Presentation is loading. Please wait.

Presentation is loading. Please wait.

Alan Duncan, Director of Data Governance, UNSW E: LinkedIn:

Similar presentations


Presentation on theme: "Alan Duncan, Director of Data Governance, UNSW E: LinkedIn:"— Presentation transcript:

1 Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed Ensuring Data Governance for effective data privacy and security Alan D. Duncan September 2013

2 Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed A bit about me.... Alan Duncan, Director of Data Governance, UNSW 21 years Information Management & Business Consulting –EDS, KPMG, CPW, Acuma, Pelion, SMS –Scottish Power, United Distillers, O2, Astra Zeneca, Carphone Warehouse, Vodafone, Riyad Bank –Commonwealth Bank, NSW Roads & Maritime Services, Centrelink, OATSIH, NSW Family & Community Services, CASA, AMSA, FaHCSIA, DAFF, Navy… Information-Management.com “Top 12 on Twitter” Best supporting Actor, 2005 Barnet Drama Festival

3 Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed …and a bit about UNSW.

4 Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed Agenda 1.The capabilities required for an Enterprise approach to Data Governance 2.Regulatory requirements and compliance: privacy, security and openness 3.The relationship between Data Governance and Information Security 4.Achieving compliance in a cost effective manner

5 Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed “The beginning of wisdom is the definition of terms” PART1: Capabilities for Enterprise Data Governance, sponsored by Socrates

6 Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed Data Governance Principles We value – data and information as an asset and a strategic resource. Any information holdings will be appropriately protected. We trust – in our information and each other. Access to and use of data should promote trust and confidence. We share – information. Information is accessible, discoverable and transparent. We re-use – information from specified authoritative sources (“single source of truth”) and is collected in a consistent manner. We manage – information actively. Information is managed throughout its lifecycle and practices are standardised across the business. We govern – information. We have formally assigned information owners and stewards with clear accountability. Data Governance Principles ValueTrustSharingRe-useManageGovern Information is treated as a organisational asset and is readily available to support evidence-based decision-making and informed action.

7 Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed Drivers for improved IM & DG… New information-processing technologies Capabilities to meet unmet business needs Market competition Agility to meet changing business demands?

8 Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed …plus second-guessing future needs.

9 Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed Target state for Data Governance Current stateRequired state Task/activity/function focussedOutcome oriented Hierarchical approachOpenness and collaboration Hoarding of informationSharing of information Silo mentalityConscious connectedness and collective benefit Assumptions, approximations and caveatsExplicit, contextualised evidence GatekeepingService, communication & responsiveness Inertia & delayUrgency, agility & time to value De facto processes and no agreed rules of engagement Empowerment (permission to act), supported by flexible, adaptable enabling processes Sense of frustrationResponsiveness and ability to act Evangelism, methods, joined up collection strategies & change management

10 Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed Information Management Operating Model Enterprise Data Governance & Information Management Information Asset Management (Process) Metadata Management (Process) Data Quality Management (Process) Information Management Competency Centre (Resources) Information Ownership & Stewardship (Resources) Information Management Policies Framework (Controls) Information Management Steering Committee Master Data Management (Process) IM Solutions Implementation (Process) Records Management (Process)

11 Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed Data Governance capabilities Common Principles, Methods & Standards Shared Data Definitions Visible data integrity (traceability & lineage) Accuracy and completeness of data (in context) Formal accountability & decision- making Facilitate, communicate, support, broker, arbitrate Information Services & Delivery Teams (e.g. IARO, FPM, Records, EDW) Data Governance Unit Incorrect Values Incomplete information Inconsistent results Missing context Repurposing unsuitable data Complex calculations Conflicting expectations Trusted data Proactive sharing Insight & interpretation Enter once, use many Feedback loop Inputs linked to outcomes Service & engagement

12 Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed Data Quality Management “Get your facts first, then you can distort them as you please.” Data Quality Management, sponsored by Mark Twain

