CPDP Conference Who is Who |
||
 |
|
|
 |
||||
Name: Bernd Kowalski Personal web-site: |
||||
|
|
|
|
|
Short BIO Bernd Kowalski was born on March 22nd 1954 in Siegen, Germany. He went to university at the Rheinisch Westfälische Hochschule (RWTH) in Aachen. In 1982 he joined the Deutsche Bundespost and worked first in the area of data communication networks and applications in Darmstadt. Since 1985 he is involved in information security at the Deutsche Bundespost. After the Deutsche Bundespost he changed to Deutsche Telekom. In 1990 he took over the task to set up the Productcenter Telesec in Siegen that offers secure communications products and services, e.g. Certificate and Smartcard Services for public Digital Signature and corporate Solutions. In 2002 he changed to the German Federal Office for Information Security (BSI) and took over a division that is responsible for Certification, Approval, Critical Infrastructure Protection, Mobile Security, Counter-Eavesdropping and Marketing.
CPDP Conference 2011 presentation Technical Guidelines RFID as Templates for the PIA Framework The European Commission (EC) wants to make sure that the citizens’ rights are protected. Therefore the EC published the “Recommendation on the implementation of privacy and data protection principles in applications supported by RFID” (RFID Recommendation) on May 12, 20091. In order to support the implementation of this RFID Recommendation the EC DG Information Society (DG InfSo) has established the RFID PIA Informal Working Group (PIA Group). In this group experts from various industry sectors have worked out the RFID Privacy Impact Assessment (PIA) Framework document, which intends to provide a top level tool to assess and document RFID applications regarding their provisions to ensure citizens’ privacy and consumer rights. This PIA Framework provides a generic scheme for the PIA and has to be complemented by more detailed schemes like roles, security targets, classes and templates reflecting the special aspects of industry-specific and individual applications. This puts the “Technical Guidelines for the Secure Use of RFID” (TG RFID) into perspective which have been issued by Germany’s Federal Office for Information Security (BSI). The TG RFID support the PIA Framework in a synergetic way by providing the next detailed levels which are necessary for performing a comprehensive privacy and security assessment of RFID applications dedicated to specific application domains. They include a security risk assessment methodology and documentation scheme of the results which comply to the international standard ISO 27005, full transparency on security targets, threats, safeguards and remaining risks and the option for evaluation and certification by a neutral party. This presentation describes how the TG RFID could be of complementary value for the PIA Framework by defining schemes for privacy assessments and the outline of application specific templates. |
|||||||||||||||
|
|||||||||||||||
|
|
|
|
||||||||||||
