SlideShare a Scribd company logo
1 of 49
TPP Finance Seminar
6th October 2016
About TPP
• TPP are specialist charity recruiters
• We have a dedicated Finance, IT & Facilities
team and recruit to roles at all levels
Thank you
020 7198 6050
finance@tpp.co.uk
www.tpp.co.uk
@TPPFinance
Information Security in the Third
Sector
Brian Shorten MSc CISSP FBCS
Chairman – Charities Security Forum
Why does the third sector
need information security?
57% of the UK population donated
£10.4bn to charities
9% via online donations
CAF UK Giving 2012/3
57% of the UK population gave to charity in
the previous 12 months
£10.6bn to charities
15% via online donations
11% via text
CAF UK Giving 2014
What does the third sector have to
protect?
Pretty much the same as every other company
HR Records
Financial records
Supporter details (DPA)
Card details (PCI)
Bank details (DPA)
‘client’ details (DPA)
Drug trials (MHRA)
Plus ……
Reputation!!
The third sector is the last bastion of
integrity in the UK
We used to look up to ….
MPs Athletics
The Church FIFA
NHS IOC
Bankers Tour de France
Police
We’re the good guys
Perception is everything..
….. because opinions can change
Charity Commission Survey 2016
Almost 2,000 respondents –
• 61% said their trust and confidence in
charities had stayed the same,
• 33% said it had decreased,
• 6% said it had increased.
Charity Commission Survey 2016
Decreased confidence –
• 33% highlighted media stories about a
particular charity or charities as a factor.
• 32% cited media coverage about how charities
spend donations was a factor,
Charity Commission Survey 2016
Decreased confidence –
• 21% said they do not trust charities or know where
money goes.
18 % mentioned pressurising techniques, including in
fundraising,
• 15 % said their confidence had been impacted by
charities spending too much on advertising/wages
(perceived via the media or known?)
Charity Commission Survey 2016
Decreased confidence –
• 67% thought charities spend too much of their
funds on salaries and administration, up from
58 per cent in 2014.
• 9% said the most important factor in their
trust and confidence in charities is effective
management
The media can easily change good guys into bad
guys
TPP Finance Seminar 6th October 2016
TPP Finance Seminar 6th October 2016
Good guys can easily become bad guys
Who would want to attack them?
• “Charities have no security!”
• Banks have sorted their security so .
• I don’t like what the charity does
• I want the information the charity holds
What is the impact of a breach?
• A fine from the ICO
• Adverse media attention
• Loss of supporter confidence
• Loss of income ▪
• Eventual closure
How do they protect that information?
• Pretty much the same as every other company,
except with reduced resources
• Smaller IT budget and staff
• Outsourced IT
• Non standard equipment
• Information security as a shared function
• Volunteer staff
TPP Finance Seminar 6th October 2016
TPP Finance Seminar 6th October 2016
CyberSecurity Information Sharing Partnership
(CiSP)
https://www.cert.gov.uk/cisp/
And join the Charities Security Forum, of course
• The premier group for Information Professionals
working in the charity sector. The group has
representatives from many major and household
name charities, and meets quarterly in London.
• Our members participate in discussions and
presentations on information security issues of
relevance and importance to the not-for-profit
sector
Thank you for your time
any questions?
Information Security in the Third
Sector
Brian Shorten MSc CISSP FBCS
Chairman – Charities Security Forum
Information Security
issues for third sector organisations
6 October 2016
Iain Pritchard & Fiona Brookes
@AdaptaforNFP
Adapta Consulting
We are:
– A specialist information systems consultancy
– We only work with membership organisations, charities,
associations, trusts and others in the NfP sector
– We are completely supplier-independent
– Our consultants have held senior positions in a broad
range of different organisations
– Our advice and guidance is based on practical experience
gained over many years.
Our CRM knowledge and experience
Agenda
1. Processes and people
(…and technology...)
2. The Data Protection Act
(why worry….)
3. Some discussion…
1. Processes and people
Iain Pritchard
20th Century relationships……
Members and
supporters
Membership bodies
and charities
21st Century expectations……
Members and
supporters
Membership bodies
and charities
People, processes and technology
Roles and people
Resources (information and technology)
Activities
(processes and culture)
2. The Data Protection Act
Fiona Brookes
Complying with the Act
When processing personal and sensitive personal data
we have to comply with the 8 principles:
1. Data must be collected lawfully and fairly
2. It must be used only for specified purposes
3. The quantity of data collected should be appropriate
4. The data should be accurate and up to date
5. It should be kept only as long as necessary
6. It should be processed in accordance with the rights of those it concerns
7. It should be kept securely
8. It should not be transferred out of the EEA unless it is to an area which has
similar standards
• Investigation
• Enforcement
• Fines – up to £500k
• Criminal prosecution
– Serious contravention of the Act
– Causing substantial damage and / or
distress
– Deliberate or should have know better
When things go wrong
Everyone’s got to stick to the law, and if the law’s been broken then we will act
Information Commissioner, 2 September 2015
• The Nursing and Midwifery Council … lost dvds ... unencrypted.. £150k fine
• North East Lincolnshire Council … missing unencrypted memory stick …£80k fine
• Greater Manchester Police … stolen USB stick … unencrypted, no password
protection … £150k fine
• Royal Veterinary College … loss of a memory card … signed undertaking
• British Pregnancy Advice Service … hacked database … £200k fine
• Surrey County Council … misdirected emails
with attached files … not encrypted or password protected … £120k fine
• North Somerset Council … sent unencrypted
emails with personal data to wrong NHS employee … £60k fine
When things go wrong … some examples
• Personal data – accuracy, appropriate, up to date, kept only as
long as necessary
• Remote working
• Human error
• Volunteers
• Transferring data
• Emails
• Data processors
Key areas of risk
• Reputational damage
• ICO enforcement notice
• ICO fines of up to £500k
The consequences of non compliance
There is a danger here of blackening a whole sector. Charities seem to be becoming the new dirty
word, and that clearly isn’t fair. But the rules on data protection and the rules about privacy and
electronic communications apply to all who are processing data, whether businesses or charities.
Everyone’s got to stick to the law, and if the law’s been broken then we will act
Information Commissioner, 2 September 2015
The benefits of compliance
• Improved business processes
• Less data, more information
• Peace of mind
• Compliance review
• Implement appropriate policies & procedures
• Tell people what you are doing with their personal data
• Encrypt all portable devices
• Staff & volunteer training
Minimising the risk of non compliance
‘A key part of data protection legislation is to defend the rights of vulnerable people. Companies and
organisations have a duty to keep people’s data safe and are not allowed to simply hand out or consult on
personal information without proper care or an individual’s permission. In this way the DPA plays an
important part in protecting vulnerable people’ Judith Jones, ICO
Some discussion…
help@adaptaconsulting.co.uk
www.adaptaconsulting.co.uk
Adapta Consulting, 5 St John’s Lane, London, EC1M 4BH
020 7250 4788

