SlideShare a Scribd company logo

Security and Safe Keeping of Official Information by DPO

Atlantic Training, LLC.
Atlantic Training, LLC.

Security and Safe Keeping of Official Information

Business
1 of 23
Presentation on Security and Safe Keeping of official information Presented by DOOKEE Padaruth Data Protection Officer/ Senior Data Protection Officer Venue: Lecture Room 641, Level 6, Fook House. Bourbon Street, Port Louis 17 FEBRUARY 2016 AT 13:00
Security and Safe Keeping of official information  The aspect of Confidentiality and Security  Safekeeping of Documents
The aspect of Confidentiality  Confidentiality, integrity and availability, also known as the CIA triad, is a model designed to guide policies for information security within an organization.  The elements of the triad are considered the three most crucial components of security.  In this context, confidentiality is a set of rules that limits access to information, integrity is the assurance that the information is trustworthy and accurate, and availability is a guarantee of reliable access to the information by authorized people.
Confidentiality  Confidentiality is roughly equivalent to privacy.  Measures undertaken to ensure confidentiality are designed to prevent sensitive information from reaching the wrong people, while making sure that the right people can in fact get it:  Access must be restricted to only those authorized parties to view or maintain the data in question as per their designated role.  It is common, as well, for data to be categorized according to the amount and type of damage that could be done should it fall into unintended hands.  More or less stringent measures can then be implemented according to those categories.
Safeguarding data confidentiality Sometimes safeguarding data confidentiality may involve strong passwords and password-related best practices and   information about  social engineering methods,  to prevent them from data-handling rules with good intentions and potentially disastrous results. Extra measures might be taken in the case of extremely sensitive documents,  precautions such as storing only on very secured computers,  Protected disconnected storage devices or, for highly sensitive information, in hard copy form only.
Integrity  Integrity involves maintaining the consistency, accuracy, and trustworthiness of data over its entire life cycle.  Data must not be changed in transit, and steps must be taken to ensure that data cannot be altered by unauthorized people (for example, in a breach of confidentiality).  These measures include file permissions and user access controls. Version control maybe used to prevent erroneous changes or accidental deletion by authorized users becoming a problem.  In addition, some means must be in place to detect any changes in data that might occur as a result of non-human-caused events such as strong electromagnetic pulse (EMP) or file/ computer/server crash.
Availability   Availability is best ensured by rigorously maintaining all hardware, performing hardware repairs immediately when needed and maintaining a correctly functioning operating system environment that is free of software conflicts.  It’s also important to keep current with all necessary system upgrades.  Safeguards against data loss or interruptions in connections must include unpredictable events such as natural disasters and fire.  To prevent data loss from such occurrences, a backup copy may be stored in a geographically-isolated location, perhaps even in a fireproof, waterproof safe.  Extra security equipment or software such as firewalls and proxy servers can guard against downtime and unreachable data due to malicious actions such as denial-of-service (DoS) attacks and network intrusions.
2. Safekeeping of Documents  Where do you keep your most important documents?  Perhaps, you have a filing cabinet  These might include:  Passports  Titles and Deeds  Wills, Power of Attorney, Trusts  Legal documents  Birth certificates  Marriage, and other certificates  Bonds and other banking items  When you have a central location where all important papers are kept, then you know exactly where to find them when you need them.  Sounds simple. Yet, most people do not practice this easy organization tip.
5 Tips to Help You Always Know Where Your Most Important Documents Are: 1. All in One Location  Find one location or container to keep all of your most important documents. It can be a drawer, filing cabinet nearby or in the Registry.  My important papers must be in file of a unique color, in order to identify them rapidly. 2. Eliminate the Disorder Be very selective about what goes in your important papers collection.  There are very few documents that truly need to be in there.  For example, receipts and other simple documents should be in their own filing cabinet.  Think of your important papers as those that are “Top Secret” or non-replaceable.
5 Tips to Help You Always Know Where Your Most Important Documents Are: 3. Digitize What You Can Your important papers box should only be for documents that must be in hard copy. For documents that don’t explicitly need to be paper, scan them to your digital library. 4. Always Return Them When you do need an important document, make sure that you put it back as soon as you are done with it. Don’t place it on other location. Always put it immediately back in the original place. 5. Keep Them Safe Keep your important papers file in a safe place. It should be separate from your normal every day files.
Classified information  Classified information is material that a government body claims is sensitive information that requires protection of  confidentiality, integrity, or availability.  Access is restricted by law or regulation to particular groups of people, and mishandling can incur criminal penalties and loss of respect.  Documents and other information assets are typically marked with one of several (hierarchical) levels of sensitivity—  e.g. restricted, confidential, secret and top secret.  The choice of level is often based on an impact assessment; governments often have their own set of rules which include the levels, rules on determining the level for an information asset, and rules on how to protect information classified at each level.
