Cloud Data Privacy and Data Sovereignty Chris Dury

Slides:



Advertisements
Similar presentations
Governance, Risk, Compliance & Trust Presentation to KPMG May 20, 2009 By Alex Todd
Advertisements

IP in Government Contracts Under the Whole of Victorian Government Intellectual Property Policy.
1 Division of Aging and Adult Services (DAAS) Knowledge Management and Transfer Project 7/30/12.
1. 2 August Recommendation 9.1 of the Strategic Information Technology Advisory Committee (SITAC) report initiated the effort to create an Administrative.
Research Administration Capacity Building in an Established Institution Presenter: M.M.Aboud, MD Director of Research and Publications, MUHAS.
Victoria’s IP Policy and Records Management Richard Vinciullo, Manager, Government IP Policy.
© 2013 Rainmaker Solutions Limited. All rights reserved. G-Cloud Services – Lot 4 Cloud Consultancy.
Little cloud – big difference Matt Healy – Chairman, OzHub April 2012.
International Telecommunication Union HIPSSA Project Support for Harmonization of the ICT Policies in Sub-Sahara Africa.
1 Life Insurance Policy Review.
Governor’s Center for Efficient Government. Mission The mission of the Governor's Center for Efficient Government is to promote fair and transparent best.
Cloud Computing - clearing the fog Rob Gear 8 th December 2009.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
LGAP’s Initiatives to Support Procurement in Local Government
Welcome! Internal Auditing CHAPTER 1. Definition Internal auditing is an independent, objective, assurance and consulting activity designed to add value.
Auditor General’s Office One key audit focus area – Compliance with Laws and Regulations.
Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Managing Personal Information - Australian Companies Outsourcing to India and the Philippines Professor Margaret Jackson and Marita Shelly.
ISS IT Assessment Framework
What is Cloud Computing? o Cloud computing:- is a style of computing in which dynamically scalable and often virtualized resources are provided as a service.
Centers for IBM e-Business Innovation :: Chicago © 2005 IBM Corporation IBM Project October 2005.
Department of Internal Affairs Cloud computing considerations John Roberts Director, Relationship Management CRI Records Managers 11 June 2015.
RC14001 ® Update GPCA Responsible Care Committee September 23, 2013.
ZHRC/HTI Financial Management Training
Cloud Computing Stuart Dillon-Roberts. “In the simplest terms, cloud computing means storing & accessing data & programs over the Internet instead of.
What is Outsourcing? Process Of subcontract a business function to an external third party Based on a contract: Term: 3-5 years or 10 years Service descriptions.
Information Technology Recordkeeping and Archiving in the Cloud: Is there a Silver Lining? Professor Sue McKemmish.
Auditing Cloud Computing: Adapting to Changes in Data Management IIA and ISACA Joint Meeting March 12, 2013 Presented by: Jay Hoffman (AEP), John Didlott.
No one questions that Microsoft can write great software. Customers want to know if we can be innovative, scalable, reliable in the cloud. (1996) 450M+
1 International Forum on Trade Facilitation May 2003 Trade Facilitation, Security Concerns and the Postal Industry Thomas E. Leavey Director General, UPU.
CLOUD AND SECURITY: A LEGISLATOR'S PERSPECTIVE 6/7/2013.
SECURITY Is cloud computing secure? Are Microsoft Online Services secure? Is cloud computing secure? Are Microsoft Online Services secure? PRIVACY What.
Management challenges and strategies: Unit M4. Learning outcomes By the end of this section, you will be able to; – Identify the key management challenges.
 Cluster development as an approach to industrial development has been successful in countries like China, India, South Korea, Malaysia  In at least.
ADD Perspectives on Accountability Where are We Now and What does the Future Hold? Jennifer G. Johnson, Ed.D.
EIT ICT Labs ICT Innovation & Education & Business Our mission is to foster innovative technology and entrepreneurial talent for economic growth and quality.
RPL as a strategic opportunity RTO good practice workshop 04/08 RPL as a strategic opportunity…  Introductions  RPL directions o Where are we now? 
Regulatory Transparency and Efficiency in the Communications Industry in Australia Jennifer Bryant Office of Regulation Review Australia.
Office of Management and Budget NDIA Program Management Systems Committee May 3, 2005 EVMS Compliance Requirements David Muzio.
EGovOS Panel Discussion CIO Council Architecture & Infrastructure Committee Subcommittee Co-Chairs March 15, 2004.
Chapter 11 Managing Application Development. Agenda Application management framework Application management issues Criteria for development approach Development.
1 EDI, Supply Chain Management, and Global Information Systems Chapter 11.
MARY-ALICE PATON Partner Network of Procurement Professionals Procuring Locally: Supplier Relationships, the Law and Tensions.
Kathy Corbiere Service Delivery and Performance Commission
Prepared by: Adam Pugh May Public Law Core Competencies Demonstrating Compliance DOE’s plan Facilities Management Institute Benefits 2.
Virginia Office of Public-Private Partnerships (VAP3) Adopted Public-Private Transportation Act (PPTA) enabling legislation in 1995 Public-Private Education.
Strategic Agenda We want to be connected to the internet……… We may even want to host our own web site……… We must have a secure network! What are the.
Presentation to the Local Authorities Revenue Management Association – October 2012 The role of the Office of the Information Commissioner.
A solid privacy and security approach Alf Moens, Corporate Security Officer SURF Evelijn Jeunink, Legal adviser, Corporate Privacy Officer SURF.
Leadership Guide for Strategic Information Management Leadership Guide for Strategic Information Management for State DOTs NCHRP Project Information.
Progress Report on the U.S. NSTIC Efforts Jack Suess – Delegate for Research, Development, Education & Innovation
April 2016 RM1045 Network Services: Developing Your Invitation to Tender (ITT) / Request for Proposal (RfP) Document Set.
Business Challenges in the evolution of HOME AUTOMATION (IoT)
Devices 10 billion Internet- connected devices by 2016 People 1 billion+ people use social media services today Cloud 30 % of data will live in or pass.
Department of Internal Affairs Disrupting Government Service Models Tim Occleshaw Government Chief Technology Officer Service and System Transformation.
Module 6: Business Application Software Audit Chapter 1: Business Application Software Audit 1.
OSEP Virtual Leadership Charlie Kniseley. Uniform Guidance: Internal Controls  Internal Controls ◦ 2 C.F.R Internal Controls are elevated as.
APEC E-Commerce Business Alliances Forum Jinjaing, China June 2016 Shintaro Hamanaka Institute of Developing Economies (IDE-JETRO) E-commerce Chapter.
SASSA’s Report to the Portfolio Committee
The IT Budgeting Process
Introduction to Up2U Peter Szegedi - GÉANT
Regulatory Transparency and Efficiency in the Communications Industry in Australia Jennifer Bryant Office of Regulation Review Australia.
General Data Protection Regulation
Data protection issues in regulatory investigations
Things We Should Consider Before Outsourced Software Testing.
Digital Government Initiative Initiation Department of Information Technology Estevan Lujan, Acting Cabinet Secretary Susan Pentecost, Managing Director,
Presentation to the INTOSAI Working Group on IT Audit Systems assurance and data analytics for continued audit quality and improved efficiency of audits.
Purchasing & IT Security Originally Presented at Fall ACCBO
Single Cell’s Progenitor Powered by Microsoft Azure Improves Organisational Efficiency with Strategic Procurement, Contract Management, and Analytics MICROSOFT.
Agenda Why this group exists Who is behind it
Presentation transcript:

Cloud Data Privacy and Data Sovereignty Chris Dury

Agenda Government Leadership Australian and State Government Frameworks for Mortals Managing and Evaluating Risk Office 365 Compliance

Australian Government Leadership Opens $5B in ICT spending to cloud Requires federal agencies to consider cloud

Australian Government Leadership GOAL:- “The Australian Government will be a leader in the use of cloud services to achieve greater efficiency, generate greater value from ICT investment, deliver better services and support a more flexible workforce STATEMENT:- Australian Government agencies will: - consider cloud services for new ICT procurements - commence procurement of public cloud services for their test & dev needs, as appropriate value for money - transition public facing websites to public cloud hosting at natural ICT refresh points - establish info sharing initiatives to facilitate continual improvement, case studies, risk models, lessons etc

SA Government Leadership Discussion Paper which focuses on the importance of “connectedness” and improving the state’s ability to innovate Digital by default Moving from… Buying software to buying services Big monolithic projects to rapid prototyping Competing for resources to sharing first Little mention of… Social Computing Cloud Computing

Security Policies and Frameworks Standards

What does it mean for Office 365? ISMF Standard 12 - Section Risk identification associated with external organisations - Responsible Parties must conduct a thorough risk assessment in accordance with Section 5.1 of the PSMF and supported by the Government of South Australia Risk Management Policy Statement prior to granting access to information and/or information processing facilities by any External Organisation ISMF Standard 13 Access provided to third parties (including customers, contractors etc.) shall be controlled based on the specific business requirements of the Responsible Party

So… There are no specific aversions to cloud based technologies, and There are no requirements for cloud infrastructure to be hosted in Australia If… A Risk Assessment is completed, and The Business Requirements are compatible

Because… Privacy Act 1988 Schedule 3 – National Privacy Principles – 9 – Trans border Data flows An organisation in Australia or an external Territory may transfer personal information about an individual to someone (other than the organisation or the individual) who is in a foreign country only if: (a) the organisation reasonably believes that the recipient of the information is subject to a law, binding scheme or contract which effectively upholds principles for fair handling of the information that are substantially similar to the National Privacy Principles; or

Risk Assessment

Office 365 Compliance

Bridging the gap Use Rights Management Service E3,E4 or On-Premise Use your Risk Assessment to build a Classification Scheme and don’t store certain data in the cloud Office 365 provides What you need to do

Questions & Next steps Microsoft is working to reduce uncertainty with PSPF, ISMF More Risk Analysis Tools coming

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.