SlideShare une entreprise Scribd logo

IS/DPP for staff #3b - Data Classification

Télécharger en tant que PPTX, PDF
T
Tommy Vandepitte

An example of how the staff training on information security, data protection and privacy (IS/DPP) could look. This part is on data classification, drilling a bit deeper into confidentiality, integrity, availability (=CIA), privacy (=CAPI), traceability, and retention (=PATRIC), to be amended to meet the specific organisation's setup. The slides come with notes that in short explain the visuals on the slides.

Formation
1  sur  20
- Internal - IS/DPP Baseline Training E-learning – Part 3 – Data & Classification
2 - Internal - Page Confidentiality
3 - Internal - Page Confidentiality
4 - Internal - Page Confidentiality Website content, approved media releases, marketing materials, …Public Website content, approved media releases, marketing materials, …
5 - Internal - Page Confidentiality Public
6 - Internal - Page Confidentiality Internal Public Departmental memos, information on bulletin boards, training materials, policies, procedures, instructions, phone/email directories,…
7 - Internal - Page Confidentiality Website content, approved media releases, marketing materials, … Restricted Internal Public Personal data, customer correspondence, staff data, internal audit reports, …
8 - Internal - Page Confidentiality Website content, approved media releases, marketing materials, … Restricted Internal Public Secret Passwords and other authentication credentials, new products, mergers,…
9 - Internal - Page
10 - Internal - Page Confidentiality Integrity
11 - Internal - Page Confidentiality Integrity Availability
12 - Internal - Page Confidentiality Availability Privacy Integrity
13 - Internal - Page Control Data Subject Processing personal data Data Controller Finality Legitimacy Transparency Organisation Proportional end-to-end Data Protection Act / GDPR
14 - Internal - Page Data Subject Processing personal data Data Controller Data Protection Act / GDPR 1. What would your reaction be if we did it to your personal data?
15 - Internal - Page Data Subject Processing personal data Data Controller Data Protection Act / GDPR 1. What would your reaction be if we did it to your personal data? 2. What would the reaction be of somebody who likes his privacy, if we did it to his/her personal data?
16 - Internal - Page Data Subject Processing personal data Data Controller Data Protection Act / GDPR 1. What would your reaction be if we did it to your personal data? 2. What would the reaction be of somebody who likes his privacy, if we did it to his/her personal data? 3. What would the reaction of the public be if what we do to personal data is in detail explained on the front page of tomorrow’s newspaper?
17 - Internal - Page Data Subject Processing personal data Data Controller Data Protection Act / GDPR 1. What would your reaction be if we did it to your personal data? 2. What would the reaction be of somebody who likes his privacy, if we did it to his/her personal data? 3. What would the reaction of the public be if what we do to personal data is in detail explained on the front page of tomorrow’s newspaper?
18 - Internal - Page Full Set of Data Classifications: PATRIC Category Classifications Privacy Use the (personal) data in line with the original purpose  (original) purpose Availability Ensure that information is available to authorized persons  Non-Essential, Essential, Critical and Highly Critical Traceability Modifications can be traced back  Non-Traceable, Sensitive and Critical Retention Retained & disposed in line with law & business objectives  No Retention, Short-Term, Mid-Term and Long-Term Integrity Prevent accidental, unauthorized and deliberate alteration or deletion  Accurate, Vital and Absolute Confidentiality Prevent unauthorized disclosure  Public, Internal, Restricted and Secret Company specific
19 - Internal - Page Full Set of Data Classifications: PATRIC Category Classifications Privacy Use the (personal) data in line with the original purpose  (original) purpose Availability Ensure that information is available to authorized persons  Non-Essential, Essential, Critical and Highly Critical Traceability Modifications can be traced back  Non-Traceable, Sensitive and Critical Retention Retained & disposed in line with law & business objectives  No Retention, Short-Term, Mid-Term and Long-Term Integrity Prevent accidental, unauthorized and deliberate alteration or deletion  Accurate, Vital and Absolute Confidentiality Prevent unauthorized disclosure  Public, Internal, Restricted and Secret Company specific
20 - Internal - Page Key Takeaways  ABC Group classifies on different levels : personal data and PATRIC.  All information has a classification, even if it is not explicit.  You should classify.  Confidentiality distinguishes different circles: public, internal, restricted and secret, wherein personal data is always at least “restricted”. 30 sec IS/DPP survival kit WrapUp

