SlideShare une entreprise Scribd logo

Privacy icms (handouts)

B
brentcarey
TechnologieActualités & Politique
1  sur  13
Data Privacy and ICMS “Privacy Matters”
Learning Objectives Today you will hear about Victorian privacy requirements This session will better equip you to understand: •Privacy legislation & the definition of personal information; • data security procedures for responsibly handling production data; and • where to go for privacy and records management related help. “Privacy Matters”
What is information privacy?  Some control over who knows what about us.  About balancing: • the public interest in the free flow of information (to enable necessary government operations and services) with • the public interest in respecting privacy and protecting personal information of individuals. “Privacy Matters”
Privacy legislation Information Privacy Act State government agencies, (Vic) 2000 local councils, Ministers & Statutory agencies. Health Records Act (Vic) Health information in 2001 Victorian public and private sectors, hospitals, doctors & employers. “Privacy Matters”
Privacy – Key definitions Personal information Recorded information about a living identifiable or easily identifiable individual. Health information Information able to be linked to a living or deceased person about a person’s physical, mental or psychological health. Sensitive information Includes information about a person’s race or ethnicity and criminal record. Is a photo personal information? Are details of a person’s position and salary recorded on their personnel file? “Privacy Matters”
How does privacy relate to information security? Information Security is a component of privacy : • A secure approach facilitates access to, accuracy of and confidentiality of personal & health information so that the right people have the right information Information Security is one of the 10 Information Privacy Principles (IPPs) IPP4 –: • An organisation must take reasonable steps to: • (4.1) protect the personal information it holds from misuse and loss and from unauthorised access, modification or disclosure. • (4.2) destroy or permanently de-identify personal information if it is no longer needed for any purpose. “Privacy Matters”
Meaning of ‘reasonable steps’ The meaning of ‘reasonable steps’ is context dependent: •if the risk of a privacy breach is of sufficient concern; and •the means of providing better protection are known and feasible; but the organisation does not act on this awareness; then reasonable steps have not been taken. “Privacy Matters”
What might constitute reasonable steps in systems? • Typical reasonable steps for systems: – effective access control based on a manageable number of roles; – meaningful audit trails to the level of detail deemed necessary e.g. Single person look-up events, change of location events, remote access events & large access events – all users to be suitably trained to ensure that authorised parties are fully aware of their privacy responsibilities; – data encryption as appropriate; – well managed and monitored data connections (e.g. with other DoJ, contractors or VicPol); – informed, involved contract management of service providers (s17 IPA re outsourcing) – Reporting incidents of privacy breaches. “Privacy Matters”
Reasonable steps for ICMS systems You must You must not • Follow ICMS procedure • Leave production data • Anonymise or de-identify data early & wherever in an unsecured possible environment • Secure production data by • Email production data lock and key • Dispose of hard and soft • Keep copies of copy information securely production data longer • Expect to be able to justify your use of data than necessary “Privacy Matters”
De-identification messages • De-identifying data is considered a leading practice, and is also legislated in regulations such as the Information Privacy Act. • There are several options for de-identifying data, both operational and automated. These include – Data deletion – Data Mixing – Data replacement – Data Substitution – Encryption – Interjecting Unrelated Text – Modifying Numerical Data – Using an Isolated Testing Environment • Whatever de-identification method you use, you need to make sure the de-identification results are appropriate for the context of the application being tested, and must make sense to the person reviewing the test results. “Privacy Matters”
Remaining key privacy considerations • Collection (IPPs 8, 1, and 10) Collect only what you need. Do it lawfully, fairly, directly and not unreasonably intrusively. Tell people you are doing it and why. Be extra careful with sensitive information. • Use and Disclosure (IPPs 2 and 9) Use and disclose personal information for the reason you collected it. Other public interest reasons e.g. law enforcement, personal safety permit use and disclosure. Properly obtained consent allows any use or disclosure. If a person’s personal information travels interstate or overseas it must be protected by Victoria’s standards. “Privacy Matters”
Remaining Key privacy considerations Access & Correction (IPP6 & FOI Act)  People have a right to access & correct personal information.  Assume people will see what you write.  If involved in discovering documents respond promptly. Management (IPPs 3, 4, 5 & 7)  Keep personal information accurate & secure.  Follow Departmental policies. “Privacy Matters”
Where to go for help?  Privacy, Freedom of Information & Records Management materials are on J-NET>Our Business>Knowledge Management  Each of the Dept’s business units has a Privacy Coordinator • Court Services - Susan Brent 9603 9456 • ICMS – Jim Paterson 9093 8430 Brent Carey, Senior Privacy Adviser can be contacted on 8684 0071 or by e-mail privacy@justice.vic.gov.au  EDRMS (records) helpdesk 8684 0555; the FOI unit 8684 0063  Privacy Victoria 8619 8719 www.privacy.vic.gov.au “Privacy Matters”

