-
Basics of IT
Module 1 Introduction to Computer Basics Module 2 Open Office
Calc Module 3 Open Office Writer Module 4 Open Office Impress
Module 5 Networking Module 6 IT Security
Topic 0 Introduction to IT Security Topic 1 Password Management
Topic 2 Data Protection Topic 3 Social Networking Sites and Social
Netiquettes Topic 4 Summary
-
Topic 2:
Data Protection
-
Learning Objectives
At the end of this topic, you will be able to:
Define personal information
List components of personal information
Define privacy and privacy breach
List key privacy principles
-
Data Protection Think Privacy
What happened when Privacy failed?
T-Mobile admitted losing a storage device holding the records,
including names, addresses, phone numbers and dates of birth, of 17
million German customers
Unencrypted back-up computer tapes from BNY Mellon's Share owner
Services unit containing the confidential details of over 12
million customers was lost by a third party vendor
HSBC lost a computer disc containing the confidential personal
details of around 370,000 of its UK life assurance customers
In August 2010,Zurich UK fined 2.26 million pounds
Enforcement action on Nationwide, Norwich Union, HSBC as
well
-
Data Protection Think Privacy
What is Privacy?
Privacy is the right to control access to
information about oneself.
The right to privacy
means that the
individuals get to decide
what and how much
information to give up, to
whom it is given and for
what purposes.
Communication Privacy Organizational Privacy
Information Privacy Physical Privacy
Privacy
-
Data Privacy
What is Data Privacy?
Data privacy is the relationship between collection and
dissemination of data, the public expectation of privacy and the
legal issues surrounding them .
It is protecting corporate and personal customer and employee
data under the possession of the organization.
-
Data Privacy
What is personal Information?
Any identifiable information about the customer held in any
format is personal information.
In case of corporate, any information that is not available in
the public domain but is shared with ICICI Bank is treated as
personal information
-
Personal Data
Personal Details
Name and Address
Contact Details
Date of Birth
Age, Sex and ethnicity
National Insurance number
Passport Number
What is personal details??
-
What is family lifestyle details??
Personal Data
Family Lifestyle Details
Marital
Status
Next of Kin
Travel
Habits
Leisure
activities
Club Membership
Details
-
What is financial details?
Financial Details
Income
Salary
Bank
Account
Investments Credit History
Loans
Insurance Details
Personal Data
-
What is employment details?
Employment Details
Career
History
Recruitment
CV
Attendance
Record
Sickness
Record
Performance and
Appraisal Records
Disciplinary
And grievance Records
Personal Data
-
What is sensitive personal
data?
The data subject must give
explicit consent to the processing
of sensitive personal data. Sensitive
Personal
Data
Racial / Ethnic Origin
Religious
Beliefs
Physical or Mental
health Conditions
Criminal Convictions
Personal Data
-
What is privacy breach?
Any identifiable information about an individual held in any
format is personal information. Privacy breach is
unauthorized access or collection, use or disclosure of personal
information. Most common causes of privacy
breach are as follows:
Privacy Breach
Stolen, lost or mistakenly disclosed information
Faulty business procedure or operational break down
-
What constitutes privacy breach?
The following are few scenarios that could occur in a bank. Can
you identify if it constitutes as privacy breach?
Privacy Breach
Compromise of Customer
Name No
-
What constitutes privacy breach?
The following are few scenarios that could occur in a bank. Can
you identify if it constitutes as privacy breach?
Privacy Breach
Compromise of Customer
Name
Compromise of Account
Number Yes
-
What constitutes privacy breach?
The following are few scenarios that could occur in a bank. Can
you identify if it constitutes as privacy breach?
Privacy Breach
Compromise of Customer
Name
Compromise of Gender
No
-
What constitutes privacy breach?
The following are few scenarios that could occur in a bank. Can
you identify if it constitutes as privacy breach?
Privacy Breach
Compromise of Customer
Name
Compromise of Gender
Compromise of Age
Yes
-
The following are key privacy principles for ICICI Bank.