13 Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed Information Model: Level 0 Domains "When I use a word," Humpty Dumpty said in rather a scornful tone. "It means just what I choose it to mean - neither more or less.” Information Models & Business Glossary, sponsored Lewis Carroll

14 Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed Information Asset Management Information Asset Register (inventory) System Interfaces map “Science is organized knowledge. Wisdom is organized life.” Information Asset Management, sponsored by Immanuel Kant

15 Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed Common principles, methods & standards “Whosoever desires constant success must change his conduct with the times.” Continuous improvement, sponsored by Niccolo Machiavelli

16 Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed Data Governance structures “It is not only what we do, but also what we do not do, for which we are accountable.” Formal accountability and decision-making, sponsored by Moliere

17 Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed A word on Information Delivery Services… Data Governance / Information Management Sponsoring Group Data Governance Strategy & Roadmap

18 Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed Evidence-based decision-making, sponsored by Carl Sagan “I try not to think with my gut. If I‘m serious about understanding the world, thinking with anything besides my brain, as tempting as that might be, is likely to get me into trouble.” TALKING POINT

19 Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed “All I want is compliance with my wishes, after reasonable discussion.” PART 2: Impact of regulatory requirements, sponsored by Winston Churchill

20 Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed 2. Implications of regulatory requirements The legislative agenda Implications –Privacy –Sensitivity –Openness –The Cloud? Bottom line 20

21 Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed There’s a lot of legislation! Freedom of Information Act 1982 (Cth) Freedom of Information Amendment (Reform) Act 2010 (Cth) Privacy Act 1988 (Cth) Privacy Amendment (Private Sector) Act 2000 Privacy Amendment Act 2012 (Cth) Privacy Amendments (Privacy Alerts) Bill 2013 (Cth) State Records Act 1998 (NSW) Government Information (Public Access) Act 2009 (NSW) Privacy & Personal Information Protection Act 1998 (NSW) Health Records & Information Privacy Act 2002 (NSW) NSW Government Guide To Labelling Sensitive Information 2011 (NSW Financial & Services) Australian Government Cloud Computing Strategic Direction 2011 (AGIMO) Australian Government Cloud Computing Policy 2013 (AGIMO) 21

22 Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed Implications - Privacy Privacy Classification Copying & storage implications Electronic transmission implications PERSONAL – HIGHLY SENSITIVE Treat as PROTECTED (minimum standard) PERSONALTreat as X-IN-CONFIDENCE (min standard) PERSONAL –DIRECTION TO WAIVE Treat as X-IN-CONFIDENCE (min standard) OTHER NON-PERSONALTreat as UNRESTRICTED (minimum standard) 22 Based on NSW State Privacy Principles (per PPIP Act 1998):

23 Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed Implications – Sensitivity/Security Privacy Classification Copying & storage implications Electronic transmission implications HIGHLY PROTECTED Encrypted & physically secure Controlled copy only Encrypted PROTECTED Encrypted & physically secure Encrypted X-IN-CONFIDENCE Unencrypted, physically secure Encrypted if regular or frequent UNRESTRICTEDNo specific considerations 23 Based on NSW State information labeling standards: % pdf

24 Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed Is “Open Data” a good thing? tim_berners_lee_the_year_open_d ata_went_worldwide.html 24

25 Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed What about “The Cloud”? 25 In principle, it’s just another place to store data, so the security principles apply….

26 Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed But the Uncle Sam has other ideas… US Patriot Act 2011 US Foreign Intelligence Surveillance Act (FISA) 1978 FISA Amendment Act of 2008 Protect America Act of 2007 It is suggested that data of sensitivity classifications X-IN-CONFIDENCE, PROTECTED and HIGHLY PROTECTED are not stored in public cloud-based solutions (Google, Dropbox, iCloud etc.) 26

27 Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed “Need to know” principle, sponsored by Benjamin Franklin “Three can keep a secret, if two of them are dead.” TALKING POINT

28 Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed PART 3: The relationship between Data Governance and Information Security, sponsored by Niccolo Machiavelli “I’m not interested in preserving the status quo; I want to overthrow it.”