Recommandé

Information privacy and Security
Information privacy and SecurityInformation privacy and Security
Information privacy and SecurityAnuMarySunny
 
Confidentiality
ConfidentialityConfidentiality
ConfidentialityJasleen Khalsa
 
Information Privacy
Information PrivacyInformation Privacy
Information Privacyprimeteacher32
 
Eight principles of consumer data privacy
Eight principles of consumer data privacyEight principles of consumer data privacy
Eight principles of consumer data privacySolix Technologies, Inc
 
Security and Safe Keeping of Official Information by DPO
Security and Safe Keeping of Official Information by DPOSecurity and Safe Keeping of Official Information by DPO
Security and Safe Keeping of Official Information by DPOAtlantic Training, LLC.
 
Data Security
Data SecurityData Security
Data Securityankita_kashyap
 
Handling information Standard by Skills for Care
Handling information Standard by Skills for CareHandling information Standard by Skills for Care
Handling information Standard by Skills for CareAtlantic Training, LLC.
 
Data Protection In Ghana
Data Protection In GhanaData Protection In Ghana
Data Protection In GhanaEmmanuel K Asare
 

Recommandé

Information privacy and Security
Information privacy and SecurityInformation privacy and Security
Information privacy and SecurityAnuMarySunny
 
Confidentiality
ConfidentialityConfidentiality
ConfidentialityJasleen Khalsa
 
Information Privacy
Information PrivacyInformation Privacy
Information Privacyprimeteacher32
 
Eight principles of consumer data privacy
Eight principles of consumer data privacyEight principles of consumer data privacy
Eight principles of consumer data privacySolix Technologies, Inc
 
Security and Safe Keeping of Official Information by DPO
Security and Safe Keeping of Official Information by DPOSecurity and Safe Keeping of Official Information by DPO
Security and Safe Keeping of Official Information by DPOAtlantic Training, LLC.
 
Data Security
Data SecurityData Security
Data Securityankita_kashyap
 
Handling information Standard by Skills for Care
Handling information Standard by Skills for CareHandling information Standard by Skills for Care
Handling information Standard by Skills for CareAtlantic Training, LLC.
 
Data Protection In Ghana
Data Protection In GhanaData Protection In Ghana
Data Protection In GhanaEmmanuel K Asare
 
Personal privacy and computer technologies
Personal privacy and computer technologiesPersonal privacy and computer technologies
Personal privacy and computer technologiessidra batool
 
Ley protección de datos personales
Ley protección de datos personalesLey protección de datos personales
Ley protección de datos personalesJuan Carlos Carrillo
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protectionsp_krishna
 
Solutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionSolutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionTrend Micro
 
Data Protection (Download for slideshow)
Data Protection (Download for slideshow)Data Protection (Download for slideshow)
Data Protection (Download for slideshow)Andrew Sharpe
 
Enlightened Privacy – by Design for a Smarter Grid
Enlightened Privacy – by Design for a Smarter GridEnlightened Privacy – by Design for a Smarter Grid
Enlightened Privacy – by Design for a Smarter Gridbradley_g
 
What is Information Security and why you should care ...
What is Information Security and why you should care ...What is Information Security and why you should care ...
What is Information Security and why you should care ...James Mulhern
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
Privacy by design for peerlyst meetup
Privacy by design for peerlyst meetupPrivacy by design for peerlyst meetup
Privacy by design for peerlyst meetupIshay Tentser
 
