SlideShare une entreprise Scribd logo

Privacy icms (handouts)

B
brentcarey
TechnologieActualités & Politique
1  sur  13
Data Privacy and ICMS “Privacy Matters”
Learning Objectives Today you will hear about Victorian privacy requirements This session will better equip you to understand: •Privacy legislation & the definition of personal information; • data security procedures for responsibly handling production data; and • where to go for privacy and records management related help. “Privacy Matters”
What is information privacy?  Some control over who knows what about us.  About balancing: • the public interest in the free flow of information (to enable necessary government operations and services) with • the public interest in respecting privacy and protecting personal information of individuals. “Privacy Matters”
Privacy legislation Information Privacy Act State government agencies, (Vic) 2000 local councils, Ministers & Statutory agencies. Health Records Act (Vic) Health information in 2001 Victorian public and private sectors, hospitals, doctors & employers. “Privacy Matters”
Privacy – Key definitions Personal information Recorded information about a living identifiable or easily identifiable individual. Health information Information able to be linked to a living or deceased person about a person’s physical, mental or psychological health. Sensitive information Includes information about a person’s race or ethnicity and criminal record. Is a photo personal information? Are details of a person’s position and salary recorded on their personnel file? “Privacy Matters”
How does privacy relate to information security? Information Security is a component of privacy : • A secure approach facilitates access to, accuracy of and confidentiality of personal & health information so that the right people have the right information Information Security is one of the 10 Information Privacy Principles (IPPs) IPP4 –: • An organisation must take reasonable steps to: • (4.1) protect the personal information it holds from misuse and loss and from unauthorised access, modification or disclosure. • (4.2) destroy or permanently de-identify personal information if it is no longer needed for any purpose. “Privacy Matters”
Meaning of ‘reasonable steps’ The meaning of ‘reasonable steps’ is context dependent: •if the risk of a privacy breach is of sufficient concern; and •the means of providing better protection are known and feasible; but the organisation does not act on this awareness; then reasonable steps have not been taken. “Privacy Matters”
What might constitute reasonable steps in systems? • Typical reasonable steps for systems: – effective access control based on a manageable number of roles; – meaningful audit trails to the level of detail deemed necessary e.g. Single person look-up events, change of location events, remote access events & large access events – all users to be suitably trained to ensure that authorised parties are fully aware of their privacy responsibilities; – data encryption as appropriate; – well managed and monitored data connections (e.g. with other DoJ, contractors or VicPol); – informed, involved contract management of service providers (s17 IPA re outsourcing) – Reporting incidents of privacy breaches. “Privacy Matters”
Reasonable steps for ICMS systems You must You must not • Follow ICMS procedure • Leave production data • Anonymise or de-identify data early & wherever in an unsecured possible environment • Secure production data by • Email production data lock and key • Dispose of hard and soft • Keep copies of copy information securely production data longer • Expect to be able to justify your use of data than necessary “Privacy Matters”
De-identification messages • De-identifying data is considered a leading practice, and is also legislated in regulations such as the Information Privacy Act. • There are several options for de-identifying data, both operational and automated. These include – Data deletion – Data Mixing – Data replacement – Data Substitution – Encryption – Interjecting Unrelated Text – Modifying Numerical Data – Using an Isolated Testing Environment • Whatever de-identification method you use, you need to make sure the de-identification results are appropriate for the context of the application being tested, and must make sense to the person reviewing the test results. “Privacy Matters”
Remaining key privacy considerations • Collection (IPPs 8, 1, and 10) Collect only what you need. Do it lawfully, fairly, directly and not unreasonably intrusively. Tell people you are doing it and why. Be extra careful with sensitive information. • Use and Disclosure (IPPs 2 and 9) Use and disclose personal information for the reason you collected it. Other public interest reasons e.g. law enforcement, personal safety permit use and disclosure. Properly obtained consent allows any use or disclosure. If a person’s personal information travels interstate or overseas it must be protected by Victoria’s standards. “Privacy Matters”
Remaining Key privacy considerations Access & Correction (IPP6 & FOI Act)  People have a right to access & correct personal information.  Assume people will see what you write.  If involved in discovering documents respond promptly. Management (IPPs 3, 4, 5 & 7)  Keep personal information accurate & secure.  Follow Departmental policies. “Privacy Matters”
Where to go for help?  Privacy, Freedom of Information & Records Management materials are on J-NET>Our Business>Knowledge Management  Each of the Dept’s business units has a Privacy Coordinator • Court Services - Susan Brent 9603 9456 • ICMS – Jim Paterson 9093 8430 Brent Carey, Senior Privacy Adviser can be contacted on 8684 0071 or by e-mail privacy@justice.vic.gov.au  EDRMS (records) helpdesk 8684 0555; the FOI unit 8684 0063  Privacy Victoria 8619 8719 www.privacy.vic.gov.au “Privacy Matters”