29 Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed 3. Relationship between Data Governance & Information Security Information Asset Management –Know what you’ve got! –Know who’s responsible for it. Data Classification –Know the implications Security delivery –Implementation of security controls –Partnerships & accountability 29

30 Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed Aligning info assets with business outcomes The “Information Asset Community” Information Asset Register (inventory) System Interfaces map

31 Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed Data Ownership & Stewardship Chief Steward & IMCC (cross-functional, cross domain) Business Process Business Process Business Process Business Process Business Process Information Stewards NB Risk Point: Owner of data acquisition process may not be the most appropriate owner for the information asset!

32 Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed Evidence-based decision-making, sponsored by Aldous Huxley “The deepest sin against the human mind is to believe things without evidence.” TALKING POINT

33 Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed PART 4: Compliance in a cost-effective manner, sponsored by Voltaire “The art of government is to make two-thirds of a nation pay all it possibly can for the benefit of the other third.”

34 Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed 4. Achieving compliance in a cost-effective manner Delivering information value Shared planning Data lifecycle and SDLC 34

35 Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed “True Facts”: Data Governance and Information as a Service Identify measurable and targeted Business Outcomes Why do we need information? For whom? What will we do differently? Establish DG Operating Model Who is accountable? By what processes? Execute Activities & Tasks How do we deliver? Who does the work? Confirm the Information Holdings & Gaps What do we need to provide? (Content + Context) Implement DG/IMCC Services Catalogue: What core capabilities do we need?

36 Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed Tracking the value: Information Benefits Register 36 Information value to IT is typically characterised by improvements in efficiency Information Benefits Case monetises the expected value to derive from standing up the IMCC/DG capability Information value to Business is characterised by improvements in effectiveness Institutional reputation and compliance issues are benefitted through avoiding or mitigating risk

37 Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed

38 Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed Linking of Data Governance Lifecycle & SDLC DP RefDG Decision Point Name DG-DP01New Data In a Source System DG-DP02Customer Origination and Maintenance DG-DP03Data Movement / Migration DG-DP04Group Data Warehouse Integration DG-DP05Creation of Reporting & Analytics DG-DP06Feeding output data from Information Stores back into Operational Systems DG-DP07Create a New Data Store DG-DP08 Add new or make changes to an existing Classification Scheme (hierarchical or descriptive elements in Dimensional data) RequirementsDesignBuildTestDeployBAU Specific and explicit milestones mapped into the Business Operating Model & SDLC

39 Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed Collaboration & knowledge sharing, sponsored by Lao Tsu “Respond intelligently even to unintelligent treatment.” FINAL THOUGHTS

40 Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed Consistency of messaging, sponsored by Lewis Carroll “What I tell you three times is true.”

41 Alan Duncan, Director of Data Governance, UNSW E: LinkedIn: Uncontrolled when printed Further reading DocumentLink AGIMO Cloud Computing Policy Data Compliance Beyond Borders should-be-paying-attention UNSW Cyber Law Centre - Data Sovereignty & The Cloud Harvard Business Review – blog post um=Tweet&utm_campaign=Socialflow Varonis – Security Incidents White Paper _Security_Incidents_and_Real-time_Alerts.pdf%20 EU Working Party on Data Protection Reform – Article 29 document/files/2013/ _statement_dp_reform_package_en.pdf Macquarie Telecom – The Cloud and Cross Border Risks Border_Risks.pdf?goback=%2Egde_ _member_ And of course !http://www.informationaction.blogspot.com.au/


Download ppt "Alan Duncan, Director of Data Governance, UNSW E: LinkedIn:"

Similar presentations


Ads by Google