Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

IS/DPP for staff #3b - Data Classification

57 views

Published on

An example of how the staff training on information security, data protection and privacy (IS/DPP) could look.
This part is on data classification, drilling a bit deeper into confidentiality, integrity, availability (=CIA), privacy (=CAPI), traceability, and retention (=PATRIC), to be amended to meet the specific organisation's setup.
The slides come with notes that in short explain the visuals on the slides.

Published in: Education
  • Be the first to comment

  • Be the first to like this

IS/DPP for staff #3b - Data Classification

  1. 1. - Internal - IS/DPP Baseline Training E-learning – Part 3 – Data & Classification
  2. 2. 2 - Internal - Page Confidentiality
  3. 3. 3 - Internal - Page Confidentiality
  4. 4. 4 - Internal - Page Confidentiality Website content, approved media releases, marketing materials, …Public Website content, approved media releases, marketing materials, …
  5. 5. 5 - Internal - Page Confidentiality Public
  6. 6. 6 - Internal - Page Confidentiality Internal Public Departmental memos, information on bulletin boards, training materials, policies, procedures, instructions, phone/email directories,…
  7. 7. 7 - Internal - Page Confidentiality Website content, approved media releases, marketing materials, … Restricted Internal Public Personal data, customer correspondence, staff data, internal audit reports, …
  8. 8. 8 - Internal - Page Confidentiality Website content, approved media releases, marketing materials, … Restricted Internal Public Secret Passwords and other authentication credentials, new products, mergers,…
  9. 9. 9 - Internal - Page
  10. 10. 10 - Internal - Page Confidentiality Integrity
  11. 11. 11 - Internal - Page Confidentiality Integrity Availability
  12. 12. 12 - Internal - Page Confidentiality Availability Privacy Integrity
  13. 13. 13 - Internal - Page Control Data Subject Processing personal data Data Controller Finality Legitimacy Transparency Organisation Proportional end-to-end Data Protection Act / GDPR
  14. 14. 14 - Internal - Page Data Subject Processing personal data Data Controller Data Protection Act / GDPR 1. What would your reaction be if we did it to your personal data?
  15. 15. 15 - Internal - Page Data Subject Processing personal data Data Controller Data Protection Act / GDPR 1. What would your reaction be if we did it to your personal data? 2. What would the reaction be of somebody who likes his privacy, if we did it to his/her personal data?
  16. 16. 16 - Internal - Page Data Subject Processing personal data Data Controller Data Protection Act / GDPR 1. What would your reaction be if we did it to your personal data? 2. What would the reaction be of somebody who likes his privacy, if we did it to his/her personal data? 3. What would the reaction of the public be if what we do to personal data is in detail explained on the front page of tomorrow’s newspaper?
  17. 17. 17 - Internal - Page Data Subject Processing personal data Data Controller Data Protection Act / GDPR 1. What would your reaction be if we did it to your personal data? 2. What would the reaction be of somebody who likes his privacy, if we did it to his/her personal data? 3. What would the reaction of the public be if what we do to personal data is in detail explained on the front page of tomorrow’s newspaper?
  18. 18. 18 - Internal - Page Full Set of Data Classifications: PATRIC Category Classifications Privacy Use the (personal) data in line with the original purpose  (original) purpose Availability Ensure that information is available to authorized persons  Non-Essential, Essential, Critical and Highly Critical Traceability Modifications can be traced back  Non-Traceable, Sensitive and Critical Retention Retained & disposed in line with law & business objectives  No Retention, Short-Term, Mid-Term and Long-Term Integrity Prevent accidental, unauthorized and deliberate alteration or deletion  Accurate, Vital and Absolute Confidentiality Prevent unauthorized disclosure  Public, Internal, Restricted and Secret Company specific
  19. 19. 19 - Internal - Page Full Set of Data Classifications: PATRIC Category Classifications Privacy Use the (personal) data in line with the original purpose  (original) purpose Availability Ensure that information is available to authorized persons  Non-Essential, Essential, Critical and Highly Critical Traceability Modifications can be traced back  Non-Traceable, Sensitive and Critical Retention Retained & disposed in line with law & business objectives  No Retention, Short-Term, Mid-Term and Long-Term Integrity Prevent accidental, unauthorized and deliberate alteration or deletion  Accurate, Vital and Absolute Confidentiality Prevent unauthorized disclosure  Public, Internal, Restricted and Secret Company specific
  20. 20. 20 - Internal - Page Key Takeaways  ABC Group classifies on different levels : personal data and PATRIC.  All information has a classification, even if it is not explicit.  You should classify.  Confidentiality distinguishes different circles: public, internal, restricted and secret, wherein personal data is always at least “restricted”. 30 sec IS/DPP survival kit WrapUp

×