Download presentation
Presentation is loading. Please wait.
1
Privacy, Security and Regulatory Compliance
Kristy Edwards Sr. Manager, Data Privacy Compliance Oracle Corporation
2
Oracle’s Experience Product solutions are tools for privacy
Leverage technology as part of compliance efforts
3
Oracle’s Experience Organizational measures are primary compliance tools Purpose (adequate/relevant data) Notice and Consent Technical measures are secondary tools Who gets access to system? What data can a person access? How do you track who has seen or changed PII?
4
Databases in the Enterprise
Web Sites HR Education Financials Storage in Databases
5
Oracle’s Experience Enforce security on the data, augment in applications Aids in privacy compliance because the data is always protected – cannot bypass security HR Finance SQL Report Writer Database
6
Granular Access Control
PII is often stored in columns within database tables Row-level access control and relevant columns “Column Masking” Values are masked due to the security policy Row-level security SSN Relevant column
7
Granular Access Control
Built to address data privacy requirements Segregation between name and PII FNAME LNAME SSN JACOB SMITH MARIA ALLEN MARY WARD STEVE JONES STEVEN MARTIN RAJIV BLAKE ROMAN CLARK SCOTT JONES JENN KING CHELSI TURNER DEREK ADAMS 11 rows selected.
8
Accountability via Auditing
Auditing is a key aspect of many privacy regulations and policies Identify access to PII Identify misuse of legitimate privilege Privacy-relevant columns Real-time alert Relevant columns CCN NAME
9
Granular Auditing Fewer, but more precise, audit records
Audit Analysis: reduce false or misleading audits makes it easier to analyze audit records Accountability and deterrence Real-time alert to detect violations Lends to privacy compliance
10
Recommendations Organizational measures come first Technical measures
Restrict who gets in Manage their identities and access rights Column level controls Audit to hold users accountable for their actions Software is a tool for privacy compliance But didn’t you mention oganizational measures – (sell my data to spammers, don’t give notice of how you’re using my data)
Similar presentations
