Are you a prisoner of outdated data handling processes? DATA PROTECTION SEMINAR – THURSDAY 30 JULY 2015
DPA seminar presentation
Aug 18, 2015
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Are you a prisoner of outdated data handling processes?
DATA PROTECTION SEMINAR – THURSDAY 30 JULY 2015
Data Protection: Maximum Security
Shauna DunlopNI Group Manager30 July 2015
Data Protection Act1998
Why comply?
Legal requirement
Financial implications
Reputational implications
Data Protection Act 1998
• Principles & Privacy
• Key Definitions
• Principles in Detail
• What the Act says about Security
• Individual Rights
• Latest from Europe
Personal Data
Personal data is not just a person’s name
It is any information that relates to or identifies a person and:
Is held on a computer
Is intended to be held on computer
Forms part of a ‘relevant filing system’
Forms part of an ‘accessible record’ (information relating to health or education)
Category ‘e’ data (Public Authorities only)
Information Rights Affects Us All
Fair and lawful
Adequate, relevant and not excessive
Accurate and up to date
Kept for no longer than necessary
Individuals rights
Security
How does it go wrong?
Transfers outside EEA
!CAUTION:
Prevent a data breach
Privacy and Electronic Communications Regulations
Doing ‘Big Data’ is possible,legal compliance is essential, inspiring public trust and confidence is indispensable
FOI and open data – adding value together
http://greatbritishpublictoiletmap.rca.ac.uk/
Data Protection Regulation
Update from Europe
Key factors
Plan ahead Compliance Reputation
A ‘Get Out of Jail Card’ - How to Prevent Data Breaches
Clare Bates30th July 2015
Introduction
•Imprisoned by bad habits?
•Practical examples
•What went wrong?
ChanceTHIS CARD MAY BE KEPT UNTIL NEEDED OR SOLD.GET OUT OF JAIL FREE
ChanceTHIS CARD MAY BE KEPT UNTIL NEEDED OR SOLD.GET OUT OF JAIL FREE
• How to set yourself free!
Recent Press Coverage
Human Error
Mistakes can happen:
• Wrong address
• Documents left behind
What moves can you make:
•Culture of awareness - training
•Proper policies
•Recruit the right people
Reliable employees?
• Client data
• Disgruntled employees
What moves can you make:
• Risk based approach to levels of security
• Ensure correct physical and technical security
Insider Attack
How do you manage your technology?
• External access to your network
• BYOD
• Encryption
What moves can you make:
• IT and internet use policy
• BYOD policy
Technology
What is the risk?
• Appropriate storage
• What is the retention period? - no longer than is necessary
• Sensitive personal data on waste ground
What moves can you make:
• Clear guidelines for different data
• Test your policy - audit compliance
Data Retention & Destruction
Potential consequences:
•Adverse publicity
•Criminal liability
•Regulatory action
•Missed opportunities and wasted resources
•Protracted litigation
Consequences of Breach?
Assemble the breach team and determine -
• The nature and cause of the breach
• The extent of the damage/harm
• How to stop or mitigate the breach
• Any breach of contract/disciplinary issues?
• Audit for improvement
Breach Management
Choosing The Right Partnerfor Data Protection Compliance Services
Alistair DickenCorporate Sales Director – PHS Data Solutions
Crumlin Road Gaol, BelfastThursday 30th July 2015
1. Credibility2. Compliance3. Culture
The 3 “C”s
1. Are they a recognised brand? Have you, or someone in you know used them before?
2. Do they service similar size/type customers? References?
3. Are they Registered? Companies House, VAT Registered etc
4. Do they have a physical facility for you to visit?
Credibility
Trade Body Memberships (Examples)
Credibility
Records Management Services
1.ISO IEC 27001 – Information Security ManagementIncludes Data, Documents, Messages, Communications,
Conversations, Transmissions, Recordings, Drawings, and Photographs2.ISO 9001 – Quality Management3.ISO 14001 – Environmental Management
Compliance
Shredding Services
1.BS EN15713 – Code of Practice for Secure Destruction of Confidential Material
Staff Vetting, Premises Security, Vehicle Security, Handling and Processing
Agreement in Writing, Collection Certificates, Destruction Certificates
2.CPNI Approved ShreddingGovernment Approval for handling & shredding TOP SECRET Classified
documents – higher staff vetting, smaller shred size etc
Compliance
1. Strong Customer Service Ethos
2. Scope of Service Provision
3. Health & Safety Focus
4. Staff Vetting, Training & Development
5. Investors in Technology & Innovation
Culture
Any Questions
Related Documents