Recommandé

Information privacy and Security
Information privacy and SecurityInformation privacy and Security
Information privacy and SecurityAnuMarySunny
 
Confidentiality
ConfidentialityConfidentiality
ConfidentialityJasleen Khalsa
 
Information Privacy
Information PrivacyInformation Privacy
Information Privacyprimeteacher32
 
Eight principles of consumer data privacy
Eight principles of consumer data privacyEight principles of consumer data privacy
Eight principles of consumer data privacySolix Technologies, Inc
 
Security and Safe Keeping of Official Information by DPO
Security and Safe Keeping of Official Information by DPOSecurity and Safe Keeping of Official Information by DPO
Security and Safe Keeping of Official Information by DPOAtlantic Training, LLC.
 
Data Security
Data SecurityData Security
Data Securityankita_kashyap
 
Handling information Standard by Skills for Care
Handling information Standard by Skills for CareHandling information Standard by Skills for Care
Handling information Standard by Skills for CareAtlantic Training, LLC.
 
Data Protection In Ghana
Data Protection In GhanaData Protection In Ghana
Data Protection In GhanaEmmanuel K Asare
 

Recommandé

Information privacy and Security
Information privacy and SecurityInformation privacy and Security
Information privacy and SecurityAnuMarySunny
 
Confidentiality
ConfidentialityConfidentiality
ConfidentialityJasleen Khalsa
 
Information Privacy
Information PrivacyInformation Privacy
Information Privacyprimeteacher32
 
Eight principles of consumer data privacy
Eight principles of consumer data privacyEight principles of consumer data privacy
Eight principles of consumer data privacySolix Technologies, Inc
 
Security and Safe Keeping of Official Information by DPO
Security and Safe Keeping of Official Information by DPOSecurity and Safe Keeping of Official Information by DPO
Security and Safe Keeping of Official Information by DPOAtlantic Training, LLC.
 
Data Security
Data SecurityData Security
Data Securityankita_kashyap
 
Handling information Standard by Skills for Care
Handling information Standard by Skills for CareHandling information Standard by Skills for Care
Handling information Standard by Skills for CareAtlantic Training, LLC.
 
Data Protection In Ghana
Data Protection In GhanaData Protection In Ghana
Data Protection In GhanaEmmanuel K Asare
 
Personal privacy and computer technologies
Personal privacy and computer technologiesPersonal privacy and computer technologies
Personal privacy and computer technologiessidra batool
 
Ley protección de datos personales
Ley protección de datos personalesLey protección de datos personales
Ley protección de datos personalesJuan Carlos Carrillo
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protectionsp_krishna
 
Solutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionSolutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionTrend Micro
 
Data Protection (Download for slideshow)
Data Protection (Download for slideshow)Data Protection (Download for slideshow)
Data Protection (Download for slideshow)Andrew Sharpe
 
Enlightened Privacy – by Design for a Smarter Grid
Enlightened Privacy – by Design for a Smarter GridEnlightened Privacy – by Design for a Smarter Grid
Enlightened Privacy – by Design for a Smarter Gridbradley_g
 
What is Information Security and why you should care ...
What is Information Security and why you should care ...What is Information Security and why you should care ...
What is Information Security and why you should care ...James Mulhern
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
Privacy by design for peerlyst meetup
Privacy by design for peerlyst meetupPrivacy by design for peerlyst meetup
Privacy by design for peerlyst meetupIshay Tentser
 
