This document summarizes an information security seminar for third sector organizations. It discusses that charities and non-profits have just as much sensitive information to protect as businesses, including donor details, financial records, and client information. However, they often have fewer IT resources. It reviews the risks of a data breach, including reputational damage, fines, and loss of donor trust. The seminar emphasizes the importance of complying with the UK's Data Protection Act and having appropriate security processes and staff training in place to protect personal information and minimize risks.
The Information Commissioner calls - what to expect and how to react, May 201...Browne Jacobson LLP
This workshop covered ICO investigations into breaches of the current Data Protection Act 1998 and the Privacy and Electronic Communications Regulations 2003 (as amended).
We covered the following topics:
- the ICO’s powers, procedures and policies
- recent cases and ICO priorities
- your rights and obligations
- the benefits and pitfalls of proactive breach notification
- areas of risk and how to address them
- protecting legal privilege
- managing the risks under the Freedom of Information Act, and
- the major changes brought in by the forthcoming General Data Protection Regulation.
The General Data Protection Regulations (GDPR)
Lighting is no longer a stand-alone building or urban service, existing in isolation from other systems and services. Lighting is being driven by increasingly technologically advanced controls. Whether this is the move towards smart cities or the Internet of Things, small domestic systems or urban big data, security and privacy is becoming a matter of concern.
As we move into an interconnected future we need to understand the implications on how we process and use increasing amounts of data, including current legal requirements given in documents such as the General Data Protection Regulation and The Cybersecurity Act.
This presentation gives an overview of these issues and how they may affect the lighting industry.
By speaker: Peter Thorns BSc(Hons) CEng FCIBSE FSLL - Head of Strategic Lighting Applications, Thorn Lighting Ltd
The Information Commissioner calls - what to expect and how to react, May 201...Browne Jacobson LLP
This workshop covered ICO investigations into breaches of the current Data Protection Act 1998 and the Privacy and Electronic Communications Regulations 2003 (as amended).
We covered the following topics:
- the ICO’s powers, procedures and policies
- recent cases and ICO priorities
- your rights and obligations
- the benefits and pitfalls of proactive breach notification
- areas of risk and how to address them
- protecting legal privilege
- managing the risks under the Freedom of Information Act, and
- the major changes brought in by the forthcoming General Data Protection Regulation.
The General Data Protection Regulations (GDPR)
Lighting is no longer a stand-alone building or urban service, existing in isolation from other systems and services. Lighting is being driven by increasingly technologically advanced controls. Whether this is the move towards smart cities or the Internet of Things, small domestic systems or urban big data, security and privacy is becoming a matter of concern.
As we move into an interconnected future we need to understand the implications on how we process and use increasing amounts of data, including current legal requirements given in documents such as the General Data Protection Regulation and The Cybersecurity Act.
This presentation gives an overview of these issues and how they may affect the lighting industry.
By speaker: Peter Thorns BSc(Hons) CEng FCIBSE FSLL - Head of Strategic Lighting Applications, Thorn Lighting Ltd
Interact 2018 - GDPR for digital publishers, digital agencies and advertisersIAB Europe
Held in Milan on 23-24 May, IAB Europe’s annual 2-day conference Interact 2018 featured a training by Matthias Matthiesen, Director Public Policy & Privacy and Chris Hartsuiker, Public Policy Officer, IAB Europe. Which provisions in the General Data Protection Regulation are the most relevant to digital publishers and advertisers? What is the guidance of the European Data Protection Board (former Article 29 Working party) on these topics? This training session, provided by IAB Europe will provide insight into applying the GDPR to the digital advertising supply chain.
