Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data Protection in e-Voucher Systems Joel Urbanowicz Manager, ICT Deployment Services Catholic Relief Services.

Published byClara Wheeler Modified over 8 years ago

Similar presentations

Presentation on theme: "Data Protection in e-Voucher Systems Joel Urbanowicz Manager, ICT Deployment Services Catholic Relief Services."— Presentation transcript:

1 Data Protection in e-Voucher Systems Joel Urbanowicz Manager, ICT Deployment Services Catholic Relief Services

2 Agenda The Importance of Data Protection The Data Lifecycle Red Rose and the Local Context Risk Assessments Data Mapping Takeaways and Resources 2

3 THE IMPORTANCE OF DATA PROTECTION 3

4 Why Data Protection? Donor Requirements (ex. DFID) Policy Compliance (especially in the EU) Ethical obligation to our beneficiaries 4

5 What is Data Protection? NOUN 1.legal safeguards to prevent misuse of information stored on computers, particularly information about individual people 2.the adoption of administrative, technical, or physical deterrents to safeguard computer data 5

6 Data Privacy & Protection Risks 6 Consent/Privacy Risk Misuse/Disclosure Risk Breach/Surveillance Risk

7 Applying Data Protection in Cash and e-Transfer Programs The Cash Learning Partnership (CaLP) defines the following principles in their 2013 publication “Protecting Beneficiary Privacy”:Protecting Beneficiary Privacy 1.Respect 2.Protect by Design 3.Understand Data Flows and Risks 4.Quality and Accuracy 5.Obtain Consent or Inform Beneficiaries as to the Use of Their data 6.Security 7.Disposal 8.Accountability 7

8 THE DATA LIFECYCLE 8

9 9

10 What is the Data Lifecycle? 10 Planning Collecting Storing Using / Analyzing Sharing Retention / Destruction

11 Data Protection Concerns Across the Lifecycle 11 Planning Collecting Storing Using / Analyzing Sharing Retention / Destruction Data Minimization Informed Consent Collection Device Security Database Security Access Management Re-identification Unauthorized Export Stale Data Data as a Liability Terms of Use Unauthorized Sharing

12 RED ROSE AND THE LOCAL CONTEXT 12

13 e-Voucher Programs in Northeast Nigeria 13

14 e-Voucher Programs in Northeast Nigeria 14 Program 1Program 2 # of Beneficiaries (IDPs)~3,500 households~12,000 households # of Vendors~50~100 # of Distinct Communities28 Type of RegistrationDigitalPaper Program Staff Access to Distribution Sites? NoYes Mobile Connectivity?No

15 Why Red Rose? Card-based voucher system Electronic voucher distribution Vendor network creation without connection to existing payment card networks Offline capabilities Device-to-device synchronization 15

16 RISK ASSESSMENTS 16

17 Executing a Risk Assessment Must answer the following questions: What are we trying to protect? What is valuable? Who might be interested? What capabilities does each threat actor have? What are the consequences of a breach? How might we mitigate identified risks? 17

18 Displacement, Loss of Life Extortion, Loss of Life Financial Fraud, Theft Targeted Violence at Events Financial Fraud, Theft, Program Disruption Staff Harassment, Loss of Life Staff Harassment, Kidnapping, Theft Beneficiary Harassment Beneficiary PII Vendor PII Sales Data Activity & Event Data Financial Data Staff PII Operational Data M&E Data Protected Data and the Consequences of Breach 18 Type of DataConsequences of Breach

19 Threat Actors and Their Capabilities 19 High Medium Low Federal Government Military Boko Haram Yahoo Boys Other NGOs Local Government Community Leaders Community Opposition Threat ActorsCapability

20 Mapping Data to Threat Actors 20 Beneficiary PII Staff PII Activity & Event Data Vendor PII Federal Government Boko Haram Yahoo Boys Community Opposition DataThreat Actors How do we mitigate these risks? – Data Minimization, Encryption

21 DATA FLOW MAPPING 21

22 Program 1 22 Beneficiary PII leaves an access controlled environment, resulting in a complete loss of control. Can be remedied by creating an interface between iFormBuilder and Red Rose, or by using Red Rose Collect for registration

23 Program 2 23 Beneficiary PII is stored in personal Dropbox folders that are not managed by the agency. Can be remedied by using an agency-managed online file storage system with appropriate access control.

