dpa seminar presentation
TRANSCRIPT
Are you a prisoner of outdated data handling processes?
DATA PROTECTION SEMINAR – THURSDAY 30 JULY 2015
Data Protection Act 1998
• Principles & Privacy
• Key Definitions
• Principles in Detail
• What the Act says about Security
• Individual Rights
• Latest from Europe
Personal Data
Personal data is not just a person’s name
It is any information that relates to or identifies a person and:
Is held on a computer
Is intended to be held on computer
Forms part of a ‘relevant filing system’
Forms part of an ‘accessible record’ (information relating to health or education)
Category ‘e’ data (Public Authorities only)
Doing ‘Big Data’ is possible,legal compliance is essential, inspiring public trust and confidence is indispensable
Introduction
•Imprisoned by bad habits?
•Practical examples
•What went wrong?
ChanceTHIS CARD MAY BE KEPT UNTIL NEEDED OR SOLD.GET OUT OF JAIL FREE
ChanceTHIS CARD MAY BE KEPT UNTIL NEEDED OR SOLD.GET OUT OF JAIL FREE
• How to set yourself free!
Human Error
Mistakes can happen:
• Wrong address
• Documents left behind
What moves can you make:
•Culture of awareness - training
•Proper policies
•Recruit the right people
Reliable employees?
• Client data
• Disgruntled employees
What moves can you make:
• Risk based approach to levels of security
• Ensure correct physical and technical security
Insider Attack
How do you manage your technology?
• External access to your network
• BYOD
• Encryption
What moves can you make:
• IT and internet use policy
• BYOD policy
Technology
What is the risk?
• Appropriate storage
• What is the retention period? - no longer than is necessary
• Sensitive personal data on waste ground
What moves can you make:
• Clear guidelines for different data
• Test your policy - audit compliance
Data Retention & Destruction
Potential consequences:
•Adverse publicity
•Criminal liability
•Regulatory action
•Missed opportunities and wasted resources
•Protracted litigation
Consequences of Breach?
Assemble the breach team and determine -
• The nature and cause of the breach
• The extent of the damage/harm
• How to stop or mitigate the breach
• Any breach of contract/disciplinary issues?
• Audit for improvement
Breach Management
Choosing The Right Partnerfor Data Protection Compliance Services
Alistair DickenCorporate Sales Director – PHS Data Solutions
Crumlin Road Gaol, BelfastThursday 30th July 2015
1. Are they a recognised brand? Have you, or someone in you know used them before?
2. Do they service similar size/type customers? References?
3. Are they Registered? Companies House, VAT Registered etc
4. Do they have a physical facility for you to visit?
Credibility
Records Management Services
1.ISO IEC 27001 – Information Security ManagementIncludes Data, Documents, Messages, Communications,
Conversations, Transmissions, Recordings, Drawings, and Photographs2.ISO 9001 – Quality Management3.ISO 14001 – Environmental Management
Compliance
Shredding Services
1.BS EN15713 – Code of Practice for Secure Destruction of Confidential Material
Staff Vetting, Premises Security, Vehicle Security, Handling and Processing
Agreement in Writing, Collection Certificates, Destruction Certificates
2.CPNI Approved ShreddingGovernment Approval for handling & shredding TOP SECRET Classified
documents – higher staff vetting, smaller shred size etc
Compliance
1. Strong Customer Service Ethos
2. Scope of Service Provision
3. Health & Safety Focus
4. Staff Vetting, Training & Development
5. Investors in Technology & Innovation
Culture