EU Data Protection IT Governance view Ger O’Mahony 12 th October 2011.

Slides:

Advertisements

Similar presentations

EU Privacy Directive. What is a directive? A piece of European legislation, passed by bureaucrats, addressed to member states Member states must ensure.

Advertisements

 Q. Should we keep electronic records  Q. Do you purchase a software package  Q. Do you develop your own package  Q. What solution would be most cost.

CHARTERED SECRETARIES AUSTRALIA New Privacy Laws 6 June 2013.

Privacy An Overview for Staff Prepared by MSM Compliance Services Pty Ltd.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Data Protection and Records Management

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

1 Pertemuan 7 Points of Exposure Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.

ORGANISATIONAL SYSTEMS SECURITY Unit 15 Lecture 6

Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal.

Copyright © 2015 Pearson Education, Inc. Confidentiality and Privacy Controls Chapter

Information Commissioner’s Office: data protection Judith Jones Senior Policy Officer Strategic Liaison – public security 16 November 2011.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Overview

Practical Information Management

Regulation of Personal Information Daniel Pettitt, Leon Sewell and Matthew Pallot.

General Purpose Packages

7-Oct-15 Threat on personal data Let the user be aware Privacy and protection.

Privacy & Personal Information Prepared by the CBC Law Department CONFIDENTIAL – FALL 2011.

Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.

OCR Nationals Level 3 Unit 3.  To understand how the Data Protection Act 1998 relates to the data you will be collecting, storing and processing  To.

IMPACTS ON THE LIBRARY What do we have to do? What are the AODA requirements?

Data Protection Act AS Module Heathcote Ch. 12.

Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.

The Data Protection Act [1998]

The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;

Data Protection and Records Management. Key Responsibilities - Record Management Keep Information Accurate Disclose only if compatible with purpose for.

Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office.

Yes. You’re in the right room.. Hi! I’m David (Hi David!)

THE DATA PROTECTION ACT Data Protection Act 1998 DPA 1. Reasons2. People3. Principles 4. Exemptions 4 key points you need to learn/understand/revise.

INTRODUCTION TO DATA PROTECTION An overview of the Irish Data Protection legislation.

Information Technology & Ethics. Impact The impact of IT on information and communication can be categorized into 4 groups: privacy, accuracy, property,

1 Role of the Data Protection Officer Donald Henderson Information Compliance Manager 30 September 2010.

M ORAL AND ETHICAL ISSUES. Use and Abuse of Personal and Private Data All the information stored on Computer is governed by law or legislation. The main.

Legal framework Look at the legal compliance and framework a business is subject to.

Data Protection Act The Kingsway School. What is Covered? The act was made law in 1984 and was updated in It covers the storage of personal data.

DATA PROTECTION AND RUNNING A COMPLIANT PUB WATCH SCHEME Nigel Connor Head of Legal –JD Wetherspoon PLC.

Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.

Data protection—training materials [Name and details of speaker]

AND CE-Prof, Inc. January 28, 2011 The Greater Chicago Dental Academy 1 Copyright CE-Prof, Inc

Neil Thacker, Information Security & Strategy Officer, EMEA EU DATA PROTECTION -

Education Update Data Protection

GDPR 12 POINTS 679/2016 DATA LEX 2016.

Surveillance around the world

CISI – Financial Products, Markets & Services

Privacy principles Individual written policies

Privacy principles Individual written policies

General Data Protection Regulations: what you really need to know

Data Protection Legislation

PERSONAL DATA PROTECTION ACT 2010

GDPR - Individual’s Rights

GENERAL DATA PROTECTION REGULATION (GDPR)

Sue Cawthray, CEO/ Gill Thrush, Catering Manager

GDPR and Health and Safety

G.D.P.R General Data Protection Regulations

The new data protection rules

Data Protection and Running a Compliant Pub Watch SCHeme

General Data Protection Regulation

Data Protection principles

Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .

GDPR (General Data Protection Regulation)

Information management and communication

General Data Protection Regulations 2018

GDPR Quiz Today’s trainer: Click here to use Kahoot! 1

Mandatory Breach Reporting (isn’t *that* bad)

#eaThinkData Get Ready for GDPR #eaThinkData.

What Governors need to know about GDPR

Getting Ready For GDPR Simon Marks Director

Presentation transcript:

EU Data Protection IT Governance view Ger O’Mahony 12 th October 2011

Data Protection – so what? Damage to reputation HSE – SONY – T.K.MAXX-NHS Risk to information infrastructure DOS – SLAs- AUDIT-BCP/DR Financial penalties Communication – recovery - Fines

Data Protection seven principles enshrined in EU Directive 94/46/EC Notice : subjects whose data is being collected should be given notice of such collection. Disclosure: subjects whose personal data is being collected should be informed as to the party or parties collecting such data. Does the individual know their data is being held and what their data will be used for by the data controller ? Is CCTV in use, if so is the public notified and are cameras in the right locations ? If monitoring controls are in effect has an individual been notified and the reason for monitoring been communicated ? Consent: personal data should not be disclosed or shared with third parties without consent from its subject(s). Do data controller staff know if/when to pass personal information when asked ? Is access to personal data limited to those on a need to know basis ?

Data Protection seven principles enshrined in EU Directive 94/46/EC Purpose: data collected should be used only for stated purpose(s) and for no other purpose. As a data controller does the organisation need this individual’s information, does the data controller know what the data will be used for ? Security: once collected, personal data should be kept safe and secure from potential abuse, theft or loss. Is personal data - in physical and electronic record formats securely stored ? - up to date ? - deleted/destroyed when no longer required ? - held on mobile devices which are encrypted ? Access: subjects should be granted access to their personal data and be allowed to correct any inaccuracies. In the event of a subject access request are procedures and processes in place ? Accountability: subjects should be able to hold personal data collectors accountable for adhering to all seven of these principles. Is there a policy for dealing with data protection issues ? Are company staff aware of DPA requirement and do they understand their roles and responsibilities ? In the event of a data breach does the data controller know what to do and whom to contact ?

Data Protection – Cookie Monster? Directive 2009/136/EC Requires companies running a web site to get informed consent from users in order to store and retain information on their PC’s. Third party cookies are the problem – advertisers Impacts to T&C’s T&C’s need to be changed Existing customers must actively agree to revised terms Positive consent must be given for new terms