Recommandé

Threat Modeling for Journalists
Threat Modeling for JournalistsThreat Modeling for Journalists
Threat Modeling for JournalistsGabor Szathmari
 
Privacy Discusssion GM667 Saint Mary's University of MN
Privacy Discusssion GM667 Saint Mary's University of MNPrivacy Discusssion GM667 Saint Mary's University of MN
Privacy Discusssion GM667 Saint Mary's University of MNSaint Mary's University of Minnesota
 
GDPR for WordPress - Impacts & Solutions
GDPR for WordPress - Impacts & SolutionsGDPR for WordPress - Impacts & Solutions
GDPR for WordPress - Impacts & SolutionsServerGuy
 
How to Use Open Source Intelligence (OSINT) in Investigations
How to Use Open Source Intelligence (OSINT) in InvestigationsHow to Use Open Source Intelligence (OSINT) in Investigations
How to Use Open Source Intelligence (OSINT) in InvestigationsCase IQ
 
How to Write a Privacy Policy For Your Blog?
How to Write a Privacy Policy For Your Blog?How to Write a Privacy Policy For Your Blog?
How to Write a Privacy Policy For Your Blog?Saikrishna Tipparapu
 
Investigating online conducting pre-interview research
Investigating online conducting pre-interview researchInvestigating online conducting pre-interview research
Investigating online conducting pre-interview researchCase IQ
 
Transparency gdpr
Transparency gdprTransparency gdpr
Transparency gdprMathew Chacko
 
2014-04-16 Protection of Personal Information Act Readiness Workshop
2014-04-16 Protection of Personal Information Act Readiness Workshop2014-04-16 Protection of Personal Information Act Readiness Workshop
2014-04-16 Protection of Personal Information Act Readiness WorkshopPaul Jacobson
 

Recommandé

Threat Modeling for Journalists
Threat Modeling for JournalistsThreat Modeling for Journalists
Threat Modeling for JournalistsGabor Szathmari
 
Privacy Discusssion GM667 Saint Mary's University of MN
Privacy Discusssion GM667 Saint Mary's University of MNPrivacy Discusssion GM667 Saint Mary's University of MN
Privacy Discusssion GM667 Saint Mary's University of MNSaint Mary's University of Minnesota
 
GDPR for WordPress - Impacts & Solutions
GDPR for WordPress - Impacts & SolutionsGDPR for WordPress - Impacts & Solutions
GDPR for WordPress - Impacts & SolutionsServerGuy
 
How to Use Open Source Intelligence (OSINT) in Investigations
How to Use Open Source Intelligence (OSINT) in InvestigationsHow to Use Open Source Intelligence (OSINT) in Investigations
How to Use Open Source Intelligence (OSINT) in InvestigationsCase IQ
 
How to Write a Privacy Policy For Your Blog?
How to Write a Privacy Policy For Your Blog?How to Write a Privacy Policy For Your Blog?
How to Write a Privacy Policy For Your Blog?Saikrishna Tipparapu
 
Investigating online conducting pre-interview research
Investigating online conducting pre-interview researchInvestigating online conducting pre-interview research
Investigating online conducting pre-interview researchCase IQ
 
Transparency gdpr
Transparency gdprTransparency gdpr
Transparency gdprMathew Chacko
 
2014-04-16 Protection of Personal Information Act Readiness Workshop
2014-04-16 Protection of Personal Information Act Readiness Workshop2014-04-16 Protection of Personal Information Act Readiness Workshop
2014-04-16 Protection of Personal Information Act Readiness WorkshopPaul Jacobson
 
GDPR Benefits and a Technical Overview
GDPR Benefits and a Technical OverviewGDPR Benefits and a Technical Overview
GDPR Benefits and a Technical OverviewErnest Staats
 
Associates quick guide to gdpr v 1.0
Associates quick guide to gdpr v 1.0Associates quick guide to gdpr v 1.0
Associates quick guide to gdpr v 1.0Aaron Banham
 
