Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Southern Region Privacy –  Embedding a Privacy Culture  “ Privacy Matters” Training for Managers & Supervisors
Privacy Culture in Southern Region <ul><li>  This session will better equip you to understand: </li></ul><ul><li>Past Priv...
Privacy Basics <ul><li>Privacy provides you with rights to: </li></ul><ul><li>Access and amend records, to ensure they are...
Why the need for training? <ul><li>Past culture  </li></ul><ul><li>Incidents  have brought unnecessary, negative attention...
Information under your control When dealing with information, think privacy A person’s race, ethnicity, criminal record, t...
Why do we collect personal information? <ul><li>Common reasons for collection: </li></ul><ul><ul><li>To hire you </li></ul...
Controls around Collection <ul><li>A privacy statement sets the rules for collecting, </li></ul><ul><li>using, storing, sh...
Controls around personal information <ul><li>Ensure you and your staff practice the ‘need to know’ principle </li></ul><ul...
Privacy Expectations as a Manager   <ul><li>You are responsible for your staff’s data collections </li></ul><ul><li>Create...
New Recruits and Contractors <ul><li>Ensure they understand privacy and comply with all privacy policies </li></ul><ul><li...
Staff sensitivities  <ul><li>Home addresses and telephone numbers  (they do not have to agree to share broadly) </li></ul>...
Prevent Privacy Payouts  <ul><li>What privacy incidents may lead to compensation? </li></ul><ul><ul><li>Unlawfully or Unfa...
Loss of information <ul><li>The loss of personal information has major implications for the department.  </li></ul><ul><ul...
Should you have a privacy incident? <ul><li>Alleged privacy  </li></ul><ul><li>incident </li></ul>Reported within  30 min ...
Back to Culture 2007/08 Start of Change <ul><li>Building privacy into practices rather than merely responding to incidents...
Current  Privacy Culture <ul><li>Getting to grips with privacy in a regional and co-location context  </li></ul><ul><li>In...
2009 Current Values <ul><li>In DOJ  the importance of managing client and staff information.   </li></ul><ul><li>In  our c...
Reflection - your biggest privacy challenges at your location
Here’s a list of challenges we prepared   <ul><li>Easily distracted shift workers </li></ul><ul><li>Pub talk & staff gossi...
Make a Statement  - Southern Region is Privacy Savy! <ul><li>Ensure forms have a privacy statement </li></ul><ul><li>Demon...
Where we want to be – Future of Privacy <ul><li>Privacy team – our job is to assist you </li></ul><ul><li>-have a better u...
Where we want to be at your location  <ul><li>Engage with your Privacy Contact Officer and get updates from them after eac...
Summary <ul><li>Privacy Risk is worth managing </li></ul><ul><li>Personal Information loss and leakage is a risk at your l...
Call Us – we’re here to  help YOU! <ul><li>Brent (03 8684 0007),  </li></ul><ul><li>Lina (03 8684 0176),  </li></ul><ul><l...
Upcoming SlideShare
Loading in …5
×

