2. THE SPEAKER:
Desmond Israel
Enterprise Privacy & Security Practitioner
LLB, BSC, CASP, QSC-VM, CCNSP
HIS EXPERIENCE:
3 Years in Data Privacy
10 Years in IT Security
15 Years in IT Business Development
8 Years in Public Speaking [IT Subject-Matter Expert]
BIO
4. Behold, the digital revolution! It glitters with
possibilities, opportunities and hope.
Consumers have seized the power to dictate what they want,
when
they want it, whom they buy from and how much they want to
pay.
But at what cost?
5. Organizations, eager to please the voracious appetites of
these super consumers, seize any opportunity available,
often through an
ever-emerging array of new technologies, to
communicate, build
relationships, gather reams of data and sell.The EYs Privacy trends 2013 report (ey.com/privacy2013), identified three
megatrends that were playing increasingly larger roles across the privacy
landscape: governance, technology and regulation.
6. How can organizations safeguard privacy in an
age of technology? The answer lies more in
governance than regulation, in innovation
more than compliance.
Hint: Privacy By Design
10. CURRENT TECHNOLOGIES
Digital devices and BYOD/BYOC
Solution: Outline clear protocols as guide, partitioning of the devices, Guest
Network & Sandbox
Social Media
Solution: Data collection vigilance & anonymization
Big data and data analytics
Solution: Anonymization, appropriate 3rd party permission & exposure control
Cloud Service Brokerage
Solution: Understand, apply, monitor & maintain organizational privacy policy
11. ON THE HORIZON
In-Memory Computing
Solution: Flexible and scalable privacy framework for emerging technology
The Internet of Things
Solution: Balance the efficiencies of IoT against consumer privacy
13. Today’s privacy regulations, as well as those being considered by regulatory bodies around the
world,
seem completely inadequate to protect individuals from the privacy risks emerging technologies
present.
GHANA: Data Protection Act 2012 (Act 873) currently in force under the Data Protection
Commission
14. The Data Protection Act, 2012 (Act 843) is premised on the fundamental rule that all
who process personal data must take into consideration the right of that individual to
the privacy of his or her communications. This recognition by a data controller or
processer should lead to the application of the 8 basic principles for processing
personal information. The Act sets out the 8 data principles under Section 17 as
follows:
Accountability
Lawfulness Of Processing
Specification Of Purpose
Compatibility Of Further Processing With Purpose Of Collection
Quality Of Information
Openness
Data Security Safeguards
Data Subject Participation
APPLYING DATA PROTECTION PRINCIPLES
15. 1. ACCOUNTABILITY
Processing of Personal Data (Section 18)
2. LAWFULNESS OF PROCESSING
Minimality (Section19)
Consent, justification and objection (20)
Collection of personal data (Section 21)
Retention of records (Section 24)
Data processed by data processor or an authorised person (Section 29)
3. SPECIFICATION OF PURPOSE
Collection of data for specific purpose (Section 22)
Data subject to be made aware of purpose of collection (Section 23)
4. COMPATIBILITY OF FURTHER PROCESSING WITH PURPOSE OF
COLLECTION
Further processing to be compatible with purpose of collection (Section 25)
APPLYING DATA PROTECTION PRINCIPLES
16. 5. QUALITY OF INFORMATION (Section 26)
6. OPENNESS
Registration of data controller (Section 27)
7. DATA SECURITY SAFEGUARDS
Security measures (Section 28)
Data processor to comply with security measures (Section 30)
Notification of security compromises (Section 31)
8. DATA SUBJECT PARTICIPATION
Access to personal information (Section 32)
Correction of personal data (Section 33)
APPLYING DATA PROTECTION PRINCIPLES
17. Governments are making valiant efforts to protect privacy, but they cannot do it alone.
Accountability for
privacy and personal data protection needs to be a joint effort among governments, privacy
commissioners,
organizations and individuals themselves.
Without such a coordinated effort, the whole notion of Right to Privacy may disappear.
IDEAL APPROACH
18.
19.
20. REFERENCES:
EY Insights on governance, risk and compliance
Privacy trends 2014 Privacy protection in the age of technology, January
2014
Data Protection Act 2012, Act 873 of Ghana
GET IN TOUCH:
desmond.israel@gmail.com
@desmond_israel