Sharp Cookie Advisors legal_botar_ai_dataskydd_gdpr
Sharp Cookie Advisors legal_botar_ai_dataskydd_gdprSharp Cookie Advisors legal_botar_ai_dataskydd_gdpr
Sharp Cookie Advisors legal_botar_ai_dataskydd_gdprSharp Cookie Advisors
 
DATA-PRIVACY-ACT.pptx
DATA-PRIVACY-ACT.pptxDATA-PRIVACY-ACT.pptx
DATA-PRIVACY-ACT.pptxJaeKim165097
 
Responsible for information
Responsible for informationResponsible for information
Responsible for informationDunton Environmental
 
Privacy experience in Plone and other open source CMS
Privacy experience in Plone and other open source CMSPrivacy experience in Plone and other open source CMS
Privacy experience in Plone and other open source CMSInteraktiv
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsUlf Mattsson
 
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127Frank Dawson
 
GDPR in the Healthcare Industry
GDPR in the Healthcare IndustryGDPR in the Healthcare Industry
GDPR in the Healthcare IndustryEMMAIntl
 
Gain Visibility & Control of IT Assets in a Perimeterless World
Gain Visibility & Control of IT Assets in a Perimeterless WorldGain Visibility & Control of IT Assets in a Perimeterless World
Gain Visibility & Control of IT Assets in a Perimeterless WorldQualys
 
[MU630] 005. Ethics, Privacy and Security
[MU630] 005. Ethics, Privacy and Security[MU630] 005. Ethics, Privacy and Security
[MU630] 005. Ethics, Privacy and SecurityAriantoMuditomo
 
Smart Data Module 5 d drive_legislation
Smart Data Module 5 d drive_legislationSmart Data Module 5 d drive_legislation
Smart Data Module 5 d drive_legislationcaniceconsulting
 
A Case For Information Protection Programs
A Case For Information Protection ProgramsA Case For Information Protection Programs
A Case For Information Protection ProgramsMichael Annis
 
Salesforce & GDPR: What happens next?
Salesforce & GDPR: What happens next? Salesforce & GDPR: What happens next?
Salesforce & GDPR: What happens next? Desynit
 
CBC GDPR The Physics
CBC GDPR The PhysicsCBC GDPR The Physics
CBC GDPR The PhysicsJason Chapman
 
How to implement gdpr in your document repository
How to implement gdpr in your document repository How to implement gdpr in your document repository
How to implement gdpr in your document repository XeniT Solutions nv
 
Keep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessKeep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessSirius
 
Kevin Wharram Security Summit
Kevin Wharram Security SummitKevin Wharram Security Summit
Kevin Wharram Security SummitKevin Wharram
 
GDPR Is Coming – Are Search Marketers Ready?
GDPR Is Coming – Are Search Marketers Ready?GDPR Is Coming – Are Search Marketers Ready?
GDPR Is Coming – Are Search Marketers Ready?MediaPost
 
Document-3.docx
Document-3.docxDocument-3.docx
Document-3.docxSonalVanjari
 
DPIA template
DPIA templateDPIA template
DPIA templateTommy Vandepitte
 
Gegevensbescherming-clausule in (overheids)opdracht
Gegevensbescherming-clausule in (overheids)opdrachtGegevensbescherming-clausule in (overheids)opdracht
Gegevensbescherming-clausule in (overheids)opdrachtTommy Vandepitte
 

Contenu connexe

Similaire à IS/DPP for staff #3b - Data Classification

GDPR Benefits and a Technical Overview
GDPR Benefits and a Technical OverviewGDPR Benefits and a Technical Overview
GDPR Benefits and a Technical OverviewErnest Staats
 
Associates quick guide to gdpr v 1.0
Associates quick guide to gdpr v 1.0Associates quick guide to gdpr v 1.0
Associates quick guide to gdpr v 1.0Aaron Banham
 
Sharp Cookie Advisors legal_botar_ai_dataskydd_gdpr
Sharp Cookie Advisors legal_botar_ai_dataskydd_gdprSharp Cookie Advisors legal_botar_ai_dataskydd_gdpr
Sharp Cookie Advisors legal_botar_ai_dataskydd_gdprSharp Cookie Advisors
 