Common classification  The two common classification schemes are government/military classification and commercial business/private sector classification. There are five levels of government/ military classification (listed here from highest to lowest):  Top secret The highest level of classification. The unauthorized disclosure of top – secret data will have drastic effects and cause grave damage to national security.  Secret Used for data of a restricted nature. The unauthorized disclosure of data classified as secret will have significant effects and cause critical damage to national security.
 Confidential Used for data of a confidential nature. The unauthorized disclosure of data classified as confidential will have noticeable effects and cause serious damage to national security. This classification is used for all data between secret and sensitive but unclassified classifications.  Sensitive but unclassified Used for data of a sensitive or private nature, but the disclosure of this data would not cause significant damage.  Unclassified The lowest level of classification. This is used for data that is neither sensitive nor classified. The disclosure of unclassified data does not compromise confidentiality or cause any noticeable damage.
Classifications  The classifications of confidential, secret, and top secret are collectively known or labeled as classified .  Often, revealing the actual classification of data to unauthorized individuals is a violation of that data. Thus, the term classified is generally used to refer to any data that is ranked above the sensitive but unclassified level.  All classified data is exempt from the - Freedom of Information Act as well as many other laws and regulations.
Other Security issues   (a) Ensure that computers, applications, databases and servers using the HRMIS are password protected.  It is recommended that passwords are of sufficient strength to deter password cracking or guessing attacks.  A strong password includes numbers, symbols, upper and lowercase letters and is changed on a regular basis. (b) After a period of inactivity, ensure that computers are subject to password-protected lock out.  Staffs should ensure that PCs are logged off or ‘locked’ when left unattended for any period of time (e.g. in Windows, using Ctrl+Alt+Del keys). (c) Ensure that computers and servers are securely locked away from any unauthorised people.
Security continue…  (d) Ensure that access controls are put in place and the correct designated role is assigned to you.  Ideally, users should only have access to the specific data which they require in order to perform their duties.  For sensitive personal data, i.e., racial/ethnic origin, political opinion/adherence, religious/similar belief, membership to trade union, physical/mental health, sexual preferences/practices and criminal convictions, it is recommended to use additional safeguards such as encryption and multi-level access controls.  (e) Ensure that the security measures in place are up-to-date and effective, e.g. up-to- date antivirus & firewall software.  (f) Ensure that an up-to-date firewall is available to protect systems connected to the internet.
Security continue…  (g) Ensure that access to personal information is restricted on a “need-to-know” basis in accordance with defined policy governing data protection aspects, e.g., authorisation required when accessing certain modules in the HRMIS.  (h) Ensure that Access granted has been provided to the user for the HRMIS for the clearance to work there.  For instance, swipe card and/or PIN technology to the room(s) in question could be used to record when, where and by whom the room was accessed and to ensure that no one is granted access by others credentials.  (i) Any access to the system which is no longer in active use, and provides access to personal data in the HRMIS, should be removed where such access is no longer necessary or cannot be justified.
S 27.     DPA - Security of personal data  (1)               A data controller shall –  (a)               take appropriate security and organisational measures for the prevention of unauthorised access to, alteration of, disclosure of, accidental loss, and destruction of the data in his control; and  (b) ensure that the measures provide a level of security appropriate to –  (i)               the harm that might result from the unauthorised access to, alteration of, disclosure of, destruction of the data and its accidental loss; and  (ii)             the nature of the data concerned.
28.       Duty to destroy personal data  (1) Where the purpose for keeping personal data has lapsed, the data controller shall – (a)    destroy such data as soon as reasonably practicable; and (b)     notify any data processor holding such data.  (2) Any data processor who receives a notification under subsection (1) (b) shall, as soon as reasonably practicable, destroy the data specified by the data controller.
S 29 DPA.Unlawful disclosure of personal data  (1) Any data controller who, without lawful excuse, discloses personal data in any manner that is incompatible with the purposes for which such data has been collected shall commit an offence.  (2) Any data processor who, without lawful excuse, discloses personal data processed by him without the prior authority of the data controller on whose behalf such data is or has been processed shall commit an offence.  (3) Subject to subsection (4), any person who - (a) obtains access to personal data, or obtains any information constituting such data, without prior authority of the data controller or data processor by whom such data is kept; and (b) discloses the data or information to another person,             shall commit an offence.
S 29 DPA.Unlawful disclosure of personal data  (4) Subsection (3) shall not apply to a person who is an employee or agent of a data controller or processor and is acting within his mandate.  (5) Any person who offers to sell personal data where such personal data has been obtained in breach of subsection (1) shall commit an offence.  (6) For the purposes of subsection (5), an advertisement indicating that personal data is or may be for sale, constitutes an offer to sell the personal data.
9. Other related laws for Security and safe Keeping of official information  Data Protection Act  ​Computer Misuse and Cybercrime Act  Electronic Transactions Act  Official Secrets Act  Information and Communication Technologies Act  All the above can be downloaded from the internet at: http://mtci.govmu.org/English/Rules-RegulationsPolicies/Pages/default.aspx http://dataprotection.govmu.org/English/Pages/default.aspx http://ethicscorner.govmu.org/English/Documents/Regulatory/secretsact.pdf
Questions:

Recommended

Vectra Concept Overview
Vectra Concept OverviewVectra Concept Overview
Vectra Concept OverviewIlya O
 
Legal Issues in Records Management
Legal Issues in Records ManagementLegal Issues in Records Management
Legal Issues in Records ManagementBrad Houston
 
Challenges facing Information and Records Management Professionals
Challenges facing Information and Records Management ProfessionalsChallenges facing Information and Records Management Professionals
Challenges facing Information and Records Management ProfessionalsCollabor8now Ltd
 
8. operations security
8. operations security8. operations security
8. operations security7wounders
 
Data security
Data securityData security
Data securityAbdulBasit938
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber riskStephen Cobb
 
Chapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.pptChapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.pptShruthi48
 
Metrics, Risk Management & DLP
Metrics, Risk Management & DLPMetrics, Risk Management & DLP
Metrics, Risk Management & DLPRobert Kloots
 

Recommended

Vectra Concept Overview
Vectra Concept OverviewVectra Concept Overview
Vectra Concept OverviewIlya O
 
Legal Issues in Records Management
Legal Issues in Records ManagementLegal Issues in Records Management
Legal Issues in Records ManagementBrad Houston
 
Challenges facing Information and Records Management Professionals
Challenges facing Information and Records Management ProfessionalsChallenges facing Information and Records Management Professionals
Challenges facing Information and Records Management ProfessionalsCollabor8now Ltd
 
8. operations security
8. operations security8. operations security
8. operations security7wounders
 
Data security
Data securityData security
Data securityAbdulBasit938
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber riskStephen Cobb
 
Chapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.pptChapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.pptShruthi48
 
Metrics, Risk Management & DLP
Metrics, Risk Management & DLPMetrics, Risk Management & DLP
Metrics, Risk Management & DLPRobert Kloots
 
Information Security
Information SecurityInformation Security
Information Securityhaneefvf1
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Dinesh O Bareja
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityThe Open Group SA
 
What are policies procedures guidelines standards
What are policies procedures guidelines standardsWhat are policies procedures guidelines standards
What are policies procedures guidelines standardsManish Chaurasia
 
ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1Tanmay Shinde
 
Information classification
Information classificationInformation classification
Information classificationHoward Diesel (CDMP BI, DW, DBA, Msc Elec Eng)
 
Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)Network Intelligence India
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays worldSibghatullah Khattak
 
Electronic Records Management An Overview
Electronic Records Management An OverviewElectronic Records Management An Overview
Electronic Records Management An OverviewKen Matthews
 
It Policies
It PoliciesIt Policies
It PoliciesJames Sutter
 
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...PECB
 
Introduction to it auditing
Introduction to it auditingIntroduction to it auditing
Introduction to it auditingDamilola Mosaku
 
Physical Security Assessments
Physical Security AssessmentsPhysical Security Assessments
Physical Security AssessmentsTom Eston
 
NQA ISO 27001 A Guide to Annex A
NQA ISO 27001 A Guide to Annex ANQA ISO 27001 A Guide to Annex A
NQA ISO 27001 A Guide to Annex ANA Putra
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness TrainingRandy Bowman
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practicesamiable_indian
 
The CIA triad.pptx
The CIA triad.pptxThe CIA triad.pptx
The CIA triad.pptxGulnurAzat
 
Information classification
Information classificationInformation classification
Information classificationJyothsna Sridhar
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005ControlCase
 
what is data security full ppt
what is data security full pptwhat is data security full ppt
what is data security full pptShahbaz Khan
 
Data Protection and Privacy laws class 11
Data Protection and Privacy laws class 11Data Protection and Privacy laws class 11
Data Protection and Privacy laws class 11mufalegend
 
Data security
Data securityData security
Data securityTapan Khilar
 

More Related Content

What's hot

Information Security
Information SecurityInformation Security
Information Securityhaneefvf1
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Dinesh O Bareja
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityThe Open Group SA
 
What are policies procedures guidelines standards
What are policies procedures guidelines standardsWhat are policies procedures guidelines standards
What are policies procedures guidelines standardsManish Chaurasia
 
ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1Tanmay Shinde
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays worldSibghatullah Khattak
 
Electronic Records Management An Overview
Electronic Records Management An OverviewElectronic Records Management An Overview
Electronic Records Management An OverviewKen Matthews
 
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...PECB
 
Introduction to it auditing
Introduction to it auditingIntroduction to it auditing
Introduction to it auditingDamilola Mosaku
 
Physical Security Assessments
Physical Security AssessmentsPhysical Security Assessments
Physical Security AssessmentsTom Eston
 
NQA ISO 27001 A Guide to Annex A
NQA ISO 27001 A Guide to Annex ANQA ISO 27001 A Guide to Annex A
NQA ISO 27001 A Guide to Annex ANA Putra
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness TrainingRandy Bowman
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practicesamiable_indian
 
The CIA triad.pptx
The CIA triad.pptxThe CIA triad.pptx
The CIA triad.pptxGulnurAzat
 
Information classification
Information classificationInformation classification
Information classificationJyothsna Sridhar
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005ControlCase
 
what is data security full ppt
what is data security full pptwhat is data security full ppt
what is data security full pptShahbaz Khan
 

What's hot (20)

Information Security
Information SecurityInformation Security
Information Security
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
 
What are policies procedures guidelines standards
What are policies procedures guidelines standardsWhat are policies procedures guidelines standards
What are policies procedures guidelines standards
 
ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1ISO 27001 - information security user awareness training presentation - Part 1
ISO 27001 - information security user awareness training presentation - Part 1
 
Information classification
Information classificationInformation classification
Information classification
 
Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays world
 
Electronic Records Management An Overview
Electronic Records Management An OverviewElectronic Records Management An Overview
Electronic Records Management An Overview
 
It Policies
It PoliciesIt Policies
It Policies
 
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
CIA Triad in Data Governance, Information Security, and Privacy: Its Role and...
 
