Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Data Protection: An Approach to Privacy

36 views

Published on

Privacy is the right to be left alone, or freedom from interference or intrusion. Due to advancement in technological innovation, information privacy is becoming more complex by the minute as more data is being collected and exchanged.

Published in: Data & Analytics
  • DOWNLOAD FULL BOOKS INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL PDF EBOOK here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL EPUB Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL doc Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL PDF EBOOK here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL EPUB Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... 1.DOWNLOAD FULL doc Ebook here { https://tinyurl.com/y8nn3gmc } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

Data Protection: An Approach to Privacy

  1. 1. DATA PROTECTION Andrew Nooks An Approach To Privacy
  2. 2. Symptai • Symptai Consulting Limited is an independent IS Audit, Security & Business Assurance firm founded in 1998. • We are an industry leader in technology consulting services for assurance, security, business processes, and compliance with numerous success stories and excellent client retention rates.
  3. 3. Symptai Consulting Ltd Director eGov Jamaica Member, Board of Directors Andrew A. Nooks Certs: CISA, CISSP, CISSP-ISSAP, CIPM, CSSLP, CISM, CRISC, PCIP, ISO27001, ITSM Interests: Volleyball Swimming Aikido
  4. 4. Disclaimer • This presentation is based on research collated from the Internet leveraging articles from the International Association of Privacy Professionals (IAPP), an organization of which I am a member, and its contributors. • I have also leveraged my own experience being as an IS practitioner for over twenty-five (25) years of which thirteen (13) of which has been dedicated to Information Security and related controls to include privacy, as well as and the knowledge and experience from the Symptai team.
  5. 5. Definition of Privacy Privacy The right to be left alone, or freedom from interference or intrusion. Information privacy The right to have some control over how your personal information is collected and used. Impact How organization protect data in its various states: At rest, in-transit and in use.
  6. 6. Why is Privacy Important? Due to advancement in technological innovation, information privacy is becoming more complex by the minute as more data is being collected and exchanged. As the technology gets more sophisticated so do the uses of data. This leaves organizations facing an incredibly complex risk matrix for ensuring that personal information is protected.
  7. 7. In the News (Source https://www.scmagazine.com) Source: https://iapp.org/news
  8. 8. Business Risk • Health • Banking • Insurance • Telecoms Inherent High Risk • GDPR and other Data Protection Legislations • PCI DSS • HIPAA Legal & Compliance
  9. 9. Primary Components of a Privacy Program Privacy Program Governance Privacy Operational Life-Cycle Management
  10. 10. Privacy Program Governance • Vision and Mission • Develop a strategy • Team structure and composition Strategy Management
  11. 11. Privacy Program Governance • Vision and Mission • Develop a strategy • Team structure and composition Strategy Management • Frameworks • Policies Procedures Standards and guidelines Framework
  12. 12. Privacy Program Governance • Vision and Mission • Develop a strategy • Team structure and composition Strategy Management • Frameworks • Policies Procedures Standards and guidelinesFramework • Metrics and measurements (identify, Define, Select, Collect, Analyze) Performance
  13. 13. Business Case • Organizational Privacy Office Guidance • Define Privacy • Laws and Regulations • Technical Controls • External Privacy Organizations • Industry Frameworks • Privacy information Technology • Education and Awareness • Program Assurance
  14. 14. Privacy Operational Lifecycle Assess Protect Sustain Respond
  15. 15. Assess • AICPA/CICA Privacy Maturity Model • GAPP • Privacy by Design Assessment Models • Data • Systems • Processes Assess Business Privacy Operational Lifecycle Assess Protect Sustain Respond
  16. 16. • Need for DLM • DLM Principles Data Lifecycle Management • Standards and Frameworks Information Security Practices • Proactive, Default Settings • Embedded, End2End Protection • Transparency, Respect for Users Privacy by Design • Privacy Impact Assessments • Risk Assessments Analyze and Assess Privacy Operational Lifecycle Assess Protect Sustain Respond Protect
  17. 17. • Compliance with Privacy Policy • Monitor regulations and legislation • Compliance and Risk • Environment Monitor • Align Privacy operations • Compliance with Policies and Standards • Access Modification Disclosure • Communication of Findings Audit • Awareness • Flexibility • Catalog and maintain documents • Train Communicate Sustain Privacy Operational Lifecycle Assess Protect Sustain Respond
  18. 18. • Handling, Access • Redress, Correction • Integrity Information Request • Preventing Harm • Accountability • Monitoring Legal Compliance • Roles and Responsibility • Integration in BCP • Detection Incident Planning • Pre-notification • Response Plan, Plan Execution • Reporting, Evaluation Incident Handling Respond Privacy Operational Lifecycle Assess Protect Sustain Respond
  19. 19. In Summary 1. Define the privacy mission statement 2. Develop a strategy 3. Define team structure 4. Develop a framework – aligned to organization 5. Develop and communicate policies, procedures, standards and guidelines 6. Define performance metrics 7. Assess the based on governance model 8. Protect – DLM, Info Sec embedding privacy in the organization 9. Conduct RA and PIA 10. Monitor, audit and communicate 11. Respond to request 12. Accountability 13. Incident management
  20. 20. Additional Reading • IAPP.org • APEC.org • ICO.gov.uk • Priv.gc.ca • OECD.org
  21. 21. Questions? Andrew Nooks Symptai Consulting Limited Email: info@symptai.com

×