What does the GDPR mean for charity communicators? | Scotland Networking Grou...CharityComms
David Freeland, senior policy officer at the Scottish Information Commissioner’s Office
Visit the CharityComms website to view slides from past events, see what events we have coming up and to check out what else we do: www.charitycomms.org.uk
In this presentation, 10 steps (10 P's of POPI) are introduced as essential ingredients of meeting Protection of Personal Information (POPI) requirements. As a privacy law, POPI relies heavily on sound information management principles. The COR Concepts Integrated Information Governance model is also discussed, providing a framework for ensuring that POPI is not treated in isolation, and that it forms part of a cohesive approach to managing enterprise-wide information.
GDPR – what does it mean for charities and what you need to consider - Iain P...m-hance
The General Data Protection Regulation (GDPR) is a regulation by which the European Parliament, The European Council and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). EU members have until May 2018 to ensure that they are fully compliant with the new regulation. Regardless of Brexit, organisations in the UK that collect and use personal data will need to comply. In this slide deck Iain gives an overview of GDPR, what the requirements mean for charities and what charities need to consider to be compliant
Social business software is all about sharing content and data in a “collaborative” way to identify internal or external experts. Most of these data must be considered as personal data which is related to an individual person.
Implementing social business technologies in enterprises often leads to discussion with data protection supervisors how to be compliant with EU data protection law. This discussion gets even more challenging if you consider using social business applications in “the cloud” which might the only choice in the near future due IBMs “Cloud First” or Microsoft’s “Cloud only” delivery model.
This session will give you an overview
- about EU data protection regulations
- its implications for using social business systems
- special considerations for using cloud based social business systems
This discussion on Trans Pacific Partnership. This presentation will look at Trade, Government Policies, comments from media, trade association as well as government leaders.
Interact 2018 - GDPR for digital publishers, digital agencies and advertisersIAB Europe
Held in Milan on 23-24 May, IAB Europe’s annual 2-day conference Interact 2018 featured a training by Matthias Matthiesen, Director Public Policy & Privacy and Chris Hartsuiker, Public Policy Officer, IAB Europe. Which provisions in the General Data Protection Regulation are the most relevant to digital publishers and advertisers? What is the guidance of the European Data Protection Board (former Article 29 Working party) on these topics? This training session, provided by IAB Europe will provide insight into applying the GDPR to the digital advertising supply chain.
What does the GDPR mean for charity communicators? | Scotland Networking Grou...CharityComms
David Freeland, senior policy officer at the Scottish Information Commissioner’s Office
Visit the CharityComms website to view slides from past events, see what events we have coming up and to check out what else we do: www.charitycomms.org.uk
In this presentation, 10 steps (10 P's of POPI) are introduced as essential ingredients of meeting Protection of Personal Information (POPI) requirements. As a privacy law, POPI relies heavily on sound information management principles. The COR Concepts Integrated Information Governance model is also discussed, providing a framework for ensuring that POPI is not treated in isolation, and that it forms part of a cohesive approach to managing enterprise-wide information.
GDPR – what does it mean for charities and what you need to consider - Iain P...m-hance
The General Data Protection Regulation (GDPR) is a regulation by which the European Parliament, The European Council and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). EU members have until May 2018 to ensure that they are fully compliant with the new regulation. Regardless of Brexit, organisations in the UK that collect and use personal data will need to comply. In this slide deck Iain gives an overview of GDPR, what the requirements mean for charities and what charities need to consider to be compliant
Social business software is all about sharing content and data in a “collaborative” way to identify internal or external experts. Most of these data must be considered as personal data which is related to an individual person.
Implementing social business technologies in enterprises often leads to discussion with data protection supervisors how to be compliant with EU data protection law. This discussion gets even more challenging if you consider using social business applications in “the cloud” which might the only choice in the near future due IBMs “Cloud First” or Microsoft’s “Cloud only” delivery model.
This session will give you an overview
- about EU data protection regulations
- its implications for using social business systems
- special considerations for using cloud based social business systems
This discussion on Trans Pacific Partnership. This presentation will look at Trade, Government Policies, comments from media, trade association as well as government leaders.