Rightscale webinar-hipaa-public-cloud
Rightscale webinar-hipaa-public-cloudRightscale webinar-hipaa-public-cloud
Rightscale webinar-hipaa-public-cloudRightScale
 
Privacy by design for startups: legal and technology
Privacy by design for startups: legal and technologyPrivacy by design for startups: legal and technology
Privacy by design for startups: legal and technologyIshay Tentser
 
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...Harrison Clark Rickerbys
 
Waldrons march 2013 v1.0
Waldrons march 2013 v1.0Waldrons march 2013 v1.0
Waldrons march 2013 v1.0Advent IM Ltd
 
Avoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by DesignAvoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by Designbradley_g
 
Privacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the artPrivacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the artJames Mulhern
 
Gdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulationGdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulationJames Mulhern
 
Looking back and forward: Improving Health Data Security in Utah
Looking back and forward: Improving Health Data Security in UtahLooking back and forward: Improving Health Data Security in Utah
Looking back and forward: Improving Health Data Security in UtahState of Utah, Salt Lake City
 
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...Harrison Clark Rickerbys
 
PG & Associates
PG & AssociatesPG & Associates
PG & AssociatesPremanandha Gangiah
 
Intro to information governance booklet
Intro to information governance bookletIntro to information governance booklet
Intro to information governance bookletGerardo Medina
 
Training for managers and supervisors presentation
Training for managers and supervisors presentationTraining for managers and supervisors presentation
Training for managers and supervisors presentationbrentcarey
 
Privacy presentation for regional directors july 2009
Privacy presentation for regional directors july 2009Privacy presentation for regional directors july 2009
Privacy presentation for regional directors july 2009brentcarey
 

Contenu connexe

Tendances

Personal privacy and computer technologies
Personal privacy and computer technologiesPersonal privacy and computer technologies
Personal privacy and computer technologiessidra batool
 
Ley protección de datos personales
Ley protección de datos personalesLey protección de datos personales
Ley protección de datos personalesJuan Carlos Carrillo
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protectionsp_krishna
 
Solutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionSolutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionTrend Micro
 
Data Protection (Download for slideshow)
Data Protection (Download for slideshow)Data Protection (Download for slideshow)
Data Protection (Download for slideshow)Andrew Sharpe
 
Enlightened Privacy – by Design for a Smarter Grid
Enlightened Privacy – by Design for a Smarter GridEnlightened Privacy – by Design for a Smarter Grid
Enlightened Privacy – by Design for a Smarter Gridbradley_g
 
What is Information Security and why you should care ...
What is Information Security and why you should care ...What is Information Security and why you should care ...
What is Information Security and why you should care ...James Mulhern
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
Privacy by design for peerlyst meetup
Privacy by design for peerlyst meetupPrivacy by design for peerlyst meetup
Privacy by design for peerlyst meetupIshay Tentser
 
Rightscale webinar-hipaa-public-cloud
Rightscale webinar-hipaa-public-cloudRightscale webinar-hipaa-public-cloud
Rightscale webinar-hipaa-public-cloudRightScale
 
Privacy by design for startups: legal and technology
Privacy by design for startups: legal and technologyPrivacy by design for startups: legal and technology
Privacy by design for startups: legal and technologyIshay Tentser
 
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...Harrison Clark Rickerbys
 
Waldrons march 2013 v1.0
Waldrons march 2013 v1.0Waldrons march 2013 v1.0
Waldrons march 2013 v1.0Advent IM Ltd
 
Avoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by DesignAvoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by Designbradley_g
 
Privacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the artPrivacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the artJames Mulhern
 
Gdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulationGdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulationJames Mulhern
 
Looking back and forward: Improving Health Data Security in Utah
Looking back and forward: Improving Health Data Security in UtahLooking back and forward: Improving Health Data Security in Utah
Looking back and forward: Improving Health Data Security in UtahState of Utah, Salt Lake City
 
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...Harrison Clark Rickerbys
 
Intro to information governance booklet
Intro to information governance bookletIntro to information governance booklet
Intro to information governance bookletGerardo Medina
 

Tendances (20)

