1 / 19

Katrine Evans: Current issues Key themes in enquiries and complaints “Privacy at work” Neil Sanson: • Risk Data brea

Katrine Evans: Current issues Key themes in enquiries and complaints “Privacy at work” Neil Sanson: • Risk Data breach guidelines Data encryption Combining datasets. Just a few of our current issues. Code making – review of the Credit Reporting Privacy Code

hugh
Download Presentation

Katrine Evans: Current issues Key themes in enquiries and complaints “Privacy at work” Neil Sanson: • Risk Data brea

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Katrine Evans: • Current issues • Key themes in enquiries and complaints • “Privacy at work” • Neil Sanson: • • Risk • Data breach guidelines • Data encryption • Combining datasets

  2. Just a few of our current issues • Code making – review of the Credit Reporting Privacy Code • Policy – comments on the Immigration Bill • Technology – layered privacy notice project • Information matching – encryption • International – implementation of APEC Privacy Framework eg through trustmarks • Privacy (Cross-Border) Amendment Bill

  3. “Personal affairs” Section 56 of the Privacy Act

  4. Protecting information on portable media • Principle 5

  5. Preventing employee browsing • Principle 5 again

  6. PRIVACY AT WORK

  7. 66%involved data the victim did not know was on the system 75%of breaches were not discovered by the victim 83%of attacks were not highly difficult 85%of breaches were the result of opportunistic attacks 87%were considered avoidable through reasonable controls http://www.verizonbusiness.com/resources/security/databreachreport.pdf

  8. “the length of time between the attacker’s initial entry into the corporate network and the compromise of information is relatively short.” … “this was accomplished within minutes or hours in just under half of cases investigated.” “In sharp contrast, it takes much longer for organizations to discover a compromise. Months or even years transpired...” http://www.verizonbusiness.com/resources/security/databreachreport.pdf

  9. “Companies that carry out formal risk assessment are twice as likely to detect unauthorised access by staff or attacks on network traffic and nearly four times as likely to detect identity theft as those that do not.” http://www.berr.gov.uk/files/file45714.pdf

  10. “Decisions should take account of the wider context of the risk and include consideration of the tolerability of the risks borne by parties other than the organisation that benefits from it.” [3.5]

  11. http://eval.symantec.com/mktginfo/enterprise/white_papers/b-whitepaper_internet_security_threat_report_xiii_04-2008.en-us.pdfhttp://eval.symantec.com/mktginfo/enterprise/white_papers/b-whitepaper_internet_security_threat_report_xiii_04-2008.en-us.pdf

  12. Cost to Victim: existing accounts - $550.38 new accounts - $1,865.27 Cost to Business: $48,941.11 Victim hours repairing: existing accounts – 116 hours; new accounts – 157.87 hours 49% repaired in 6 months http://www.idtheftcenter.org/artman2/uploads/1/Aftermath_2007_20080529v2_1.pdf

  13. Privacy Breach Guidelines What is a privacy breach ? • Unauthorised access to or collection, use, or disclosure of personal information • Most common privacy breaches happen when personal information of customers, patients, clients or employees is stolen, lost or mistakenly disclosed http://www.privacy.org.nz/privacy-breach-guidelines-2/

  14. Data Encryption • Required for data transfers - physical media mostly now done - on-line transfers are under review - Government Shared Network (GSN) – expect encryption • Can you call it ‘professional’ if you are not taking steps to protect data?

  15. Combining Datasets • Privacy Act as guidance when combing datasets

More Related