Rightscale webinar-hipaa-public-cloud
Rightscale webinar-hipaa-public-cloudRightscale webinar-hipaa-public-cloud
Rightscale webinar-hipaa-public-cloudRightScale
 
Privacy by design for startups: legal and technology
Privacy by design for startups: legal and technologyPrivacy by design for startups: legal and technology
Privacy by design for startups: legal and technologyIshay Tentser
 
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...Harrison Clark Rickerbys
 
Waldrons march 2013 v1.0
Waldrons march 2013 v1.0Waldrons march 2013 v1.0
Waldrons march 2013 v1.0Advent IM Ltd
 
Avoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by DesignAvoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by Designbradley_g
 
Privacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the artPrivacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the artJames Mulhern
 
Gdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulationGdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulationJames Mulhern
 
Looking back and forward: Improving Health Data Security in Utah
Looking back and forward: Improving Health Data Security in UtahLooking back and forward: Improving Health Data Security in Utah
Looking back and forward: Improving Health Data Security in UtahState of Utah, Salt Lake City
 
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...Harrison Clark Rickerbys
 
PG & Associates
PG & AssociatesPG & Associates
PG & AssociatesPremanandha Gangiah
 
Intro to information governance booklet
Intro to information governance bookletIntro to information governance booklet
Intro to information governance bookletGerardo Medina
 
Training for managers and supervisors presentation
Training for managers and supervisors presentationTraining for managers and supervisors presentation
Training for managers and supervisors presentationbrentcarey
 
Privacy presentation for regional directors july 2009
Privacy presentation for regional directors july 2009Privacy presentation for regional directors july 2009
Privacy presentation for regional directors july 2009brentcarey
 

Contenu connexe

Tendances

Personal privacy and computer technologies
Personal privacy and computer technologiesPersonal privacy and computer technologies
Personal privacy and computer technologiessidra batool
 
Ley protección de datos personales
Ley protección de datos personalesLey protección de datos personales
Ley protección de datos personalesJuan Carlos Carrillo
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protectionsp_krishna
 
Solutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionSolutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionTrend Micro
 
Data Protection (Download for slideshow)
Data Protection (Download for slideshow)Data Protection (Download for slideshow)
Data Protection (Download for slideshow)Andrew Sharpe
 
Enlightened Privacy – by Design for a Smarter Grid
Enlightened Privacy – by Design for a Smarter GridEnlightened Privacy – by Design for a Smarter Grid
Enlightened Privacy – by Design for a Smarter Gridbradley_g
 
What is Information Security and why you should care ...
What is Information Security and why you should care ...What is Information Security and why you should care ...
What is Information Security and why you should care ...James Mulhern
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
Privacy by design for peerlyst meetup
Privacy by design for peerlyst meetupPrivacy by design for peerlyst meetup
Privacy by design for peerlyst meetupIshay Tentser
 
Rightscale webinar-hipaa-public-cloud
Rightscale webinar-hipaa-public-cloudRightscale webinar-hipaa-public-cloud
Rightscale webinar-hipaa-public-cloudRightScale
 
Privacy by design for startups: legal and technology
Privacy by design for startups: legal and technologyPrivacy by design for startups: legal and technology
Privacy by design for startups: legal and technologyIshay Tentser
 
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...Harrison Clark Rickerbys
 
Waldrons march 2013 v1.0
Waldrons march 2013 v1.0Waldrons march 2013 v1.0
Waldrons march 2013 v1.0Advent IM Ltd
 
Avoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by DesignAvoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by Designbradley_g
 
Privacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the artPrivacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the artJames Mulhern
 
Gdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulationGdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulationJames Mulhern
 
Looking back and forward: Improving Health Data Security in Utah
Looking back and forward: Improving Health Data Security in UtahLooking back and forward: Improving Health Data Security in Utah
Looking back and forward: Improving Health Data Security in UtahState of Utah, Salt Lake City
 
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...Harrison Clark Rickerbys
 
Intro to information governance booklet
Intro to information governance bookletIntro to information governance booklet
Intro to information governance bookletGerardo Medina
 

Tendances (20)