DATA-PRIVACY-ACT.pptx
DATA-PRIVACY-ACT.pptxDATA-PRIVACY-ACT.pptx
DATA-PRIVACY-ACT.pptxJaeKim165097
 
Privacy experience in Plone and other open source CMS
Privacy experience in Plone and other open source CMSPrivacy experience in Plone and other open source CMS
Privacy experience in Plone and other open source CMSInteraktiv
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsUlf Mattsson
 
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127Frank Dawson
 
GDPR in the Healthcare Industry
GDPR in the Healthcare IndustryGDPR in the Healthcare Industry
GDPR in the Healthcare IndustryEMMAIntl
 
Gain Visibility & Control of IT Assets in a Perimeterless World
Gain Visibility & Control of IT Assets in a Perimeterless WorldGain Visibility & Control of IT Assets in a Perimeterless World
Gain Visibility & Control of IT Assets in a Perimeterless WorldQualys
 
[MU630] 005. Ethics, Privacy and Security
[MU630] 005. Ethics, Privacy and Security[MU630] 005. Ethics, Privacy and Security
[MU630] 005. Ethics, Privacy and SecurityAriantoMuditomo
 
Smart Data Module 5 d drive_legislation
Smart Data Module 5 d drive_legislationSmart Data Module 5 d drive_legislation
Smart Data Module 5 d drive_legislationcaniceconsulting
 
A Case For Information Protection Programs
A Case For Information Protection ProgramsA Case For Information Protection Programs
A Case For Information Protection ProgramsMichael Annis
 
Salesforce & GDPR: What happens next?
Salesforce & GDPR: What happens next? Salesforce & GDPR: What happens next?
Salesforce & GDPR: What happens next? Desynit
 
CBC GDPR The Physics
CBC GDPR The PhysicsCBC GDPR The Physics
CBC GDPR The PhysicsJason Chapman
 
How to implement gdpr in your document repository
How to implement gdpr in your document repository How to implement gdpr in your document repository
How to implement gdpr in your document repository XeniT Solutions nv
 
Keep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessKeep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessSirius
 
Kevin Wharram Security Summit
Kevin Wharram Security SummitKevin Wharram Security Summit
Kevin Wharram Security SummitKevin Wharram
 
GDPR Is Coming – Are Search Marketers Ready?
GDPR Is Coming – Are Search Marketers Ready?GDPR Is Coming – Are Search Marketers Ready?
GDPR Is Coming – Are Search Marketers Ready?MediaPost
 

Similaire à IS/DPP for staff #3b - Data Classification (20)

GDPR Benefits and a Technical Overview
GDPR Benefits and a Technical OverviewGDPR Benefits and a Technical Overview
GDPR Benefits and a Technical Overview
 
Associates quick guide to gdpr v 1.0
Associates quick guide to gdpr v 1.0Associates quick guide to gdpr v 1.0
Associates quick guide to gdpr v 1.0
 
Sharp Cookie Advisors legal_botar_ai_dataskydd_gdpr
Sharp Cookie Advisors legal_botar_ai_dataskydd_gdprSharp Cookie Advisors legal_botar_ai_dataskydd_gdpr
Sharp Cookie Advisors legal_botar_ai_dataskydd_gdpr
 
DATA-PRIVACY-ACT.pptx
DATA-PRIVACY-ACT.pptxDATA-PRIVACY-ACT.pptx
DATA-PRIVACY-ACT.pptx
 
Responsible for information
Responsible for informationResponsible for information
Responsible for information
 
Privacy experience in Plone and other open source CMS
Privacy experience in Plone and other open source CMSPrivacy experience in Plone and other open source CMS
Privacy experience in Plone and other open source CMS
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulations
 
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
 
GDPR in the Healthcare Industry
GDPR in the Healthcare IndustryGDPR in the Healthcare Industry
GDPR in the Healthcare Industry
 
Gain Visibility & Control of IT Assets in a Perimeterless World
Gain Visibility & Control of IT Assets in a Perimeterless WorldGain Visibility & Control of IT Assets in a Perimeterless World
Gain Visibility & Control of IT Assets in a Perimeterless World
 
