Data Protection in Financial Services Are you Seeing the Bigger Picture? 17 September 2008.

Slides:



Advertisements
Similar presentations
Legal & Regulatory Compliance. Overview What types of information should be included? What issues or problems might there be? What benefits could be obtained?
Advertisements

Innovation or Necessity? ISM 158 By: Sepehr Saeb.
Data Protection Information Management / Jody McKenzie.
The Data Protection (Jersey) Law 2005.
Getting data sharing right for every child
Data Protection & Freedom of Information The Practical Implications of Data Protection and Freedom of Information Caroline Dominey Data Protection Officer.
Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal.
A European View of Privacy Protection John Woulds Director of Operations UK Data Protection Commissioner National Conference on Privacy, Technology & Criminal.
Information Commissioner’s Office: data protection Judith Jones Senior Policy Officer Strategic Liaison – public security 16 November 2011.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview
An overview of the Data Protection Act Legal framework The Data Protection Act 1998 came into force in March 2001, replacing the Data Protection.
The ICO and the DPA Ken Macdonald Assistant Commissioner Information Commissioner’s Office ScotStat Public Sector Analysts Network 30 th September 2010.
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland.
The Information Commissioner’s Office David Evans.
Implementation of Security and Confidentiality in GP Practices.
Finance and Governance Workshop Data Protection and Information Management 10 June 2014.
Presentation to Senior Management MiFID for Senior Managers Introduction These slides introduce the big changes for senior management from MiFID.
The Data Protection Act 1998 The Eight Principles.
Information Sharing Sheila Logan Information Commissioner’s Office Employability Partnership Event Glasgow 13 August 2009.
Professional Values and Basic Business Legislation.
Information Management in FSS: A Legal Perspective Paul Hinton Ian Mason Barlow Lyde & Gilbert LLP 17 September 2009.
Data Protection: An enabler? David Freeland, Senior Policy Officer 23 October 2014.
Data Protection Act AS Module Heathcote Ch. 12.
Local Government Reform: Incorporating Planning Functions Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s.
Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
Processing personal health data: the regulator’s perspective Ken Macdonald Assistant Commissioner Information Commissioner’s Office.
Information Commissioner’s Office Sheila Logan Operations and Policy Manager Information Commissioner’s Office Business Matters 20 May 2008.
What is personal data? Personal data is data about an individual which they consider to be private.
The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;
Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office.
Data Protection Property Management Conference. What’s it got to do with me ? As a member of a management committee responsible for Guiding property you.
The Data Protection Act What the Act covers The misuse of personal data by organisations and businesses.
PROTECTION OF PERSONAL DATA. OECD GUIDELINES: BASIC PRINCIPLES OF NATIONAL APPLICATION Collection Limitation Principle There should be limits to the collection.
Session 1 An introduction to compliance. 1 Contents The compliance maze OFR and SRA Handbook Cost of compliance COLP and COFA Compliance arrangements.
Data Protection Act The Data Protection Act (DPA) is a balance between rights of the DATA SUBJECT and obligations of the DATA CONTROLLER DATA CONTROLLER.
Information Management in Retail: A Legal Perspective Chris Hill Barlow Lyde & Gilbert LLP 17 September 2009.
Breakaway Session 2: Data Protection and The Role of the Data Protection Supervisor Michael Mingle Director, NTSS Solutions (UK) D ATA P ROTECTION C ONFERENCE.
Computing, Ethics & The Law. The Law Copyright, Designs and Patents Act (1988) Computer Misuse Act (1990) Data Protection Act (1998) (8 Main Principles)
Session 12 Information management and security. 1 Contents Part 1: Introduction Part 2: Legal and regulatory responsibilities Part 3: Our Procedures Part.
Data Protection Philip Reed. Introduction What is data? What is data protection? Who needs your data? Who wants your data? Who does not need your data?
GCSE ICT Data and you: The Data Protection Act. Loyalty cards Many companies use loyalty cards to encourage consumers to use their shops and services.
Session 11 Data protection. 1 Contents Part 1: Introduction Part 2: Applicability and responsibility Part 3: Our procedures on data protection Part 4:
© University of Reading Lee Shailer 06 June 2016 Data Protection the basics.
Can you share? Yes you can!! Angus Council Adult Protection Maureen H Falconer, Senior Policy Officer Information Commissioner’s Office.
Information Security TechLink Seminar, 17 April 2013 James Knapton, Information Compliance Officer, Registrary’s Office.
Getting data sharing right for every child Maureen H Falconer Senior Policy Officer Information Commissioner’s Office.
Workshop Understanding your responsibilities under the Data Protection Act 1998 and the Freedom of Information Act 2000 Adele Rhodes Girling.
Data protection—training materials [Name and details of speaker]
1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.
Uses of brain imaging data: privacy and governance implications Dr. Hester Ward Medical Director, Information Services Division, (ISD) Consultant in Public.
Commissioning Services: with the DPA in mind South Yorkshire Information and Data Sharing Group Sheffield 14 th August 2014 Lynne Shackley Lead Policy.
Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.
Data protection and data sharing
Information Management in Government: A Legal Perspective
PowerPoint presentation
CISI – Financial Products, Markets & Services
Overview General Data Protection Regulation (GDPR)
Privacy Impact Assessments (PIAs)
General Data Protection Regulation
Data Protection Act.
Data Protection Legislation
GENERAL DATA PROTECTION REGULATION (GDPR)
G.D.P.R General Data Protection Regulations
Data Protection principles
Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .
Data protection and data sharing
General Data Protection Regulations 2018
Presentation transcript:

Data Protection in Financial Services Are you Seeing the Bigger Picture? 17 September 2008

Disclaimer 1.This presentation does not constitute specific legal advice 2.This talk is to raise awareness – not to solve specific problems 3.Opinions, errors and omissions are the speaker’s alone 4.This talk is designed to engender discussion about the risks associated with data security within the FSA regulated sector

17 September 2008 Why do we keep records?

17 September 2008 Data security: security of what?

17 September 2008 Rules, rules and more rules… Data Protection Act 1988 The Human Rights Act Telecommunications (Lawful Business Practice) Interception of Communications Regulations 2000 Companies Act Freedom of Information Act ….

17 September 2008 Data Protection Act 1998 “personal data” means data which relate to a living individual who can be identified— (a)from those data, or (b)from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller, and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual. Section 1 Data Protection Act 1998

17 September 2008 Data Protection Principles The Data Protection Act ‘The Eight Principles’ Fair and lawful processing Obtained for one or more lawful process Adequate, relevant and not excessive Not kept for longer than is necessary Processed in accordance with the data subject’s rights Appropriate technical measures to prevent unauthorised access, loss, damage or destruction No non-EEA data transfers without adequate levels of protection of data subject’s right

17 September 2008 FSA definition of ‘Data’ and ‘Personal Data’

17 September 2008 FSA Statutory Objectives Statutory Objectives market confidence: maintaining confidence in the financial system; public awareness: promoting public understanding of the financial system; consumer protection: securing the appropriate degree of protection for consumers; and the reduction of financial crime: reducing the extent to which it is possible for a business to be used for a purpose connected with financial crime.

17 September 2008 The FSA’s approach to regulation Risk based compliance Large firms = safe? Small firms = risky? Principles based compliance No rule to point to One size doesn’t fit all

17 September 2008 Regulatory overlap: FSA v ICO Statutory objectives Fair and lawful processing Obtained for one or more lawful process Adequate, relevant and not excessive Not kept for longer than is necessary Processed in accordance with the data subject’s rights Appropriate technical measures to prevent unauthorised access, loss, damage or destruction No non-EEA data transfers

17 September 2008 Regulatory overlap: FSA v ICO Principles for Business –Principle 3 – Systems and Controls –Principle 6 – Customer’s Interests –Principle 10 – Protection of Client Assets Fair and lawful processing Obtained for one or more lawful process Adequate, relevant and not excessive Not kept for longer than is necessary Processed in accordance with the data subject’s rights Appropriate technical measures to prevent unauthorised access, loss, damage or destruction No non-EEA data transfers

17 September 2008 Current initiative – ‘Treating Customers Fairly’ Fair and lawful processing Obtained for one or more lawful process Adequate, relevant and not excessive Not kept for longer than is necessary Processed in accordance with the data subject’s rights Appropriate technical measures to prevent unauthorised access, loss, damage or destruction No non-EEA data transfers Regulatory overlap: FSA v ICO {

17 September 2008 Stuff the ICO, the FSA is the new data protection regulator! ICO: £ 5,000 fine; personal liability for company officers; imprisonment FSA: unlimited fines; personal liability for Approved Persons

17 September 2008 ISO 27002:2005 – Code of Practice for Information Security Management Data Management 2. Security Policy 3. Organization of Information Security 5. Human Resources Security 4. Asset Management 7. Communications and Operations Management 6.Physical and Environmental Security 8. Access Control 10. Incident management 9. Information Systems Acquisition, Development, Maintenance 11. Business Continuity 12. Compliance

17 September 2008 Would you recognise when you have a data security issue?

17 September 2008 Their loss is your [potential] loss HBOS Alliance & Leicester Royal Bank of Scotland Scarborough Building Society Clydesdale Bank Natwest United National Bank Barclays Bank Co-operative Bank HFC Bank The Post Office CGNU BNPP Private Bank Nationwide Building Society Capita Financial Administrators Merchant Securities Group …to be continued?

17 September 2008 Steven Harrison John Shelvin Mail Source/Graphic Data …

17 September 2008 What is the biggest threat to data security in your firm?

17 September 2008 The true cost of good data management How to get senior management buy-in Protecting the firm’s reputation – 99% Protecting the firm’s assets - 84% Improving efficiency/cost reduction – 75% Enabling business opportunities - 68% Source: BERR 2008 Report

17 September 2008 Where do you go from here?

17 September 2008 Think laterally, not literally! Risk assess Draft, implement and test policies and procedures Train your staff appropriately Read widely from multiple sources, and assess relevance to your firm.

17 September 2008 Further Reading FSA Data Security in Financial Services Report – April The BERR 2008 Information Security Breaches Survey FSA Enforcement Action Final Notices Information Commissioner’s Office Enforcement Actions Information Commissioner’s Office Good Practice Guides - ction.aspx ction.aspx

17 September 2008 Further Information or Assistance Website: Tel:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.