SlideShare une entreprise Scribd logo
1  sur  11
Information Security and GDPR
Laurence Horton,
LSE Library
“Information Security and GDPR” by Laurence Horton is licensed under a Creative Commons Attribution 4.0 International License.
GDPR sanctions
• Written warning
• Data protection audit
• 20,000,000€ or up to 4% annual worldwide
turnover
• consent
• data subjects' rights
• transfers of personal data
Personal data
• Best way to manage personal data: don’t collect it unless
necessary.
– Name, identification number, location data, online identifier*
– Race or ethnicity
– Trade union membership
– Religious or philosophical beliefs
– Political opinions
– Health
– Sex life
– Criminal record†
– Genetic
– Biometric
• GDPR, *Article 4(1), Article 9(1), †Article 10
Information Security classifications
Access levels based on ‘least privilege’
principle.
• Controlled
• Safeguarded
• Open data
Source:
https://www.ukdataservice.ac.uk/manage-
data/legal-ethical/access-control
• Confidential
• Restricted
• Internal Use
• Public
Source:
https://info.lse.ac.uk/staff/Services/Policies-
and-
procedures/Assets/Documents/infSecStaIT.pdf
Five safes
Safe…
Projects: appropriate use?
People: researchers trusted to follow procedures and use data properly
Settings: security arrangements prevent unauthorised access or loss
Data: Is there a disclosure risk in the data itself?
Outputs: Publications don’t contain identifying results
Source: Ritchie, Felix (2008). "Secure access to confidential microdata: four years of the Virtual Microdata Laboratory" (PDF). Economic and Labour Market
Statistics. 2:5: 29–34. http://www.ons.gov.uk/ons/rel/elmr/economic-and-labour-market-review/no--5--may-2008/secure-access-to-confidential-microdata--four-
years-of-the-virtual-microdata-laboratory.pdf
Encryption
BitLocker FileVault VeraCrypt 7-zip MS Office
Windows
EFS
Hardware
encryption
Phones or
tablets
Hard drive
USB/External
Volume
Files
Folders
Archives
Hidden volumes
Best fit
Some issues
Use with caution
Not available
LSE Encryption matrix: http://www.lse.ac.uk/intranet/LSEServices/IMT/about/policies/documents/encryption-matrix.pdf
• If it is necessary, anonymise it as soon as
possible. Separate and encrypt personal
data.
Physical access
• Don’t forget the physical: control access to
rooms and storage.
Image: 8th Ward Villere Street New Orleans Safe House C" by Infrogmation of New Orleans - originally posted to Flickr as 7WardVillereSafeHouseC. Licensed
under CC BY 2.0 via Wikimedia Commons - https://commons.wikimedia.org/wiki/File:8th_Ward_Villere_Street_New_Orleans_Safe_House_C.jpg
Information Security guidance
• Check contractual requirements
– ISO27001 (formal or ‘aligned with’)
– Data must not be accessed remotely
– Strong access controls (password complexity
& expiry, folder access, server access)
– Data must be encrypted
– Secure deletion
Information Security guidance
• Warn about breaches
– Phishing
– Spoofing
– Malware/ransomware
– Theft
Information Security guidance
• Cloud storage
– LSE has SharePoint, OneDrive
– data held in EU (Dublin and Amsterdam)
– accounts for external users to access where
needed
– Information Security team can assess Cloud
storage providers contracts
Contact
• datalibrary@lse.ac.uk
• @laurencedata

Contenu connexe

Tendances

Data protection in Practice
Data protection in PracticeData protection in Practice
Data protection in PracticeTomppa Järvinen
 
Computer crimes and forensics
Computer crimes and forensics Computer crimes and forensics
Computer crimes and forensics Avinash Mavuru
 
Cybercrime And Cyber forensics
Cybercrime And  Cyber forensics Cybercrime And  Cyber forensics
Cybercrime And Cyber forensics sunanditaAnand
 
The Data Protection Act
The Data Protection ActThe Data Protection Act
The Data Protection Actburto111
 
Privacy , Security and Ethics Presentation
Privacy , Security and Ethics PresentationPrivacy , Security and Ethics Presentation
Privacy , Security and Ethics PresentationHajarul Cikyen
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic toolsSonu Sunaliya
 
Data Masking: Testing with Near-real Data
Data Masking: Testing with Near-real DataData Masking: Testing with Near-real Data
Data Masking: Testing with Near-real DataTechWell
 
How to keep women safe, online?
How to keep women safe, online?How to keep women safe, online?
How to keep women safe, online?Ankit Mehta
 
Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...
Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...
Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...Winston & Strawn LLP
 
Divorce in the Digital Era
Divorce in the Digital EraDivorce in the Digital Era
Divorce in the Digital EraFrederick Lane
 
Internet Security is an Oxymoron
Internet Security is an OxymoronInternet Security is an Oxymoron
Internet Security is an OxymoronMax Nokhrin
 
Submitting documents anonymously by Atanas Chobanov
Submitting documents anonymously by Atanas ChobanovSubmitting documents anonymously by Atanas Chobanov
Submitting documents anonymously by Atanas Chobanoveurobsdcon
 
Ip bill issues
Ip bill issuesIp bill issues
Ip bill issuesrcorrigan
 
DPA seminar presentation
DPA seminar presentationDPA seminar presentation
DPA seminar presentationRodonoghue72
 
Electronic Signatures - Technical Foundations
Electronic Signatures - Technical FoundationsElectronic Signatures - Technical Foundations
Electronic Signatures - Technical FoundationsTorsten Eymann
 
Security and Safe Keeping of Official Information by DPO
Security and Safe Keeping of Official Information by DPOSecurity and Safe Keeping of Official Information by DPO
Security and Safe Keeping of Official Information by DPOAtlantic Training, LLC.
 

Tendances (20)

cybercrime landscape for moldova
cybercrime landscape for moldovacybercrime landscape for moldova
cybercrime landscape for moldova
 
Avoiding Common Security Breaches & HIPAA Violations
Avoiding Common Security Breaches & HIPAA ViolationsAvoiding Common Security Breaches & HIPAA Violations
Avoiding Common Security Breaches & HIPAA Violations
 
Data protection in Practice
Data protection in PracticeData protection in Practice
Data protection in Practice
 
Computer crimes and forensics
Computer crimes and forensics Computer crimes and forensics
Computer crimes and forensics
 
Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics ppt
 
Cybercrime And Cyber forensics
Cybercrime And  Cyber forensics Cybercrime And  Cyber forensics
Cybercrime And Cyber forensics
 
The Data Protection Act
The Data Protection ActThe Data Protection Act
The Data Protection Act
 
Privacy , Security and Ethics Presentation
Privacy , Security and Ethics PresentationPrivacy , Security and Ethics Presentation
Privacy , Security and Ethics Presentation
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic tools
 
Data Masking: Testing with Near-real Data
Data Masking: Testing with Near-real DataData Masking: Testing with Near-real Data
Data Masking: Testing with Near-real Data
 
How to keep women safe, online?
How to keep women safe, online?How to keep women safe, online?
How to keep women safe, online?
 
Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...
Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...
Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...
 
Confidentiality
ConfidentialityConfidentiality
Confidentiality
 
Divorce in the Digital Era
Divorce in the Digital EraDivorce in the Digital Era
Divorce in the Digital Era
 
Internet Security is an Oxymoron
Internet Security is an OxymoronInternet Security is an Oxymoron
Internet Security is an Oxymoron
 
Submitting documents anonymously by Atanas Chobanov
Submitting documents anonymously by Atanas ChobanovSubmitting documents anonymously by Atanas Chobanov
Submitting documents anonymously by Atanas Chobanov
 
Ip bill issues
Ip bill issuesIp bill issues
Ip bill issues
 
DPA seminar presentation
DPA seminar presentationDPA seminar presentation
DPA seminar presentation
 
Electronic Signatures - Technical Foundations
Electronic Signatures - Technical FoundationsElectronic Signatures - Technical Foundations
Electronic Signatures - Technical Foundations
 
Security and Safe Keeping of Official Information by DPO
Security and Safe Keeping of Official Information by DPOSecurity and Safe Keeping of Official Information by DPO
Security and Safe Keeping of Official Information by DPO
 

Similaire à Information Security and GDPR

2013.11.30.Brook-CSA_Congress_EU_Avoiding_US_Cloud_Providers
2013.11.30.Brook-CSA_Congress_EU_Avoiding_US_Cloud_Providers2013.11.30.Brook-CSA_Congress_EU_Avoiding_US_Cloud_Providers
2013.11.30.Brook-CSA_Congress_EU_Avoiding_US_Cloud_ProvidersJon-Michael C. Brook, CISSP
 
What I learned at the Infosecurity ISACA North America Conference 2019
What I learned at the Infosecurity ISACA North America Conference 2019What I learned at the Infosecurity ISACA North America Conference 2019
What I learned at the Infosecurity ISACA North America Conference 2019Ulf Mattsson
 
