All data occupies physical space, even if we don't think of it as such.

Slides:

Advertisements

Similar presentations

Identifying Data Protection Issues Developing Lifelong Learner Record Systems and ePortfolios in FE and HE: Planning for, and Coping with, Legal Issues.

Advertisements

The Gathering Cloud computing - Legal considerations David Goodbrand, Partner 28 February 2013 Aberdeen Edinburgh Glasgow.

Mr C Johnston ICT Teacher

Security Issues and Challenges in Cloud Computing

Session 3 – Information Security Policies

Business Continuity Check List PageOne. - Why Does Your Business Need A Continuity Checklist? Should the unexpected occur, your business will be able.

Cloud Computing Stuart Dillon-Roberts. “In the simplest terms, cloud computing means storing & accessing data & programs over the Internet instead of.

CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,

Information Resources and Communications University of California, Office of the President System-Wide Strategies for Achieving IT Security at the University.

Data Protection Act. Lesson Objectives To understand the data protection act.

Legal Audits for E-Commerce Copyright (c) 2000 Montana Law Review Montana Law Review Winter, Mont. L. Rev. 77 by Richard C. Bulman, Jr., Esq. and.

Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.

Information Security Technological Security Implementation and Privacy Protection.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.

Cloud Computing Characteristics A service provided by large internet-based specialised data centres that offers storage, processing and computer resources.

Patient Data Security and Privacy Lecture # 7 PHCL 498 Amar Hijazi, Majed Alameel, Mona AlMehaid.

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.

EU Data Protection IT Governance view Ger O’Mahony 12 th October 2011.

IT Strategy for Business © Oxford University Press 2008 All rights reserved Chapter 12 IT Security Strategies.

The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;

Cloud Computing Security Keep Your Head and Other Data Secure in the Cloud Lynne Pizzini, CISSP, CISM, CIPP Information Systems Security Officer Information.

Develop your Legal Practice using “Cloud” applications, but … Make sure your data is safe! Tuesday 17 November 2015 The Law Society, London Allan Carton,

Computing, Ethics & The Law. The Law Copyright, Designs and Patents Act (1988) Computer Misuse Act (1990) Data Protection Act (1998) (8 Main Principles)

Mr C Johnston ICT Teacher BTEC IT Unit 09 - Lesson 11 Network Security.

Welcome to the ICT Department Unit 3_5 Security Policies.

Section 4 Policies and legislation AQA ICT A2 Level © Nelson Thornes Section 4: Policies and Legislation Legislation – practical implications.

8 – Protecting Data and Security

Principles Identified - UK DfT -

Chapter 40 Internet Security.

Tony Sheppard Mobile Guardian

Technology and Business Continuity

Explaining strategies to ensure compliance with workplace legislation

Understanding The Cloud

DATA SECURITY FOR MEDICAL RESEARCH

CPA Gilberto Rivera, VP Compliance and Operational Risk

Information Security, Theory and Practice.

ISSeG Integrated Site Security for Grids WP2 - Methodology

What Does GDPR mean for you

Slides Template for Module 5

VIRTUALIZATION & CLOUD COMPUTING

Planning & System installation

Legal and Ethical Responsibilities

IPv6 within the Australian Government

Decrypting Data Compliance in China

General Data Protection Regulation

GDPR Overview Gydeline – October 2017

Paul Woods Chair, MITIGATION: Ensuring we procure cloud services taking into account of the risks involved Paul Woods Chair, ISNorthEast.

Business Risks of Insecure Networks

Section 15.1 Section 15.2 Identify Webmastering tasks

Information Security Board

GDPR Overview Gydeline – October 2017

Chapter 3: IRS and FTC Data Security Rules

Cloud Testing Shilpi Chugh.

6 Principles of the GDPR and SQL Provision

Sue Cawthray, CEO/ Gill Thrush, Catering Manager

G.D.P.R General Data Protection Regulations

Sharing can happen on different levels; within an organisation, within a closed but controlled set of actors, or - the point of no return - freely shared.

Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .

Chapter 27 Security Engineering

12 STEPS TO A GDPR AWARE NETWORK

GDPR (General Data Protection Regulation)

How to Mitigate the Consequences What are the Countermeasures?

GDPR Quiz Today’s trainer: Click here to use Kahoot! 1

Topic 5: Communication and the Internet

Protect Your Ecommerce Site From Hacking and Fraud

Ensuring the data you have collected is properly verified is vital

How it affects policies and procedures

Cloud Computing for Wireless Networks

Presentation transcript:

All data occupies physical space, even if we don't think of it as such. There are lots of decisions and processes that go into creating, storing and sharing data. Some main considerations to bear in mind when interrogating the **integrity of your data** include: Is the data checked for changes at key points? Are there granular permissions for making changes to the data during analysis? Is the data collection process well-documented? Are appropriate backup mechanisms in place? Is the software used to manage and store the data fully up to date and licensed? Have you future-proofed your data? Other risks and harms associated specifically with **data storage** include: Loss of information (deliberate or accidental) Confiscation of information Data breach Legal threats Malicious attack What are some potential mitigation strategies? What are the pros and cons of different storage options? storing data locally, in the cloud, or within a network.

Who has access to the data? Making sure that access to sensitive information happens on a "need-to-know" basis can reduce the risk of someone getting access to data that they shouldn't. This can happen online, through setting appropriate user permissions for a certain person's role, or physically, in terms of only letting trusted or vetted individuals into an office space. Regular audits that check who has access and revisiting user permissions can help make sure that these access levels remain up to date. But many of us work often on **collaborative projects**, which require different parties having access to the data. Another checklist to consider when setting up access permissions and data infrastructure on collaborative projects is included here, like including **layered access**, or embedding secure practices into the various access points. Despite all this, though, it is important not to over do the checks and security measures in place; when it comes down to it, the project and the data need to be accessible in times of need, and potentially on a longer-term basis. Some concrete steps for making sure that the data will be available for the right people at the right time and planning for disruption or technical emergencies, are then included.

Whether it's data protection laws, encryption technology laws, or jurisdictional issues, (or more!)... it is important to think through these different legal considerations Data protection: A number of countries have strong data protection laws which place limits on the types of data which may be collected from individuals. They also often include specific legal requirements about the methods used to store such data, along with mandatory reporting and monetary fines for breaches. Individuals about whom data is stored are often granted a number of rights, such as access to their information and the right to have their data correction and/or removed. Encryption: Local laws in a number of countries (such as Sudan, Yemen and Pakistan) place limits upon the nature of encryption software allowed for the communication and storage of data. Jurisdiction: Organisations should be aware of laws that would give governments access to information stored on servers hosted in their countries. Organisations must also be aware of cross-jurisdictional issues in relation to their data management. Copyright and patent: Copyright and patent issues related to the collection, storage and dissemination of your data are important laws to consider. Ensuring you have the correct licensing for your projects and infrastucture can help reduce unexpected restrictions and costs further into your project.