More Related Content

What's hot

Dataprotectionpackage 2015pptx
Dataprotectionpackage 2015pptxDataprotectionpackage 2015pptx
Dataprotectionpackage 2015pptxMarco Gioanola
 
Data Protection in India
Data Protection in IndiaData Protection in India
Data Protection in IndiaHome
 
The principles of the Data Protection Act in detail - uk
The principles of the Data Protection Act in detail - ukThe principles of the Data Protection Act in detail - uk
The principles of the Data Protection Act in detail - uk- Mark - Fullbright
 
Interact 2018 - GDPR for digital publishers, digital agencies and advertisers
Interact 2018 -  GDPR for digital publishers, digital agencies and advertisersInteract 2018 -  GDPR for digital publishers, digital agencies and advertisers
Interact 2018 - GDPR for digital publishers, digital agencies and advertisersIAB Europe
 
India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law Priyanka Aash
 
An introduction to data protection - 30 Jan 2014
An introduction to data protection - 30 Jan 2014An introduction to data protection - 30 Jan 2014
An introduction to data protection - 30 Jan 2014Rachel Aldighieri
 
Privacy & Data Ethics
Privacy & Data EthicsPrivacy & Data Ethics
Privacy & Data EthicsErik Kokkonen
 
What does the GDPR mean for charity communicators? | Scotland Networking Grou...
What does the GDPR mean for charity communicators? | Scotland Networking Grou...What does the GDPR mean for charity communicators? | Scotland Networking Grou...
What does the GDPR mean for charity communicators? | Scotland Networking Grou...CharityComms
 
Cor concepts information governance-protection-of-personal-information-act-popi
Cor concepts information governance-protection-of-personal-information-act-popiCor concepts information governance-protection-of-personal-information-act-popi
Cor concepts information governance-protection-of-personal-information-act-popiRobust Marketing & Consulting (Pty) Ltd
 
An introduction to data protection - 2/09/2015
An introduction to data protection - 2/09/2015An introduction to data protection - 2/09/2015
An introduction to data protection - 2/09/2015Rachel Aldighieri
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protectionsp_krishna
 
GDPR – what does it mean for charities and what you need to consider - Iain P...
GDPR – what does it mean for charities and what you need to consider - Iain P...GDPR – what does it mean for charities and what you need to consider - Iain P...
GDPR – what does it mean for charities and what you need to consider - Iain P...m-hance
 
2014 Update EU Cyber Law & Authentication Legislation
2014 Update EU Cyber Law & Authentication Legislation2014 Update EU Cyber Law & Authentication Legislation
2014 Update EU Cyber Law & Authentication LegislationMartenLinkedin
 
Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Werksmans Attorneys
 
Tieto - Transfer of International Companies’ Corporate IT Systems to Russia a...
Tieto - Transfer of International Companies’ Corporate IT Systems to Russia a...Tieto - Transfer of International Companies’ Corporate IT Systems to Russia a...
Tieto - Transfer of International Companies’ Corporate IT Systems to Russia a...Accountor Russia and Ukraine
 
DMA Legal update: autumn 2013 - Tuesday 1 October
DMA Legal update: autumn 2013 - Tuesday 1 OctoberDMA Legal update: autumn 2013 - Tuesday 1 October
DMA Legal update: autumn 2013 - Tuesday 1 OctoberRachel Aldighieri
 
Data Privacy
Data PrivacyData Privacy
Data PrivacyHome
 

What's hot (20)

Dataprotectionpackage 2015pptx
Dataprotectionpackage 2015pptxDataprotectionpackage 2015pptx
Dataprotectionpackage 2015pptx
 
Data Protection in India
Data Protection in IndiaData Protection in India
Data Protection in India
 