[MU630] 005. Ethics, Privacy and Security
[MU630] 005. Ethics, Privacy and Security[MU630] 005. Ethics, Privacy and Security
[MU630] 005. Ethics, Privacy and Security
 
Smart Data Module 5 d drive_legislation
Smart Data Module 5 d drive_legislationSmart Data Module 5 d drive_legislation
Smart Data Module 5 d drive_legislation
 
A Case For Information Protection Programs
A Case For Information Protection ProgramsA Case For Information Protection Programs
A Case For Information Protection Programs
 
Salesforce & GDPR: What happens next?
Salesforce & GDPR: What happens next? Salesforce & GDPR: What happens next?
Salesforce & GDPR: What happens next?
 
CBC GDPR The Physics
CBC GDPR The PhysicsCBC GDPR The Physics
CBC GDPR The Physics
 
How to implement gdpr in your document repository
How to implement gdpr in your document repository How to implement gdpr in your document repository
How to implement gdpr in your document repository
 
Keep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessKeep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR Success
 
Kevin Wharram Security Summit
Kevin Wharram Security SummitKevin Wharram Security Summit
Kevin Wharram Security Summit
 
GDPR Is Coming – Are Search Marketers Ready?
GDPR Is Coming – Are Search Marketers Ready?GDPR Is Coming – Are Search Marketers Ready?
GDPR Is Coming – Are Search Marketers Ready?
 
Document-3.docx
Document-3.docxDocument-3.docx
Document-3.docx
 

Plus de Tommy Vandepitte

Gegevensbescherming-clausule in (overheids)opdracht
Gegevensbescherming-clausule in (overheids)opdrachtGegevensbescherming-clausule in (overheids)opdracht
Gegevensbescherming-clausule in (overheids)opdrachtTommy Vandepitte
 
20190131 - Presentation Q&A on legislation's influence (on travel management)
20190131 - Presentation Q&A on legislation's influence (on travel management)20190131 - Presentation Q&A on legislation's influence (on travel management)
20190131 - Presentation Q&A on legislation's influence (on travel management)Tommy Vandepitte
 
GDPR toegepast op huur-verhuur (Dutch)
GDPR toegepast op huur-verhuur (Dutch)GDPR toegepast op huur-verhuur (Dutch)
GDPR toegepast op huur-verhuur (Dutch)Tommy Vandepitte
 
Controller-to-processor agreements
Controller-to-processor agreementsController-to-processor agreements
Controller-to-processor agreementsTommy Vandepitte
 
Gegevensbescherming makelaars
Gegevensbescherming makelaarsGegevensbescherming makelaars
Gegevensbescherming makelaarsTommy Vandepitte
 
EEAS - Cultivate your data protection
EEAS - Cultivate your data protectionEEAS - Cultivate your data protection
EEAS - Cultivate your data protectionTommy Vandepitte
 
Presentation for the LSEC GDPR event - 20171130
Presentation for the LSEC GDPR event - 20171130Presentation for the LSEC GDPR event - 20171130
Presentation for the LSEC GDPR event - 20171130Tommy Vandepitte
 
Training privacy by design
Training privacy by designTraining privacy by design
Training privacy by designTommy Vandepitte
 
GDPR voor steden en gemeenten (Dutch)
GDPR voor steden en gemeenten (Dutch)GDPR voor steden en gemeenten (Dutch)
GDPR voor steden en gemeenten (Dutch)Tommy Vandepitte
 
GDPR project board deck (example)
GDPR project board deck (example)GDPR project board deck (example)
GDPR project board deck (example)Tommy Vandepitte
 
IS/DPP for staff #8 - Monitoring
IS/DPP for staff #8 - MonitoringIS/DPP for staff #8 - Monitoring
IS/DPP for staff #8 - MonitoringTommy Vandepitte
 
IS/DPP for staff #7 - Incidents
IS/DPP for staff #7 - IncidentsIS/DPP for staff #7 - Incidents
IS/DPP for staff #7 - IncidentsTommy Vandepitte
 