Introduction to it auditing
Introduction to it auditingIntroduction to it auditing
Introduction to it auditing
 
Physical Security Assessments
Physical Security AssessmentsPhysical Security Assessments
Physical Security Assessments
 
NQA ISO 27001 A Guide to Annex A
NQA ISO 27001 A Guide to Annex ANQA ISO 27001 A Guide to Annex A
NQA ISO 27001 A Guide to Annex A
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness Training
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practices
 
The CIA triad.pptx
The CIA triad.pptxThe CIA triad.pptx
The CIA triad.pptx
 
Information classification
Information classificationInformation classification
Information classification
 
Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005Information Security Management System ISO/IEC 27001:2005
Information Security Management System ISO/IEC 27001:2005
 
what is data security full ppt
what is data security full pptwhat is data security full ppt
what is data security full ppt
 

Similar to Security and Safe Keeping of Official Information by DPO

Data Protection and Privacy laws class 11
Data Protection and Privacy laws class 11Data Protection and Privacy laws class 11
Data Protection and Privacy laws class 11mufalegend
 
A Case For Information Protection Programs
A Case For Information Protection ProgramsA Case For Information Protection Programs
A Case For Information Protection ProgramsMichael Annis
 
Information security
Information securityInformation security
Information securitySanjay Tiwari
 
We Have Met the Enemy, and He is Us: The Role of the "Human Factor" in Protec...
We Have Met the Enemy, and He is Us: The Role of the "Human Factor" in Protec...We Have Met the Enemy, and He is Us: The Role of the "Human Factor" in Protec...
We Have Met the Enemy, and He is Us: The Role of the "Human Factor" in Protec...Jack Pringle
 
L2 - Protecting Security of Assets_.pptx
L2 - Protecting Security of Assets_.pptxL2 - Protecting Security of Assets_.pptx
L2 - Protecting Security of Assets_.pptxRebeccaMunasheChimhe
 
Patient confidentiality training
Patient confidentiality trainingPatient confidentiality training
Patient confidentiality trainingwrightjr02
 
How-to: 18 Ways to Secure Your Electronic Documents
How-to: 18 Ways to Secure Your Electronic DocumentsHow-to: 18 Ways to Secure Your Electronic Documents
How-to: 18 Ways to Secure Your Electronic DocumentsBMDS3416
 
12-19-14 CLE for South (P Garrett)
12-19-14 CLE for South (P Garrett)12-19-14 CLE for South (P Garrett)
12-19-14 CLE for South (P Garrett)Patrick Garrett
 
NameIn this assignment, you must answer the Answer Implying .docx
NameIn this assignment, you must answer the Answer Implying .docxNameIn this assignment, you must answer the Answer Implying .docx
NameIn this assignment, you must answer the Answer Implying .docxgemaherd
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityBharath Rao
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information securityjayashri kolekar
 
Data+security+sp10
Data+security+sp10Data+security+sp10
Data+security+sp10ismaelhaider
 
How to Secure Data Privacy in 2024.pdf
How to Secure Data Privacy in 2024.pdfHow to Secure Data Privacy in 2024.pdf
How to Secure Data Privacy in 2024.pdfV2Infotech1
 
How to Secure Data Privacy in 2024.pptx
How to Secure Data Privacy in 2024.pptxHow to Secure Data Privacy in 2024.pptx
How to Secure Data Privacy in 2024.pptxV2Infotech1
 
Information Asset Classification .pptx
Information Asset Classification .pptxInformation Asset Classification .pptx
Information Asset Classification .pptxDrRajapraveen
 

Similar to Security and Safe Keeping of Official Information by DPO (20)

Data Protection and Privacy laws class 11
Data Protection and Privacy laws class 11Data Protection and Privacy laws class 11
Data Protection and Privacy laws class 11
 
Data security
Data securityData security
Data security
 
Data Security
Data SecurityData Security
Data Security
 
A Case For Information Protection Programs
A Case For Information Protection ProgramsA Case For Information Protection Programs
A Case For Information Protection Programs
 
Confidentiality
ConfidentialityConfidentiality
Confidentiality
 
Information security
Information securityInformation security
Information security
 
We Have Met the Enemy, and He is Us: The Role of the "Human Factor" in Protec...
We Have Met the Enemy, and He is Us: The Role of the "Human Factor" in Protec...We Have Met the Enemy, and He is Us: The Role of the "Human Factor" in Protec...
We Have Met the Enemy, and He is Us: The Role of the "Human Factor" in Protec...
 