It involves 12 countries: the US, Japan, Malaysia, Vietnam, Singapore, Brunei, Australia, New Zealand, Canada, Mexico, Chile and Peru.
The pact aims to deepen economic ties between these nations, slashing tariffs and fostering trade to boost growth.
Member countries are also hoping to foster a closer relationship on economic policies and regulation.
The agreement could create a new single market something like that of the EU.
Pretty big indeed. The 12 countries have a collective population of about 800 million - almost double that of the European Union's single market. The 12-nation would-be bloc is already responsible for 40% of world trade.
The deal is a remarkable achievement given the very different approaches and standards within the member countries, including environmental protection, workers' rights and regulatory coherence - not to mention the special protections that some countries have for certain industries
Canada's involvement in trans-pacific trade partnershipnikita kozlov
Canada's involvement in trans-pacific trade partnership. Presentation. Information was taken from special book about Canada in Trans-Pacific Trade Partnership...
TPP and Digital Rights: Indonesian Perspective OverviewICT Watch
This is a very brief review of Trans Pacific Partnership (TPP) from Indonesian perspective, focused on 2 provision that related to the digital rights, e-commerce and intellectual property.
Summary of the 5 TPP's Impacts:
Cross-border Data Transfer
- TPP: restriction of cross-border digital data transfer is not allowed
- standard for data and personal information?
- Jurisdiction? Bilateral /multilateral agreement?
Data Center Territory
- TPP: computing facility / data center localization is not allowed
- Indonesian Government Regulation No. 82/2012?
- Localization = trade barrier? Market (traffic) domination?
Copyrighted Digital Content
- TPP: immediate remove/disable digital content of the copyright infringement
- Liability of service providers? User-generated content?
- Regulation? Procedure? How about fair-use?
Trade Secret in Computer System
- TPP: unauthorized access of trade secret in a computer system is a criminal
- Revelation of a corporate wrongdoing is criminal?
- New threat for whistleblower, journalist or netizen who tell the truth?
Internet Access for Consumer
- TPP: Consumer’s Internet access subject to “reasonable network management”
- Justification for “reasonable”? Unjustifiable discriminatory?
- Limitation of “network management” practice? Net neutrality?
e-Transmission Custom Duties
- TPP: custom duties on electronic transmission is not allowed
- Global operators’ revenues are stagnating, operating and capital expenditures are increasing. Meanwhile, the “over-the-top” (OTT) players that piggyback free on telecom systems are gaining in number and popularity, making the traditional operators’ task that much more difficult* ?
- Taxing of over-the-top (OTT) services? Digital products?
Compiled by ICT Watch - Indonesia.
*) http://www.strategyand.pwc.com/perspectives/2015-telecommunications-trends
Data Protection Rules are Changing: What Can You Do to Prepare?Lumension
The European Union’s proposed new data protection regulation aims to update Europe’s data protection laws and to provide a more consistent data protection framework across the Continent.
But the new regulation, which replaces the EU’s existing data protection directive and member states’ data protection laws, will put some new demands on organisations holding personal data. Breach disclosure and “the right to be forgotten” will force businesses to update their data protection and retention policies.
This presentation will:
- Review the current EU laws, and contrast them with laws in other parts of the world;
- Examine the arguments for strengthening data protection in Europe, and the likely outcomes;
- Look at what security teams should already be doing to put themselves ahead of legislative changes;
- Outline strategies and technologies organisations need to meet current and future data protection requirements
- Help infosecurity teams to explain the changes – and their consequences – to their boards
Fundraising Abroad and Data Protection – How to protect your reputation and r...Adam Davidson
The last five years have seen rapid technological change with regards fundraising and marketing. They have also seen an ever-growing public awareness of privacy rights. People expect their personal information to be protected and used in accordance with their rights and expectations.
Data Protection is an old law that got new teeth in 2010.
Further, in April 2015 the Information Commission’s Office got greater powers to pursue nuisance calls and electronic marketing; these are on top of the £1.3m of fines issued since 2012 for serious breaches of the Privacy and Electronic Communication Regulations (PECRs).