IS/DPP for staff #6 - Acceptable use
IS/DPP for staff #6 - Acceptable useIS/DPP for staff #6 - Acceptable use
IS/DPP for staff #6 - Acceptable useTommy Vandepitte
 
IS/DPP for staff #5b - Passwords
IS/DPP for staff #5b - PasswordsIS/DPP for staff #5b - Passwords
IS/DPP for staff #5b - PasswordsTommy Vandepitte
 
IS/DPP for staff #5a - Access
IS/DPP for staff #5a - AccessIS/DPP for staff #5a - Access
IS/DPP for staff #5a - AccessTommy Vandepitte
 
IS/DPP for staff #3a - Data
IS/DPP for staff #3a - DataIS/DPP for staff #3a - Data
IS/DPP for staff #3a - DataTommy Vandepitte
 
IS/DPP for staff #2 - Why?
IS/DPP for staff #2 - Why?IS/DPP for staff #2 - Why?
IS/DPP for staff #2 - Why?Tommy Vandepitte
 
IS/DPP for staff #1 - intro
IS/DPP for staff #1 - introIS/DPP for staff #1 - intro
IS/DPP for staff #1 - introTommy Vandepitte
 

Plus de Tommy Vandepitte (20)

DPIA template
DPIA templateDPIA template
DPIA template
 
Gegevensbescherming-clausule in (overheids)opdracht
Gegevensbescherming-clausule in (overheids)opdrachtGegevensbescherming-clausule in (overheids)opdracht
Gegevensbescherming-clausule in (overheids)opdracht
 
20190131 - Presentation Q&A on legislation's influence (on travel management)
20190131 - Presentation Q&A on legislation's influence (on travel management)20190131 - Presentation Q&A on legislation's influence (on travel management)
20190131 - Presentation Q&A on legislation's influence (on travel management)
 
GDPR toegepast op huur-verhuur (Dutch)
GDPR toegepast op huur-verhuur (Dutch)GDPR toegepast op huur-verhuur (Dutch)
GDPR toegepast op huur-verhuur (Dutch)
 
Controller-to-processor agreements
Controller-to-processor agreementsController-to-processor agreements
Controller-to-processor agreements
 
Gegevensbescherming makelaars
Gegevensbescherming makelaarsGegevensbescherming makelaars
Gegevensbescherming makelaars
 
EEAS - Cultivate your data protection
EEAS - Cultivate your data protectionEEAS - Cultivate your data protection
EEAS - Cultivate your data protection
 
Presentation for the LSEC GDPR event - 20171130
Presentation for the LSEC GDPR event - 20171130Presentation for the LSEC GDPR event - 20171130
Presentation for the LSEC GDPR event - 20171130
 
Training privacy by design
Training privacy by designTraining privacy by design
Training privacy by design
 
GDPR voor steden en gemeenten (Dutch)
GDPR voor steden en gemeenten (Dutch)GDPR voor steden en gemeenten (Dutch)
GDPR voor steden en gemeenten (Dutch)
 
GDPR project board deck (example)
GDPR project board deck (example)GDPR project board deck (example)
GDPR project board deck (example)
 
IS/DPP for staff #8 - Monitoring
IS/DPP for staff #8 - MonitoringIS/DPP for staff #8 - Monitoring
IS/DPP for staff #8 - Monitoring
 
IS/DPP for staff #7 - Incidents
IS/DPP for staff #7 - IncidentsIS/DPP for staff #7 - Incidents
IS/DPP for staff #7 - Incidents
 
IS/DPP for staff #6 - Acceptable use
IS/DPP for staff #6 - Acceptable useIS/DPP for staff #6 - Acceptable use
IS/DPP for staff #6 - Acceptable use
 
IS/DPP for staff #5b - Passwords
IS/DPP for staff #5b - PasswordsIS/DPP for staff #5b - Passwords
IS/DPP for staff #5b - Passwords
 
IS/DPP for staff #5a - Access
IS/DPP for staff #5a - AccessIS/DPP for staff #5a - Access
IS/DPP for staff #5a - Access
 
IS/DPP for staff #3a - Data
IS/DPP for staff #3a - DataIS/DPP for staff #3a - Data
IS/DPP for staff #3a - Data
 
IS/DPP for staff #2 - Why?
IS/DPP for staff #2 - Why?IS/DPP for staff #2 - Why?
IS/DPP for staff #2 - Why?
 