L2 - Protecting Security of Assets_.pptx
L2 - Protecting Security of Assets_.pptxL2 - Protecting Security of Assets_.pptx
L2 - Protecting Security of Assets_.pptx
 
Patient confidentiality training
Patient confidentiality trainingPatient confidentiality training
Patient confidentiality training
 
How-to: 18 Ways to Secure Your Electronic Documents
How-to: 18 Ways to Secure Your Electronic DocumentsHow-to: 18 Ways to Secure Your Electronic Documents
How-to: 18 Ways to Secure Your Electronic Documents
 
12-19-14 CLE for South (P Garrett)
12-19-14 CLE for South (P Garrett)12-19-14 CLE for South (P Garrett)
12-19-14 CLE for South (P Garrett)
 
Frankston
FrankstonFrankston
Frankston
 
NameIn this assignment, you must answer the Answer Implying .docx
NameIn this assignment, you must answer the Answer Implying .docxNameIn this assignment, you must answer the Answer Implying .docx
NameIn this assignment, you must answer the Answer Implying .docx
 
Encrypt-Everything-eB.pdf
Encrypt-Everything-eB.pdfEncrypt-Everything-eB.pdf
Encrypt-Everything-eB.pdf
 
The CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information SecurityThe CIA Triad - Assurance on Information Security
The CIA Triad - Assurance on Information Security
 
Introduction to information security
Introduction to information securityIntroduction to information security
Introduction to information security
 
Data+security+sp10
Data+security+sp10Data+security+sp10
Data+security+sp10
 
How to Secure Data Privacy in 2024.pdf
How to Secure Data Privacy in 2024.pdfHow to Secure Data Privacy in 2024.pdf
How to Secure Data Privacy in 2024.pdf
 
How to Secure Data Privacy in 2024.pptx
How to Secure Data Privacy in 2024.pptxHow to Secure Data Privacy in 2024.pptx
How to Secure Data Privacy in 2024.pptx
 
Information Asset Classification .pptx
Information Asset Classification .pptxInformation Asset Classification .pptx
Information Asset Classification .pptx
 

More from Atlantic Training, LLC.

Stress and Worker Safety by Pennsylvania L&I
Stress and Worker Safety by Pennsylvania L&IStress and Worker Safety by Pennsylvania L&I
Stress and Worker Safety by Pennsylvania L&IAtlantic Training, LLC.
 
Workplace Harassment Prevention by UT EAP
Workplace Harassment Prevention by UT EAPWorkplace Harassment Prevention by UT EAP
Workplace Harassment Prevention by UT EAPAtlantic Training, LLC.
 
Preventing Falls, Slips and Trips by MGSU
Preventing Falls, Slips and Trips by MGSUPreventing Falls, Slips and Trips by MGSU
Preventing Falls, Slips and Trips by MGSUAtlantic Training, LLC.
 
Preventing Workplace Harassment by Pennsylvania L&I
Preventing Workplace Harassment by Pennsylvania L&IPreventing Workplace Harassment by Pennsylvania L&I
Preventing Workplace Harassment by Pennsylvania L&IAtlantic Training, LLC.
 
Warehouses In Emergencies by WFP Logistics
Warehouses In Emergencies by WFP LogisticsWarehouses In Emergencies by WFP Logistics
Warehouses In Emergencies by WFP LogisticsAtlantic Training, LLC.
 
Sexual Harassment in the Workplace Training by Shumaker
Sexual Harassment in the Workplace Training by ShumakerSexual Harassment in the Workplace Training by Shumaker
Sexual Harassment in the Workplace Training by ShumakerAtlantic Training, LLC.
 
New Employee Safety Orientation by Oregon State University
New Employee Safety Orientation by Oregon State UniversityNew Employee Safety Orientation by Oregon State University
New Employee Safety Orientation by Oregon State UniversityAtlantic Training, LLC.
 

More from Atlantic Training, LLC. (20)

Wellness for Supervisors by SWOSU
Wellness for Supervisors by SWOSUWellness for Supervisors by SWOSU
Wellness for Supervisors by SWOSU
 
Workplace Wellness by PHA
Workplace Wellness by PHAWorkplace Wellness by PHA
Workplace Wellness by PHA
 
Stress Management Training by SG
Stress Management Training by SGStress Management Training by SG
Stress Management Training by SG
 
Stress Management Training by SW
Stress Management Training by SWStress Management Training by SW
Stress Management Training by SW
 
Stress and Worker Safety by Pennsylvania L&I
Stress and Worker Safety by Pennsylvania L&IStress and Worker Safety by Pennsylvania L&I
Stress and Worker Safety by Pennsylvania L&I
 
Respectful Workplace by RDTC
Respectful Workplace by RDTCRespectful Workplace by RDTC
Respectful Workplace by RDTC
 
Workplace Harassment by CLGW
Workplace Harassment by CLGWWorkplace Harassment by CLGW
Workplace Harassment by CLGW
 
Workplace Harassment Prevention by UT EAP
Workplace Harassment Prevention by UT EAPWorkplace Harassment Prevention by UT EAP
Workplace Harassment Prevention by UT EAP
 
Welding Safety by Pennsylvania L&I
Welding Safety by Pennsylvania L&IWelding Safety by Pennsylvania L&I
Welding Safety by Pennsylvania L&I
 
Slips Trips & Falls Training by Signal
Slips Trips & Falls Training by SignalSlips Trips & Falls Training by Signal
Slips Trips & Falls Training by Signal
 
Preventing Falls, Slips and Trips by MGSU
Preventing Falls, Slips and Trips by MGSUPreventing Falls, Slips and Trips by MGSU
Preventing Falls, Slips and Trips by MGSU
 