Personal privacy and computer technologies
Personal privacy and computer technologiesPersonal privacy and computer technologies
Personal privacy and computer technologies
 
Ley protección de datos personales
Ley protección de datos personalesLey protección de datos personales
Ley protección de datos personales
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protection
 
Solutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionSolutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryption
 
Data Protection (Download for slideshow)
Data Protection (Download for slideshow)Data Protection (Download for slideshow)
Data Protection (Download for slideshow)
 
Enlightened Privacy – by Design for a Smarter Grid
Enlightened Privacy – by Design for a Smarter GridEnlightened Privacy – by Design for a Smarter Grid
Enlightened Privacy – by Design for a Smarter Grid
 
What is Information Security and why you should care ...
What is Information Security and why you should care ...What is Information Security and why you should care ...
What is Information Security and why you should care ...
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data Security
 
Privacy by design for peerlyst meetup
Privacy by design for peerlyst meetupPrivacy by design for peerlyst meetup
Privacy by design for peerlyst meetup
 
Rightscale webinar-hipaa-public-cloud
Rightscale webinar-hipaa-public-cloudRightscale webinar-hipaa-public-cloud
Rightscale webinar-hipaa-public-cloud
 
Privacy by design for startups: legal and technology
Privacy by design for startups: legal and technologyPrivacy by design for startups: legal and technology
Privacy by design for startups: legal and technology
 
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
 
Waldrons march 2013 v1.0
Waldrons march 2013 v1.0Waldrons march 2013 v1.0
Waldrons march 2013 v1.0
 
Avoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by DesignAvoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by Design
 
Privacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the artPrivacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the art
 
Gdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulationGdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulation
 
Looking back and forward: Improving Health Data Security in Utah
Looking back and forward: Improving Health Data Security in UtahLooking back and forward: Improving Health Data Security in Utah
Looking back and forward: Improving Health Data Security in Utah
 
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
 
PG & Associates
PG & AssociatesPG & Associates
PG & Associates
 
Intro to information governance booklet
Intro to information governance bookletIntro to information governance booklet
Intro to information governance booklet
 

En vedette

Training for managers and supervisors presentation
Training for managers and supervisors presentationTraining for managers and supervisors presentation
Training for managers and supervisors presentationbrentcarey
 
Privacy presentation for regional directors july 2009
Privacy presentation for regional directors july 2009Privacy presentation for regional directors july 2009
Privacy presentation for regional directors july 2009brentcarey
 
Ark presentation
Ark presentationArk presentation
Ark presentationbrentcarey
 
Privacy morwell june 09
Privacy morwell june 09 Privacy morwell june 09
Privacy morwell june 09 brentcarey
 
Privacy learning forum broadmeadows
Privacy learning forum broadmeadowsPrivacy learning forum broadmeadows
Privacy learning forum broadmeadowsbrentcarey
 

En vedette (7)

Training for managers and supervisors presentation
Training for managers and supervisors presentationTraining for managers and supervisors presentation
Training for managers and supervisors presentation
 
Privacy presentation for regional directors july 2009
Privacy presentation for regional directors july 2009Privacy presentation for regional directors july 2009
Privacy presentation for regional directors july 2009
 
Ark presentation
Ark presentationArk presentation
Ark presentation
 
Privacy morwell june 09
Privacy morwell june 09 Privacy morwell june 09
Privacy morwell june 09
 
Privacy learning forum broadmeadows
Privacy learning forum broadmeadowsPrivacy learning forum broadmeadows
Privacy learning forum broadmeadows
 
Bebs update
Bebs updateBebs update
Bebs update
 
Frankston
FrankstonFrankston
Frankston
 

Similaire à Privacy icms (handouts)

Privacy introduction
Privacy introduction Privacy introduction
Privacy introduction brentcarey
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information PrivacyPerry Slack
 
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...PECB
 
2011 hildebrandt institute cio forum data privacy and security presentation...
2011 hildebrandt institute cio forum data privacy and security presentation...2011 hildebrandt institute cio forum data privacy and security presentation...
2011 hildebrandt institute cio forum data privacy and security presentation...David Cunningham
 
Privacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidancePrivacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidanceAmy Purcell
 
Data Protection & Risk Management
Data Protection & Risk Management Data Protection & Risk Management
Data Protection & Risk Management Endcode_org
 
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018Next Dimension Inc.
 
