8/25/20141 Portable/mobile devices and privacy in Local Government Dr Anthony Bendall Acting Victorian Privacy Commissioner.

Slides:



Advertisements
Similar presentations
The Perception of Privacy Risk Gerald W. Gates Chief Privacy Officer U.S. Census Bureau.
Advertisements

The Legal Foundation TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.
Privacy Impact Assessment Future Directions TRICARE Management Activity HEALTH AFFAIRS 2009 Data Protection Seminar TMA Privacy Office.
CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.
Identify risks with mobile devices: Portable data storage Wireless connections 3 rd party applications Data integrity Data availability 2.
January 21, 2010 Integrated Project and Panel Work Plan FY 2010 Sylvia Karman, OIDAP Member & Project Director Mary Barros-Bailey, Ph.D., OIDAP Chair.
Red Flags Rule BAS Forum August 18, What is the Red Flags Rule? Requires implementation of a written Identity Theft Prevention Program designed.
Innovation and the Privacy Advantage Jennifer Stoddart, Privacy Commissioner of Canada August 25, 2010 Institute of Public Administration of Canada 62.
Office of the Information Commissioner
Statewide PCP Chairs and Executive Officers Tuesday 14 August 2012 Sylvia Barry Manager Partnerships and Primary Health.
Security metrics in SCADA system Master of Computer and Information Science Student: Nguyen Duc Nam Supervisor: Elena Sitnikova.
Jisc Legal. John X Kelly - Mobile Devices - BYOD.
International Financial Reporting Standards The views expressed in this presentation are those of the presenter, not necessarily those of the IFRS Foundation.
Imation Mobile Security Research Presentation August 2013 What is happening with our data?
CHARTERED SECRETARIES AUSTRALIA New Privacy Laws 6 June 2013.
Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.
PRIVACY COMPLIANCE An Introduction to Privacy Privacy Training.
The Australian Privacy Principles Protecting information rights –­ advancing information policy.
Managing Personal Information - Australian Companies Outsourcing to India and the Philippines Professor Margaret Jackson and Marita Shelly.
Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
October is National Cyber Security Month OIT and IT providers are launching an awareness campaign to provide tips and resources to help you stay safe online.
Information Management – Access and Privacy Monday, April 20, 2015 Nanaimo, BC Julie Luckevich, MLIS, CIAPP-P Eclaire Solutions Inc.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Keeping on top of the Cloud - Compliance from a Regulator’s Perspective Henry Chang, IT Advisor Office of the Privacy Commissioner for Personal Data, Hong.
Protecting information rights –­ advancing information policy Privacy law reform for APP entities (organisations)
Practical Information Management
Information Security Technological Security Implementation and Privacy Protection.
13 July 2006Susan Joseph Health Privacy It’s My Business Health Records Act 2001 (Vic) eReferral Service Co-ordination System.
HQ Expectations of DOE Site IRBs Reporting Unanticipated Problems and Review/Approval of Projects that Use Personally Identifiable Information Libby White.
Security considerations for mobile devices in GoRTT
ENCRYPTION Team 2.0 Pamela Dornan, Thomas Malone, David Kotar, Nayan Thakker, and Eddie Gallon.
Privacy and Information Management ICT Guidelines.
Protecting information rights –­ advancing information policy The Australian Privacy Principles.
EU Data Protection IT Governance view Ger O’Mahony 12 th October 2011.
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.
Information Commissioner’s Office Sheila Logan Operations and Policy Manager Information Commissioner’s Office Business Matters 20 May 2008.
Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office.
Information Systems Services How to Protect Yourself On-Line (Keeping Safe At Work) Kevin Darley, IT Security Co-ordinator 7 th March 2013.
The Government Recordkeeping Survey 2008 Natalie Dewson, Senior Advisor, Government Recordkeeping Programme, Archives New Zealand.
IT Applications Theory Slideshows By Mark Kelly Vceit.com Privacy Laws.
The Internet of Things and Consumer Protection
Malcolm Crompton APEC Information Privacy Framework: review, impact, & progress APEC Symposium on Information Privacy Protection in E Government & E Commerce.
1 PARCC Data Privacy & Security Policy December 2013.
Privacy in the Workplace Roland Hassall, Partner Date: 12 November 2015.
Staying ahead of the storm: know your role in information security before a crisis hits Jason Testart, IST Karen Jack, Secretariat.
Lessons Learned from Recent HIPAA Breaches HHS Office for Civil Rights.
Privacy Act United States Army (Managerial Training)
Katrine Evans: Current issues Key themes in enquiries and complaints “Privacy at work” Neil Sanson: Risk Data breach guidelines Data encryption Combining.
Privacy Compliance in Schools Darrebin A/P’s Network 7 May 2009.
Your Cyber Security: The scope of your risk is broad and growing To understand the nature of the risk landscape look at the presentations here today-begin.
Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.
1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.
Technical and organisational measures for protecting data and ensuring data security Simon Rice Group Manager (Technology) 29 May 2014.
Understanding Privacy An Overview of our Responsibilities.
Handling Personal Data & Security of Information Paula Trim, Information Officer, Children’s Strategic Services, Mon – Thurs 9:15-2:15.
Understanding Privacy An Overview of our Responsibilities.
Pioneers in secure data storage devices. Users have become more accustomed to using multiple devices, are increasingly mobile, and are now used to storing.
Director, Regulation and Strategy
Contingent Workforce: Global Privacy Laws Overview
Surveying the privacy landscape
IT Applications Theory Slideshows
APP entities (organisations)
Data Protection Scenarios
The Matrix Health Funds, Clinical Providers and Patients - Balancing competing priorities of health versus individual privacy 30 August.
By The Data Protection Commissioner
Move this to online module slides 11-56
HQ Expectations of DOE Site IRBs
Presentation transcript:

