Katrine Evans: Current issues Key themes in enquiries and complaints “Privacy at work” Neil Sanson: Risk Data breach guidelines Data encryption Combining.

Slides:

Advertisements

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

Advertisements

8/25/20141 Portable/mobile devices and privacy in Local Government Dr Anthony Bendall Acting Victorian Privacy Commissioner.

Red Flag Rules: What they are? & What you need to do

SEMINAR NAIC/ASSAL/SVS REGULATION & SUPERVISION OF MARKET CONDUCT © 2014 National Association of Insurance Commissioners Overview and Purpose of Market.

BIOMETRICS, CCTV & DATA PROTECTION By Drudeisha Madhub Data Protection Commissioner Date:

Helping you protect your customers against fraud Division of Finance and Corporate Securities.

What to Know, What to Do Presentation Powered By: The Federal Trade Commission Consumer Protection Toolkit.

VIU Workshop: Creating a Culture of Privacy Awareness June 12, 2013 By Justin Hodkinson OIPC Policy Analyst/Investigator Office of the Information & Privacy.

KDE Employee Training. What IS a Data Breach? Unauthorized release (loss or theft) of Sensitive or Confidential Data, such as PII, PHI, etc. On site or.

The Privacy Office U.S. Department of Homeland Security Washington, DC t: ; f: Safeguarding.

PRIVACY COMPLIANCE An Introduction to Privacy Privacy Training.

© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Management for a Global Enterprise.

 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Client Server Security. Introduction Although client/server architecture is the most popular and widely used computing environment, it the most vulnerable.

Information Commissioner’s Office: data protection Judith Jones Senior Policy Officer Strategic Liaison – public security 16 November 2011.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Client Server Security DeSiaMorePowered by DeSiaMore1.

Data Protection Act. Lesson Objectives To understand the data protection act.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Columbia University Medical Center Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy & Information Security Training 2009.

First steps for a data protection commissioner: Some suggestions from New Zealand Katrine Evans Assistant Commissioner (Legal and Policy) Kuala Lumpur,

Privacy and Security Risks in Higher Education

Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.

Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.

Data Protection and You Your Rights & The Law Registration Basics Other Activities Disclaimer: This presentation only provides an introductory info. Please.

Case Study: Department of Revenue Data Breach National Association of State Auditors, Comptrollers and Treasurers March 21, 2013.

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #6 Forensics Services September 10, 2007.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.

Investigating Rights and Responsibilities at work

EU Data Protection IT Governance view Ger O’Mahony 12 th October 2011.

John Carpenter & lecture & Information Security 2008 Lecture 1: Subject Introduction and Security Fundamentals.

Mayer Brown is a global legal services organization comprising legal practices that are separate entities ("Mayer Brown Practices"). The Mayer Brown Practices.

Information Commissioner’s Office Sheila Logan Operations and Policy Manager Information Commissioner’s Office Business Matters 20 May 2008.

HIPAA BASIC TRAINING Presented by Anderson Health Information Systems, Inc.

Custom Corporate Consulting and Training Fraud: Detecting and Preventing Presented October 30, 2010 To University of Texas at Arlington Executive MBA Students.

PIPEDA and Receivables Management Robin Gould-Soil Receivables Management Association of Canada November 16, 2011.

Risk Management & Corporate Governance 1. What is Risk?  Risk arises from uncertainty; but all uncertainties do not carry risk.  Possibility of an unfavorable.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

The Internet of Things and Consumer Protection

SCHOOLS FINANCE OFFICERS MEETINGS Records Management, “Paper-Lite” Environments and Procedures when a school closes Elizabeth Barber.

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. State of Network Security.

1Copyright Jordan Lawrence. All rights reserved. U. S. Privacy and Security Laws DELVACCA INAUGURAL INHOUSE COUNSEL CONFERENCE April 1, 2009 Marty.

Visibility. Intelligence. response Information Security: Risk Management or Business Enablement? Mike Childs Vice President Rook Security.

APEC Privacy Framework “The lack of consumer trust and confidence in the privacy and security of online transactions and information networks is one element.

New EU General Data Protection Regulation Conference 2016 Managing a Data Breach Prevention-Detection-Mitigation By Gerard Joyce Dun Laoghaire Feb 24 th.

Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.

1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.

Enterprise Mobility Suite: Simplify security, stay productive Protect data and empower workers Unsecured company data can cost millions in lost research,

-1- WORKSHOP ON DATA PROTECTION AND DATA TRANSFERS TO THIRD COUNTRIES Technical and organizational security measures Skopje, 16 May - 17 May 2011 María.

Welcome to the ICT Department Unit 3_5 Security Policies.

Information Governance A refresher for all staff who have previously gone through the full course.

Law Firm Data Security: What In-house Counsel Need to Know

GDPR 12 POINTS 679/2016 DATA LEX 2016.

Privacy principles Individual written policies

Data protection headaches: GDPR, brexit AND perimeter risk

Unfortunately, any small business could face the risk of a data breach or cyber attack. Regardless of how big or small your business is, if your data,

Cyber Issues Facing Medical Practice Managers

Move this to online module slides 11-56

Cybersecurity compliance for attorneys

Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .

Tools & Approaches for Ongoing Privacy Compliance

HIPAA Privacy and Security Update - 5 Years After Implementation

Presentation transcript:

Katrine Evans: Current issues Key themes in enquiries and complaints “Privacy at work” Neil Sanson: Risk Data breach guidelines Data encryption Combining datasets

Just a few of our current issues Code making – review of the Credit Reporting Privacy Code Policy – comments on the Immigration Bill Technology – layered privacy notice project Information matching – encryption International – implementation of APEC Privacy Framework eg through trustmarks Privacy (Cross-Border) Amendment Bill

“Personal affairs” Section 56 of the Privacy Act

Protecting information on portable media Principle 5

Preventing employee browsing Principle 5 again

PRIVACY AT WORK

66% involved data the victim did not know was on the system 75% of breaches were not discovered by the victim 83% of attacks were not highly difficult 85% of breaches were the result of opportunistic attacks 87% were considered avoidable through reasonable controls

“the length of time between the attacker’s initial entry into the corporate network and the compromise of information is relatively short.” … “this was accomplished within minutes or hours in just under half of cases investigated.” “In sharp contrast, it takes much longer for organizations to discover a compromise. Months or even years transpired...”

“Companies that carry out formal risk assessment are twice as likely to detect unauthorised access by staff or attacks on network traffic and nearly four times as likely to detect identity theft as those that do not.”

“Decisions should take account of the wider context of the risk and include consideration of the tolerability of the risks borne by parties other than the organisation that benefits from it.” [3.5]

Cost to Victim: existing accounts - $ new accounts - $1, Cost to Business: $48, Victim hours repairing: existing accounts – 116 hours; new accounts – hours 49% repaired in 6 months

Unauthorised access to or collection, use, or disclosure of personal information Most common privacy breaches happen when personal information of customers, patients, clients or employees is stolen, lost or mistakenly disclosed guidelines-2/ Privacy Breach Guidelines What is a privacy breach ?

Data Encryption Required for data transfers - physical media mostly now done - on-line transfers are under review - Government Shared Network (GSN) – expect encryption Can you call it ‘professional’ if you are not taking steps to protect data?

Combining Datasets Privacy Act as guidance when combing datasets