Siskinds | Incident Response Plan
Siskinds | Incident Response PlanSiskinds | Incident Response Plan
Siskinds | Incident Response PlanNext Dimension Inc.
 
Ethical Dimension and understanding Ethical Foundation of IT
Ethical Dimension and understanding Ethical Foundation of ITEthical Dimension and understanding Ethical Foundation of IT
Ethical Dimension and understanding Ethical Foundation of ITDr. Rosemarie Sibbaluca-Guirre
 
Information Security
Information Security Information Security
Information Security Alok Katiyar
 
Securing your Data, Reporting Recommended Practices
Securing your Data, Reporting Recommended PracticesSecuring your Data, Reporting Recommended Practices
Securing your Data, Reporting Recommended PracticesJohn Martin
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11pdewitte
 
Data set Legislation
Data set Legislation Data set Legislation
Data set Legislation Data-Set
 
Data set Legislation
Data set LegislationData set Legislation
Data set LegislationData-Set
 
Data set Legislation
Data set LegislationData set Legislation
Data set LegislationData-Set
 
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127Frank Dawson
 
Privacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be TellingPrivacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be TellingRebecca Leitch
 

Similaire à Privacy icms (handouts) (20)

Privacy introduction
Privacy introduction Privacy introduction
Privacy introduction
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information Privacy
 
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
 
2011 hildebrandt institute cio forum data privacy and security presentation...
2011 hildebrandt institute cio forum data privacy and security presentation...2011 hildebrandt institute cio forum data privacy and security presentation...
2011 hildebrandt institute cio forum data privacy and security presentation...
 
Ecommerce Chap 10
Ecommerce Chap 10Ecommerce Chap 10
Ecommerce Chap 10
 
Privacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidancePrivacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and Avoidance
 
cybersecurity
cybersecurity cybersecurity
cybersecurity
 
Data Protection & Risk Management
Data Protection & Risk Management Data Protection & Risk Management
Data Protection & Risk Management
 
internet security and cyber lawUnit1
internet security and cyber lawUnit1internet security and cyber lawUnit1
internet security and cyber lawUnit1
 
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018
 
Siskinds | Incident Response Plan
Siskinds | Incident Response PlanSiskinds | Incident Response Plan
Siskinds | Incident Response Plan
 
Ethical Dimension and understanding Ethical Foundation of IT
Ethical Dimension and understanding Ethical Foundation of ITEthical Dimension and understanding Ethical Foundation of IT
Ethical Dimension and understanding Ethical Foundation of IT
 
Information Security
Information Security Information Security
Information Security
 
Securing your Data, Reporting Recommended Practices
Securing your Data, Reporting Recommended PracticesSecuring your Data, Reporting Recommended Practices
Securing your Data, Reporting Recommended Practices
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11
 
Data set Legislation
Data set Legislation Data set Legislation
Data set Legislation
 
Data set Legislation
Data set LegislationData set Legislation
Data set Legislation
 
Data set Legislation
Data set LegislationData set Legislation
Data set Legislation
 
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
 
Privacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be TellingPrivacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be Telling
 

Dernier

AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfOverkill Security
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 

Dernier (20)

AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 

Privacy icms (handouts)