A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaA practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaUlf Mattsson
 
Bcc comp4 ppt1
Bcc comp4 ppt1Bcc comp4 ppt1
Bcc comp4 ppt1ifrieshe
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudUlf Mattsson
 
Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london   data protection, security and privacy risks - on premis...Jul 16 isaca london   data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Ulf Mattsson
 
ISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston  - Practical data privacy and de-identification techniquesISACA Houston  - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniquesUlf Mattsson
 
The Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage DevicesThe Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage DevicesGFI Software
 
Five steps to secure big data
Five steps to secure big dataFive steps to secure big data
Five steps to secure big dataUlf Mattsson
 
Privacy & Data Ethics
Privacy & Data EthicsPrivacy & Data Ethics
Privacy & Data EthicsErik Kokkonen
 
I spy. The world of info Security from the known to the unknown.
I spy. The world of info Security from the known to the unknown.I spy. The world of info Security from the known to the unknown.
I spy. The world of info Security from the known to the unknown.Internet Security Auditors
 
Refugees on Rails Berlin - #2 Tech Talk on Security
Refugees on Rails Berlin - #2 Tech Talk on SecurityRefugees on Rails Berlin - #2 Tech Talk on Security
Refugees on Rails Berlin - #2 Tech Talk on SecurityGianluca Varisco
 
IT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceIT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceJeff Lemmermann
 
Securing Your Digital Files from Legal Threats
Securing Your Digital Files from Legal ThreatsSecuring Your Digital Files from Legal Threats
Securing Your Digital Files from Legal ThreatsAbbie Hosta
 
Ensuring User Data Protection And Privacy
Ensuring User Data Protection And PrivacyEnsuring User Data Protection And Privacy
Ensuring User Data Protection And PrivacyMandy Hebert
 

Similaire à Information Security and GDPR (20)

IoT PPT Deck
IoT PPT DeckIoT PPT Deck
IoT PPT Deck
 
Wipo smes ge_08_topic07
Wipo smes ge_08_topic07Wipo smes ge_08_topic07
Wipo smes ge_08_topic07
 
2013.11.30.Brook-CSA_Congress_EU_Avoiding_US_Cloud_Providers
2013.11.30.Brook-CSA_Congress_EU_Avoiding_US_Cloud_Providers2013.11.30.Brook-CSA_Congress_EU_Avoiding_US_Cloud_Providers
2013.11.30.Brook-CSA_Congress_EU_Avoiding_US_Cloud_Providers
 
What I learned at the Infosecurity ISACA North America Conference 2019
What I learned at the Infosecurity ISACA North America Conference 2019What I learned at the Infosecurity ISACA North America Conference 2019
What I learned at the Infosecurity ISACA North America Conference 2019
 
A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaA practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpa
 
Bcc comp4 ppt1
Bcc comp4 ppt1Bcc comp4 ppt1
Bcc comp4 ppt1
 
INT 1010 07-4.pdf
INT 1010 07-4.pdfINT 1010 07-4.pdf
INT 1010 07-4.pdf
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloud
 
Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london   data protection, security and privacy risks - on premis...Jul 16 isaca london   data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...
 
ISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston  - Practical data privacy and de-identification techniquesISACA Houston  - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniques
 
The Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage DevicesThe Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage Devices
 
Network security
Network securityNetwork security
Network security
 
Five steps to secure big data
Five steps to secure big dataFive steps to secure big data
Five steps to secure big data
 
Privacy & Data Ethics
Privacy & Data EthicsPrivacy & Data Ethics
Privacy & Data Ethics
 
I spy. The world of info Security from the known to the unknown.
I spy. The world of info Security from the known to the unknown.I spy. The world of info Security from the known to the unknown.
I spy. The world of info Security from the known to the unknown.
 
Refugees on Rails Berlin - #2 Tech Talk on Security
Refugees on Rails Berlin - #2 Tech Talk on SecurityRefugees on Rails Berlin - #2 Tech Talk on Security
Refugees on Rails Berlin - #2 Tech Talk on Security
 
IT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceIT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 Conference
 
Internal social networks
Internal social networksInternal social networks
Internal social networks
 
Securing Your Digital Files from Legal Threats
Securing Your Digital Files from Legal ThreatsSecuring Your Digital Files from Legal Threats
Securing Your Digital Files from Legal Threats
 
Ensuring User Data Protection And Privacy
Ensuring User Data Protection And PrivacyEnsuring User Data Protection And Privacy
Ensuring User Data Protection And Privacy
 

Plus de London School of Hygiene and Tropical Medicine

Plus de London School of Hygiene and Tropical Medicine (20)

Preparing to submit your thesis at LSHTM
Preparing to submit your thesis at LSHTMPreparing to submit your thesis at LSHTM
Preparing to submit your thesis at LSHTM
 
Your research is more than a thesis: Make the most of research data and other...
Your research is more than a thesis: Make the most of research data and other...Your research is more than a thesis: Make the most of research data and other...
Your research is more than a thesis: Make the most of research data and other...
 