24 TAKEAWAYS AND RESOURCES 24

25 Major Takeaways Data Protection is a donor, legal, and ethical requirement Consider the entire data lifecycle Perform a data risk assessment during program design Map your data flow and mitigate data breach risks 25

26 Resources Protecting Beneficiary Privacy: Principles and operational standards for the secure use of personal data in cash and e-transfer programs – Privacy framework developed by the Cash Learning PartnershipProtecting Beneficiary Privacy: Principles and operational standards for the secure use of personal data in cash and e-transfer programs ELAN Data Management and Protection Starter Kit Dialing Down Risk – Paper published by the New America Foundation on the reduction of privacy-related risks in development programs using mobile technologyDialing Down Risk Data Protection Laws of the World – Interactive map, developed by the law firm DLA Piper, of data privacy and protection laws around the worldData Protection Laws of the World Africa ICT Policy Database – A new resource from the Strathmore Law School in Nairobi, Kenya aggregating all ICT Policy across AfricaAfrica ICT Policy Database Aiding Surveillance – A report, published by Privacy International, on how the misuse of technology can pose serious threats to human rightsAiding Surveillance Principles for Digital Development – Check here for new guidance and tools as they become availablePrinciples for Digital Development 26

Download ppt "Data Protection in e-Voucher Systems Joel Urbanowicz Manager, ICT Deployment Services Catholic Relief Services."

Similar presentations

Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.

Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.
Database Administration and Security Transparencies 1.

Database Administration and Security Transparencies 1.
NEW TECHNOLOGIES IN CASH TRANSFER PROGRAMMING. PURPOSE AND SCOPE OF THE STUDY Review of new technologies applied to humanitarian CTP at every stage of.

NEW TECHNOLOGIES IN CASH TRANSFER PROGRAMMING. PURPOSE AND SCOPE OF THE STUDY Review of new technologies applied to humanitarian CTP at every stage of.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.

Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.
The Islamic University of Gaza

The Islamic University of Gaza
Information Security Policies and Standards

Information Security Policies and Standards
Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.

Insights on the Legal Landscape for Data Privacy in Higher Education Rodney Petersen, J.D. Government Relations Officer and Security Task Force Coordinator.
Data Retention LIS 550 Winter 2010 Unsworth Tuesday, March 02, 2010.

Data Retention LIS 550 Winter 2010 Unsworth Tuesday, March 02, 2010.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Are Large Scale Data Breaches Inevitable? Douglas E. Salane Center for Cybercrime Studies John Jay College of Criminal Justice Cyber Infrastructure Protection.

Are Large Scale Data Breaches Inevitable? Douglas E. Salane Center for Cybercrime Studies John Jay College of Criminal Justice Cyber Infrastructure Protection.
Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.

Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Electronic Banking BY Bahaa Abas Noor abo han. Definition * e-banking is defined as: …the automated delivery of new and traditional banking products and.

Electronic Banking BY Bahaa Abas Noor abo han. Definition * e-banking is defined as: …the automated delivery of new and traditional banking products and.
Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.

Obtaining, Storing and Using Confidential Data October 2, 2014 Georgia Department of Audits and Accounts.
Privacy and Security Risks in Higher Education

Privacy and Security Risks in Higher Education
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
Chapter 10: Ethics, Privacy, and Security Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall Chapter 10 - 1.

Chapter 10: Ethics, Privacy, and Security Copyright © 2013 Pearson Education, Inc. publishing as Prentice Hall Chapter
Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.

Your cybersecurity breach will happen! Here’s what to do to mitigate your risk Thursday, 25 September 2014.
General Awareness Training

General Awareness Training

Similar presentations

Ads by Google