Presentation is loading. Please wait.

Presentation is loading. Please wait.

Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal."— Presentation transcript:

1 Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal Compliance) Information Security

2 Is about ISO 27001 Websites Data Protection Act Freedom of Information Act Case studies What does this mean for you?

3 Information Security is about: Confidentiality: protecting information from unauthorised access and disclosure Integrity: safeguarding the accuracy and completeness of information and processing methods Availability: ensuring that information and associated services are available to authorised users when required

4 ISO 27001 In addition, the Deputy Registrar’s Office is consulting on the Information Security Policy 2008/2009 which contains procedures/guidance on areas such as : –Data retention –Anti-virus protection –Password best practice This is due to be considered by the Information Policy and Strategy Committee (IPSC) in June 2009

5 Websites –http://www2.warwick.ac.uk/services/infosecurity/ or go/infosecurity –http://www2.warwick.ac.uk/services/gov or go/governance

6 Data Protection The Data Protection Act 1998 “An Act to make new provision for the regulation of the processing of information relating to individuals, including the obtaining, holding, use or disclosure of such information.” Personal Data Includes “any personal information about an individual from whom you are collecting or utilising..data, the compromise, loss or theft of which could cause distress or harm to that individual” (DWP) How it should be processed 1.Personal data shall be processed fairly and lawfully 2.Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes. 3.Personal data shall be adequate, relevant and not excessive 4.Personal data shall be accurate and, where necessary, kept up to date. 5.Personal data processed shall not be kept for longer than is necessary 6.Personal data shall be processed in accordance with the rights of data subjects 7.Appropriate technical and organisational measures shall be taken to ensure the security of the information 8.Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data. Ref: go/governance

7 Freedom of Information Act The Freedom of Information Act 2000 gives the general right to request any information held by public authorities Freedom of Information (FOI) requests must be in writing, with contact details, but a request does not need to state that it falls under the FOI Act The University of Warwick is obliged to respond within 20 working days, once the nature of the request is established, unless an exemption applies University will have general duty to advise and assist, but can refuse on certain grounds, e.g. commercial sensitivity, breach of security, vexatious etc FOI requests should be referred to the Deputy Registrar’s Office for action Ref: go/governance

8 Case Studies In December 2007 Norwich Union Life was fined £1.26 million by the FSA for ‘not having effective systems and controls in place to protect customers’ confidential information’ HM Government ‘Managing Information Risk’ In May 2008 the Information Commissioners' Office was given powers to fine organisations that lose personal data. In the worse case scenario the fines could run into millions. The Guardian In March 2007 TK Maxx had 45.7 million credit and debit cards details stolen over an18 month period. As well as financial data, thieves were able to copy customer's personal information including names, addresses driving licence and other identification data. If PCI DSS had been in force they would have lost their ability to process debit/credit information. BBC

9 What does this mean for you ? Our network and the Internet were designed to share not protect information Greater awareness of how data should be stored, processed and transmitted (in paper and electronic form). Understand the DPA and PCI DSS Know how to deal with FOI and DPA requests Be aware of the consequences of non-compliance Information Security is everyone’s responsibility. Please take ownership of the data you collect.

10 Contacts Duncan Woodhouse Tel: ext 50681 Email: Duncan.Woodhouse@warwick.ac.uk Web:go/infosecurity Helen Wollerton Tel: ext 50949 Email: H.Wollerton@warwick.ac.uk Web: go/governance

Download ppt "Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal."

Similar presentations

Administrative Systems and the Law What you need to know to produce an oral presentation for Unit 7 When the presentations will take place Resources you.

Administrative Systems and the Law What you need to know to produce an oral presentation for Unit 7 When the presentations will take place Resources you.
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
BIOMETRICS, CCTV & DATA PROTECTION By Drudeisha Madhub Data Protection Commissioner Date: 09.07.14.

BIOMETRICS, CCTV & DATA PROTECTION By Drudeisha Madhub Data Protection Commissioner Date:
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Data Protection.

Data Protection.
Legislation & ICT By Savannah Inkster. By Savannah Computer Laws 1.Data Protection ActData Protection Act 2.Computer Misuse ActComputer Misuse Act 3.Copyright,

Legislation & ICT By Savannah Inkster. By Savannah Computer Laws 1.Data Protection ActData Protection Act 2.Computer Misuse ActComputer Misuse Act 3.Copyright,
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.

What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
Data Protection & Freedom of Information The Practical Implications of Data Protection and Freedom of Information Caroline Dominey Data Protection Officer.

Data Protection & Freedom of Information The Practical Implications of Data Protection and Freedom of Information Caroline Dominey Data Protection Officer.
1 Pertemuan 7 Points of Exposure Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.

1 Pertemuan 7 Points of Exposure Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.
University of Sunderland Professionalism and Personal Skills Unit 11 Professionalism and Personal Skills Computer Legislation.

University of Sunderland Professionalism and Personal Skills Unit 11 Professionalism and Personal Skills Computer Legislation.
Training at Ministry of Industry, Commerce and Consumer Protection Presented By: Mrs Dodah Pravina Mr Dookee Padaruth Date : 11 September 2014 Explaining.

Training at Ministry of Industry, Commerce and Consumer Protection Presented By: Mrs Dodah Pravina Mr Dookee Padaruth Date : 11 September 2014 Explaining.
Audiences NI Data Protection Workshop

Audiences NI Data Protection Workshop
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview

Data Protection Overview
Data Protection Act. Lesson Objectives To understand the data protection act.

Data Protection Act. Lesson Objectives To understand the data protection act.
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.

 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
The Legal Framework Can you work out which slide each bullet point should go on?!

The Legal Framework Can you work out which slide each bullet point should go on?!
UNIT 3C Security of Information. SECURITY OF INFORMATION Firms use passwords to prevent unauthorised access to computer files. They should be made up.

UNIT 3C Security of Information. SECURITY OF INFORMATION Firms use passwords to prevent unauthorised access to computer files. They should be made up.
The Information Commissioner’s Office David Evans.

The Information Commissioner’s Office David Evans.
Research Paper Presentation Software Engineering in agent systems.

Research Paper Presentation Software Engineering in agent systems.

Similar presentations

Ads by Google