Information Security TechLink Seminar, 17 April 2013 James Knapton, Information Compliance Officer, Registrary’s Office.

Slides:



Advertisements
Similar presentations
Data Security Breach Code of Practice. Data Security Concerns Exponential growth in personal data holdings Increased outsourcing 3 rd countries cloud.
Advertisements

Ten things you should know about Data Protection Paul Simpkins Director, Act Now Training Ltd.
Data Protection Information Management / Jody McKenzie.
The Data Protection (Jersey) Law 2005.
Big Data and data protection
PRIVACY COMPLIANCE An Introduction to Privacy Privacy Training.
Data Protection and the GRA. 1. Commentary on Data Protection 2. The GRA’s Role The Register Investigations, Mediation and Compensation Enforcement Notices.
Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
Role of the Information Commissioner’s Office 'Promoting public access to official information and protecting your personal information' Christine Johnson.
The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.
Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.
Information Commissioner’s Office: data protection Judith Jones Senior Policy Officer Strategic Liaison – public security 16 November 2011.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview
The ICO and the DPA Ken Macdonald Assistant Commissioner Information Commissioner’s Office ScotStat Public Sector Analysts Network 30 th September 2010.
How the Information Commissioner’s office operates as a regulator David Smith Deputy Information Commissioner.
Data Protection for Church of Scotland Congregations
The Information Commissioner’s Office David Evans.
Working together: Ensuring effective regulation Jonathan Bamford Head of Strategic Liaison.
Freedom of Information Workshop & Briefing 5 th March 2014 Welcome.
Data Protection in Financial Services Are you Seeing the Bigger Picture? 17 September 2008.
NHS England & Customer Contact Centre FOI Introduction 2013.
2010 Case Study – A Pig of a Day Document Risk Management.
The Data Protection Act 1998 The Eight Principles.
Information Sharing Sheila Logan Information Commissioner’s Office Employability Partnership Event Glasgow 13 August 2009.
Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.
Data Protection Act & Freedom of Information Simon Mansell Corporate Governance and Information Team.
Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
Information Commissioner’s Office Sheila Logan Operations and Policy Manager Information Commissioner’s Office Business Matters 20 May 2008.
The Data Protection Act - Confidentiality and Associated Problems.
The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;
BTEC ICT Legal Issues Data Protection Act (1998) Computer Misuse Act (1990) Freedom of Information Act (2000)
Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office.
Data Protection Property Management Conference. What’s it got to do with me ? As a member of a management committee responsible for Guiding property you.
Session 7 Compliance failure policy. 1 Contents Part 1: COLP and COFA duties Part 2: What do we have to comply with and why does it matter? Part 3: Compliance.
Data Protection Act The Data Protection Act (DPA) is a balance between rights of the DATA SUBJECT and obligations of the DATA CONTROLLER DATA CONTROLLER.
An Introduction to the Privacy Act Privacy Act 1993 Promotes and protects individual privacy Is concerned with the privacy of information about people.
1 Role of the Data Protection Officer Donald Henderson Information Compliance Manager 30 September 2010.
Breakaway Session 2: Data Protection and The Role of the Data Protection Supervisor Michael Mingle Director, NTSS Solutions (UK) D ATA P ROTECTION C ONFERENCE.
DATA PROTECTION AND RUNNING A COMPLIANT PUB WATCH SCHEME Nigel Connor Head of Legal –JD Wetherspoon PLC.
© University of Reading Lee Shailer 06 June 2016 Data Protection the basics.
Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.
Collaborative Working & Best Practice A Seminar by the Public Services Ombudsman for Wales.
Workshop Understanding your responsibilities under the Data Protection Act 1998 and the Freedom of Information Act 2000 Adele Rhodes Girling.
Presented by Ms. Teki Akuetteh LLM (IT and Telecom Law) 16/07/2013Data Protection Act, 2012: A call for Action1.
Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.
Introduction to Data Protection Plan »Brief Introduction to Data Protection  Example  Principles  P3, 4, 7  Sensitive Data  Conditions for Processing.
Section 4 Policies and legislation AQA ICT A2 Level © Nelson Thornes Section 4: Policies and Legislation Legislation – practical implications.
The Data Protection Act 1998
Data Protection Officer’s Overview of the GDPR
Accountability & Structured Privacy Management
The CPA Profession Chapter 2.
Trevor Ellis Trainee Programmer (1981 – 28 years ago)
Data protection headaches: GDPR, brexit AND perimeter risk
General Data Protection Regulation
Data protection issues in regulatory investigations
The Data Protection Act 1998
GENERAL DATA PROTECTION REGULATION (GDPR)
Cyberforum 2018 March 8, 2018 Los Angeles GDPR & SECURITY
Move this to online module slides 11-56
Collaborative Working & Best Practice
Learning Lab Workshop: Protecting Human Rights through PSIRA’s Code of Conduct 13 November 2017 Margaret Gichanga: Research and Development Unit
G.D.P.R General Data Protection Regulations
General Data Protection Regulation
Data Protection principles
Unit 7 – Organisational Systems Security
Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .
Collaborative Working & Best Practice
Overview of the recommendations regarding approximation of the Law on personal data protection to the new EU General data protection regulation Valerija.
Getting Ready For GDPR Simon Marks Director
Presentation transcript:

Information Security TechLink Seminar, 17 April 2013 James Knapton, Information Compliance Officer, Registrary’s Office

Data Protection Act 1998 ‘An Act to make new provision for the regulation of the processing of information relating to individuals, including the obtaining, holding, use or disclosure of such information’ Personal data = any information relating to a living individual  including any expression of opinion about them  including any indication of the intentions of the data controller or anyone else towards the individual Data controller = the organisation processing the data  University as a whole but not the Colleges Key to compliance is adherence to the data protection principles

Principle 7: Information Security ‘Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data’ Must ensure an ‘appropriate’ level of security for the data in question Must take ‘reasonable’ steps to ensure reliability of employees Provisions on outsourcing to a data processor (external service provider)  must have a contract made or evidenced in writing  data processor must only operate on instructions from data controller  data processor must comply with obligations equivalent to Principle 7  data controller remains liable for any loss or damage

Role of University’s Information Compliance Office Advice, training and guidance on compliance with  DPA and related legislation  Freedom of Information Act 2000  records management best practice Handling access requests under DPA and FOI Act Liaison with Information Commissioner’s Office in case of complaint or breach

Role of Information Commissioner (ICO) Independent authority responsible for regulating DPA compliance and other matters Maintains a register of data controllers Promotes good practice Investigates complaints and has power to  conduct audits to assess compliance  issue undertakings committing a data controller to a course of action  issue enforcement notices instructing a data controller to a course of action  issue fines of up to £500k for breaches of DPA

ICO Ruling in ‘GhostShell’ Case ICO proactively approached University No formal regulatory action taken as no personal data involved ICO not interested in devolved nature of Cambridge IT provision – any weakness viewed as a weakness of the University as a whole ‘Action required’  technical advice about password hashing  general review of information security provisions to ensure adequacy  situation noted by ICO in case of any future breach

Further Information University Information Compliance Office ICO Information Security pages ple_7.aspx