Your reputation, income and finances can quickly be harmed through poor or outdated practice. But get it right, and you can use personal data as an asset and deliver donations.
Chapel & York invited Protecture DPO to present a 45 minute free webinar to addresses the key elements of Data Protection and PECR legislation that relate to fundraising abroad. They discussed what you can do now to reduce the risk of your current approaches, and how to deliver compliance in the future.
Gary Shipsey, Managing Director of Protecture, lead the session. Gary holds BCS Practitioner Certification in the Data Protection Act, Information Risk Management and the Freedom of Information Act, and is a co-founder of Protecture. Gary is also Chair of the Third Sector Group of the Information and Records Management Society (IRMS).
Privacy Regulations and Your Digital SetupPiwik PRO
How Will the New Privacy Regulations Affect Your Digital Set-up? In less than 2 years from now, Europe’s new data privacy law will come into effect, changing the way organizations handle information of their users. General Data Protection Regulation will heavily impact usage of digital tools for customer insights and analytics.
This presentation was created by the Piwik PRO Team for a webinar session with Aurelie Pols. Webinar recording is available on: https://youtu.be/dPOvbbZ3vdo
Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...Benjamin Ang
When Companies are hit by cyber security breaches, they and their directors may have legal liabilities to employees, customers, regulators and the authorities. This presentation gives special emphasis to Singapore law.
Charity Law Updates for 2018: Making the Most of ChangeIBB Law
January 2018 welcomes the Kingston Smith and IBB Solicitors annual charities update to bring you up to speed with the legal and regulatory developments in the Charity Sector.
For advice on developments in the Charity Sector please see:
https://www.ibblaw.co.uk/sector/charities
For charity law experts see:
https://www.ibblaw.co.uk/service/charities
Rosie Brass, senior solicitor in the Charities team at IBB, will provide an overview of the legal framework for the GDPR. Then Dan Fletcher, Director (Fundraising), at Kingston Smith, will guide attendees on how to make the most of the GDPR and use the changes to improve their data management. Dan will also discuss practical ways to use the changes to improve fundraising and marketing for the better. For more information on GDPR please see: https://www.ibblaw.co.uk/insights/blog/are-you-ready-general-data-protection-regulation
In the second half of the seminar, Mahmood Ramji and Luke Holt from the Kingston Smith Charities team will provide an update on accounting, including looking at the recent SORP information sheet and the expected future timeline for new SORP iterations, followed by an overview of another 2017 hot topic - charity fraud, including cybercrime. Mahmood will also share details of the most pertinent areas we have been discussing with our clients during 2017. Looking forward into 2018, Luke will highlight the main points from the Lords Select Committee on Charities and how the sector may adapt as a result. Following the release of the third edition of the Charity Governance Code, Luke will also discuss the main areas of consideration and significant changes from previous versions. They will then conclude with a look at the new CC32 Independent Examination guidance and its key amendments.
The last part of the presentation will be provided by Paul Ridout, who heads the IBB Charities practice and will talk briefly about some recent regulatory action by the Charity Commission, including the deployment of some of the new powers brought in by the Charities (Protection and Social Investment) Act 2016. He will also address the tricky issue of serious incident reporting, in the light of the Commission’s recent changes to its guidance to trustees about what needs to be reported, and when.
This webinar gives an overview of:
- The regulation landscape
- Territorial scope
- Remedies, liabilities and penalties
- Privacy notices
- The right of data subject
- Consent
- Data processing
- Profiling or "automated individual decision-making"
- International marketing and data transfers
A recording of this webinar is available here:
https://www.youtube.com/watch?v=Vr_CT24v2iI
Everything you need to know about the GDPRSpoon London
The frequency of data-related incidents could change with the impending General Data Protection Regulation (GDPR) – the EU’s law that comes into effect in May. The major update to the previous EU data protection law aims to regulate the use and treatment of an individual’s personal data.
