Andrew S. Patrick
Andrew Patrick (Ph.D., Psychology, 1987) is senior researcher and consultant working in the areas of information privacy, security, and human behaviour. He is an international leader in privacy engineering, and one of the founders of the field of usable security. Dr. Patrick has over 25 years of experience in industrial, government, and academic settings. Andrew Patrick has published numerous journal articles, book chapters, conference papers, and conference presentations that have received more than 1,000 citations.
Independent Researcher (2017-)
I conduct leading-edge research on privacy engineering and usable security.
Researcher and Consultant (2017-)
I provide research and consulting services that can help you ensure that privacy, security, and usability are built into your products or services.
Adjunct Research Professor, Computer Science, Carleton University, Ottawa, Ontario. (1988-1991, 2003-)
While an Adjunct Research Professor at Carleton University, I have been working with graduate students on a variety of projects. Recent student supervision includes co-supervising 4 Masters students and serving on the advisor committee for 2 Ph.D. projects. In total I have supervised or advised more than 10 graduate students in the past 10 years.
Ph.D. – 1987. Psychology, University of Western Ontario, London, Ontario.
PAST WORK EXPERIENCE
Staffing Consultant (Contract) Information and Privacy Commissioner of Ontario (Feb-March 2021)
This project involved leading the hiring process for technical analysts. Tasks included screening candidates, preparing and assessing written and verbal examinations, conducting candidate interviews and reference checks, and making hiring recommendations
Staffing Consultant (Contract) Office of the Privacy Commissioner of Canada (Nov. 2018 – Jun. 2019)
This project involved leading the hiring process for technical analysts. Tasks including defining mandatory and desirable qualifications, preparing advertising poster, preparing and assessing written and verbal examinations, and evaluating candidates.
Web Information Architect (Contract) Office of the Privacy Commissioner of Canada (Nov. 2018 – Mar. 2019)
I worked with Neo Insight to design a new information architecture for the privacy topics area of the Privacy Commission website. This project involved reviewing web analytics data, common search request, and web traffic patterns to determine high priority content. An innovative page design was also developed to aid navigation.
Usability Consultant (Contract), Unnamed Client (April 2018)
For this project I teamed up with Neo Insight to design and conduct a usability assessment for a home health-monitoring product under development. This analysis involved in-person product testing by older adults with health issues and evaluated the physical, informational, and interface usability of the product. Several critical issues were identified and design recommendations were made to significantly improve the product and the user experience.
Technology and Policy Analyst (Contract), Office of the Privacy Commissioner of Canada (Aug. 2017 – Mar. 2018)
I assisted the Office of the Privacy Commissioner of Canada (OPC) by conducting advanced research and preparing expert reports in four areas: (1) biometrics and privacy; (2) the privacy implications of using third parties on websites; (3) technical assessments of health-related Internet of Things devices; (4) a technical blog post on advanced security technologies. Each of these activities involved examining previous work, reviewing the relevant scientific and technical literature, consulting with internal and external subject matter experts, developing guidance and recommendations, and report writing.
Information Technology Research Analyst, Office of the Privacy Commissioner of Canada. (2010-2017)
In this position I acted as an in-house technical consultant on most major activities in the office, including privacy investigations under PIPEDA, reviews of Privacy Impact Assessments (PIAs) from government departments, research, policy development, legal analysis and court cases, parliamentary affairs and appearances, and media relations. Recent projects where I played a major role include:
- PIPEDA investigations: Google Wi-Fi, Nexopia, WhatsApp, Adobe data breach, Bell Relevant Ads
- PA investigations: Canada Post signatures, Border Security TV show
- Research and Policy Development: Biometrics, Cloud Computing, Online Behavioural Advertising
- PIAs: Passport Canada, Citizenship and Immigration, CATSA
- Parliament Appearances: ETHI and Citizenship Committees
- Laboratory: setup and operation of the state-of-the art lab for conducting technical evaluations and research.
Information Technology Expert, Commission for the Control of INTERPOL’s Files (2011-2017).
The Commission for the Control of INTERPOL’s Files (CCF) is an independent oversight body. During this appointment I performed four main functions:
- Ruling on requests for access to INTERPOL’s files, balancing a right of access to personal information with police and judicial requirements;
- Ruling on challenges to information processing based on political persecution or violations of human rights;
- Monitoring and auditing information processing systems for data protection compliance;
- Providing expert advise on new or existing databases and projects, usually in the form of Privacy Impact Assessments.
