Privacy Impact Assessment Workshop Maureen H Falconer Sr Guidance & Promotions Manager Scotstat Public Sector Analysts Network 30 September 2010.

Slides:



Advertisements
Similar presentations
London Public Health Transition Delivery Board
Advertisements

Introduction to Information Governance (IG)
Allan Wick, CFE, CPP, PSP, PCI, CBCP Chief Security Officer WECC Joint Meeting October 8, 2014.
SEMINAR NAIC/ASSAL/SVS REGULATION & SUPERVISION OF MARKET CONDUCT © 2014 National Association of Insurance Commissioners Overview and Purpose of Market.
<<Date>><<SDLC Phase>>
Getting data sharing right for every child
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.
Privacy by Design Maureen H Falconer Sr Guidance & Promotions Manager Building a Successful Information Sharing Partnership: Privacy by Design 13 August.
1 CEER How to balance the public’s concerns and critical infrastructure construction Matti Vainio, Deputy HoU DG ENV – C.5, European Commission.
Data Protection and Records Management
Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.
Office of Inspector General (OIG) Internal Audit
The Value in Conducting a Privacy Impact Assessment
Vulnerability Assessments
© 2012 McGladrey LLP. All Rights Reserved.© 2014 McGladrey LLP. All Rights Reserved. © 2012 McGladrey LLP. All Rights Reserved. © 2013 McGladrey LLP. All.
Keeping on top of the Cloud - Compliance from a Regulator’s Perspective Henry Chang, IT Advisor Office of the Privacy Commissioner for Personal Data, Hong.
The ICO and the DPA Ken Macdonald Assistant Commissioner Information Commissioner’s Office ScotStat Public Sector Analysts Network 30 th September 2010.
Data Sharing and Good Practice Maureen H Falconer Sr Policy Officer Information Commissioner’s Office.
Internal Auditing and Outsourcing
Corporate Social Responsibility- do we need a Statutory Instrument? Presented to the Zambia Alternative Mining Indaba conference- July 17, 2013 Sombo Chunda,
The Information Commissioner’s Office David Evans.
K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss
SROC Conference Data Sharing – The New Culture? Elaine Fletcher, Senior Associate, Eversheds LLP April 2008.
Assessment Improvement Maureen McEnaney Safeguarding & Review Manager Every Child Matters.
Finance and Governance Workshop Data Protection and Information Management 10 June 2014.
Designing Smart Cities Conference University of Strathclyde, Glasgow 31 st March 2015 “Regulating Smart Cities: Policing & Privacy” Paul Mackie Chief Executive.
Process for Analysis  Choose a standard / type  Qualitative / Quantitative Or  Formal / Informal  Select access controls  Match outcome to project.
Information Sharing Sheila Logan Information Commissioner’s Office Employability Partnership Event Glasgow 13 August 2009.
Data Protection Act obligations and pseudonymisation Dawn Monaghan Group Manager Information Commissioners Office.
Privacy Impact Assessments Iain Bourne, Group Manager, Policy Delivery Information Commissioner’s Office, UK Workshop on data protection and the internet:
Processing personal health data: the regulator’s perspective Ken Macdonald Assistant Commissioner Information Commissioner’s Office.
Information Commissioner’s Office Sheila Logan Operations and Policy Manager Information Commissioner’s Office Business Matters 20 May 2008.
Let Ascension take your business to new heights Tender Manager Scott Warnock Andrew Smillie.
Bank Audit. Internal Audit Internal audit is an independent, objective assurance activity and can give valuable insight in providing assurance that major.
E-Privacy in the New Economy Conference, Hong Kong, 26 March PRIVACY IMPACT ASSESSMENT PIA: Some Approaches, Issues and Examples Blair Stewart Assistant.
Information Sharing Workshop Maureen H Falconer Sr Guidance & Promotions Manager MIS Event Glasgow 13 August 2009.
Office of Audit Services Risk Assessment California Public Employees’ Retirement System A.
The privacy risks and rewards of distributed identity Conference Presentation (8 September 2003) Surveillance and Privacy 2003, University of New South.
Data Sharing – Back to Basics Ken Macdonald Assistant Commissioner Information Commissioner’s Office National Community Safety Convention 10 September.
Page 1 Committee presentation An overview of the external audit process and types of audits 12 May 2010.
©2008 Grant Thornton UK LLP. All rights reserved. Partner CAA Use of Resources Workshop Halifax 18 May 2009.
International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.
INTRODUCTION TO DATA PROTECTION An overview of the Irish Data Protection legislation.
1 The Privacy Impact Assessment Guidelines Guy Herriges Manager, Information and Privacy Office of the Corporate Chief Strategist, MBS November 2000.
Can you share? Yes you can!! Angus Council Adult Protection Maureen H Falconer, Senior Policy Officer Information Commissioner’s Office.
Information Sharing & Corporate Governance Dave Parsons, Information Governance Manager, City of Cardiff Council.
Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.
Getting data sharing right for every child Maureen H Falconer Senior Policy Officer Information Commissioner’s Office.
Record Keeping and Privacy Governance Record Keepers Workshop, 22 March 2016 Dr Elizabeth Coombs NSW Privacy Commissioner.
Internal Audit Section. Authorized in Section , Florida Statutes Section , Florida Statutes (F.S.), authorizes the Inspector General to review.
Multi-agency data sharing initiatives to support social policy interventions.
COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.
Information Compliance in Complaint Handling Ombudsman Association May 2013 Graham Smith – Deputy Information Commissioner and Director of Freedom of Information.
Qualifications Wales Update. -To ensure that qualifications and the qualification system in Wales are effective for meeting the reasonable needs of learners.
Incorporating Privacy Into Systems Development Methodology Phil Moleski Director Corporate Information Technology Branch Saskatchewan Health
Records management for the public sector 8 September 2016 Judith Jones - Group Manager Sue Markey - Senior Policy Officer Government and Society.
Understanding Privacy An Overview of our Responsibilities.
Why is fundraising so important?
Data Protection Officer’s Overview of the GDPR
CCTV and Surveillance October 2016.
Data Protection Session
The ISSAIs for Financial Audit ISSAIs
Mandatory Breach Reporting (isn’t *that* bad)
Neopay Practical Guides #2 PSD2 (Should I be worried?)
The ICO: New Powers and Penalties
Sean Whittaker University of Dundee 21 January 2019
Data Protection Privacy Impact Assessment Project Management Process V0.4 Last updated – 29/01/2019.
Presentation transcript:

Privacy Impact Assessment Workshop Maureen H Falconer Sr Guidance & Promotions Manager Scotstat Public Sector Analysts Network 30 September 2010

Recognising Privacy Risk

PIA Decision Tree Initial Assessment No further action Full scale PIA? Small scale PIA? Privacy compliance check? DP compliance check? NO Complete full scale PIA & privacy, DP & other compliance checks Complete small scale PIA & privacy, DP & other compliance checks Complete privacy, DP & other compliance checks Complete DP compliance check YES

Initial Assessment Map PreparationStakeholder analysis Go through PIA screening questions to highlight privacy issues Decide level of assessment External information gathering Project outline

Denying anonymity or making identifiable previously anonymous transactions? Multiple organisational use? Increased volumes of data on individuals? Increased volumes of individuals? Processing data exempt from legislation? Disclosure to third parties not subject to comparable data protection? Will it involve… New or increased technology with substantial potential for privacy intrusion? New or re-using identifiers, intrusive identification/ authentication/ management processes? New handling processes for sensitive data? New or increased data matching? Increased public security measures? …do a full scale PIA.

If not, will it involve… New/changed data quality assurance processes and standards which may be unclear/unsatisfactory? New/changed data security arrangements which may be unclear/unsatisfactory? New/changed data access or disclosure arrangements which may be unclear/permissive? New/changed data retention arrangements which may be unclear/extensive? Changing medium of disclosure making data more readily accessible than before? …do a small scale PIA.

PIA Process Map Preliminary workPreparationDocumentation: conclusions & recommendations Review and audit Internal analysis External consultation/ information gathering

Identifying privacy risk… Personal Information Issues Issues around use of Identifiers Function Creep Centralisation of Data Vulnerability of Individuals Upholding Individuals’ Rights Identifying privacy solutions… Acceptance Mitigation Avoidance

Compliance Privacy Law: HRA; PECR; Law of Confidence Vires Statutory obligations/restrictions/prohibitions Data Protection: Schedule Conditions DP Principles Exemptions

Key Points The PIA is a process to consider privacy risk which provides: All-round perspective; Understanding of acceptability; Understanding of negative privacy impact; Justification for privacy intrusion Opportunities to lessen negative impact; Consideration of less privacy-invasive alternatives; Evidence based decision-making.

Information Commissioner’s Office Hanover Street Edinburgh EH2 1DJ

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.