Preventing Workplace Harassment by Pennsylvania L&I
Preventing Workplace Harassment by Pennsylvania L&IPreventing Workplace Harassment by Pennsylvania L&I
Preventing Workplace Harassment by Pennsylvania L&I
 
Warehouses In Emergencies by WFP Logistics
Warehouses In Emergencies by WFP LogisticsWarehouses In Emergencies by WFP Logistics
Warehouses In Emergencies by WFP Logistics
 
Prevention of Sexual Harassment by USMC
Prevention of Sexual Harassment by USMCPrevention of Sexual Harassment by USMC
Prevention of Sexual Harassment by USMC
 
Sexual Harassment by DEOMI
Sexual Harassment by DEOMISexual Harassment by DEOMI
Sexual Harassment by DEOMI
 
Sexual Harassment in the Workplace Training by Shumaker
Sexual Harassment in the Workplace Training by ShumakerSexual Harassment in the Workplace Training by Shumaker
Sexual Harassment in the Workplace Training by Shumaker
 
Sexual Harassment Training by NAP
Sexual Harassment Training by NAPSexual Harassment Training by NAP
Sexual Harassment Training by NAP
 
Scaffolds Training by Pennsylvania L&I
Scaffolds Training by Pennsylvania L&IScaffolds Training by Pennsylvania L&I
Scaffolds Training by Pennsylvania L&I
 
Supervision
SupervisionSupervision
Supervision
 
New Employee Safety Orientation by Oregon State University
New Employee Safety Orientation by Oregon State UniversityNew Employee Safety Orientation by Oregon State University
New Employee Safety Orientation by Oregon State University
 

Recently uploaded

BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,noida100girls
 
Digital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfDigital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfJos Voskuil
 
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis UsageNeil Kimberley
 
Kenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith PereraKenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith Pereraictsugar
 
Marketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent ChirchirMarketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent Chirchirictsugar
 
Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Seta Wicaksana
 
Market Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMarket Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMintel Group
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaoncallgirls2057
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessSeta Wicaksana
 
Call Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any TimeCall Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any Timedelhimodelshub1
 
Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Riya Pathan
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCRashishs7044
 
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607dollysharma2066
 
India Consumer 2024 Redacted Sample Report
India Consumer 2024 Redacted Sample ReportIndia Consumer 2024 Redacted Sample Report
India Consumer 2024 Redacted Sample ReportMintel Group
 
Kenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby AfricaKenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby Africaictsugar
 
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptxContemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptxMarkAnthonyAurellano
 
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...lizamodels9
 
Lean: From Theory to Practice — One City’s (and Library’s) Lean Story… Abridged
Lean: From Theory to Practice — One City’s (and Library’s) Lean Story… AbridgedLean: From Theory to Practice — One City’s (and Library’s) Lean Story… Abridged
Lean: From Theory to Practice — One City’s (and Library’s) Lean Story… AbridgedKaiNexus
 
Call Girls in DELHI Cantt, ( Call Me )-8377877756-Female Escort- In Delhi / Ncr
Call Girls in DELHI Cantt, ( Call Me )-8377877756-Female Escort- In Delhi / NcrCall Girls in DELHI Cantt, ( Call Me )-8377877756-Female Escort- In Delhi / Ncr
Call Girls in DELHI Cantt, ( Call Me )-8377877756-Female Escort- In Delhi / Ncrdollysharma2066
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyotictsugar
 

Recently uploaded (20)

BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
 
Digital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfDigital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdf
 
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage
 
Kenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith PereraKenya Coconut Production Presentation by Dr. Lalith Perera
Kenya Coconut Production Presentation by Dr. Lalith Perera
 
Marketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent ChirchirMarketplace and Quality Assurance Presentation - Vincent Chirchir
Marketplace and Quality Assurance Presentation - Vincent Chirchir
 
Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...
 
Market Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMarket Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 Edition
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful Business
 
Call Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any TimeCall Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any Time
 
Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737Independent Call Girls Andheri Nightlaila 9967584737
Independent Call Girls Andheri Nightlaila 9967584737
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
 
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
 
India Consumer 2024 Redacted Sample Report
India Consumer 2024 Redacted Sample ReportIndia Consumer 2024 Redacted Sample Report
India Consumer 2024 Redacted Sample Report
 
Kenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby AfricaKenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby Africa
 
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptxContemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
 
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
Call Girls In Connaught Place Delhi ❤️88604**77959_Russian 100% Genuine Escor...
 
