1 / 14

Portable/mobile devices and privacy in Local Government

Portable/mobile devices and privacy in Local Government. Dr Anthony Bendall Acting Victorian Privacy Commissioner. Overview . OVPC Surveys and Guide Privacy laws Recent developments : Tablets Smart phones Portable hard drives BYOD Cloud computing Looking ahead. Example.

clare-farley
Download Presentation

Portable/mobile devices and privacy in Local Government

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Portable/mobile devices and privacy in Local Government Dr Anthony Bendall Acting Victorian Privacy Commissioner

  2. Overview • OVPC Surveys and Guide • Privacy laws • Recent developments : • Tablets • Smart phones • Portable hard drives • BYOD • Cloud computing • Looking ahead

  3. Example • “A staff member was responsible for collating information about individuals from numbers sourced for the purpose of preparing reports. The staff member would often work on these reports at home and stored the work on a personal USB key. But the USB key was lost, possibly at a supermarket car-park, with over 30 reports.”

  4. OVPC Surveys and Guide • OVPC, Use of Portable Storage Devices: Privacy Survey, January 2009 • OVPC, Portable Storage Devices: Privacy Survey 2011, December 2011 • OVPC, Use of Portable Storage Devices – a guide to policy development, August 2009 • All available at www.privacy.vic.gov.au

  5. Privacy laws • Information Privacy Act 2000 (Vic) • IPP 4: Data Security • ...”must take reasonable steps to protect personal information... from misuse, loss, unauthorised access, modification and disclosure.” • Personal information should be destroyed or de-identified when it is no longer needed. • Similar laws at Cth level and in other States and Territories

  6. 2008 Survey • 55 organisations • “Major security risk” • 17 recommendations • Recommendation 1: formal policy • 2009 Guide • 27 point checklist

  7. Surveys by others • NZ 2010: • 42 NZ agencies • 120 devices lost in 12 months • “inadequate controls” • Australian Privacy Commissioner 2009: • 58% of agencies suffered loss or theft • “mixed results”

  8. 2011 Survey • 31 of previous 55 organisations • General improvement • 12 organisations – no controls • Lack of encryption • 10 organisations – no tracking • 8 – no improvement • 2 – deterioration • Local Councils – from “poor” to “commended”

  9. Tablets and other developments • Explosion in period between two surveys • 2011 – 50% provide tablets to staff • Portable hard drives

  10. BYOD • Increasing • Lack of policy and technical controls

  11. The cloud • New challenges • Loss of control • Offshore storage • OVPC Information Sheet: Cloud Computing, May 2011

  12. 2011 recommendations • 6 additional recommendations: • Strict control over external hard drives • Control of all active ports • Encrypted USB keys • Smart phones and tablets • Integrity • Expanded policies • Privacy Impact Assessments • Collection & notice • data security • transborder flows • Loss of control • Accountability

  13. Conclusion • Accountability • Costs • Compliance notices • Potential data breach laws

  14. More information Privacy Victoria www.privacy.vic.gov.au 1300 666 444

More Related