Enhance your rese​arch impact through open science
Enhance your rese​arch impact through open scienceEnhance your rese​arch impact through open science
Enhance your rese​arch impact through open science
 
GDPR and Research Data Management
GDPR and Research Data ManagementGDPR and Research Data Management
GDPR and Research Data Management
 
Towards Open Research: practices, experiences, barriers and opportunities
Towards Open Research: practices, experiences, barriers and opportunitiesTowards Open Research: practices, experiences, barriers and opportunities
Towards Open Research: practices, experiences, barriers and opportunities
 
Data Journals and repositories: Getting academic credit for data sharing
Data Journals and repositories: Getting academic credit for data sharingData Journals and repositories: Getting academic credit for data sharing
Data Journals and repositories: Getting academic credit for data sharing
 
Crowd sourcing and high resolution satellite imagery in public health
Crowd sourcing and high resolution satellite imagery in public healthCrowd sourcing and high resolution satellite imagery in public health
Crowd sourcing and high resolution satellite imagery in public health
 
Determining the relationship between physical environment and weight status u...
Determining the relationship between physical environment and weight status u...Determining the relationship between physical environment and weight status u...
Determining the relationship between physical environment and weight status u...
 
i-Sense: an early-warning sensing systems for infectious diseases
i-Sense: an early-warning sensing systems for infectious diseasesi-Sense: an early-warning sensing systems for infectious diseases
i-Sense: an early-warning sensing systems for infectious diseases
 
Internet-based surveillance of illness: the FluSurvey platform
Internet-based surveillance of illness: the FluSurvey platformInternet-based surveillance of illness: the FluSurvey platform
Internet-based surveillance of illness: the FluSurvey platform
 
An overview of the MyHeart Counts app
An overview of the MyHeart Counts appAn overview of the MyHeart Counts app
An overview of the MyHeart Counts app
 
Electronic data collection for a modular household survey in Ethiopia
Electronic data collection for a modular household survey in EthiopiaElectronic data collection for a modular household survey in Ethiopia
Electronic data collection for a modular household survey in Ethiopia
 
Mobile-Based Experience Sampling for Behaviour Research
Mobile-Based Experience Sampling for Behaviour ResearchMobile-Based Experience Sampling for Behaviour Research
Mobile-Based Experience Sampling for Behaviour Research
 
Preparing Data for Sharing: The FAIR Principles
Preparing Data for Sharing: The FAIR PrinciplesPreparing Data for Sharing: The FAIR Principles
Preparing Data for Sharing: The FAIR Principles
 
RDM Training for health researchers: An institutional perspective
RDM Training for health researchers: An institutional perspectiveRDM Training for health researchers: An institutional perspective
RDM Training for health researchers: An institutional perspective
 
Research Data Readiness in UK Institutions: Digital Curation Centre’s 2015 Su...
Research Data Readiness in UK Institutions: Digital Curation Centre’s 2015 Su...Research Data Readiness in UK Institutions: Digital Curation Centre’s 2015 Su...
Research Data Readiness in UK Institutions: Digital Curation Centre’s 2015 Su...
 
Research data services at the University of Oxford
Research data services at the University of OxfordResearch data services at the University of Oxford
Research data services at the University of Oxford
 
Research Data Management at The University of Edinburgh
Research Data Management at The University of EdinburghResearch Data Management at The University of Edinburgh
Research Data Management at The University of Edinburgh
 
Research data management at UAL
Research data management at UALResearch data management at UAL
Research data management at UAL
 
RDM at UEL: agile, fragile or feral?
RDM at UEL: agile, fragile or feral?RDM at UEL: agile, fragile or feral?
RDM at UEL: agile, fragile or feral?
 