Lean: From Theory to Practice — One City’s (and Library’s) Lean Story… Abridged
Lean: From Theory to Practice — One City’s (and Library’s) Lean Story… AbridgedLean: From Theory to Practice — One City’s (and Library’s) Lean Story… Abridged
Lean: From Theory to Practice — One City’s (and Library’s) Lean Story… Abridged
 
Call Girls in DELHI Cantt, ( Call Me )-8377877756-Female Escort- In Delhi / Ncr
Call Girls in DELHI Cantt, ( Call Me )-8377877756-Female Escort- In Delhi / NcrCall Girls in DELHI Cantt, ( Call Me )-8377877756-Female Escort- In Delhi / Ncr
Call Girls in DELHI Cantt, ( Call Me )-8377877756-Female Escort- In Delhi / Ncr
 
Investment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy CheruiyotInvestment in The Coconut Industry by Nancy Cheruiyot
Investment in The Coconut Industry by Nancy Cheruiyot
 

Security and Safe Keeping of Official Information by DPO

  • 1. Presentation on Security and Safe Keeping of official information Presented by DOOKEE Padaruth Data Protection Officer/ Senior Data Protection Officer Venue: Lecture Room 641, Level 6, Fook House. Bourbon Street, Port Louis 17 FEBRUARY 2016 AT 13:00
  • 2. Security and Safe Keeping of official information  The aspect of Confidentiality and Security  Safekeeping of Documents
  • 3. The aspect of Confidentiality  Confidentiality, integrity and availability, also known as the CIA triad, is a model designed to guide policies for information security within an organization.  The elements of the triad are considered the three most crucial components of security.  In this context, confidentiality is a set of rules that limits access to information, integrity is the assurance that the information is trustworthy and accurate, and availability is a guarantee of reliable access to the information by authorized people.
  • 4. Confidentiality  Confidentiality is roughly equivalent to privacy.  Measures undertaken to ensure confidentiality are designed to prevent sensitive information from reaching the wrong people, while making sure that the right people can in fact get it:  Access must be restricted to only those authorized parties to view or maintain the data in question as per their designated role.  It is common, as well, for data to be categorized according to the amount and type of damage that could be done should it fall into unintended hands.  More or less stringent measures can then be implemented according to those categories.
  • 5. Safeguarding data confidentiality Sometimes safeguarding data confidentiality may involve strong passwords and password-related best practices and   information about  social engineering methods,  to prevent them from data-handling rules with good intentions and potentially disastrous results. Extra measures might be taken in the case of extremely sensitive documents,  precautions such as storing only on very secured computers,  Protected disconnected storage devices or, for highly sensitive information, in hard copy form only.
  • 6. Integrity  Integrity involves maintaining the consistency, accuracy, and trustworthiness of data over its entire life cycle.  Data must not be changed in transit, and steps must be taken to ensure that data cannot be altered by unauthorized people (for example, in a breach of confidentiality).  These measures include file permissions and user access controls. Version control maybe used to prevent erroneous changes or accidental deletion by authorized users becoming a problem.  In addition, some means must be in place to detect any changes in data that might occur as a result of non-human-caused events such as strong electromagnetic pulse (EMP) or file/ computer/server crash.
  • 7. Availability   Availability is best ensured by rigorously maintaining all hardware, performing hardware repairs immediately when needed and maintaining a correctly functioning operating system environment that is free of software conflicts.  It’s also important to keep current with all necessary system upgrades.  Safeguards against data loss or interruptions in connections must include unpredictable events such as natural disasters and fire.  To prevent data loss from such occurrences, a backup copy may be stored in a geographically-isolated location, perhaps even in a fireproof, waterproof safe.  Extra security equipment or software such as firewalls and proxy servers can guard against downtime and unreachable data due to malicious actions such as denial-of-service (DoS) attacks and network intrusions.
  • 8. 2. Safekeeping of Documents  Where do you keep your most important documents?  Perhaps, you have a filing cabinet  These might include:  Passports  Titles and Deeds  Wills, Power of Attorney, Trusts  Legal documents  Birth certificates  Marriage, and other certificates  Bonds and other banking items  When you have a central location where all important papers are kept, then you know exactly where to find them when you need them.  Sounds simple. Yet, most people do not practice this easy organization tip.
  • 9. 5 Tips to Help You Always Know Where Your Most Important Documents Are: 1. All in One Location  Find one location or container to keep all of your most important documents. It can be a drawer, filing cabinet nearby or in the Registry.  My important papers must be in file of a unique color, in order to identify them rapidly. 2. Eliminate the Disorder Be very selective about what goes in your important papers collection.  There are very few documents that truly need to be in there.  For example, receipts and other simple documents should be in their own filing cabinet.  Think of your important papers as those that are “Top Secret” or non-replaceable.
  • 10. 5 Tips to Help You Always Know Where Your Most Important Documents Are: 3. Digitize What You Can Your important papers box should only be for documents that must be in hard copy. For documents that don’t explicitly need to be paper, scan them to your digital library. 4. Always Return Them When you do need an important document, make sure that you put it back as soon as you are done with it. Don’t place it on other location. Always put it immediately back in the original place. 5. Keep Them Safe Keep your important papers file in a safe place. It should be separate from your normal every day files.
  • 11. Classified information  Classified information is material that a government body claims is sensitive information that requires protection of  confidentiality, integrity, or availability.  Access is restricted by law or regulation to particular groups of people, and mishandling can incur criminal penalties and loss of respect.  Documents and other information assets are typically marked with one of several (hierarchical) levels of sensitivity—  e.g. restricted, confidential, secret and top secret.  The choice of level is often based on an impact assessment; governments often have their own set of rules which include the levels, rules on determining the level for an information asset, and rules on how to protect information classified at each level.
