20161213 VPS VISN Presentation V1.6.pptx

Victorian Protective Data Security Framework

Victorian Information Security Network - VPS Forum December 2016

Commissioner forPrivacy and Data Protection



ORANGE – PMS 1655UPBLUE – PMS 2756UPMUSEO SLAB – 100/700

Commissionerfor Privacy and Data Protection




2

Presenter

Commissioner Privacy and Data Protection David Watts

Data Protection Branch

Assistant Commissioner, Data Protection Anthony Corso

Senior Data Protection Advisor Laurencia Dimelow

Senior Data Protection Officer Anna Harris

GRC Security Manager Karl Will

Specialist Data Protection Advisor Martin Harris

Contact details

Email: [email protected]

Ph. 8684 1660

VISN – What the VPDSF means for you…

Introductions









3VISN – What the VPDSF means for you…

Run through… David Watts •  Introduction

Anthony Corso & the Data Protection Branch (DPB)

•  Sli.do

•  Privacy & Data Protection Act (2014)

•  Video – Data Protection and You

•  VPDSF & VPDSS

•  What information is covered?

•  Who is involved?

•  Why do we need to do this?

•  Where to start?

•  When? A timeline of activities

•  Tools to support you…

•  Help build your ideal VISN










Sli.do During the event we will be using an online tool (Sli.do) offering you an opportunity to interact with our presentation, engage in polls and ask questions. For those using the tool you will have the option of posting anonymously and can also download the presentation and a summary infographic onto your local device. The team will moderate the tool and will post any relevant comments or material to the audience…










Sli.do

VPSVISN









Privacy & Data Protection Act (2014)










7

‘Data Protection and You’

Awareness video of the Victorian Protective Data Security Framework










The Framework


The Standards









9

The Victorian Protective Data Security Standards (VPDSS) were formally

issued on 28th of July, 2016.










What is covered?


Any information obtained, received or held by an agency or body to which Part 4 of the Privacy and

Data Protection Act (2014) applies.

This includes both hard and soft copy information, regardless of media or format!









11

Who’s involved?


CPDP - Office of the Commissioner for Privacy and Data Protection

Indirect obligations - Organisations with access to Victorian public sector data, have indirect protective data security obligations

Public sector body Head

Directly in scope - Applicable agencies or bodies set out under Part 4 of Privacy and Data Protection Act (PDPA) 2014









Indirect security obligations

IPP 4

12

Information Sharing Arrangements

Other legal & regulatory obligations

Contractual obligations

Health Privacy Principles (HPP4)

Information Privacy Principles (IPP4)










Why do we need to do this?


Enable your organisation to achieve its business objectives in a secure way

Have confidence in the information you are using

Support secure information sharing practices

Ensure the right people have access to the right information at the right time…

Adhere to legislative requirements and offer a level of assurance around your organisations security practices

Five Step Action Plan









Where to start?


Identify your

information assets

Determine the 'value'

of this information

Identify any risks to this information

Apply security

measures to protect the information

Manage risks across

the information

lifecycle

By July 2018 each applicable organisation must provide CPDP a copy of

their: o  SRPAo  PDSP

o  Compliance self assessment

Compliance self-assessment

(including an attestation by

your Public sector body Head of current implemented

security controls)

Protective Data Security Plan

(PDSP)

Security Risk Profile Assessment

(SRPA)

When?


















Tools to support you


‘BIL’ Mobile App

Currently available for download on table devices (iPad and Android)

Simply search for ‘CPDP’ in the app store to download your own copy

CPDP Mobile App









17

Afternoon Tea


30 minute break for afternoon tea Feel free to come and

chat to the Data Protection Team if you

have any questions









18

For any other feedback or enquiries please direct your comments to the the [email protected] mailbox

Questions?


Opportunity for you to ask questions through Sli.do or to take questions from the floor…









19

Help build your ideal VISN


Help us: •  Determine the membership of the network

•  Understand what you want from the VISN

•  Understand how you want the VISN to operate both now and in the future

•  Input into, and help develop, the VISN Charter & Terms of Reference (TOR)

•  Help frame important messages to encourage participation across your business. This includes works units who haven’t traditionally been engaged in protective data security activities and programs









20

Help build your ideal VISN


20161213 VPS VISN Presentation V1.6.pptx

Documents