The principles of the Data Protection Act in detail - uk
The principles of the Data Protection Act in detail - ukThe principles of the Data Protection Act in detail - uk
The principles of the Data Protection Act in detail - uk
 
Interact 2018 - GDPR for digital publishers, digital agencies and advertisers
Interact 2018 -  GDPR for digital publishers, digital agencies and advertisersInteract 2018 -  GDPR for digital publishers, digital agencies and advertisers
Interact 2018 - GDPR for digital publishers, digital agencies and advertisers
 
India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law
 
An introduction to data protection - 30 Jan 2014
An introduction to data protection - 30 Jan 2014An introduction to data protection - 30 Jan 2014
An introduction to data protection - 30 Jan 2014
 
Privacy & Data Ethics
Privacy & Data EthicsPrivacy & Data Ethics
Privacy & Data Ethics
 
What does the GDPR mean for charity communicators? | Scotland Networking Grou...
What does the GDPR mean for charity communicators? | Scotland Networking Grou...What does the GDPR mean for charity communicators? | Scotland Networking Grou...
What does the GDPR mean for charity communicators? | Scotland Networking Grou...
 
Cor concepts information governance-protection-of-personal-information-act-popi
Cor concepts information governance-protection-of-personal-information-act-popiCor concepts information governance-protection-of-personal-information-act-popi
Cor concepts information governance-protection-of-personal-information-act-popi
 
An introduction to data protection - 2/09/2015
An introduction to data protection - 2/09/2015An introduction to data protection - 2/09/2015
An introduction to data protection - 2/09/2015
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protection
 
Legal update - Leeds
Legal update - LeedsLegal update - Leeds
Legal update - Leeds
 
GDPR – what does it mean for charities and what you need to consider - Iain P...
GDPR – what does it mean for charities and what you need to consider - Iain P...GDPR – what does it mean for charities and what you need to consider - Iain P...
GDPR – what does it mean for charities and what you need to consider - Iain P...
 
2014 Update EU Cyber Law & Authentication Legislation
2014 Update EU Cyber Law & Authentication Legislation2014 Update EU Cyber Law & Authentication Legislation
2014 Update EU Cyber Law & Authentication Legislation
 
Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...
 
Tieto - Transfer of International Companies’ Corporate IT Systems to Russia a...
Tieto - Transfer of International Companies’ Corporate IT Systems to Russia a...Tieto - Transfer of International Companies’ Corporate IT Systems to Russia a...
Tieto - Transfer of International Companies’ Corporate IT Systems to Russia a...
 
OUHK Comm6024 Lecture 9 - ethics in pr
OUHK Comm6024 Lecture 9 -  ethics in prOUHK Comm6024 Lecture 9 -  ethics in pr
OUHK Comm6024 Lecture 9 - ethics in pr
 
Using Social Business Software and being compliant with EU data protection la...
Using Social Business Software and being compliant with EU data protection la...Using Social Business Software and being compliant with EU data protection la...
Using Social Business Software and being compliant with EU data protection la...
 
DMA Legal update: autumn 2013 - Tuesday 1 October
DMA Legal update: autumn 2013 - Tuesday 1 OctoberDMA Legal update: autumn 2013 - Tuesday 1 October
DMA Legal update: autumn 2013 - Tuesday 1 October
 
Data Privacy
Data PrivacyData Privacy
Data Privacy
 

Viewers also liked

Trans Pacific Partnership - TPP - November 26, 2016
Trans Pacific Partnership -  TPP - November 26, 2016Trans Pacific Partnership -  TPP - November 26, 2016
Trans Pacific Partnership - TPP - November 26, 2016paul young cpa, cga
 
Trans Pacific Partnership Agreement
Trans Pacific Partnership AgreementTrans Pacific Partnership Agreement
Trans Pacific Partnership AgreementKiều Linh
 
TPP-Webinar-Brochure
TPP-Webinar-BrochureTPP-Webinar-Brochure
TPP-Webinar-BrochureMarissa Foo
 
Canada's involvement in trans-pacific trade partnership
Canada's involvement in trans-pacific trade partnershipCanada's involvement in trans-pacific trade partnership
Canada's involvement in trans-pacific trade partnershipnikita kozlov
 
Tpp power point presentation worc_2-26
Tpp power point presentation worc_2-26Tpp power point presentation worc_2-26
Tpp power point presentation worc_2-26ehalstvedt
 
The Trans Pacific Partnership Negotiating Background and Controversies
The Trans Pacific Partnership Negotiating Background and ControversiesThe Trans Pacific Partnership Negotiating Background and Controversies
The Trans Pacific Partnership Negotiating Background and ControversiesSimon Lacey
 
Thinh tpp labour_interim_report
Thinh tpp labour_interim_reportThinh tpp labour_interim_report
Thinh tpp labour_interim_reportRomalpa
 
The Top 10 Overlooked Facts About the Trans-Pacific Partnership
The Top 10 Overlooked Facts About the Trans-Pacific PartnershipThe Top 10 Overlooked Facts About the Trans-Pacific Partnership
The Top 10 Overlooked Facts About the Trans-Pacific PartnershipU.S. Chamber of Commerce
 
TPP and Digital Rights: Indonesian Perspective Overview
TPP and Digital Rights: Indonesian Perspective OverviewTPP and Digital Rights: Indonesian Perspective Overview
TPP and Digital Rights: Indonesian Perspective OverviewICT Watch
 