  • 12. Common classification  The two common classification schemes are government/military classification and commercial business/private sector classification. There are five levels of government/ military classification (listed here from highest to lowest):  Top secret The highest level of classification. The unauthorized disclosure of top – secret data will have drastic effects and cause grave damage to national security.  Secret Used for data of a restricted nature. The unauthorized disclosure of data classified as secret will have significant effects and cause critical damage to national security.
  • 13.  Confidential Used for data of a confidential nature. The unauthorized disclosure of data classified as confidential will have noticeable effects and cause serious damage to national security. This classification is used for all data between secret and sensitive but unclassified classifications.  Sensitive but unclassified Used for data of a sensitive or private nature, but the disclosure of this data would not cause significant damage.  Unclassified The lowest level of classification. This is used for data that is neither sensitive nor classified. The disclosure of unclassified data does not compromise confidentiality or cause any noticeable damage.
  • 14. Classifications  The classifications of confidential, secret, and top secret are collectively known or labeled as classified .  Often, revealing the actual classification of data to unauthorized individuals is a violation of that data. Thus, the term classified is generally used to refer to any data that is ranked above the sensitive but unclassified level.  All classified data is exempt from the - Freedom of Information Act as well as many other laws and regulations.
  • 15. Other Security issues   (a) Ensure that computers, applications, databases and servers using the HRMIS are password protected.  It is recommended that passwords are of sufficient strength to deter password cracking or guessing attacks.  A strong password includes numbers, symbols, upper and lowercase letters and is changed on a regular basis. (b) After a period of inactivity, ensure that computers are subject to password-protected lock out.  Staffs should ensure that PCs are logged off or ‘locked’ when left unattended for any period of time (e.g. in Windows, using Ctrl+Alt+Del keys). (c) Ensure that computers and servers are securely locked away from any unauthorised people.
  • 16. Security continue…  (d) Ensure that access controls are put in place and the correct designated role is assigned to you.  Ideally, users should only have access to the specific data which they require in order to perform their duties.  For sensitive personal data, i.e., racial/ethnic origin, political opinion/adherence, religious/similar belief, membership to trade union, physical/mental health, sexual preferences/practices and criminal convictions, it is recommended to use additional safeguards such as encryption and multi-level access controls.  (e) Ensure that the security measures in place are up-to-date and effective, e.g. up-to- date antivirus & firewall software.  (f) Ensure that an up-to-date firewall is available to protect systems connected to the internet.
  • 17. Security continue…  (g) Ensure that access to personal information is restricted on a “need-to-know” basis in accordance with defined policy governing data protection aspects, e.g., authorisation required when accessing certain modules in the HRMIS.  (h) Ensure that Access granted has been provided to the user for the HRMIS for the clearance to work there.  For instance, swipe card and/or PIN technology to the room(s) in question could be used to record when, where and by whom the room was accessed and to ensure that no one is granted access by others credentials.  (i) Any access to the system which is no longer in active use, and provides access to personal data in the HRMIS, should be removed where such access is no longer necessary or cannot be justified.
  • 18. S 27.     DPA - Security of personal data  (1)               A data controller shall –  (a)               take appropriate security and organisational measures for the prevention of unauthorised access to, alteration of, disclosure of, accidental loss, and destruction of the data in his control; and  (b) ensure that the measures provide a level of security appropriate to –  (i)               the harm that might result from the unauthorised access to, alteration of, disclosure of, destruction of the data and its accidental loss; and  (ii)             the nature of the data concerned.
  • 19. 28.       Duty to destroy personal data  (1) Where the purpose for keeping personal data has lapsed, the data controller shall – (a)    destroy such data as soon as reasonably practicable; and (b)     notify any data processor holding such data.  (2) Any data processor who receives a notification under subsection (1) (b) shall, as soon as reasonably practicable, destroy the data specified by the data controller.
  • 20. S 29 DPA.Unlawful disclosure of personal data  (1) Any data controller who, without lawful excuse, discloses personal data in any manner that is incompatible with the purposes for which such data has been collected shall commit an offence.  (2) Any data processor who, without lawful excuse, discloses personal data processed by him without the prior authority of the data controller on whose behalf such data is or has been processed shall commit an offence.  (3) Subject to subsection (4), any person who - (a) obtains access to personal data, or obtains any information constituting such data, without prior authority of the data controller or data processor by whom such data is kept; and (b) discloses the data or information to another person,             shall commit an offence.
  • 21. S 29 DPA.Unlawful disclosure of personal data  (4) Subsection (3) shall not apply to a person who is an employee or agent of a data controller or processor and is acting within his mandate.  (5) Any person who offers to sell personal data where such personal data has been obtained in breach of subsection (1) shall commit an offence.  (6) For the purposes of subsection (5), an advertisement indicating that personal data is or may be for sale, constitutes an offer to sell the personal data.
  • 22. 9. Other related laws for Security and safe Keeping of official information  Data Protection Act  ​Computer Misuse and Cybercrime Act  Electronic Transactions Act  Official Secrets Act  Information and Communication Technologies Act  All the above can be downloaded from the internet at: http://mtci.govmu.org/English/Rules-RegulationsPolicies/Pages/default.aspx http://dataprotection.govmu.org/English/Pages/default.aspx http://ethicscorner.govmu.org/English/Documents/Regulatory/secretsact.pdf