Dernier

March Patch Tuesday
March Patch TuesdayMarch Patch Tuesday
March Patch TuesdayIvanti
 
IT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced ComputingIT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced ComputingMAGNIntelligence
 
The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)codyslingerland1
 
Novo Nordisk's journey in developing an open-source application on Neo4j
Novo Nordisk's journey in developing an open-source application on Neo4jNovo Nordisk's journey in developing an open-source application on Neo4j
Novo Nordisk's journey in developing an open-source application on Neo4jNeo4j
 
Extra-120324-Visite-Entreprise-icare.pdf
Extra-120324-Visite-Entreprise-icare.pdfExtra-120324-Visite-Entreprise-icare.pdf
Extra-120324-Visite-Entreprise-icare.pdfInfopole1
 
The Importance of Indoor Air Quality (English)
The Importance of Indoor Air Quality (English)The Importance of Indoor Air Quality (English)
The Importance of Indoor Air Quality (English)IES VE
 
Where developers are challenged, what developers want and where DevEx is going
Where developers are challenged, what developers want and where DevEx is goingWhere developers are challenged, what developers want and where DevEx is going
Where developers are challenged, what developers want and where DevEx is goingFrancesco Corti
 
Explore the UiPath Community and ways you can benefit on your journey to auto...
Explore the UiPath Community and ways you can benefit on your journey to auto...Explore the UiPath Community and ways you can benefit on your journey to auto...
Explore the UiPath Community and ways you can benefit on your journey to auto...DianaGray10
 
Keep Your Finger on the Pulse of Your Building's Performance with IES Live
Keep Your Finger on the Pulse of Your Building's Performance with IES LiveKeep Your Finger on the Pulse of Your Building's Performance with IES Live
Keep Your Finger on the Pulse of Your Building's Performance with IES LiveIES VE
 
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc
 
Trailblazer Community - Flows Workshop (Session 2)
Trailblazer Community - Flows Workshop (Session 2)Trailblazer Community - Flows Workshop (Session 2)
Trailblazer Community - Flows Workshop (Session 2)Muhammad Tiham Siddiqui
 
LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0DanBrown980551
 
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - TechWebinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - TechProduct School
 
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024Brian Pichman
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightSafe Software
 
UiPath Studio Web workshop series - Day 1
UiPath Studio Web workshop series  - Day 1UiPath Studio Web workshop series  - Day 1
UiPath Studio Web workshop series - Day 1DianaGray10
 
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptxEmil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptxNeo4j
 
Technical SEO for Improved Accessibility WTS FEST
Technical SEO for Improved Accessibility  WTS FESTTechnical SEO for Improved Accessibility  WTS FEST
Technical SEO for Improved Accessibility WTS FESTBillieHyde
 
3 Pitfalls Everyone Should Avoid with Cloud Data
3 Pitfalls Everyone Should Avoid with Cloud Data3 Pitfalls Everyone Should Avoid with Cloud Data
3 Pitfalls Everyone Should Avoid with Cloud DataEric D. Schabell
 

Dernier (20)

March Patch Tuesday
March Patch TuesdayMarch Patch Tuesday
March Patch Tuesday
 
SheDev 2024
SheDev 2024SheDev 2024
SheDev 2024
 
IT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced ComputingIT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced Computing
 
The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)
 
Novo Nordisk's journey in developing an open-source application on Neo4j
Novo Nordisk's journey in developing an open-source application on Neo4jNovo Nordisk's journey in developing an open-source application on Neo4j
Novo Nordisk's journey in developing an open-source application on Neo4j
 
Extra-120324-Visite-Entreprise-icare.pdf
Extra-120324-Visite-Entreprise-icare.pdfExtra-120324-Visite-Entreprise-icare.pdf
Extra-120324-Visite-Entreprise-icare.pdf
 
The Importance of Indoor Air Quality (English)
The Importance of Indoor Air Quality (English)The Importance of Indoor Air Quality (English)
The Importance of Indoor Air Quality (English)
 
Where developers are challenged, what developers want and where DevEx is going
Where developers are challenged, what developers want and where DevEx is goingWhere developers are challenged, what developers want and where DevEx is going
Where developers are challenged, what developers want and where DevEx is going
 
Explore the UiPath Community and ways you can benefit on your journey to auto...
Explore the UiPath Community and ways you can benefit on your journey to auto...Explore the UiPath Community and ways you can benefit on your journey to auto...
Explore the UiPath Community and ways you can benefit on your journey to auto...
 
