Your SlideShare is downloading. ×
Data Protection Top Ten Concerns
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

Data Protection Top Ten Concerns

191
views

Published on

Published in: Technology, Business

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
191
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Data Protection THE TOP TEN CONCERNSHISI CONFERENCE, DUBLINW E D N E S D A Y , N O V 1 6 TH, 2 0 1 1
  • 2. Introduction The Data Protection Rules Areas for Concern  The Global Village  Obligation to Notify  What to prioritise? Protecting Privacy Capability and Compliance
  • 3. The Data Protection Rules Personal Data must be…  Obtained Fairly  Processed for a Specified Purpose  Processed in a Compatible Manner  Kept Safe and Secure  Kept Accurate and Up-to-date  Processed adequately, not excessively  Retained only for as long as necessary  Stored to enable easy retrieval
  • 4. The Data Protection Rules Obtained Fairly Processed for a Specified Purpose Processed in a Compatible Manner Kept Safe and Secure Kept Accurate and Up-to-dateProcessed adequately, not excessivelyRetained only for as long as necessary Stored to enable easy retrieval
  • 5. Challenge 1 – Safe and SecureIncreased access to Increased Risk ofdata & information Breach, Leakage, Theft Improved service provision Reputational damage More timely interventions „Brand‟ damage More appropriate response Breakdown in trust Better management of Risk to clients Impact on Commercial Performance Billing and Account Data most at risk
  • 6. Challenge 1 – Safe and SecureChallenge is … Technical Physical Emotional
  • 7. Challenge 2 – Breach Notification “… an incident giving rise to a risk of unauthorised disclosure, loss, destruction or alteration of personal data“ “Must give immediate consideration to notifying the data subjects” Intended to redress the balance of control Some discretion is left to the Data Controller Reputational, Commercial, Professional impact „Doing Nothing‟ no longer an option
  • 8. Fewer than 50 of breaches are detected 50%(Ponemon)Fewer than 40 of these are reported 40%(Ponemon)Corollary:Up to 80% are off management‟s radar
  • 9. Challenge 3 – Ambassadors and Assassins Biggest Data Biggest Data threat „Customers‟Champions for “new ways of working” 52% of breaches caused byDrive ROI on investment in tools unintentional actions (Ponemon)Help drive the agenda re: use of data. 10% were „intentional, non- malicious‟ (Ponemon) Will institutions pursue their „star‟ practitioners?
  • 10. Challenge 4 – How to Prioritise?People who believe automation increases risk of data loss or theft 92% % of issues blamed on inadequate resourcing 71%<3% % of budget allocated to data securityChallenge: Increased demands on reduced budgets
  • 11. Challenge 5 – How to value data? Cost to acquire?  Value placed on accuracy? Integrity?  Tolerance for duplication? Obsolescence? Cost if lost?  Average cost per lost record - €107k  Average data lost per incident – 1769 records  Costs between $6.5m and $15m where media cover the loss Penalty clauses in Data Processor contracts?
  • 12. Challenge 6 – Quality of Data? Multiple Sources, opportunity for error Multiple system interfaces, data mapping Assessment of data integrity, completeness New phenomenon of „facilitated‟ data 77% cannot control physical access to stored data
  • 13. Challenge 7 – The Temptation to Share Outsourcing of all aspects of data management  Acquisition  Processing  Analysis  Evaluation  Security  Storage Non-prescriptive Processor contract Adequacy of protection at overseas destination Undermined reputation of Safe Harbor „Trust … but verify!‟
  • 14. Challenge 8 – The Cloud – opportunity or threat? Fastest growing new sector Significant savings in maintenance, resource and licensing Super-jurisdictional processing, storage Different from historical supported models Ultimate onus remains with Data Controller
  • 15. Challenge 9 – Who has our data? Imbalance of Sensitive Personal Data Multiple channels for data transfer Status of third-party and sub-contracts How and when to anonymise
  • 16. Challenge 10 – Should it stay or should it go? Retain for duration of specified purpose The temptation to retain indefinitely Possibility of „undefined future use‟ Storage costs no longer a decision driver Verifiable destruction?
  • 17. When is enough enough? Core set of policies and procedures Integrated processes – „joined-up thinking‟ Staff awareness Consistent Policies across faculties, departments Appropriate templates Regular audit / review Data Controller‟s best endeavours
  • 18. Data Protection – Inhibitor or Enabler? Improved awareness of data quality, integrity Increased accuracy of data Reliability of analysis and decision-making Heightened awareness of Data Subjects‟ rights Protects brand, reputation, credibility, trust