Presentation is loading. Please wait.

Presentation is loading. Please wait.

Katrine Evans: Current issues Key themes in enquiries and complaints “Privacy at work” Neil Sanson: Risk Data breach guidelines Data encryption Combining.

Published byWillis May Modified over 8 years ago

Similar presentations

Presentation on theme: "Katrine Evans: Current issues Key themes in enquiries and complaints “Privacy at work” Neil Sanson: Risk Data breach guidelines Data encryption Combining."— Presentation transcript:

1

2 Katrine Evans: Current issues Key themes in enquiries and complaints “Privacy at work” Neil Sanson: Risk Data breach guidelines Data encryption Combining datasets

3 Just a few of our current issues Code making – review of the Credit Reporting Privacy Code Policy – comments on the Immigration Bill Technology – layered privacy notice project Information matching – encryption International – implementation of APEC Privacy Framework eg through trustmarks Privacy (Cross-Border) Amendment Bill

4 “Personal affairs” Section 56 of the Privacy Act

5

6 Protecting information on portable media Principle 5

7

8 Preventing employee browsing Principle 5 again

9

10 PRIVACY AT WORK

11 http://www.verizonbusiness.com/resources/security/databreachreport.pdf 66% involved data the victim did not know was on the system 75% of breaches were not discovered by the victim 83% of attacks were not highly difficult 85% of breaches were the result of opportunistic attacks 87% were considered avoidable through reasonable controls

12 http://www.verizonbusiness.com/resources/security/databreachreport.pdf “the length of time between the attacker’s initial entry into the corporate network and the compromise of information is relatively short.” … “this was accomplished within minutes or hours in just under half of cases investigated.” “In sharp contrast, it takes much longer for organizations to discover a compromise. Months or even years transpired...”

13 http://www.berr.gov.uk/files/file45714.pdf “Companies that carry out formal risk assessment are twice as likely to detect unauthorised access by staff or attacks on network traffic and nearly four times as likely to detect identity theft as those that do not.”

14 “Decisions should take account of the wider context of the risk and include consideration of the tolerability of the risks borne by parties other than the organisation that benefits from it.” [3.5]

15 http://eval.symantec.com/mktginfo/enterprise/white_papers/b-whitepaper_internet_security_threat_report_xiii_04-2008.en-us.pdf

16 http://www.idtheftcenter.org/artman2/uploads/1/Aftermath_2007_20080529v2_1.pdf Cost to Victim: existing accounts - $550.38 new accounts - $1,865.27 Cost to Business: $48,941.11 Victim hours repairing: existing accounts – 116 hours; new accounts – 157.87 hours 49% repaired in 6 months

17 Unauthorised access to or collection, use, or disclosure of personal information Most common privacy breaches happen when personal information of customers, patients, clients or employees is stolen, lost or mistakenly disclosed http://www.privacy.org.nz/privacy-breach- guidelines-2/ Privacy Breach Guidelines What is a privacy breach ?

18 Data Encryption Required for data transfers - physical media mostly now done - on-line transfers are under review - Government Shared Network (GSN) – expect encryption Can you call it ‘professional’ if you are not taking steps to protect data?

19 Combining Datasets Privacy Act as guidance when combing datasets

Download ppt "Katrine Evans: Current issues Key themes in enquiries and complaints “Privacy at work” Neil Sanson: Risk Data breach guidelines Data encryption Combining."

Similar presentations

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
8/25/20141 Portable/mobile devices and privacy in Local Government Dr Anthony Bendall Acting Victorian Privacy Commissioner.

8/25/20141 Portable/mobile devices and privacy in Local Government Dr Anthony Bendall Acting Victorian Privacy Commissioner.
Red Flag Rules: What they are? & What you need to do

Red Flag Rules: What they are? & What you need to do
SEMINAR NAIC/ASSAL/SVS REGULATION & SUPERVISION OF MARKET CONDUCT © 2014 National Association of Insurance Commissioners Overview and Purpose of Market.

SEMINAR NAIC/ASSAL/SVS REGULATION & SUPERVISION OF MARKET CONDUCT © 2014 National Association of Insurance Commissioners Overview and Purpose of Market.
BIOMETRICS, CCTV & DATA PROTECTION By Drudeisha Madhub Data Protection Commissioner Date: 09.07.14.

BIOMETRICS, CCTV & DATA PROTECTION By Drudeisha Madhub Data Protection Commissioner Date:
Helping you protect your customers against fraud Division of Finance and Corporate Securities.

Helping you protect your customers against fraud Division of Finance and Corporate Securities.
What to Know, What to Do Presentation Powered By: The Federal Trade Commission Consumer Protection Toolkit.

What to Know, What to Do Presentation Powered By: The Federal Trade Commission Consumer Protection Toolkit.
VIU Workshop: Creating a Culture of Privacy Awareness June 12, 2013 By Justin Hodkinson OIPC Policy Analyst/Investigator Office of the Information & Privacy.

VIU Workshop: Creating a Culture of Privacy Awareness June 12, 2013 By Justin Hodkinson OIPC Policy Analyst/Investigator Office of the Information & Privacy.
KDE Employee Training. What IS a Data Breach? Unauthorized release (loss or theft) of Sensitive or Confidential Data, such as PII, PHI, etc. On site or.

KDE Employee Training. What IS a Data Breach? Unauthorized release (loss or theft) of Sensitive or Confidential Data, such as PII, PHI, etc. On site or.
The Privacy Office U.S. Department of Homeland Security Washington, DC 20528 t: 703-235-0780; f: 703-235-0442 Safeguarding.

The Privacy Office U.S. Department of Homeland Security Washington, DC t: ; f: Safeguarding.
PRIVACY COMPLIANCE An Introduction to Privacy Privacy Training.

PRIVACY COMPLIANCE An Introduction to Privacy Privacy Training.
© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Management for a Global Enterprise.

© 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Privacy Management for a Global Enterprise.
 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.

 Guarantee that EK is safe  Yes because it is stored in and used by hw only  No because it can be obtained if someone has physical access but this can.
Www.oaic.gov.au Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.

The role of the Office of the Privacy Commissioner in telecommunications Andrew Solomon Director, Policy.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Client Server Security. Introduction Although client/server architecture is the most popular and widely used computing environment, it the most vulnerable.

Client Server Security. Introduction Although client/server architecture is the most popular and widely used computing environment, it the most vulnerable.
Information Commissioner’s Office: data protection Judith Jones Senior Policy Officer Strategic Liaison – public security 16 November 2011.

Information Commissioner’s Office: data protection Judith Jones Senior Policy Officer Strategic Liaison – public security 16 November 2011.
Chapter 16 16-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Client Server Security DeSiaMorePowered by DeSiaMore1.

Client Server Security DeSiaMorePowered by DeSiaMore1.

Similar presentations

Ads by Google