Trans-Pacific Partnership and Fast Track Powerpoint
Trans-Pacific Partnership and Fast Track PowerpointTrans-Pacific Partnership and Fast Track Powerpoint
Trans-Pacific Partnership and Fast Track Powerpointbootsmade4walkin
 
Lawyer in Vietnam Oliver Massmann presenting to the Members of the National A...
Lawyer in Vietnam Oliver Massmann presenting to the Members of the National A...Lawyer in Vietnam Oliver Massmann presenting to the Members of the National A...
Lawyer in Vietnam Oliver Massmann presenting to the Members of the National A...Dr. Oliver Massmann
 
Food & Water Watch: TPP and Imported Fish - 2013
Food & Water Watch: TPP and Imported Fish - 2013Food & Water Watch: TPP and Imported Fish - 2013
Food & Water Watch: TPP and Imported Fish - 2013gtwmedia
 
Online voting system project by bipin bhardwaj
Online voting system project by bipin bhardwajOnline voting system project by bipin bhardwaj
Online voting system project by bipin bhardwajPT Bipin Bhardwaj
 
VIETNAM – MAJOR TRADE PACTS – THE TPP, EVFTA AND AEC – WHAT IS IN FOR YOU? Op...
VIETNAM – MAJOR TRADE PACTS – THE TPP, EVFTA AND AEC – WHAT IS IN FOR YOU?Op...VIETNAM – MAJOR TRADE PACTS – THE TPP, EVFTA AND AEC – WHAT IS IN FOR YOU?Op...
VIETNAM – MAJOR TRADE PACTS – THE TPP, EVFTA AND AEC – WHAT IS IN FOR YOU? Op...Dr. Oliver Massmann
 

Viewers also liked (19)

Trans Pacific Partnership - TPP - November 26, 2016
Trans Pacific Partnership -  TPP - November 26, 2016Trans Pacific Partnership -  TPP - November 26, 2016
Trans Pacific Partnership - TPP - November 26, 2016
 
Trans Pacific Partnership Agreement
Trans Pacific Partnership AgreementTrans Pacific Partnership Agreement
Trans Pacific Partnership Agreement
 
Trans Pacific Partnership (TPP)
Trans Pacific Partnership (TPP)Trans Pacific Partnership (TPP)
Trans Pacific Partnership (TPP)
 
TPP HR Seminar Sep 16
TPP HR Seminar Sep 16TPP HR Seminar Sep 16
TPP HR Seminar Sep 16
 
TPP-Webinar-Brochure
TPP-Webinar-BrochureTPP-Webinar-Brochure
TPP-Webinar-Brochure
 
TPP Guide- Tax Cuts
TPP Guide- Tax CutsTPP Guide- Tax Cuts
TPP Guide- Tax Cuts
 
Canada's involvement in trans-pacific trade partnership
Canada's involvement in trans-pacific trade partnershipCanada's involvement in trans-pacific trade partnership
Canada's involvement in trans-pacific trade partnership
 
Tpp power point presentation worc_2-26
Tpp power point presentation worc_2-26Tpp power point presentation worc_2-26
Tpp power point presentation worc_2-26
 
Trans-Pacific Partnership
Trans-Pacific PartnershipTrans-Pacific Partnership
Trans-Pacific Partnership
 
The Trans Pacific Partnership Negotiating Background and Controversies
The Trans Pacific Partnership Negotiating Background and ControversiesThe Trans Pacific Partnership Negotiating Background and Controversies
The Trans Pacific Partnership Negotiating Background and Controversies
 
Thinh tpp labour_interim_report
Thinh tpp labour_interim_reportThinh tpp labour_interim_report
Thinh tpp labour_interim_report
 
The Top 10 Overlooked Facts About the Trans-Pacific Partnership
The Top 10 Overlooked Facts About the Trans-Pacific PartnershipThe Top 10 Overlooked Facts About the Trans-Pacific Partnership
The Top 10 Overlooked Facts About the Trans-Pacific Partnership
 
TPP and Digital Rights: Indonesian Perspective Overview
TPP and Digital Rights: Indonesian Perspective OverviewTPP and Digital Rights: Indonesian Perspective Overview
TPP and Digital Rights: Indonesian Perspective Overview
 
TPP
TPPTPP
TPP
 
Trans-Pacific Partnership and Fast Track Powerpoint
Trans-Pacific Partnership and Fast Track PowerpointTrans-Pacific Partnership and Fast Track Powerpoint
Trans-Pacific Partnership and Fast Track Powerpoint
 
Lawyer in Vietnam Oliver Massmann presenting to the Members of the National A...
Lawyer in Vietnam Oliver Massmann presenting to the Members of the National A...Lawyer in Vietnam Oliver Massmann presenting to the Members of the National A...
Lawyer in Vietnam Oliver Massmann presenting to the Members of the National A...
 
Food & Water Watch: TPP and Imported Fish - 2013
Food & Water Watch: TPP and Imported Fish - 2013Food & Water Watch: TPP and Imported Fish - 2013
Food & Water Watch: TPP and Imported Fish - 2013
 
Online voting system project by bipin bhardwaj
Online voting system project by bipin bhardwajOnline voting system project by bipin bhardwaj
Online voting system project by bipin bhardwaj
 
VIETNAM – MAJOR TRADE PACTS – THE TPP, EVFTA AND AEC – WHAT IS IN FOR YOU? Op...
VIETNAM – MAJOR TRADE PACTS – THE TPP, EVFTA AND AEC – WHAT IS IN FOR YOU?Op...VIETNAM – MAJOR TRADE PACTS – THE TPP, EVFTA AND AEC – WHAT IS IN FOR YOU?Op...
VIETNAM – MAJOR TRADE PACTS – THE TPP, EVFTA AND AEC – WHAT IS IN FOR YOU? Op...
 

