AIMS To raise awareness of some of the issues To offer advice on solutions To identify what might be considered as ‘best practice’ To launch new Policies.

Slides:



Advertisements
Similar presentations
Data Security Breach Code of Practice. Data Security Concerns Exponential growth in personal data holdings Increased outsourcing 3 rd countries cloud.
Advertisements

Examination of a Privacy Breach
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.
HIPAA Regulations What do you need to know?.
© HIPAA Continuity Planners HIPAA Mandates a PLAN! (beyond hardware and software) Presented in Partnership with.
Information Systems Services Protecting Data – Keeping Safe Kevin Darley, IT Security Co-ordinator 8 th November 2012.
Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.
Walking Through the Breach Notification Process - Beginning to End HIPAA COW Presentation and Panel April 8, 2011.
Finance and Governance Workshop Management of a Data Breach James Webster Hiscox Insurance.
Presentation slide 1.1 The government’s vision ‘My vision is one where schools are confidently, successfully and routinely exploiting ICT … By doing so.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
Wisconsin Knowledge & Concepts Examination (WKCE) Test Security Wisconsin Department of Public Instruction Office of Educational Accountability 06/26/2013.
Business Continuity Check List PageOne. - Why Does Your Business Need A Continuity Checklist? Should the unexpected occur, your business will be able.
Data Protection Act. Lesson Objectives To understand the data protection act.
Information Security Decision- Making Tool What kind of data do I have and how do I protect it appropriately? Continue Information Security decision making.
Practical Information Management
Emergency Planning Children and Young People’s Services
PAR CONFERENCE Homeland Defense A Provider’s Perspective Lessons from TMI Dennis Felty November 15, 2001.
Confidentiality, Consents and Disclosure Recent Legal Changes and Current Issues Presented by Pam Beach, Attorney at Law.
Insurance Institute for Business & Home Safety Even if the worst happens, be prepared to stay.
Yr 8 Camp Yr7 Res Yr7 Res.. The power of Learning Outside the classroom.
Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.
Arkansas State Law Which Governs Sensitive Information…… Part 3B
Internal Investigations: A primer Bob Cooper May 30, 2007.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
Recordkeeping for Councillors
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
Information Commissioner’s Office Sheila Logan Operations and Policy Manager Information Commissioner’s Office Business Matters 20 May 2008.
Note1 (Admi1) Overview of administering security.
FIRMA April 2010 DATA BREACHES & PRIVACY Christine M. Farquhar Managing Director, Compliance J.P. Morgan U.S. Private Banking.
Yr 8 Camp. Whether you are taking children off premises to visit the local museum or taking young people away for a full five days, we need to ensure.
12/12/2015 Data Protection Act /12/2015 The DP Act A law that protects personal privacy and upholds individual’s rights Anyone who handles personal.
Policy, Standards, Guidelines. NSF draft Article for FATC supplement The awardee is responsible for all information technology (IT) systems security and.
Staying ahead of the storm: know your role in information security before a crisis hits Jason Testart, IST Karen Jack, Secretariat.
1 Role of the Data Protection Officer Donald Henderson Information Compliance Manager 30 September 2010.
We’ve Had A Breach – Now What? Garfunkel Wild, P.C. 411 Hackensack Avenue 6 th Floor Hackensack, New Jersey Broadway Albany,
Data Security at Duke DECEMBER What happened: “At this time, we have no indication that research data or personal data managed by Harvard systems.
Privacy Information for Advisors. Agenda PIPEDA Advisor Required Privacy Program Our MGA Privacy Program Recommendations for Advisors.
Safeguarding Sensitive Information. Agenda Overview Why are we here? Roles and responsibilities Information Security Guidelines Our Obligation Has This.
Information Security January What is Information Security?  Information Security is about the physical security of our equipment and networks as.
1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.
Devon LMC workshop Kai Winterbottom, Group Manager, Good Practice Jonathan Kay, Lead Auditor, Good Practice Maria Dominey, Team Manager, Good Practice.
Final HIPAA Rule Special Training What you need to know to remain compliant with the new regulations.
Handling Personal Data & Security of Information Paula Trim, Information Officer, Children’s Strategic Services, Mon – Thurs 9:15-2:15.
Cale green primary School Family Forum Friday 23rd September 2016
Data protection and data sharing
Data protection for law firms Wednesday 13 July 12pm
Cale Green Primary School Family Forum Friday 23rd September 2016
2017.
CMGT 431 STUDY Lessons in Excellence--cmgt431study.com.
Privacy Breach Response and Reporting
GENERAL DATA PROTECTION REGULATION (GDPR)
Reporting personal data breaches to the ICO
Employee Performance and Conduct
Security Awareness Training: System Owners
Incident Reporting Webinar Begins at 12.30
INFORMATION GOVERNANCE
Red Flags Rule An Introduction County College of Morris
DATA BREACHES & PRIVACY Christine M
IT & Security Training Skills.
INFORMATION GOVERNANCE
2016.
Data protection and data sharing
Detecting, reporting & investigating data breaches under GDPR
The General Data Protection Regulation Six months on – What’s changed
2015.
Presentation transcript:

AIMS To raise awareness of some of the issues To offer advice on solutions To identify what might be considered as ‘best practice’ To launch new Policies and guidelines I was asked to choose a password with at least 8 characters in it ………

New Policies Information security management policy Incorporating: –Portable media policy –Reporting Information Security Events Policy –5 point Data Protection Breach Management plan –Remote Access agreement And other guidance documents –New starters / induction procedures –3 rd party access to data –Disposal of redundant equipment

Scenario 1 A request for information about a pupil is made by a Police officer relating to an alleged serious offence. The request is made over the phone. Can you give the officer the requested information 1)Over the telephone 2)At all?

Scenario 3 Sharing a teacher login on a classroom PC. Is this a Data Protection breach? Sharing a teacher login to SIMS on a classroom PC. Is this a Data Protection breach?

Scenario 5 A teacher takes home an unencrypted memory stick containing teaching resources and lesson plans. The teacher loses the memory stick. What are the implications for the school?

Scenario 6 A class teacher has written pupil reports and saved them to an unencrypted USB memory stick. The stick is lost on the school premises. What happens next?

Scenario 9 A school secretary is asked to fax a list of pupil names, addresses, dates of birth to a travel company hosting a school exchange visit. Is this appropriate? What procedure should be followed?

Data Breach Management Plan 1 Fundamental details: Location, Contacts, Incident outline; 2 Containment & Recovery: Recovery plan, Incident response, Damage limitation; 3 Data Risk Assessment: What type of information, How sensitive, Who is affected, Number, Consequences – serious? substantial? potential harm; 4 Notifications Who has been notified and notification evaluations 5 Evaluation/Conclusion Effectiveness of response, investigation, mitigating factors, improvements to risk management This is all about minimising the potential £ine the ICO may levy. 4A 4B 6

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.