Keep Your Finger on the Pulse of Your Building's Performance with IES Live
Keep Your Finger on the Pulse of Your Building's Performance with IES LiveKeep Your Finger on the Pulse of Your Building's Performance with IES Live
Keep Your Finger on the Pulse of Your Building's Performance with IES Live
 
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
 
Trailblazer Community - Flows Workshop (Session 2)
Trailblazer Community - Flows Workshop (Session 2)Trailblazer Community - Flows Workshop (Session 2)
Trailblazer Community - Flows Workshop (Session 2)
 
LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0
 
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - TechWebinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
 
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024
 
The Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and InsightThe Zero-ETL Approach: Enhancing Data Agility and Insight
The Zero-ETL Approach: Enhancing Data Agility and Insight
 
UiPath Studio Web workshop series - Day 1
UiPath Studio Web workshop series  - Day 1UiPath Studio Web workshop series  - Day 1
UiPath Studio Web workshop series - Day 1
 
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptxEmil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
 
Technical SEO for Improved Accessibility WTS FEST
Technical SEO for Improved Accessibility  WTS FESTTechnical SEO for Improved Accessibility  WTS FEST
Technical SEO for Improved Accessibility WTS FEST
 
3 Pitfalls Everyone Should Avoid with Cloud Data
3 Pitfalls Everyone Should Avoid with Cloud Data3 Pitfalls Everyone Should Avoid with Cloud Data
3 Pitfalls Everyone Should Avoid with Cloud Data
 

Information Security and GDPR

  • 1. Information Security and GDPR Laurence Horton, LSE Library “Information Security and GDPR” by Laurence Horton is licensed under a Creative Commons Attribution 4.0 International License.
  • 2. GDPR sanctions • Written warning • Data protection audit • 20,000,000€ or up to 4% annual worldwide turnover • consent • data subjects' rights • transfers of personal data
  • 3. Personal data • Best way to manage personal data: don’t collect it unless necessary. – Name, identification number, location data, online identifier* – Race or ethnicity – Trade union membership – Religious or philosophical beliefs – Political opinions – Health – Sex life – Criminal record† – Genetic – Biometric • GDPR, *Article 4(1), Article 9(1), †Article 10
  • 4. Information Security classifications Access levels based on ‘least privilege’ principle. • Controlled • Safeguarded • Open data Source: https://www.ukdataservice.ac.uk/manage- data/legal-ethical/access-control • Confidential • Restricted • Internal Use • Public Source: https://info.lse.ac.uk/staff/Services/Policies- and- procedures/Assets/Documents/infSecStaIT.pdf
  • 5. Five safes Safe… Projects: appropriate use? People: researchers trusted to follow procedures and use data properly Settings: security arrangements prevent unauthorised access or loss Data: Is there a disclosure risk in the data itself? Outputs: Publications don’t contain identifying results Source: Ritchie, Felix (2008). "Secure access to confidential microdata: four years of the Virtual Microdata Laboratory" (PDF). Economic and Labour Market Statistics. 2:5: 29–34. http://www.ons.gov.uk/ons/rel/elmr/economic-and-labour-market-review/no--5--may-2008/secure-access-to-confidential-microdata--four- years-of-the-virtual-microdata-laboratory.pdf
  • 6. Encryption BitLocker FileVault VeraCrypt 7-zip MS Office Windows EFS Hardware encryption Phones or tablets Hard drive USB/External Volume Files Folders Archives Hidden volumes Best fit Some issues Use with caution Not available LSE Encryption matrix: http://www.lse.ac.uk/intranet/LSEServices/IMT/about/policies/documents/encryption-matrix.pdf • If it is necessary, anonymise it as soon as possible. Separate and encrypt personal data.
  • 7. Physical access • Don’t forget the physical: control access to rooms and storage. Image: 8th Ward Villere Street New Orleans Safe House C" by Infrogmation of New Orleans - originally posted to Flickr as 7WardVillereSafeHouseC. Licensed under CC BY 2.0 via Wikimedia Commons - https://commons.wikimedia.org/wiki/File:8th_Ward_Villere_Street_New_Orleans_Safe_House_C.jpg
  • 8. Information Security guidance • Check contractual requirements – ISO27001 (formal or ‘aligned with’) – Data must not be accessed remotely – Strong access controls (password complexity & expiry, folder access, server access) – Data must be encrypted – Secure deletion
  • 9. Information Security guidance • Warn about breaches – Phishing – Spoofing – Malware/ransomware – Theft
  • 10. Information Security guidance • Cloud storage – LSE has SharePoint, OneDrive – data held in EU (Dublin and Amsterdam) – accounts for external users to access where needed – Information Security team can assess Cloud storage providers contracts