Similar to TPP Finance Seminar 6th October 2016

GDPR training
GDPR training GDPR training
GDPR training ASL
 
Preparing for GDPR
Preparing for GDPR Preparing for GDPR
Preparing for GDPR NICVA
 
Academic Clustering Paper
Academic Clustering PaperAcademic Clustering Paper
Academic Clustering PaperKaren Nelson
 
Data Protection Act 1998 (amended 2000)
Data Protection Act 1998 (amended 2000)Data Protection Act 1998 (amended 2000)
Data Protection Act 1998 (amended 2000)The Pathway Group
 
Personal Data and Trust Network: Group Workshop 16/12/15
Personal Data and Trust Network: Group Workshop 16/12/15Personal Data and Trust Network: Group Workshop 16/12/15
Personal Data and Trust Network: Group Workshop 16/12/15Digital Catapult
 
Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?Lumension
 
Fundraising Abroad and Data Protection – How to protect your reputation and r...
Fundraising Abroad and Data Protection – How to protect your reputation and r...Fundraising Abroad and Data Protection – How to protect your reputation and r...
Fundraising Abroad and Data Protection – How to protect your reputation and r...Adam Davidson
 
Privacy Regulations and Your Digital Setup
Privacy Regulations and Your Digital SetupPrivacy Regulations and Your Digital Setup
Privacy Regulations and Your Digital SetupPiwik PRO
 
Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...
Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...
Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...Benjamin Ang
 
Charity Law Updates for 2018: Making the Most of Change
Charity Law Updates for 2018: Making the Most of ChangeCharity Law Updates for 2018: Making the Most of Change
Charity Law Updates for 2018: Making the Most of ChangeIBB Law
 
EU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketingEU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketingIT Governance Ltd
 
The Electronic Health Record And The Movement Toward The...
The Electronic Health Record And The Movement Toward The...The Electronic Health Record And The Movement Toward The...
The Electronic Health Record And The Movement Toward The...Kimberly Brooks
 
Ico sme-webinar-slides-090217
Ico sme-webinar-slides-090217Ico sme-webinar-slides-090217
Ico sme-webinar-slides-090217Tony Dowling
 
Jowanna Conboye - Stephens Scown
Jowanna Conboye - Stephens ScownJowanna Conboye - Stephens Scown
Jowanna Conboye - Stephens ScownAgile PR
 
Everything you need to know about the GDPR
Everything you need to know about the GDPREverything you need to know about the GDPR
Everything you need to know about the GDPRSpoon London
 
What All Organisations Need to Know About Data Protection and Cloud Computing...
What All Organisations Need to Know About Data Protection and Cloud Computing...What All Organisations Need to Know About Data Protection and Cloud Computing...
What All Organisations Need to Know About Data Protection and Cloud Computing...Brian Miller, Solicitor
 
[Privacy Webinar Slides] Global Enforcement Priorities
[Privacy Webinar Slides] Global Enforcement Priorities[Privacy Webinar Slides] Global Enforcement Priorities
[Privacy Webinar Slides] Global Enforcement PrioritiesTrustArc
 
How your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacyHow your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacyTechSoup Canada
 

Similar to TPP Finance Seminar 6th October 2016 (20)

GDPR training
GDPR training GDPR training
GDPR training
 
GDPR Information
GDPR InformationGDPR Information
GDPR Information
 
Preparing for GDPR
Preparing for GDPR Preparing for GDPR
Preparing for GDPR
 
Academic Clustering Paper
Academic Clustering PaperAcademic Clustering Paper
Academic Clustering Paper
 
Data Protection Act 1998 (amended 2000)
Data Protection Act 1998 (amended 2000)Data Protection Act 1998 (amended 2000)
Data Protection Act 1998 (amended 2000)
 
Personal Data and Trust Network: Group Workshop 16/12/15
Personal Data and Trust Network: Group Workshop 16/12/15Personal Data and Trust Network: Group Workshop 16/12/15
Personal Data and Trust Network: Group Workshop 16/12/15
 
National Volunteering Forum: May18
National Volunteering Forum: May18National Volunteering Forum: May18
National Volunteering Forum: May18
 
Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?
 
Fundraising Abroad and Data Protection – How to protect your reputation and r...
Fundraising Abroad and Data Protection – How to protect your reputation and r...Fundraising Abroad and Data Protection – How to protect your reputation and r...
Fundraising Abroad and Data Protection – How to protect your reputation and r...
 
Privacy Regulations and Your Digital Setup
Privacy Regulations and Your Digital SetupPrivacy Regulations and Your Digital Setup
Privacy Regulations and Your Digital Setup
 
Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...
Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...
Smart Nation, smart hacks and legal liability for cybersecurity breaches in t...
 