Personal privacy and computer technologies
Personal privacy and computer technologiesPersonal privacy and computer technologies
Personal privacy and computer technologies
 
Ley protección de datos personales
Ley protección de datos personalesLey protección de datos personales
Ley protección de datos personales
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protection
 
Solutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionSolutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryption
 
Data Protection (Download for slideshow)
Data Protection (Download for slideshow)Data Protection (Download for slideshow)
Data Protection (Download for slideshow)
 
Enlightened Privacy – by Design for a Smarter Grid
Enlightened Privacy – by Design for a Smarter GridEnlightened Privacy – by Design for a Smarter Grid
Enlightened Privacy – by Design for a Smarter Grid
 
What is Information Security and why you should care ...
What is Information Security and why you should care ...What is Information Security and why you should care ...
What is Information Security and why you should care ...
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data Security
 
Privacy by design for peerlyst meetup
Privacy by design for peerlyst meetupPrivacy by design for peerlyst meetup
Privacy by design for peerlyst meetup
 
Rightscale webinar-hipaa-public-cloud
Rightscale webinar-hipaa-public-cloudRightscale webinar-hipaa-public-cloud
Rightscale webinar-hipaa-public-cloud
 
Privacy by design for startups: legal and technology
Privacy by design for startups: legal and technologyPrivacy by design for startups: legal and technology
Privacy by design for startups: legal and technology
 
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
 
Waldrons march 2013 v1.0
Waldrons march 2013 v1.0Waldrons march 2013 v1.0
Waldrons march 2013 v1.0
 
Avoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by DesignAvoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by Design
 
Privacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the artPrivacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the art
 
Gdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulationGdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulation
 
Looking back and forward: Improving Health Data Security in Utah
Looking back and forward: Improving Health Data Security in UtahLooking back and forward: Improving Health Data Security in Utah
Looking back and forward: Improving Health Data Security in Utah
 
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
 
PG & Associates
PG & AssociatesPG & Associates
PG & Associates
 
Intro to information governance booklet
Intro to information governance bookletIntro to information governance booklet
Intro to information governance booklet
 

En vedette

Training for managers and supervisors presentation
Training for managers and supervisors presentationTraining for managers and supervisors presentation
Training for managers and supervisors presentationbrentcarey
 
Privacy presentation for regional directors july 2009
Privacy presentation for regional directors july 2009Privacy presentation for regional directors july 2009
Privacy presentation for regional directors july 2009brentcarey
 
Ark presentation
Ark presentationArk presentation
Ark presentationbrentcarey
 
Privacy morwell june 09
Privacy morwell june 09 Privacy morwell june 09
Privacy morwell june 09 brentcarey
 
Privacy learning forum broadmeadows
Privacy learning forum broadmeadowsPrivacy learning forum broadmeadows
Privacy learning forum broadmeadowsbrentcarey
 

En vedette (7)

Training for managers and supervisors presentation
Training for managers and supervisors presentationTraining for managers and supervisors presentation
Training for managers and supervisors presentation
 
Privacy presentation for regional directors july 2009
Privacy presentation for regional directors july 2009Privacy presentation for regional directors july 2009
Privacy presentation for regional directors july 2009
 
Ark presentation
Ark presentationArk presentation
Ark presentation
 
Privacy morwell june 09
Privacy morwell june 09 Privacy morwell june 09
Privacy morwell june 09
 
Privacy learning forum broadmeadows
Privacy learning forum broadmeadowsPrivacy learning forum broadmeadows
Privacy learning forum broadmeadows
 
Bebs update
Bebs updateBebs update
Bebs update
 
Frankston
FrankstonFrankston
Frankston
 

Similaire à Privacy icms (handouts)

Privacy introduction
Privacy introduction Privacy introduction
Privacy introduction brentcarey
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information PrivacyPerry Slack
 
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...PECB
 
2011 hildebrandt institute cio forum data privacy and security presentation...
2011 hildebrandt institute cio forum data privacy and security presentation...2011 hildebrandt institute cio forum data privacy and security presentation...
2011 hildebrandt institute cio forum data privacy and security presentation...David Cunningham
 
Privacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidancePrivacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidanceAmy Purcell
 
Data Protection & Risk Management
Data Protection & Risk Management Data Protection & Risk Management
Data Protection & Risk Management Endcode_org
 
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018Next Dimension Inc.
 
