Towards Developing Comprehensive Privacy Controls that Minimize Risks


  • Chris Shenefiel


  • Masooda Bashir
  • Lisa Bobbitt
  • Guy Cohen
  • Yeong Zee Kin

Organisation: UIUC (US)

Room: Online 4

Timing: 16:00 - 17:15 on 27 January 2021

Advancement of technologies has created new threat landscapes in the Privacy/Security domains. Therefore, information privacy protections have become a vital element for all computing environments. We can no longer presume that information privacy refers only to the confidentiality of personal information, but rather it is to include the protection of personal information and safeguarding of the collection, access, use, dissemination, and storage of personal and sensitive information. One approach to ensure privacy preserving environments is to minimize privacy risks. To achieve this goal, we propose the development of a comprehensive set of privacy criteria and controls that can serve as the framework for privacy researchers, practitioners, and auditors as well any organization. We call this framework the Comprehensive Criteria for Privacy Protection (C2P2) and the proposed panel will present and discuss this newly developed framework and provide their perspective.

• What is the Comprehensive Criteria for Privacy Protection (C2P2) framework and which are its related opportunities and challenges?
• How can controls, such as C2P2, be systematically engineered into cloud-based products, services, and enterprise applications?
• Considering technical and legal challenges, how is it possible to design comprehensive privacy risk management strategies by which personal data can be used safely while building users’ trust and mitigating privacy regulatory risks?
• Which are the perspectives on the development of a risk-based certification for Singapore’s data protection standards that addresses APEC cross border privacy rules and privacy recognition for processors systems?


Chris Shenefiel

Sisco Corp (US)

Chris Shenefiel is a Security Research Principal Engineer. In this role, he is responsible for defining security research focus areas and engaging researchers to address those areas both within and outside of Cisco. Chris also employs Data Science to analyze security vulnerabilities and to help Cisco to build more secure systems. He also leads Cisco’s AI/ML security team and is an Adjunct Computer Science Lecturer for Cybersecurity at The College of William and Mary.


Masooda Bashir


Professor Masooda Bashir is currently an Associate Professor at the School of Information Sciences and the Director Social Sciences in Engineering Research at the University of Illinois at Urbana Champaign. Dr. Bashir's research interests are at the interface of information technology, human psychology, and society; especially how privacy, security, and trust intersect from a psychological point of view with information systems. Dr. Bashir's interdisciplinary educational background, industry experience, research accomplishments, and leadership roles in directing several educational and research programs represents some of her recent scholarly accomplishments in the field of Information Privacy/Security.

Lisa Bobbitt

Cisco Corp (US)

Lisa Bobbitt, CISSP, CIPM, CIPP-E, CDPSE, is the lead Privacy Engineering Architect in Cisco’s Privacy Office. Lisa is passionate about embedding privacy awareness, governance, and technology across Cisco by building on the foundation of years of working in mainframe connectivity, mobile routing protocols, innovative concepts in 3D, voice/video/data in event management, government adaptation of commercial offers, embedded trust anchors, and now privacy and data protection with a focus in Artificial Intelligence/Machine Learning and IoT.

Guy Cohen

Privitar (UK)

Privitar is a privacy engineering enterprise software company, headquartered in London with a global client base. Guy's work focuses on the intersection of privacy engineering, data protection law, and business strategy. In addition to his role at Privitar, Guy is a fellow at Cambridge University’s Centre of Science and Policy, a member of the Royal Society Privacy Enhancing Technologies Working Group, a member of the RUSI Research Technical Advisory Group for the Future of Financial Intelligence Sharing (FFIS) international research project, and technical editor for the IEEE Data Privacy Process Standard. Prior to joining Privitar Guy worked in various roles in the UK Civil Service.

Yeong Zee Kin

Infocomm Media Development Authority (SG)

Yeong Zee Kin is Assistant Chief Executive (Data Innovation and Protection Group) of the Infocomm Media Development Authority of Singapore (IMDA) and Deputy Commissioner of the Personal Data Protection Commission (PDPC) In his capacity as Assistant Chief Executive (Data Innovation and Protection Group), Zee Kin oversees IMDA’s Artificial Intelligence and Data Industry development strategy. This is one of four frontier technology areas IMDA has identified for its transformational potential for a Digital Economy. The other three are cybersecurity, the Internet of Things, and immersive media. In his role as an AI and data analytics champion, Zee Kin’s work includes developing forward-thinking governance on AI and data, driving a pipeline of AI talent, promoting industry adoption of AI and data analytics, as well as building specific AI and data science capabilities in Singapore. As the Deputy Commissioner of PDPC, Zee Kin oversees the administering and enforcement of the Personal Data Protection Act (2012). His key responsibilities include managing the formulation and implementation of policies relating to the protection of personal data, as well as the issuing of enforcement directions for organizational actions. He also spearheads the public and sector-specific educational and outreach activities, to raise both awareness and compliance in organizations and individuals in personal data protection.