A new regulation means organisations that use data will need to be more careful and explicit with gaining consent. After May, companies that maintain poor data protection practices will not only be breaking the law, but could face a hefty €20 million fine or four per cent of a company’s annual turnover.
Needless to say, the GDPR is a pretty big deal with even bigger consequences. Still, no need to panic. Here's everything you need to know about the GDPR.
What All Organisations Need to Know About Data Protection and Cloud Computing...Brian Miller, Solicitor
Solicitor Brian Miller and barrister Vicki Bowles explore the legal and security aspects of data protection and putting your data in the cloud. This is part one (basic) of a two part course on data protection and cloud computing.
[Privacy Webinar Slides] Global Enforcement PrioritiesTrustArc
To watch the full on-demand webinar recording please visit: https://info.truste.com/WB-2016-05-19-Insight-Series-Global-Privacy-Enforcement-Priorities_RegPage-OnDemand.html
As the scope of EU law extends its reach globally, we are also seeing greater international regulatory co-operation. Whether it’s the FTC, the FCC or European DPAs - global privacy regulators are taking steps to prioritize and address top concerns that affect everyone on a global scale.
In this on-demand webinar the speakers will:
• Review the latest case law and enforcement actions from the last 12 months
• Address the impact of the rise of activism and the role of individuals like Max Schrems who have forced legal changes
• Provide their perspectives on future outcomes and how to keep your company out of the regulatory spotlight
Register to watch this on-demand webinar now to to learn how to keep your company out of the regulatory spotlight: https://info.truste.com/WB-2016-05-19-Insight-Series-Global-Privacy-Enforcement-Priorities_RegPage-OnDemand.html
How your nonprofit can avoid data breaches and ensure privacyTechSoup Canada
Increasingly, nonprofits hold large quantities of digital assets (such as donor information, grant application details, financial records, etc.). Organizations of all sizes and industries are being targeted by cyber criminals. Cyber-attacks will often devastate an organization’s operations and have significant financial, legal and reputational consequences.
In this webinar, Imran Ahmad of Miller Thomson, LLP will explain how implementing best practices from a pre-breach standpoint can go a long way to mitigate the negative consequences of a cyber-attack.
What you will learn:
- what the cyber threat landscape looks like
- how to ensure privacy of your digital assets
- steps to take in the aftermath of a cyber-attack
Information Governance -- Necessary Evil or a Bridge to the Future?John Mancini
How the world is changing -- Old paradigms are being stretched to the breaking point
How we usually think about governance -- It’s not just about what you keep
How should we respond? -- Building an action plan for the next 2-3 years
Similar to TPP Finance Seminar 6th October 2016 (20)
TPP Finance Seminar 2019 - Embracing Digital ChangeTPP Recruitment
Our guest speakers Jon Curry & Nicolas Raynaud, WaterAid discuss:
- Context – digital transformation
- Opportunities and impact
- WaterAid experience to date – changes to the IT and Finance functions, achieved and envisaged
Presentation from our recent free HR breakfast seminar by Wendy Blake Ranken on Disciplinaries. TPP are the charity recruitment specialists. Find out more about our events and other free services on our website: www.tpp.co.uk.
15. Charity Commission Survey 2016
Almost 2,000 respondents –
• 61% said their trust and confidence in
charities had stayed the same,
• 33% said it had decreased,
• 6% said it had increased.
16. Charity Commission Survey 2016
Decreased confidence –
• 33% highlighted media stories about a
particular charity or charities as a factor.
• 32% cited media coverage about how charities
spend donations was a factor,
17. Charity Commission Survey 2016
Decreased confidence –
• 21% said they do not trust charities or know where
money goes.
18 % mentioned pressurising techniques, including in
fundraising,
• 15 % said their confidence had been impacted by
charities spending too much on advertising/wages
(perceived via the media or known?)