Siskinds | Incident Response Plan
Siskinds | Incident Response PlanSiskinds | Incident Response Plan
Siskinds | Incident Response PlanNext Dimension Inc.
 
Ethical Dimension and understanding Ethical Foundation of IT
Ethical Dimension and understanding Ethical Foundation of ITEthical Dimension and understanding Ethical Foundation of IT
Ethical Dimension and understanding Ethical Foundation of ITDr. Rosemarie Sibbaluca-Guirre
 
Information Security
Information Security Information Security
Information Security Alok Katiyar
 
Securing your Data, Reporting Recommended Practices
Securing your Data, Reporting Recommended PracticesSecuring your Data, Reporting Recommended Practices
Securing your Data, Reporting Recommended PracticesJohn Martin
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11pdewitte
 
Data set Legislation
Data set Legislation Data set Legislation
Data set Legislation Data-Set
 
Data set Legislation
Data set LegislationData set Legislation
Data set LegislationData-Set
 
Data set Legislation
Data set LegislationData set Legislation
Data set LegislationData-Set
 
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127Frank Dawson
 
Privacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be TellingPrivacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be TellingRebecca Leitch
 

Similaire à Privacy icms (handouts) (20)

Privacy introduction
Privacy introduction Privacy introduction
Privacy introduction
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information Privacy
 
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
 
2011 hildebrandt institute cio forum data privacy and security presentation...
2011 hildebrandt institute cio forum data privacy and security presentation...2011 hildebrandt institute cio forum data privacy and security presentation...
2011 hildebrandt institute cio forum data privacy and security presentation...
 
Ecommerce Chap 10
Ecommerce Chap 10Ecommerce Chap 10
Ecommerce Chap 10
 
Privacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidancePrivacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and Avoidance
 
cybersecurity
cybersecurity cybersecurity
cybersecurity
 
Data Protection & Risk Management
Data Protection & Risk Management Data Protection & Risk Management
Data Protection & Risk Management
 
internet security and cyber lawUnit1
internet security and cyber lawUnit1internet security and cyber lawUnit1
internet security and cyber lawUnit1
 
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018
 
Siskinds | Incident Response Plan
Siskinds | Incident Response PlanSiskinds | Incident Response Plan
Siskinds | Incident Response Plan
 
Ethical Dimension and understanding Ethical Foundation of IT
Ethical Dimension and understanding Ethical Foundation of ITEthical Dimension and understanding Ethical Foundation of IT
Ethical Dimension and understanding Ethical Foundation of IT
 
Information Security
Information Security Information Security
Information Security
 
Securing your Data, Reporting Recommended Practices
Securing your Data, Reporting Recommended PracticesSecuring your Data, Reporting Recommended Practices
Securing your Data, Reporting Recommended Practices
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11
 
Data set Legislation
Data set Legislation Data set Legislation
Data set Legislation
 
Data set Legislation
Data set LegislationData set Legislation
Data set Legislation
 
Data set Legislation
Data set LegislationData set Legislation
Data set Legislation
 
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
 
Privacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be TellingPrivacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be Telling
 

Dernier

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 

Dernier (20)

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 

Privacy icms (handouts)