Charity Law Updates for 2018: Making the Most of Change
Charity Law Updates for 2018: Making the Most of ChangeCharity Law Updates for 2018: Making the Most of Change
Charity Law Updates for 2018: Making the Most of Change
 
EU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketingEU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketing
 
The Electronic Health Record And The Movement Toward The...
The Electronic Health Record And The Movement Toward The...The Electronic Health Record And The Movement Toward The...
The Electronic Health Record And The Movement Toward The...
 
Ico sme-webinar-slides-090217
Ico sme-webinar-slides-090217Ico sme-webinar-slides-090217
Ico sme-webinar-slides-090217
 
Jowanna Conboye - Stephens Scown
Jowanna Conboye - Stephens ScownJowanna Conboye - Stephens Scown
Jowanna Conboye - Stephens Scown
 
Everything you need to know about the GDPR
Everything you need to know about the GDPREverything you need to know about the GDPR
Everything you need to know about the GDPR
 
What All Organisations Need to Know About Data Protection and Cloud Computing...
What All Organisations Need to Know About Data Protection and Cloud Computing...What All Organisations Need to Know About Data Protection and Cloud Computing...
What All Organisations Need to Know About Data Protection and Cloud Computing...
 
[Privacy Webinar Slides] Global Enforcement Priorities
[Privacy Webinar Slides] Global Enforcement Priorities[Privacy Webinar Slides] Global Enforcement Priorities
[Privacy Webinar Slides] Global Enforcement Priorities
 
How your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacyHow your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacy
 

More from TPP Recruitment

TPP Finance Seminar 2019 - Embracing Digital Change
TPP Finance Seminar 2019 -  Embracing Digital ChangeTPP Finance Seminar 2019 -  Embracing Digital Change
TPP Finance Seminar 2019 - Embracing Digital ChangeTPP Recruitment
 
Embedding a coaching culture
Embedding a coaching cultureEmbedding a coaching culture
Embedding a coaching cultureTPP Recruitment
 
TPP Finance Breakfast Seminar - June 2018
TPP Finance Breakfast Seminar - June 2018TPP Finance Breakfast Seminar - June 2018
TPP Finance Breakfast Seminar - June 2018TPP Recruitment
 
Employment Law Update 2018
Employment Law Update 2018Employment Law Update 2018
Employment Law Update 2018TPP Recruitment
 
TPP Higher Education Seminar
TPP Higher Education SeminarTPP Higher Education Seminar
TPP Higher Education SeminarTPP Recruitment
 
TPP HR seminar - May 2017
TPP HR seminar - May 2017 TPP HR seminar - May 2017
TPP HR seminar - May 2017 TPP Recruitment
 
TPP Finance Breakfast Seminar
TPP Finance Breakfast  SeminarTPP Finance Breakfast  Seminar
TPP Finance Breakfast SeminarTPP Recruitment
 
TPP Recruitment - The Journey of a Fundraiser
TPP Recruitment - The Journey of a FundraiserTPP Recruitment - The Journey of a Fundraiser
TPP Recruitment - The Journey of a FundraiserTPP Recruitment
 
TPP Charity HR Salary Survey 2016
TPP Charity HR Salary Survey 2016TPP Charity HR Salary Survey 2016
TPP Charity HR Salary Survey 2016TPP Recruitment
 
TPP HR Seminar: Social media in the workplace
TPP HR Seminar: Social media in the workplaceTPP HR Seminar: Social media in the workplace
TPP HR Seminar: Social media in the workplaceTPP Recruitment
 
TPP Finance Seminar - Fraud & Internal Controls
TPP Finance Seminar - Fraud & Internal ControlsTPP Finance Seminar - Fraud & Internal Controls
TPP Finance Seminar - Fraud & Internal ControlsTPP Recruitment
 
HR Seminar - Equality & Diversity
HR Seminar - Equality & DiversityHR Seminar - Equality & Diversity
HR Seminar - Equality & DiversityTPP Recruitment
 
Personal branding: raising your profile as a future leader
Personal branding: raising your profile as a future leaderPersonal branding: raising your profile as a future leader
Personal branding: raising your profile as a future leaderTPP Recruitment
 
Finance seminar june 2015
Finance seminar   june 2015Finance seminar   june 2015
Finance seminar june 2015TPP Recruitment
 
Third Sector Careers Briefing - Demonstrating your value to employers
Third Sector Careers Briefing - Demonstrating your value to employersThird Sector Careers Briefing - Demonstrating your value to employers
Third Sector Careers Briefing - Demonstrating your value to employersTPP Recruitment
 
Tpp HR Employment Law update march 2015
Tpp HR Employment Law update march 2015Tpp HR Employment Law update march 2015
Tpp HR Employment Law update march 2015TPP Recruitment
 
TUPE - key changes, practical issues
TUPE - key changes, practical issuesTUPE - key changes, practical issues
TUPE - key changes, practical issuesTPP Recruitment
 
Trends in NGO Recruitment - a presentation by TPP Recruitment
Trends in NGO Recruitment - a presentation by TPP RecruitmentTrends in NGO Recruitment - a presentation by TPP Recruitment
Trends in NGO Recruitment - a presentation by TPP RecruitmentTPP Recruitment
 
How to attract and retain the best employees
How to attract and retain the best employeesHow to attract and retain the best employees
How to attract and retain the best employeesTPP Recruitment
 
TPP HR Seminar: Disciplinary Investigations & Hearing
TPP HR Seminar: Disciplinary Investigations & HearingTPP HR Seminar: Disciplinary Investigations & Hearing
TPP HR Seminar: Disciplinary Investigations & HearingTPP Recruitment
 