  • 1. Data Privacy and ICMS “Privacy Matters”
  • 2. Learning Objectives Today you will hear about Victorian privacy requirements This session will better equip you to understand: •Privacy legislation & the definition of personal information; • data security procedures for responsibly handling production data; and • where to go for privacy and records management related help. “Privacy Matters”
  • 3. What is information privacy?  Some control over who knows what about us.  About balancing: • the public interest in the free flow of information (to enable necessary government operations and services) with • the public interest in respecting privacy and protecting personal information of individuals. “Privacy Matters”
  • 4. Privacy legislation Information Privacy Act State government agencies, (Vic) 2000 local councils, Ministers & Statutory agencies. Health Records Act (Vic) Health information in 2001 Victorian public and private sectors, hospitals, doctors & employers. “Privacy Matters”
  • 5. Privacy – Key definitions Personal information Recorded information about a living identifiable or easily identifiable individual. Health information Information able to be linked to a living or deceased person about a person’s physical, mental or psychological health. Sensitive information Includes information about a person’s race or ethnicity and criminal record. Is a photo personal information? Are details of a person’s position and salary recorded on their personnel file? “Privacy Matters”
  • 6. How does privacy relate to information security? Information Security is a component of privacy : • A secure approach facilitates access to, accuracy of and confidentiality of personal & health information so that the right people have the right information Information Security is one of the 10 Information Privacy Principles (IPPs) IPP4 –: • An organisation must take reasonable steps to: • (4.1) protect the personal information it holds from misuse and loss and from unauthorised access, modification or disclosure. • (4.2) destroy or permanently de-identify personal information if it is no longer needed for any purpose. “Privacy Matters”
  • 7. Meaning of ‘reasonable steps’ The meaning of ‘reasonable steps’ is context dependent: •if the risk of a privacy breach is of sufficient concern; and •the means of providing better protection are known and feasible; but the organisation does not act on this awareness; then reasonable steps have not been taken. “Privacy Matters”
  • 8. What might constitute reasonable steps in systems? • Typical reasonable steps for systems: – effective access control based on a manageable number of roles; – meaningful audit trails to the level of detail deemed necessary e.g. Single person look-up events, change of location events, remote access events & large access events – all users to be suitably trained to ensure that authorised parties are fully aware of their privacy responsibilities; – data encryption as appropriate; – well managed and monitored data connections (e.g. with other DoJ, contractors or VicPol); – informed, involved contract management of service providers (s17 IPA re outsourcing) – Reporting incidents of privacy breaches. “Privacy Matters”
  • 9. Reasonable steps for ICMS systems You must You must not • Follow ICMS procedure • Leave production data • Anonymise or de-identify data early & wherever in an unsecured possible environment • Secure production data by • Email production data lock and key • Dispose of hard and soft • Keep copies of copy information securely production data longer • Expect to be able to justify your use of data than necessary “Privacy Matters”
  • 10. De-identification messages • De-identifying data is considered a leading practice, and is also legislated in regulations such as the Information Privacy Act. • There are several options for de-identifying data, both operational and automated. These include – Data deletion – Data Mixing – Data replacement – Data Substitution – Encryption – Interjecting Unrelated Text – Modifying Numerical Data – Using an Isolated Testing Environment • Whatever de-identification method you use, you need to make sure the de-identification results are appropriate for the context of the application being tested, and must make sense to the person reviewing the test results. “Privacy Matters”
  • 11. Remaining key privacy considerations • Collection (IPPs 8, 1, and 10) Collect only what you need. Do it lawfully, fairly, directly and not unreasonably intrusively. Tell people you are doing it and why. Be extra careful with sensitive information. • Use and Disclosure (IPPs 2 and 9) Use and disclose personal information for the reason you collected it. Other public interest reasons e.g. law enforcement, personal safety permit use and disclosure. Properly obtained consent allows any use or disclosure. If a person’s personal information travels interstate or overseas it must be protected by Victoria’s standards. “Privacy Matters”
  • 12. Remaining Key privacy considerations Access & Correction (IPP6 & FOI Act)  People have a right to access & correct personal information.  Assume people will see what you write.  If involved in discovering documents respond promptly. Management (IPPs 3, 4, 5 & 7)  Keep personal information accurate & secure.  Follow Departmental policies. “Privacy Matters”
  • 13. Where to go for help?  Privacy, Freedom of Information & Records Management materials are on J-NET>Our Business>Knowledge Management  Each of the Dept’s business units has a Privacy Coordinator • Court Services - Susan Brent 9603 9456 • ICMS – Jim Paterson 9093 8430 Brent Carey, Senior Privacy Adviser can be contacted on 8684 0071 or by e-mail privacy@justice.vic.gov.au  EDRMS (records) helpdesk 8684 0555; the FOI unit 8684 0063  Privacy Victoria 8619 8719 www.privacy.vic.gov.au “Privacy Matters”