8/25/20141 Portable/mobile devices and privacy in Local Government Dr Anthony Bendall Acting Victorian Privacy Commissioner

Overview OVPC Surveys and Guide Privacy laws Recent developments : –Tablets –Smart phones –Portable hard drives –BYOD –Cloud computing Looking ahead

Example “A staff member was responsible for collating information about individuals from numbers sourced for the purpose of preparing reports. The staff member would often work on these reports at home and stored the work on a personal USB key. But the USB key was lost, possibly at a supermarket car-park, with over 30 reports.”

OVPC Surveys and Guide OVPC, Use of Portable Storage Devices: Privacy Survey, January 2009 OVPC, Portable Storage Devices: Privacy Survey 2011, December 2011 OVPC, Use of Portable Storage Devices – a guide to policy development, August 2009 All available at

8/25/20145 Privacy laws Information Privacy Act 2000 (Vic) IPP 4: Data Security –...”must take reasonable steps to protect personal information... from misuse, loss, unauthorised access, modification and disclosure.” –Personal information should be destroyed or de- identified when it is no longer needed. Similar laws at Cth level and in other States and Territories

2008 Survey 55 organisations “Major security risk” 17 recommendations Recommendation 1: formal policy –2009 Guide –27 point checklist

Surveys by others NZ 2010: –42 NZ agencies –120 devices lost in 12 months –“inadequate controls” Australian Privacy Commissioner 2009: –58% of agencies suffered loss or theft –“mixed results”

2011 Survey 31 of previous 55 organisations General improvement 12 organisations – no controls Lack of encryption 10 organisations – no tracking 8 – no improvement 2 – deterioration Local Councils – from “poor” to “commended”

Tablets and other developments Explosion in period between two surveys 2011 – 50% provide tablets to staff Portable hard drives

BYOD Increasing Lack of policy and technical controls

The cloud New challenges Loss of control Offshore storage OVPC Information Sheet: Cloud Computing, May 2011

2011 recommendations 6 additional recommendations: –Strict control over external hard drives –Control of all active ports –Encrypted USB keys Smart phones and tablets –Integrity –Expanded policies Privacy Impact Assessments –Collection & notice –data security –transborder flows Loss of control Accountability

Conclusion Accountability Costs Compliance notices Potential data breach laws

More information Privacy Victoria

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.