More from TPP Recruitment (20)

TPP Finance Seminar 2019 - Embracing Digital Change
TPP Finance Seminar 2019 -  Embracing Digital ChangeTPP Finance Seminar 2019 -  Embracing Digital Change
TPP Finance Seminar 2019 - Embracing Digital Change
 
Embedding a coaching culture
Embedding a coaching cultureEmbedding a coaching culture
Embedding a coaching culture
 
TPP Finance Breakfast Seminar - June 2018
TPP Finance Breakfast Seminar - June 2018TPP Finance Breakfast Seminar - June 2018
TPP Finance Breakfast Seminar - June 2018
 
Employment Law Update 2018
Employment Law Update 2018Employment Law Update 2018
Employment Law Update 2018
 
TPP Higher Education Seminar
TPP Higher Education SeminarTPP Higher Education Seminar
TPP Higher Education Seminar
 
TPP HR seminar - May 2017
TPP HR seminar - May 2017 TPP HR seminar - May 2017
TPP HR seminar - May 2017
 
TPP Finance Breakfast Seminar
TPP Finance Breakfast  SeminarTPP Finance Breakfast  Seminar
TPP Finance Breakfast Seminar
 
TPP Recruitment - The Journey of a Fundraiser
TPP Recruitment - The Journey of a FundraiserTPP Recruitment - The Journey of a Fundraiser
TPP Recruitment - The Journey of a Fundraiser
 
TPP Charity HR Salary Survey 2016
TPP Charity HR Salary Survey 2016TPP Charity HR Salary Survey 2016
TPP Charity HR Salary Survey 2016
 
TPP HR Seminar: Social media in the workplace
TPP HR Seminar: Social media in the workplaceTPP HR Seminar: Social media in the workplace
TPP HR Seminar: Social media in the workplace
 
TPP Finance Seminar - Fraud & Internal Controls
TPP Finance Seminar - Fraud & Internal ControlsTPP Finance Seminar - Fraud & Internal Controls
TPP Finance Seminar - Fraud & Internal Controls
 
HR Seminar - Equality & Diversity
HR Seminar - Equality & DiversityHR Seminar - Equality & Diversity
HR Seminar - Equality & Diversity
 
Personal branding: raising your profile as a future leader
Personal branding: raising your profile as a future leaderPersonal branding: raising your profile as a future leader
Personal branding: raising your profile as a future leader
 
Finance seminar june 2015
Finance seminar   june 2015Finance seminar   june 2015
Finance seminar june 2015
 
Third Sector Careers Briefing - Demonstrating your value to employers
Third Sector Careers Briefing - Demonstrating your value to employersThird Sector Careers Briefing - Demonstrating your value to employers
Third Sector Careers Briefing - Demonstrating your value to employers
 
Tpp HR Employment Law update march 2015
Tpp HR Employment Law update march 2015Tpp HR Employment Law update march 2015
Tpp HR Employment Law update march 2015
 
TUPE - key changes, practical issues
TUPE - key changes, practical issuesTUPE - key changes, practical issues
TUPE - key changes, practical issues
 
Trends in NGO Recruitment - a presentation by TPP Recruitment
Trends in NGO Recruitment - a presentation by TPP RecruitmentTrends in NGO Recruitment - a presentation by TPP Recruitment
Trends in NGO Recruitment - a presentation by TPP Recruitment
 
How to attract and retain the best employees
How to attract and retain the best employeesHow to attract and retain the best employees
How to attract and retain the best employees
 
TPP HR Seminar: Disciplinary Investigations & Hearing
TPP HR Seminar: Disciplinary Investigations & HearingTPP HR Seminar: Disciplinary Investigations & Hearing
TPP HR Seminar: Disciplinary Investigations & Hearing
 

