INCIDENT RESPONSE PLAN

Slides:

Advertisements

Similar presentations

2000 How many children in the UK have been investigated for social media abuse, offensive Twitter messages and online bullying since How many children.

Advertisements

Session 3 – Information Security Policies

SMART GRID: Privacy Awareness and Training – for PUCs/PSCs A Starting Point December 2011 SGIP-CSWG Privacy Group 1 DRAFT.

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

** Deckplate training for Navy Sailors **.  On Thursday, 9 July, the Office of Personnel Management (OPM) announced a cyber incident exposed the federal.

Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.

1 Moderator: Thomas N. Shorter, Godfrey & Kahn, S.C. Panelists: Nancy Davis, Ministry Health Care Lee Kadel, Wheaton Franciscan Healthcare Ralph Topinka,

PAR CONFERENCE Homeland Defense A Provider’s Perspective Lessons from TMI Dennis Felty November 15, 2001.

 Board Policy GBEAA (The Internet Acceptable Use Policy): › “Employees will have access to the Internet for the purpose of instruction, resources and.

Introduction to Digital Citizenship Topic Think of a time where you posted something online where it has had a positive or negative effect on your life.

© 2010 Verizon. All Rights Reserved. PTE / DBIR.

INCIDENT RESPONSE IMPLEMENTATION David Basham University of Advancing Technology Professor: Robert Chubbuck NTS435.

13.6 Legal Aspects Corporate IT Security Policy. Objectives Understand the need for a corporate information technology security policy and its role within.

The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.

Audit – Consultation – Ethics & Compliance – Enterprise Risk Management – Investigations Office of Internal Audit and Compliance CAMP PLANNING, SAFETY.

CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)

Proper Internet and Social Media Usage Internet Usage While on Premise Board Policy GBEAA (The Internet Acceptable Use Policy): “Employees will.

HOW TO AVOID COMMON DATA BREACH PITFALLS IAPP Privacy Academy 2014.

Community of Practice K Lead Project Team: الالتزامالتحفيز التفكير المؤسسي المرونةالتميزالشراكةالاستقامة.

DaSy Conference Data Breach Exercise August 2016 [Logo]

Victorian Child Safe Standards

Cyber Insurance Risk Transfer Alternatives

Tony Sheppard Mobile Guardian

Overview of Structure General Data Protection Regulation (GDPR)

Cybersecurity - What’s Next? June 2017

Team 1 – Incident Response

Mail System Coordinators Panel

Information Sharing for Integrated care A 5 Step Blueprint

Data protection headaches: GDPR, brexit AND perimeter risk

YOUR MONEY ABROAD.

EU policy on combating hate speech online

Building Coalitions for Change Information, Consultation and Public Participation in Policy-making Experience from OECD countries Directorate for Public.

Decrypting Data Compliance in China

GDPR – What’s it all about???

General Data Protection Regulations Preparing for the upcoming changes in data protection law David Jones & Angharad Williams.

GDPR Security: How to do IT? IT reediness for competitive advantage

Crisis Management Team Overview

Radar Watchkeeping: Have you monitored your Communication department’s radar to avoid collisions with the new Regulation? 43rd EDPS-DPO meeting, 31 May.

GENERAL DATA PROTECTION REGULATION (GDPR)

Mail System Coordinators Panel

The Audit Function.

Red Flags Rule An Introduction County College of Morris

GDPR and Health and Safety

Information Security Policies

Data protection reform – update from the ICO

The State of Cybersecurity and

Data protection in the Education Sector - understanding the impact of GDPR Tuesday 23rd January 2018.

From DPA to GDPR: the key elements

RECORDS AND INFORMATION

Spencer County Public Schools Responsible Use Policy for Technology and Related Devices Spencer County Public Schools has access to and use of the Internet.

Your communications approach

Internet law Business law.

Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .

GDPR (General Data Protection Regulation)

How we’ll prepare for the General Data Protection Regulation (GDPR)

Keeping your data, money & reputation safe

Judith Goetz Director of Marketing & Public Relations

Disaster Preparedness Overview for City Council

GDPR Quiz Today’s trainer: Click here to use Kahoot! 1

2019 Local School District Charter Application Process

Wissam Maroun- CAMS Head Of Compliance- BBAC S.A.L

JULIE University of Wollongong, Australia

Online Safety: Rights and Responsibilities

ETHICAL EMPLOYMENT IN THE SUPPLY CHAIN – ACTION PLAN

ETHICAL EMPLOYMENT IN THE SUPPLY CHAIN – ACTION PLAN

Caller ID for Managed Critical Communication

KONE Corporation Compliance Investigations

Getting Ready For GDPR Simon Marks Director

Anatomy of a Common Cyber Attack

Presentation transcript:

INCIDENT RESPONSE PLAN DATA BREACH INCIDENT RESPONSE PLAN Privacy by Design/International Schools March 7-8, 2019

Normal day at the school Your school has online apps to process students’ data and severeal other tools to communicate with parents and other schools One Friday evening, there is a report in the news stating that your hosting provider is a target of massive hack Estimates are that millions of citizens’ data is at risk At the end of report there are logos of organisations that are at risk, and your school’s logo is blinking among them You are DPO and you phone seems to be almost going off due to mails, sms and other messages

In a perfect world…. … your school would have: Clear incident response plan with roles & responsibilities Confirmed communication channels with one dedicated contact point A media-trained director(s) to give statements Dedicated 24/7/365 contacts to all your third parties A back-to-back responsibility chain in all 3rd party agreements Operations continuation plan

If you have none of those Get hold of IT, Legal, Communications and management level asap Check yourself or get Legal reviewing your agreement with target company Contact the target company to establish communication channel Contact other schools’ representatives Agree on giving statements and on one single contact point Agree on giving information at your website (if not compromised) or any other means to your datasubjects Agree on steps to define width and depth of breach notification for authorities Instruct your call center and reception staff

Your first priority = students and teachers Under GDPR and several other regional laws you must ensure the security of the data of end-users The type of data and their quantity are important, yes but other considerations include: Possibly a criminal investigation an e-discovery process Employee and school-board considerations If police is involved, they want to keep things quiet, but the press not Try to limit damages while complying with legal requirements

Co-ordination and co-operation are the key It is important to have a consistent approach Coordinate with other schools Is it possible to agree on common statement –or let the target speak? Follow-up to be agreed Post mortem to be agreed – lessons learned Ensure that mistakes are not repeated, but corrected