Key Privacy Principles
Accountability 1
Identify purpose 2
Consent from customer 3
Limiting use, Disclosure and Retention 4
Limiting collection 5
Accuracy 6
Safe Guarding of data 7
-
Key Privacy Principles
The bank is responsible for processing and storing the personal
information collected in accordance with the applicable
requirements.
Accountability
The bank should identify the purpose at or before the time of
collection The bank must document why the information is collected
The bank must inform the individual of whom the information is
collected
and why the information is needed
Identify purpose
You will learn more about these principles in the next few
slides.
-
Key Privacy Principles
Consent should be obtained at the time of collection of personal
information
Consent must be obtained every time a new use of the information
is identified
Consent
Collect only as much information that is directly required to
serve the identification purpose
Limiting Collection
You will learn more about these principles in the next few
slides.
-
Key Privacy Principles
Customer or employee personal data should not be disclosed to
anyone including other employees who are not authorized to receive
it. The following are the exceptions:
The disclosure is authorized by the customer Where disclosure is
under compulsion of law Where there is duty to the public to
disclose Where interest of bank requires disclosure Where the
disclosure is made with the expressed or implied consent
of the customer
Limiting Use Disclosure and
Retention
You will learn more about these principles in the next few
slides.
-
Key Privacy Principles
Keep the personal information of the customer and the employee
complete and up to date as necessary. The measure to keep the data
updated are:
While accepting the customers application and other service
requests, make sure that the handwriting is readable and mandatory
fields are completed
Be cautious while entering , amending customers or employees
information in the system
Be cautious while adding any additional notes in customer or
employees files
Accuracy
You will learn more about these principles in the next few
slides.
-
Key Privacy Principles
Organizational security measures and policies should be strictly
maintained to protect personal information against
Loss or theft Unauthorized access, disclosure, use, copying
Destruction
Personal customer and employee data needs to be stored and
treated with utmost care and security
Safeguard Client Information
You will learn more about these principles in the next few
slides.
-
Benefits and Risks
The following are the benefits of ensuring the security of
customers or employees personal information :
1. Builds customer confidence and trust
2. Increases customer satisfaction
3. Creates brand differentiator
The following are the security risks of losing customers or
employees personal information:
1. Reputational risk and brand damage
2. Customer dissatisfaction
3. Fines, Compensation claims and prosecution and so on
-
Dos and Donts for Data Privacy
Follow these guidelines to ensure data privacy.
Dos
Shred confidential customer data if not required
Retain sensitive personal data if safe custody only till such a
time as is necessary
Keep your desks and soft boards clear of customer data
Lock your drawers and cabinets
Delete records of personal data held in laptops or PCs that are
not needed for business use
Harden your laptops and desktops with the help of IT team
Exercise caution during inter-judicial file transfers
Send personal data only through password protected files
-
Dos and Donts for Data Privacy
Follow these guidelines to ensure data privacy.
Donts
Email containing large amount of data. For example, name account
numbers, balance
outstanding being sent in unprotected spreadsheet formats.
Keeping PCs or laptops unlocked
Leaving confidential documents on unattended printers
Sending emails that contain personal data in subject
headings
Sharing customer personal data with friends or family
Sharing your NT password with your peers
-
You have the personal information of a customer on your laptop.
You have left your workstation with
your laptop open for few seconds to have a glass of water. Is
this a breach of data privacy?
a) Yes
b) No
01
Check Your Understanding
-
You have access to your neighbors account details. You have
shared this information with your family member as you are
confident that your family will not disclose this information to
others. Is this
a breach of data privacy?
a) Yes
b) No
02
Check Your Understanding
-
Here is a recap of what you learnt:
Summary
Both, customers and employees personal information is collected
by the bank.
Personal information constitutes of personal details, family
lifestyle
details, financial details, employment details and sensitive
personal
details
Data privacy is extremely important for a bank. Breach of
privacy may
harm the reputation of the bank and cause expensive
litigations.
-
Here is a recap of what you learnt:
Summary
Key privacy principles determines the privacy categories for
both
customers and employees