Presentation is loading. Please wait.

Presentation is loading. Please wait.

Tools & Approaches for Ongoing Privacy Compliance

PublishSilvia Bradford Modified over 5 years ago

Similar presentations

Presentation on theme: "Tools & Approaches for Ongoing Privacy Compliance"— Presentation transcript:

1 Tools & Approaches for Ongoing Privacy Compliance
Pria Chetty Chetty Law

2 News Headlines

3 1 CCTV May not record conversations Information Commissioner
Rights of members of public vs Right to protect property

4

5

6 2

7 3 Lost a disk with details 370 000 policy holders
Password protected but not encrypted Post Norwich million pounds (controls) Nationwide pounds (laptop stolen)

8 Dissecting the Compliance Nightmare/ Legislative Scoping

9 Corporate Governance

10 Information Assets

11 Legislation/Statutes (E)
Compliance Mind Map Legislation/Statutes (E) Regulations (E) Standards (E/I) Policies (I) Guidelines (I) Codes (E/I) Charters (E/I)

12 Privacy Compliance King II Code ECT Act Companies Act EC Act RIC Act PAI Act King II Code ECT Act RIC Act PAI Act PPI Bill Consumer Protection Bill National Credit Act Consumer Protection Act Intellectual Property Legislation

13 Electronic Communications and Transactions Act 25 of 2002

14 Section 11 … Information is not without legal force and effect merely on the grounds that it is wholly or partly in the form of a data message… or is merely referred to in such data message…

15 Sufficiently Secure Payment Systems
…where a payment system was insufficiently secure, the supplier is required to compensate the consumer for any loss suffered…determined in accordance with the nature of transaction and technological standards applicable…

16

17

18 Cyber Crime …unauthorised access to, interception of, or interference with data, (computer-related extortion, fraud and forgery…and aiding and abetting…

19 The Constitution

20 Section 14(d) of the Constitution
“14. Everyone has the right to privacy, which includes the right not to have- (d) the privacy of their communications infringed.”…

21 Section 36 of the Constitution
… The rights in the Bill of Rights may be limited only in terms of law of general application to the extent that the limitation is reasonable and justifiable in an open and democratic society based on human dignity, equality and freedom, taking into account all relevant factors, including…

22 National Credit Act: Information Privacy

23 National Credit Act/ s 68 a right to confidential treatment of ‘confidential information’ received, compiled, retained or reported in terms of the Act …

24 National Credit Act/ Confidential Information/s 1
‘personal information that belongs to a person and is not generally available to or known by others’

25 National Credit Act/ s 68 confidentiality of such information must be protected by its holder and must be used only for a lawful purpose, must be disclosed only to the person to whom it relates or to a third party where required by law, by court order or order of the Consumer Affairs Tribunal created by the Act or ‘as directed by ... the instructions of the consumer’

26 Consumer Protection Bill

27

28

29

30

31 Compliance Health-check

32

33

34

35 Statement of Compliance/ Policies

36 Website Privacy Policy

37 Instant Messaging Policy

38 PPI Bill/ Suggested Compliance Methodology

39 1 Define the Organisation Legislative/ Regulatory Environment Industry
Media/ Technology Profile

40 2 Mapping Information Lifecycle collection, maintenance,
security, use, disclosure multi disciplinary

41

42 What information is the organisation receiving from third parties?
How is information collected What information is moving intra-departmentally? What information is moving from the organisation to third parties? What information is moving cross border?

43 Classification of Information
3 Classification of Information Personally Identifiable Anonymised Sensitive Categories & Format

44 4 Specific Questions (Principles) Collection
What information is collected without a user’s explicit knowledge and/or consent?

45 4 Specific Questions (Principles) Data Integrity
Is there a mechanism in place to allow users To access to their information?

46 4 Specific Questions (Principles) Security Identification,
Authorisation, Access

47 Privacy Documentation:
Agreements/ Policies 5 Review Policy Training & Awareness

48 Ongoing Compliance 6 Impact Assessment Template Update Policies

49 Online Resources

50

51

52

53

54 Pria Chetty pria@chettylaw. co. za 011 463 6368 083 384 4543 www
Pria Chetty

55 New Website Launch Date: 15/04/09
New Website Launch Date: 15/04/09

Download ppt "Tools & Approaches for Ongoing Privacy Compliance"

Similar presentations

ONLINE PRIVACY & DATA PROTECTION VERINE ETSEBETH.

ONLINE PRIVACY & DATA PROTECTION VERINE ETSEBETH.
Auditor General’s Office One key audit focus area – Compliance with Laws and Regulations.

Auditor General’s Office One key audit focus area – Compliance with Laws and Regulations.
Security Controls – What Works

Security Controls – What Works
Www.oaic.gov.au Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.

The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.
Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal.

Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal.
Property of Common Sense Privacy - all rights reserved 01875340890 THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.
Data Protection Overview

Data Protection Overview
Protecting information rights –­ advancing information policy Privacy law reform for APP entities (organisations)

Protecting information rights –­ advancing information policy Privacy law reform for APP entities (organisations)
Www.nationalsmartcardproject.org.uk www.scnf.org.uk National Smartcard Project Work Package 8 – Security Issues Report.

National Smartcard Project Work Package 8 – Security Issues Report.
Privacy and Security Risks in Higher Education

Privacy and Security Risks in Higher Education
Regulation of Personal Information Daniel Pettitt, Leon Sewell and Matthew Pallot.

Regulation of Personal Information Daniel Pettitt, Leon Sewell and Matthew Pallot.
ISMS for Mobile Devices Page 1 ISO/IEC 27001 Information Security Management System (ISMS) for Mobile Devices Why apply ISMS to Mobile Devices? Overview.

ISMS for Mobile Devices Page 1 ISO/IEC Information Security Management System (ISMS) for Mobile Devices Why apply ISMS to Mobile Devices? Overview.
Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.

Part 6 – Special Legal Rights and Relationships Chapter 35 – Privacy Law Prepared by Michael Bozzo, Mohawk College © 2015 McGraw-Hill Ryerson Limited 34-1.
EU Data Protection IT Governance view Ger O’Mahony 12 th October 2011.

EU Data Protection IT Governance view Ger O’Mahony 12 th October 2011.
Data Protection Act AS Module 1 10.8 Heathcote Ch. 12.

Data Protection Act AS Module Heathcote Ch. 12.
© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.

© 2013 The McGraw-Hill Companies, Inc. All rights reserved. Ch 8 Privacy Law and HIPAA.
The Data Protection Act 1998. What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;

The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;
PROTECTION OF PERSONAL DATA. OECD GUIDELINES: BASIC PRINCIPLES OF NATIONAL APPLICATION Collection Limitation Principle There should be limits to the collection.

PROTECTION OF PERSONAL DATA. OECD GUIDELINES: BASIC PRINCIPLES OF NATIONAL APPLICATION Collection Limitation Principle There should be limits to the collection.
Approved for Public Release. Distribution Unlimited. 1 Government Privacy Rick Newbold, JD, MBA, CIPP/G Futures Branch 28.

Approved for Public Release. Distribution Unlimited. 1 Government Privacy Rick Newbold, JD, MBA, CIPP/G Futures Branch 28.

Similar presentations

Ads by Google