IS/DPP for staff #1 - intro
IS/DPP for staff #1 - introIS/DPP for staff #1 - intro
IS/DPP for staff #1 - intro
 
Training Procurement
Training ProcurementTraining Procurement
Training Procurement
 

Dernier

Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxDr. Sarita Anand
 
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxAmanpreet Kaur
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxEsquimalt MFRC
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...Poonam Aher Patil
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxheathfieldcps1
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jisc
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfNirmal Dwivedi
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxRamakrishna Reddy Bijjam
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxJisc
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfPoh-Sun Goh
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentationcamerronhm
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Jisc
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibitjbellavia9
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - Englishneillewis46
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxVishalSingh1417
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17Celine George
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...pradhanghanshyam7136
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...Nguyen Thanh Tu Collection
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...ZurliaSoop
 
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfDr Vijay Vishwakarma
 

Dernier (20)

Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptx
 
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
 

IS/DPP for staff #3b - Data Classification

  • 1. - Internal - IS/DPP Baseline Training E-learning – Part 3 – Data & Classification
  • 2. 2 - Internal - Page Confidentiality
  • 3. 3 - Internal - Page Confidentiality
  • 4. 4 - Internal - Page Confidentiality Website content, approved media releases, marketing materials, …Public Website content, approved media releases, marketing materials, …
  • 5. 5 - Internal - Page Confidentiality Public
  • 6. 6 - Internal - Page Confidentiality Internal Public Departmental memos, information on bulletin boards, training materials, policies, procedures, instructions, phone/email directories,…
  • 7. 7 - Internal - Page Confidentiality Website content, approved media releases, marketing materials, … Restricted Internal Public Personal data, customer correspondence, staff data, internal audit reports, …
  • 8. 8 - Internal - Page Confidentiality Website content, approved media releases, marketing materials, … Restricted Internal Public Secret Passwords and other authentication credentials, new products, mergers,…
  • 10. 10 - Internal - Page Confidentiality Integrity
  • 11. 11 - Internal - Page Confidentiality Integrity Availability
  • 12. 12 - Internal - Page Confidentiality Availability Privacy Integrity
  • 13. 13 - Internal - Page Control Data Subject Processing personal data Data Controller Finality Legitimacy Transparency Organisation Proportional end-to-end Data Protection Act / GDPR
  • 14. 14 - Internal - Page Data Subject Processing personal data Data Controller Data Protection Act / GDPR 1. What would your reaction be if we did it to your personal data?
  • 15. 15 - Internal - Page Data Subject Processing personal data Data Controller Data Protection Act / GDPR 1. What would your reaction be if we did it to your personal data? 2. What would the reaction be of somebody who likes his privacy, if we did it to his/her personal data?
  • 16. 16 - Internal - Page Data Subject Processing personal data Data Controller Data Protection Act / GDPR 1. What would your reaction be if we did it to your personal data? 2. What would the reaction be of somebody who likes his privacy, if we did it to his/her personal data? 3. What would the reaction of the public be if what we do to personal data is in detail explained on the front page of tomorrow’s newspaper?
  • 17. 17 - Internal - Page Data Subject Processing personal data Data Controller Data Protection Act / GDPR 1. What would your reaction be if we did it to your personal data? 2. What would the reaction be of somebody who likes his privacy, if we did it to his/her personal data? 3. What would the reaction of the public be if what we do to personal data is in detail explained on the front page of tomorrow’s newspaper?
  • 18. 18 - Internal - Page Full Set of Data Classifications: PATRIC Category Classifications Privacy Use the (personal) data in line with the original purpose  (original) purpose Availability Ensure that information is available to authorized persons  Non-Essential, Essential, Critical and Highly Critical Traceability Modifications can be traced back  Non-Traceable, Sensitive and Critical Retention Retained & disposed in line with law & business objectives  No Retention, Short-Term, Mid-Term and Long-Term Integrity Prevent accidental, unauthorized and deliberate alteration or deletion  Accurate, Vital and Absolute Confidentiality Prevent unauthorized disclosure  Public, Internal, Restricted and Secret Company specific
  • 19. 19 - Internal - Page Full Set of Data Classifications: PATRIC Category Classifications Privacy Use the (personal) data in line with the original purpose  (original) purpose Availability Ensure that information is available to authorized persons  Non-Essential, Essential, Critical and Highly Critical Traceability Modifications can be traced back  Non-Traceable, Sensitive and Critical Retention Retained & disposed in line with law & business objectives  No Retention, Short-Term, Mid-Term and Long-Term Integrity Prevent accidental, unauthorized and deliberate alteration or deletion  Accurate, Vital and Absolute Confidentiality Prevent unauthorized disclosure  Public, Internal, Restricted and Secret Company specific
  • 20. 20 - Internal - Page Key Takeaways  ABC Group classifies on different levels : personal data and PATRIC.  All information has a classification, even if it is not explicit.  You should classify.  Confidentiality distinguishes different circles: public, internal, restricted and secret, wherein personal data is always at least “restricted”. 30 sec IS/DPP survival kit WrapUp