R&D Consultant, self-employed. (2009)
I conducted two small projects on: (1) predicting intent from behavioural observations; (2) harm mitigation from the release of personal information.
Senior Scientist & Group Leader, Information Security Group, Institute for Information Technology, National Research Council of Canada (NRC) (2001-2009)
Provided scientific and professional leadership to 8 scientists and developers. Conducted advanced research on privacy compliance technologies, the human factors of security systems, advanced collaboration environments, and privacy protection technologies. Recognized as world leader in the field of human-computer interaction for privacy/security systems.
Program Manager, End-to-End Performance Program, Network Dependability Service Solutions, Nortel Networks Corp. (Dec 2000- October 2001)
Provided overall leadership of five research and development teams involved with voice quality (including VoIP), network transmission planning, conformance testing and network characterization, audio and acoustic development, and multimedia services. Results frequently used to win contracts and deliver industry-leading solutions.
Manager, Subjective Assessment Laboratory/End-to- End Performance Requirements Group, Network Dependability Service Solutions, Nortel Networks Corp. (March 1999-Dec 2000)
Provided leadership to human factors research and development group (6-8 people) with a primary focus on setting and achieving performance targets for voice and multimedia communications. Results used to maintain lead in voice quality and win competitive contracts.
Behavioural Scientist, User Needs Assessment, Corporate Design Group, Nortel Networks Corp. (June 1998-March 1999)
Conducted market research on advanced healthcare services and multimedia response time requirements. Results used to set performance standards for the Nortel products and an international standard on multimedia performance.
Research Scientist, Network Services and Interfaces Laboratory, Communications Research Centre (CRC), Industry Canada. (1989-1998)
Conducted research on artificial intelligence for natural language understanding, advanced multimedia services, and the social impacts of online community networks. Transferred technologies to companies and organizations who went on to develop commercial products. Developed and taught industrial training programs on WWW technologies.
- CHAT (Conversational Hypertext Access Technology). Natural language question answering system. Developed with Thom Whalen, CRC. Licensed to industry.
- Illustrated Audio. Network-based multimedia presentations that combine audio, images, and text in a synchronised fashion. Developed with Thom Whalen, CRC.
- MPOLL. A general purpose, global, real-time, rating and opinion polling tool for multicast networks.
- PISA Privacy Agent Prototype. A stand-alone simulator of privacy-controlling interfaces to demonstrate system characteristics and allow usability testing. Developed with the PISA partners.
- AVC (Access Grid Venue Customizer). A proof-of-concept shared application for customizing Access Grid virtual venues. Developed with the AVC Development Team. Released under open-source license.
- PrivWatch. System to detect and monitor privacy breaches on the Gnutella Peer-to-Peer (P2P) network and show results in a Flash interface. Developed with the NRC Information Security Group. Online demonstration is available.
PROFESSIONAL ACTIVITIES & RECOGNITION
- Program Chair of numerous conferences, including: Symposium on Usable Privacy and Security (SOUPS); Financial Cryptography and Data Security; Privacy, Security and Trust (PST)
- Program Committee Member for numerous privacy, security, and human-factors conferences
- Frequent ad-hoc reviewer for conferences, journals, and grant applications
- Organizer, Ottawa CapCHI chapter
- Scientific Advisory Board: NSERC ISSNet Internetworks Systems Security Network (2008-2012)
- Director (elected): International Financial Cryptography Association (2008-2010)
- Invited Delegate: National Academies’ Computer Science and Telecommunications Board, “Usability, Security and Privacy of Computer Systems” workshop, July, 2009.
- Contributing Member: Canadian Advisory Council to ISO/JTC1 Study Group 37 on Biometrics (2006-2010)
- Access Grid Developers Award for the Access Grid Venue Customizer (AVC).
- Nortel Networks PRIDE award for project management on voice quality design rules for packet network transport systems (2000).
- Canadian Internet Award for Best Development Project or Pilot. CBC Radio on the Internet Trial. (1995).
- CRC Director General’s Award for contributions to research and development. (1991)
- Vice-President, National Capital FreeNet. (1992-1995; volunteer)