  • 1. Data Privacy and ICMS “Privacy Matters”
  • 2. Learning Objectives Today you will hear about Victorian privacy requirements This session will better equip you to understand: •Privacy legislation & the definition of personal information; • data security procedures for responsibly handling production data; and • where to go for privacy and records management related help. “Privacy Matters”
  • 3. What is information privacy?  Some control over who knows what about us.  About balancing: • the public interest in the free flow of information (to enable necessary government operations and services) with • the public interest in respecting privacy and protecting personal information of individuals. “Privacy Matters”
  • 4. Privacy legislation Information Privacy Act State government agencies, (Vic) 2000 local councils, Ministers & Statutory agencies. Health Records Act (Vic) Health information in 2001 Victorian public and private sectors, hospitals, doctors & employers. “Privacy Matters”
  • 5. Privacy – Key definitions Personal information Recorded information about a living identifiable or easily identifiable individual. Health information Information able to be linked to a living or deceased person about a person’s physical, mental or psychological health. Sensitive information Includes information about a person’s race or ethnicity and criminal record. Is a photo personal information? Are details of a person’s position and salary recorded on their personnel file? “Privacy Matters”
  • 6. How does privacy relate to information security? Information Security is a component of privacy : • A secure approach facilitates access to, accuracy of and confidentiality of personal & health information so that the right people have the right information Information Security is one of the 10 Information Privacy Principles (IPPs) IPP4 –: • An organisation must take reasonable steps to: • (4.1) protect the personal information it holds from misuse and loss and from unauthorised access, modification or disclosure. • (4.2) destroy or permanently de-identify personal information if it is no longer needed for any purpose. “Privacy Matters”
  • 7. Meaning of ‘reasonable steps’ The meaning of ‘reasonable steps’ is context dependent: •if the risk of a privacy breach is of sufficient concern; and •the means of providing better protection are known and feasible; but the organisation does not act on this awareness; then reasonable steps have not been taken. “Privacy Matters”
  • 8. What might constitute reasonable steps in systems? • Typical reasonable steps for systems: – effective access control based on a manageable number of roles; – meaningful audit trails to the level of detail deemed necessary e.g. Single person look-up events, change of location events, remote access events & large access events – all users to be suitably trained to ensure that authorised parties are fully aware of their privacy responsibilities; – data encryption as appropriate; – well managed and monitored data connections (e.g. with other DoJ, contractors or VicPol); – informed, involved contract management of service providers (s17 IPA re outsourcing) – Reporting incidents of privacy breaches. “Privacy Matters”
  • 9. Reasonable steps for ICMS systems You must You must not • Follow ICMS procedure • Leave production data • Anonymise or de-identify data early & wherever in an unsecured possible environment • Secure production data by • Email production data lock and key • Dispose of hard and soft • Keep copies of copy information securely production data longer • Expect to be able to justify your use of data than necessary “Privacy Matters”
  • 10. De-identification messages • De-identifying data is considered a leading practice, and is also legislated in regulations such as the Information Privacy Act. • There are several options for de-identifying data, both operational and automated. These include – Data deletion – Data Mixing – Data replacement – Data Substitution – Encryption – Interjecting Unrelated Text – Modifying Numerical Data – Using an Isolated Testing Environment • Whatever de-identification method you use, you need to make sure the de-identification results are appropriate for the context of the application being tested, and must make sense to the person reviewing the test results. “Privacy Matters”
  • 11. Remaining key privacy considerations • Collection (IPPs 8, 1, and 10) Collect only what you need. Do it lawfully, fairly, directly and not unreasonably intrusively. Tell people you are doing it and why. Be extra careful with sensitive information. • Use and Disclosure (IPPs 2 and 9) Use and disclose personal information for the reason you collected it. Other public interest reasons e.g. law enforcement, personal safety permit use and disclosure. Properly obtained consent allows any use or disclosure. If a person’s personal information travels interstate or overseas it must be protected by Victoria’s standards. “Privacy Matters”
  • 12. Remaining Key privacy considerations Access & Correction (IPP6 & FOI Act)  People have a right to access & correct personal information.  Assume people will see what you write.  If involved in discovering documents respond promptly. Management (IPPs 3, 4, 5 & 7)  Keep personal information accurate & secure.  Follow Departmental policies. “Privacy Matters”
  • 13. Where to go for help?  Privacy, Freedom of Information & Records Management materials are on J-NET>Our Business>Knowledge Management  Each of the Dept’s business units has a Privacy Coordinator • Court Services - Susan Brent 9603 9456 • ICMS – Jim Paterson 9093 8430 Brent Carey, Senior Privacy Adviser can be contacted on 8684 0071 or by e-mail privacy@justice.vic.gov.au  EDRMS (records) helpdesk 8684 0555; the FOI unit 8684 0063  Privacy Victoria 8619 8719 www.privacy.vic.gov.au “Privacy Matters”