Notes de l'éditeur

  1. Welcome to the third part of the baseline training IS/DPP. Herein we look at data and the different classifications we give it in order to be able to better handle it.
  2. Like confidentiality, both entailing keeping unauthorized people out and requiring from authorized persons to handle the information confidentially. An example of a fail is the list of Amex cardholders and their spend being leaked on the internet via wikileaks or pastebin.
  3. The classification “confidentiality” takes into account the impact on the ABC Group in case of disclosure or breach. The author of the data should classify it. If you receives unclassified data, you should.
  4. The first level is “public”. It is information intended for public use. So it can be communicated outside the ABC Group.
  5. All non public data, is “confidential”. That is further divided into three “circles of trust”, which contain ever smaller numbers of people.
  6. Internal data is meant for staff only. It is information that is used to support and perform normal business operations. External staff may have access to it, but then they should be bound by a non-disclosure commitment.
  7. Restricted data is only to be made available on a specific need-to-know basis, which means that it must be job-related for you. Personal data in principle is restricted.
  8. Secret data is the highest level of confidentiality. It is sometimes also indicated as “strictly confidential” or “for your eyes only”. The author must have indicated you as an addressee otherwise you are not authorized to have it. It also means that a recipient has no margin to autonomously forward the information.
  9. Most information security frameworks refer to CIA. CIA does not stand for the US Central Intellegence Agency but for
  10. Confidentiality (which we already discussed) Integrity: which entail preventing accidental, unauthorized and deliberate alteration or deletion of data. An example of a fail is a customer succeeding in changing his card limit thus messing up our authorization process.
  11. and Availability: which goes to ensuring that information is available to authorized persons when required to fulfill their job. An example of a fail is the data being lost due to a short power fail and being unable to give a workable backup, e.g. losing and entire week of work.
  12. Due to the data protection legislation, we also add “privacy” to the “classifications”. That is respecting the (original) purpose for which the personal data was collected.
  13. Here we revert to the “finality” requirement under the data protection legislation, and the expectations of the data subject. The finality requirement indicates that during the entire lifecycle of the personal data the purpose must be respected.
  14. The expectations of the data subject, without going into detail of the technical legislation, can be captured in a quick 3 questions test. The first: What would your reaction be if we did it to your personal data?
  15. The second: What would the reaction be of somebody who likes his privacy, if we did it to his/her personal data?
  16. The third: What would the reaction of the public be if what we do to personal data is in detail explained on the front page of tomorrow’s newspaper?
  17. If on one of those three questions we have to answer : “Well, the reaction may be (seriously) negative.” We should likely reconsider. You can imagine that transparency at the moment of collection of the data is a very imporant element here.
  18. We complete the set of data classifications with two more, namely Traceability: that is ensuring that modifications can be traced back to the individual that made the modification (which we refer to as “non-repudiation”) to enable compliance with regulations and standards.
  19. and Retention: that is ensuring that information is retained and disposed in line with legal and regulatory requirements and business objectives