Training for managers and supervisors presentation

1,397 views

Published on

Published in: Technology, News & Politics
  • Be the first to comment

  • Be the first to like this

Training for managers and supervisors presentation

  1. 1. Southern Region Privacy – Embedding a Privacy Culture “ Privacy Matters” Training for Managers & Supervisors
  2. 2. Privacy Culture in Southern Region <ul><li> This session will better equip you to understand: </li></ul><ul><li>Past Privacy Culture in the department & Southern Region </li></ul><ul><li>Current Privacy Culture in Southern Region </li></ul><ul><li>Future Privacy Culture in Southern Region (with your help) </li></ul>
  3. 3. Privacy Basics <ul><li>Privacy provides you with rights to: </li></ul><ul><li>Access and amend records, to ensure they are accurate and complete </li></ul><ul><li>To balance the free flow of personal information with respect for privacy </li></ul><ul><li>To make a complaint about a breach of privacy </li></ul>
  4. 4. Why the need for training? <ul><li>Past culture </li></ul><ul><li>Incidents have brought unnecessary, negative attention to the department’s information privacy and security practices </li></ul><ul><li>Re-education and re-emphasising the need to take responsibility for protecting against privacy incidents </li></ul>Photos in Dumpster, Mr C’s Case, Filing Cabinet incidents has made the public skeptical of how government protects personal information
  5. 5. Information under your control When dealing with information, think privacy A person’s race, ethnicity, criminal record, trade union membership Sensitive information Medical, Counselling, WorkCover, OHS, information about a living or deceased person - physical, mental or psychological health Health information Financial, Family, Contact details, Clients & HR details – material about a living identifiable or easily identifiable individual Personal information
  6. 6. Why do we collect personal information? <ul><li>Common reasons for collection: </li></ul><ul><ul><li>To hire you </li></ul></ul><ul><ul><li>To pay you </li></ul></ul><ul><ul><li>To locate you </li></ul></ul><ul><ul><li>To train and develop you </li></ul></ul><ul><ul><li>To provide services to our clients </li></ul></ul>Manager’s must limit unnecessary wide collection practices
  7. 7. Controls around Collection <ul><li>A privacy statement sets the rules for collecting, </li></ul><ul><li>using, storing, sharing and safeguarding personal </li></ul><ul><li>information </li></ul><ul><li>Collection Statement Generator </li></ul>A statement on a form informs the general public of what data is collected, for what purpose, the authority for doing so and who gets to see it and
  8. 8. Controls around personal information <ul><li>Ensure you and your staff practice the ‘need to know’ principle </li></ul><ul><li>- grant access in a database, in a folder, on TRIM only to those specific employees who require the record to perform assigned duties </li></ul><ul><li>for other individuals ask why they need access? </li></ul><ul><li>Interoffice mail </li></ul>Why do staff need access? How will they use the information
  9. 9. Privacy Expectations as a Manager <ul><li>You are responsible for your staff’s data collections </li></ul><ul><li>Create, manage, oversee files or databases containing personal information </li></ul><ul><li>Disseminations of personal information </li></ul>
  10. 10. New Recruits and Contractors <ul><li>Ensure they understand privacy and comply with all privacy policies </li></ul><ul><li>Ensure any contract for goods and services has a privacy clause </li></ul>
  11. 11. Staff sensitivities <ul><li>Home addresses and telephone numbers (they do not have to agree to share broadly) </li></ul><ul><li>Being approached by third parties to provide personal information </li></ul><ul><li>Not receiving an explanation as to why access to a database may be limited </li></ul>
  12. 12. Prevent Privacy Payouts <ul><li>What privacy incidents may lead to compensation? </li></ul><ul><ul><li>Unlawfully or Unfairly collecting personal information </li></ul></ul><ul><ul><li>Sharing data with unauthorised individuals </li></ul></ul><ul><ul><li>Inappropriate Access to databases </li></ul></ul><ul><ul><li>Making decisions on false information </li></ul></ul><ul><ul><li>Loss of information </li></ul></ul>
  13. 13. Loss of information <ul><li>The loss of personal information has major implications for the department. </li></ul><ul><ul><li>It can erode confidence in the government’s ability to protect information (UK) </li></ul></ul><ul><ul><li>Impact on budget </li></ul></ul><ul><ul><li>Lead to major legal action </li></ul></ul><ul><ul><li>Major implications for the individuals are responsible for the loss/compromise including allegations of serious misconduct </li></ul></ul>
  14. 14. Should you have a privacy incident? <ul><li>Alleged privacy </li></ul><ul><li>incident </li></ul>Reported within 30 min via line management Containment measures at location Provide summary of complaint / breach to Privacy Team NB: failure to notify often leads to additional briefing and reporting requirements Inappropriate Access to Personal Information Policy
