewer/2022103022/56649d2a5503460f949fe410/html5/thumbnails/42.jpg)
![Page 43: Privacy Compliance: Technology - Gaps, Challenges Larry Korba National Research Council of Canada Larry.Korba@nrc-cnrc.gc.ca CACR Privacy and Security,](https://reader038.vdocuments.mx/reader038/viewer/2022103022/56649d2a5503460f949fe410/html5/thumbnails/43.jpg)
![Page 44: Privacy Compliance: Technology - Gaps, Challenges Larry Korba National Research Council of Canada Larry.Korba@nrc-cnrc.gc.ca CACR Privacy and Security,](https://reader038.vdocuments.mx/reader038/viewer/2022103022/56649d2a5503460f949fe410/html5/thumbnails/44.jpg)
![Page 45: Privacy Compliance: Technology - Gaps, Challenges Larry Korba National Research Council of Canada Larry.Korba@nrc-cnrc.gc.ca CACR Privacy and Security,](https://reader038.vdocuments.mx/reader038/viewer/2022103022/56649d2a5503460f949fe410/html5/thumbnails/45.jpg)
Summary
• Technologies for Compliance
• Brief Compliance Technology Company List
• Technology Gaps
• NRC-IIT’s SNAP Project
![Page 46: Privacy Compliance: Technology - Gaps, Challenges Larry Korba National Research Council of Canada Larry.Korba@nrc-cnrc.gc.ca CACR Privacy and Security,](https://reader038.vdocuments.mx/reader038/viewer/2022103022/56649d2a5503460f949fe410/html5/thumbnails/46.jpg)
Questions?
http://www.iit-iti.nrc-cnrc.gc.ca/
http://www.iit-iti.nrc-cnrc.gc.ca/
“Humanity is acquiring all the right technology for the wrong reasons.”— R. Buckminister Fuller
“Humanity is acquiring all the right technology for the wrong reasons.”— R. Buckminister Fuller
![Page 47: Privacy Compliance: Technology - Gaps, Challenges Larry Korba National Research Council of Canada Larry.Korba@nrc-cnrc.gc.ca CACR Privacy and Security,](https://reader038.vdocuments.mx/reader038/viewer/2022103022/56649d2a5503460f949fe410/html5/thumbnails/47.jpg)