18. Charity Commission Survey 2016
Decreased confidence –
• 67% thought charities spend too much of their
funds on salaries and administration, up from
58 per cent in 2014.
• 9% said the most important factor in their
trust and confidence in charities is effective
management
23. Who would want to attack them?
• “Charities have no security!”
• Banks have sorted their security so .
• I don’t like what the charity does
• I want the information the charity holds
24. What is the impact of a breach?
• A fine from the ICO
• Adverse media attention
• Loss of supporter confidence
• Loss of income ▪
• Eventual closure
25. How do they protect that information?
• Pretty much the same as every other company,
except with reduced resources
• Smaller IT budget and staff
• Outsourced IT
• Non standard equipment
• Information security as a shared function
• Volunteer staff
29. And join the Charities Security Forum, of course
30. • The premier group for Information Professionals
working in the charity sector. The group has
representatives from many major and household
name charities, and meets quarterly in London.
• Our members participate in discussions and
presentations on information security issues of
relevance and importance to the not-for-profit
sector
34. Adapta Consulting
We are:
– A specialist information systems consultancy
– We only work with membership organisations, charities,
associations, trusts and others in the NfP sector
– We are completely supplier-independent
– Our consultants have held senior positions in a broad
range of different organisations
– Our advice and guidance is based on practical experience
gained over many years.
42. Complying with the Act
When processing personal and sensitive personal data
we have to comply with the 8 principles:
1. Data must be collected lawfully and fairly
2. It must be used only for specified purposes
3. The quantity of data collected should be appropriate
4. The data should be accurate and up to date
5. It should be kept only as long as necessary
6. It should be processed in accordance with the rights of those it concerns
7. It should be kept securely
8. It should not be transferred out of the EEA unless it is to an area which has
similar standards
43. • Investigation
• Enforcement
• Fines – up to £500k
• Criminal prosecution
– Serious contravention of the Act
– Causing substantial damage and / or
distress
– Deliberate or should have know better
When things go wrong
Everyone’s got to stick to the law, and if the law’s been broken then we will act
Information Commissioner, 2 September 2015
44. • The Nursing and Midwifery Council … lost dvds ... unencrypted.. £150k fine
• North East Lincolnshire Council … missing unencrypted memory stick …£80k fine
• Greater Manchester Police … stolen USB stick … unencrypted, no password
protection … £150k fine
• Royal Veterinary College … loss of a memory card … signed undertaking
• British Pregnancy Advice Service … hacked database … £200k fine
• Surrey County Council … misdirected emails
with attached files … not encrypted or password protected … £120k fine
• North Somerset Council … sent unencrypted
emails with personal data to wrong NHS employee … £60k fine
When things go wrong … some examples
45. • Personal data – accuracy, appropriate, up to date, kept only as
long as necessary
• Remote working
• Human error
• Volunteers
• Transferring data
• Emails
• Data processors
Key areas of risk
46. • Reputational damage
• ICO enforcement notice
• ICO fines of up to £500k
The consequences of non compliance
There is a danger here of blackening a whole sector. Charities seem to be becoming the new dirty
word, and that clearly isn’t fair. But the rules on data protection and the rules about privacy and
electronic communications apply to all who are processing data, whether businesses or charities.
Everyone’s got to stick to the law, and if the law’s been broken then we will act
Information Commissioner, 2 September 2015
The benefits of compliance
• Improved business processes
• Less data, more information
• Peace of mind
47. • Compliance review
• Implement appropriate policies & procedures
• Tell people what you are doing with their personal data
• Encrypt all portable devices
• Staff & volunteer training
Minimising the risk of non compliance
‘A key part of data protection legislation is to defend the rights of vulnerable people. Companies and
organisations have a duty to keep people’s data safe and are not allowed to simply hand out or consult on
personal information without proper care or an individual’s permission. In this way the DPA plays an
important part in protecting vulnerable people’ Judith Jones, ICO