  15. 15. Back to Culture 2007/08 Start of Change <ul><li>Building privacy into practices rather than merely responding to incidents </li></ul><ul><li>- privacy brochures, website statements </li></ul><ul><li>- posters, desk tools </li></ul><ul><li>-warning screens in databases about access </li></ul><ul><li>Increase privacy staff from .5 to 1.5 to 6 </li></ul><ul><li>Tailoring Requirements and Directives ( 9.7 & 9.18) </li></ul><ul><li>Face to Face privacy training at all prison locations (ongoing). </li></ul><ul><li>Establishment of the Privacy Contact Officer network </li></ul>
  16. 16. Current Privacy Culture <ul><li>Getting to grips with privacy in a regional and co-location context </li></ul><ul><li>Increase monitoring & accountability in relation to database access, correspondence control and client welfare </li></ul><ul><li>Defending practices publicly to regulators and in the media </li></ul>Filing Cabinet incident Monitoring & Auditing of access to details in databases Opening & reading of non-exempt prisoner correspondence Mr C’s Case Search and seizure practices LOSE SOME WIN SOME
  17. 17. 2009 Current Values <ul><li>In DOJ the importance of managing client and staff information. </li></ul><ul><li>In our communities that info is protected, rights respected and offenders and prisoners not compensated </li></ul><ul><li>In the Workforce protect contact details and train and support staff </li></ul><ul><li> </li></ul>
  18. 18. Reflection - your biggest privacy challenges at your location
  19. 19. Here’s a list of challenges we prepared <ul><li>Easily distracted shift workers </li></ul><ul><li>Pub talk & staff gossip </li></ul><ul><li>E-mails </li></ul><ul><li>High profile prisoners/clients </li></ul><ul><li>Data storage [ where to put it] </li></ul><ul><li>Information sharing – DHS/VIC POL </li></ul><ul><li>Contracted /outsourced services </li></ul><ul><li>Staff who forward & circulate info widely </li></ul><ul><li>‘ Snoops & Leaks’ </li></ul><ul><li>Faxes going to the wrong person </li></ul><ul><li>Have a culture of Hoarders and ‘Chuckers’ </li></ul>
  20. 20. Make a Statement - Southern Region is Privacy Savy! <ul><li>Ensure forms have a privacy statement </li></ul><ul><li>Demonstrate your commitment to protecting personal information at your location. Use the TR Traffic Cards on J-NET to do a walk around </li></ul><ul><li>Issue periodic reminders to staff to use caution when posting private information [ mail, email, internet, in shared folders] </li></ul><ul><li>Register Portable Devices and remind staff to take records off them </li></ul><ul><li>Ensure documents & photos posted to websites are permissible </li></ul>
  21. 21. Where we want to be – Future of Privacy <ul><li>Privacy team – our job is to assist you </li></ul><ul><li>-have a better understanding of where each other is coming from. Co-location is new for us as well </li></ul><ul><li>-your help for us to develop practical privacy tools that are easily understood and easy to implement </li></ul><ul><li>The Department and Other agencies we need to share information with </li></ul><ul><ul><li>Have a good working relationship - Eg. DHS Fact Sheet, VicPol Release of Information form </li></ul></ul><ul><li>Privacy Incidents </li></ul><ul><li>-Fewer results for Same Name, Media, Friend Searches on databases </li></ul><ul><li>- Awareness around issues with social media </li></ul><ul><li>-Fewer instances of staff complaints about breaches of their privacy ( if staff know their privacy is protected we have a better chance of protecting others privacy) </li></ul><ul><ul><li>NB secure staff contact information so as not to put them into any perceived danger </li></ul></ul>
  22. 22. Where we want to be at your location <ul><li>Engage with your Privacy Contact Officer and get updates from them after each privacy quarterly meeting </li></ul><ul><li>Have privacy listed on the agenda, occasionally, at staff meetings </li></ul><ul><li>Check staff at your location know how to spot and report a privacy incident to you </li></ul><ul><li>Assess vulnerabilities within your location prior to an incident occurring – e.g. periodically inspect and put in order hot spot areas [ copiers, faxes, rubbish zones, file storage] </li></ul><ul><li>Engage staff at your location in building your privacy and security culture – e.g. get behind activities year round to talk privacy or have some fun with privacy so staff know its not always about when they might have done the wrong thing </li></ul>
  23. 23. Summary <ul><li>Privacy Risk is worth managing </li></ul><ul><li>Personal Information loss and leakage is a risk at your location </li></ul><ul><li>Privacy Incident protection is more than just securing the system. People and culture are the key. </li></ul><ul><li>People can be our strongest or weakest link! </li></ul>
  24. 24. Call Us – we’re here to help YOU! <ul><li>Brent (03 8684 0007), </li></ul><ul><li>Lina (03 8684 0176), </li></ul><ul><li>Evelyn (03 8684 0173), </li></ul><ul><li>Melanie (03 8684 0071), </li></ul><ul><li>Amira (03 8684 0006) or </li></ul><ul><li>Billie (03 8684 0087) </li></ul>

×