CARMA 2018: From Informed Consent to Enlightened Processing
Time 10/16/18 01:40PM-02:30PM
2018 may well prove to be the year we re-awakened to the importance of personal privacy. From the EU nailing the 99 Articles of the GDPR to our figurative door to the spectacle of the CEO of Facebook apologizing for his company's failure to protect the privacy of the largest user community on the planet, 2018 has provided multiple wake-up calls for those of us entrusted with users' personal information. Calls, both legal and social, are growing ever-louder for greater transparency and more consent-informed control in the handling of users' personal information.
2018 is also the year the CAR (Consent-informed Attribute Release) system development effort celebrates its second birthday, and like any two-year-old, both it and its parents are growing as they encounter the Real World (TM). While early releases focused on end-user interfaces, in this discussion, we'll focus on new developments in the administrative space. We'll touch on the mechanisms CAR provides for handling some of the more nuanced requirements of GDPR and for registering both traditionally-federated systems and non-SAML policy consumers, then focus more deeply on some of the information aggregation capabilities of the system. Even in cases where consent is not being applied, CAR can help institutions catalog and report on attribute release and other information disclosure policies and their legal bases across interfaces, and Article 29 WG guidelines, and more. Finally, we'll look at the Duke deployment of CAR and see how aggregating attribute release policy, as well as consent controls, in the CAR system is allowing Duke to demonstrate its commitment to "privacy by design."
Primary track Trust & Identity
Secondary tracks Information Security