"Designing Software Systems that Comply with Privacy Laws" (CRCS Lunch Seminar)

Presentation Date: 

Wednesday, May 6, 2009

CRCS Privacy and Security Lunch Seminar

Date: Wednesday, May 6, 2009
Speaker: Annie Anton
Title: Designing Software Systems that Comply with Privacy Laws

Abstract: Properly protecting information is in all our best interests, but it is a complex undertaking. The fact that regulation is often written by non-technologists, introduces additional challenges and obstacles. Moreover, those who design systems that collect, store, and maintain sensitive information have an obligation to design systems holistically within this broader context of regulatory and legal compliance.

There are questions that should be asked when developing new requirements for information systems. For example ….. How do we build systems to handle data that must be kept secure and private when relevant regulations tie your hands? When building a system that maintains health or financial records for a large number of people, what do we need to do to protect the information against theft and abuse, keep the information private, AND at the same time, satisfy all governing privacy laws and restrictions? Moreover, how do we know that we’ve satisfied those laws? How do we monitor for compliance while ensuring that we’re monitoring the right things? And, how do you accomplish all this in a way that can be expressed clearly to end-users and legislators (or auditors) so they can be confident you are doing the right things?

We’ve been working on technologies to make these tasks simpler, and in some senses, automatic. In this talk, I will describe some of the research that we have been conducting to address these problems. I will also discuss the results of a survey involving 975 Internet users in which we compared various ways to represent privacy management information to online healthcare consumers. The results of this work and our other studies pose interesting ethical questions for industry and society at large, and help illustrate the complexity of the problems.

Bio: Dr. Annie I. Antón is a Professor of Computer Science in the College of Engineering at the North Carolina State University. She received her Ph.D. in Computer Science from the College of Computing at the Georgia Institute of Technology. Dr. Antón joined the computer science department at NC State in 1998. From 2005-2006 she was a visiting faculty (sabbatical) scholar at Purdue University’s CERIAS.

She was awarded an NSF CAREER Award in 2000, named a CRA Digital Government Fellow in 2002, nominated and selected for the 2004-2005 IDA/DARPA Defense Science Study Group, and received the CSO (Chief Security Officer) Magazine “Woman of Influence in the Public Sector” award at the 2005 Executive Women’s Forum. This July she was named one of the most influential women in technology and government by The Political Voices of Women blog. In 2006 she was honored with an award for “Most Influential Paper of ICRE 1996” at RE’06 for her 1996 paper entitled “Goal-Based Requirements Analysis”. She is a former associate editor of IEEE Transactions on Software Engineering, and currently the cognitive issues area editor for the Requirements Engineering Journal and a member of the International Board of Referees for Computers & Security. Antón is a member of the International Association of Privacy Professionals, a senior member of the IEEE as well as a member of the ACM U.S. Public Policy Executive Committee and co-chair of the USACM Privacy Sub-committee.

Antón currently serves on various boards: the NSF Computer & Information Science & Engineering Directorate Advisory Council, the DHS Data Privacy and Integrity Advisory Committee, the CRA Board of Directors, an Intel Corporation Advisory Board, the Distinguished External Advisory Board for the TRUST Research Center, the Advisory Board for the Electronic Privacy Information Center in Washington, DC, and the Georgia Tech Alumni Association Board of Trustees. She is a former member of the Microsoft Research University Relations Faculty Advisory Board, the CRA-W, and the Georgia Tech Advisory Board (GTAB). Dr. Antón is director of ThePrivacyPlace.Org (http://theprivacyplace.org). Her URL is: http://www.csc.ncsu.edu/faculty/anton/.