These are straightforward to build.
Canada’s Privacy Commissioner launches breach risk self-assessment tool for organizations
Privacy Commissioner of Canada Philippe Dufresne has launched a new online tool that will help businesses and federal institutions that experience a privacy breach to assess whether the breach is likely to create a real risk of significant harm to individuals.
The privacy breach risk self-assessment tool is a convenient web-based application that guides users through a series of questions to assess the sensitivity of personal information that is involved in a data breach, and the probability that it will be misused.
The results provided through this online tool will help organizations to conduct a risk assessment following a data breach and determine their required next steps, including notifying affected individuals.
Organizations that are subject to Canada’s federal private-sector privacy law, the Personal Information Protection and Electronic Documents Act (PIPEDA), and federal government institutions, are required to report breaches that pose a real risk of significant harm to the Office of the Privacy Commissioner of Canada and to notify affected individuals.
Real risk of significant harm includes bodily harm, humiliation, damage to reputation or relationships, loss of employment, financial loss, identity theft, negative effects on one’s credit record, and damage or loss of property.
In determining whether there is a real risk of significant harm, organizations must consider the degree of sensitivity of the personal information involved and the probability that the information will be misused.
Privacy breaches may result from identity theft, scams, hacking or other unauthorized access, be it deliberate or accidental. Sensitive information often includes personal health and financial data.
Quote
“Privacy breaches are growing in scale, complexity and severity and can cause serious harm to the people who have been affected. This new online tool will make it easier for organizations to assess the potential impacts on individuals who have been affected, to determine what steps they need to take following a breach.”
Philippe Dufresne
Privacy Commissioner of Canada
Related links
Source: Office of the Privacy Commissioner of Canada
Worth considering…
https://www.mdpi.com/1999-5903/17/4/151
GDPR and Large Language Models: Technical and Legal Obstacles
Large Language Models (LLMs) have revolutionized natural language processing but present significant technical and legal challenges when confronted with the General Data Protection Regulation (GDPR). This paper examines the complexities involved in reconciling the design and operation of LLMs with GDPR requirements. In particular, we analyze how key GDPR provisions—including the Right to Erasure, Right of Access, Right to Rectification, and restrictions on Automated Decision-Making—are challenged by the opaque and distributed nature of LLMs. We discuss issues such as the transformation of personal data into non-interpretable model parameters, difficulties in ensuring transparency and accountability, and the risks of bias and data over-collection. Moreover, the paper explores potential technical solutions such as machine unlearning, explainable AI (XAI), differential privacy, and federated learning, alongside strategies for embedding privacy-by-design principles and automated compliance tools into LLM development. The analysis is further enriched by considering the implications of emerging regulations like the EU’s Artificial Intelligence Act. In addition, we propose a four-layer governance framework that addresses data governance, technical privacy enhancements, continuous compliance monitoring, and explainability and oversight, thereby offering a practical roadmap for GDPR alignment in LLM systems. Through this comprehensive examination, we aim to bridge the gap between the technical capabilities of LLMs and the stringent data protection standards mandated by GDPR, ultimately contributing to more responsible and ethical AI practices.
Interesting.
https://scholarship.law.upenn.edu/faculty_articles/541/
Is Privacy Really a Civil Right?
Sixty years ago, President Lyndon Johnson signed the Civil Rights Act of 1964. Civil rights laws aimed at curbing discrimination and inequality in federal programs, public accommodations, housing, employment, education, voting and lending faced opposition before the Act and continue to do so today. Nevertheless, a swell of legal scholars, policy analysts and advocacy groups in the United States now assert with favor a vital connection between privacy and civil rights. Historically, civil rights legislation was enacted to combat group-based discrimination, a problem exacerbated by contemporary approaches to personal data collection, artificial intelligence, algorithmic analytics and surveillance. Whether privacy is a civil right, protects civil rights, or is protected by civil rights, the novel pairing of civil rights and privacy rights commends itself. Yet, as we show, the pairing of privacy and civil rights is complex, consequential, and potentially disappointing. Privacy and civil rights have a mixed history of celebrated, but also ambivalent and condemnatory, partnerships. Little direct support for conceptualizing privacy or data protection as a civil right resides in the intricate history of U.S. civil rights laws. Still, civil rights law is a dynamic moral, political and legal concept adaptable to the demands of new justice initiatives. With that in mind, this Article critically examines the implications of legal interventions premised on pairing privacy rights and civil rights. We trace the contentious but paramount ideas of civil rights and privacy rights far back in time, revealing that important conceptual and historical issues muddy the waters of the recent trend freely characterizing privacy rights as civil rights or as rights that protect or are protected by civil rights. We conclude that one can sensibly contend today that privacy rights do and ought to protect civil rights, exemplified by the right to vote and freely associate; civil rights do and ought to protect privacy rights, exemplified by fair housing and employment rights that support material contexts for intimate life; and crucially, that privacy rights are civil rights, meaning that they are aspirational moral and human rights that ought to be a part of society’s positive law protections to foster goods that go to the heart of thriving lives and effective civic participation for everyone. By illuminating the remote and recent sources of what we term the “privacy-and-civil-rights” movement and its practical significance, we hope to empower those who pair privacy and civil rights with greater clarity and awareness of context, limitations, and likely outcomes.
No comments:
Post a Comment