TPP Finance Seminar 6th October 2016

  • 1. TPP Finance Seminar 6th October 2016
  • 2. About TPP • TPP are specialist charity recruiters • We have a dedicated Finance, IT & Facilities team and recruit to roles at all levels
  • 3. Thank you 020 7198 6050 finance@tpp.co.uk www.tpp.co.uk @TPPFinance
  • 4. Information Security in the Third Sector Brian Shorten MSc CISSP FBCS Chairman – Charities Security Forum
  • 5. Why does the third sector need information security?
  • 6. 57% of the UK population donated £10.4bn to charities 9% via online donations CAF UK Giving 2012/3
  • 7. 57% of the UK population gave to charity in the previous 12 months £10.6bn to charities 15% via online donations 11% via text CAF UK Giving 2014
  • 8. What does the third sector have to protect? Pretty much the same as every other company
  • 9. HR Records Financial records Supporter details (DPA) Card details (PCI) Bank details (DPA) ‘client’ details (DPA) Drug trials (MHRA)
  • 11. Reputation!! The third sector is the last bastion of integrity in the UK
  • 12. We used to look up to …. MPs Athletics The Church FIFA NHS IOC Bankers Tour de France Police
  • 14. Perception is everything.. ….. because opinions can change
  • 15. Charity Commission Survey 2016 Almost 2,000 respondents – • 61% said their trust and confidence in charities had stayed the same, • 33% said it had decreased, • 6% said it had increased.
  • 16. Charity Commission Survey 2016 Decreased confidence – • 33% highlighted media stories about a particular charity or charities as a factor. • 32% cited media coverage about how charities spend donations was a factor,
  • 17. Charity Commission Survey 2016 Decreased confidence – • 21% said they do not trust charities or know where money goes. 18 % mentioned pressurising techniques, including in fundraising, • 15 % said their confidence had been impacted by charities spending too much on advertising/wages (perceived via the media or known?)
  • 18. Charity Commission Survey 2016 Decreased confidence – • 67% thought charities spend too much of their funds on salaries and administration, up from 58 per cent in 2014. • 9% said the most important factor in their trust and confidence in charities is effective management
  • 19. The media can easily change good guys into bad guys
  • 22. Good guys can easily become bad guys
  • 23. Who would want to attack them? • “Charities have no security!” • Banks have sorted their security so . • I don’t like what the charity does • I want the information the charity holds
  • 24. What is the impact of a breach? • A fine from the ICO • Adverse media attention • Loss of supporter confidence • Loss of income ▪ • Eventual closure
  • 25. How do they protect that information? • Pretty much the same as every other company, except with reduced resources • Smaller IT budget and staff • Outsourced IT • Non standard equipment • Information security as a shared function • Volunteer staff
  • 28. CyberSecurity Information Sharing Partnership (CiSP) https://www.cert.gov.uk/cisp/
  • 29. And join the Charities Security Forum, of course
  • 30. • The premier group for Information Professionals working in the charity sector. The group has representatives from many major and household name charities, and meets quarterly in London. • Our members participate in discussions and presentations on information security issues of relevance and importance to the not-for-profit sector
  • 31. Thank you for your time any questions?
  • 32. Information Security in the Third Sector Brian Shorten MSc CISSP FBCS Chairman – Charities Security Forum
  • 33. Information Security issues for third sector organisations 6 October 2016 Iain Pritchard & Fiona Brookes @AdaptaforNFP
  • 34. Adapta Consulting We are: – A specialist information systems consultancy – We only work with membership organisations, charities, associations, trusts and others in the NfP sector – We are completely supplier-independent – Our consultants have held senior positions in a broad range of different organisations – Our advice and guidance is based on practical experience gained over many years.
  • 35. Our CRM knowledge and experience
  • 36. Agenda 1. Processes and people (…and technology...) 2. The Data Protection Act (why worry….) 3. Some discussion…
  • 37. 1. Processes and people Iain Pritchard
  • 38. 20th Century relationships…… Members and supporters Membership bodies and charities
  • 39. 21st Century expectations…… Members and supporters Membership bodies and charities
  • 40. People, processes and technology Roles and people Resources (information and technology) Activities (processes and culture)
  • 41. 2. The Data Protection Act Fiona Brookes
  • 42. Complying with the Act When processing personal and sensitive personal data we have to comply with the 8 principles: 1. Data must be collected lawfully and fairly 2. It must be used only for specified purposes 3. The quantity of data collected should be appropriate 4. The data should be accurate and up to date 5. It should be kept only as long as necessary 6. It should be processed in accordance with the rights of those it concerns 7. It should be kept securely 8. It should not be transferred out of the EEA unless it is to an area which has similar standards
  • 43. • Investigation • Enforcement • Fines – up to £500k • Criminal prosecution – Serious contravention of the Act – Causing substantial damage and / or distress – Deliberate or should have know better When things go wrong Everyone’s got to stick to the law, and if the law’s been broken then we will act Information Commissioner, 2 September 2015
  • 44. • The Nursing and Midwifery Council … lost dvds ... unencrypted.. £150k fine • North East Lincolnshire Council … missing unencrypted memory stick …£80k fine • Greater Manchester Police … stolen USB stick … unencrypted, no password protection … £150k fine • Royal Veterinary College … loss of a memory card … signed undertaking • British Pregnancy Advice Service … hacked database … £200k fine • Surrey County Council … misdirected emails with attached files … not encrypted or password protected … £120k fine • North Somerset Council … sent unencrypted emails with personal data to wrong NHS employee … £60k fine When things go wrong … some examples
  • 45. • Personal data – accuracy, appropriate, up to date, kept only as long as necessary • Remote working • Human error • Volunteers • Transferring data • Emails • Data processors Key areas of risk
  • 46. • Reputational damage • ICO enforcement notice • ICO fines of up to £500k The consequences of non compliance There is a danger here of blackening a whole sector. Charities seem to be becoming the new dirty word, and that clearly isn’t fair. But the rules on data protection and the rules about privacy and electronic communications apply to all who are processing data, whether businesses or charities. Everyone’s got to stick to the law, and if the law’s been broken then we will act Information Commissioner, 2 September 2015 The benefits of compliance • Improved business processes • Less data, more information • Peace of mind
  • 47. • Compliance review • Implement appropriate policies & procedures • Tell people what you are doing with their personal data • Encrypt all portable devices • Staff & volunteer training Minimising the risk of non compliance ‘A key part of data protection legislation is to defend the rights of vulnerable people. Companies and organisations have a duty to keep people’s data safe and are not allowed to simply hand out or consult on personal information without proper care or an individual’s permission. In this way the DPA plays an important part in protecting vulnerable people’ Judith Jones, ICO
  • 49. help@adaptaconsulting.co.uk www.adaptaconsulting.co.uk Adapta Consulting, 5 St John’s Lane, London, EC1M 4BH 020 7250 4788