Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data Protection Scenarios

Published byLucienne Beauregard Modified over 5 years ago

Similar presentations

Presentation on theme: "Data Protection Scenarios"— Presentation transcript:

1 Data Protection Scenarios

2 Moving Data What’s wrong with this Scenario?
You have a list of subscribers information that you need to move to another computer in the office: You’ve decided to use a USB device to do this When you’re finished you put the USB device in you pocket What’s wrong with this Scenario? North East Lincolnshire Council was find £80,000 after a serious data breach of sensitive information of hundreds of children with special educational needs was lost. The information was stored on an unencrypted memory stick and went missing.

3 Confidential Destruction
You have a large bag of confidential material, finance papers, etc… You are trying to save on your budget and decide to put these files into the normal recycle bag You then take this to the local ‘on-street’ recycling collection point You find out later that some former employees pension records have been posted on-line In 2012 Scottish Borders Council where fined £250,000 when these records where found in a supermarket car park

4 Sending Personal Data by email
You have a list of personal & sensitive data of your best donators and how much they have donated to your cause but they have requested anonymity You need to send the list to the Finance Officer But you forget you were also in the process of sending out a circular to every one on you mailing list You hit send and the personal sensitive data has been sent to everyone on the mailing list Discuss Surrey County Council was fined £120,000 after three data breaches, involving misdirected s.

5 Mobile device What can we do to be safe?
You use your phone to pick up It’s not password protected You don’t use the Outlook app (which is recommended by BCOS) You phone is stolen What can we do to be safe?

6 Mobile Device (2) You need to take your laptop to a conference to do a presentation It has the data base of all the people going on a Pilgrimage to Lourdes in a few weeks with all their medical data, but you need to work on this when you’re on the move You leave your laptop on the train Discuss Glasgow City Council was fined £150,000 for the loss of two unencrypted laptops

7 Mobile Device (3) Discuss
You have contacts on your smartphone You pair this with your car’s Bluetooth handsfree You put your car in for service. Who has access to the contacts? Discuss In our own case the contacts are downloaded from the phone each time we connect and are not accessible from the car handsfree without the phone being present. In other makes/models of car the contacts are stored in the handsfree unit, so would be accessible to a service mechanic.

8 Identify and discuss any Data Protection issues
Theft of Data You are a Voluntary Youth Centre and have vulnerable young people passing through. You have 3 desktop computers, one of which you use to share information with the local council and the with other social services. Nothing has been deleted from the PC in over 5 year's. It is password protected “XYZ123” which is also located on a post-it note inside the desk drawer. Its never been changed. The Centre is broken into and the desktops are all stolen Identify and discuss any Data Protection issues

9 Theft of Data (2) Organisational and Technical Security of Personal data Retention of Personal data – Keeping data longer than needed Data Sharing - there was no agreement in place between the Council and the Centre Password – Keep it safe in your head Lack of Technical Security - there is no obligation to encrypt desktop computers, but it helps Training of staff

Download ppt "Data Protection Scenarios"

Similar presentations

Pennsylvania BANNER Users Group 2007 Disaster Recover For The Financial Aid Environment.

Pennsylvania BANNER Users Group 2007 Disaster Recover For The Financial Aid Environment.
Financial Services Workshop Margaret Umphrey ECU Information Security Officer March 12, 2014 1IT Security, East Carolina University.

Financial Services Workshop Margaret Umphrey ECU Information Security Officer March 12, IT Security, East Carolina University.
This time it’s personal: consumerising records management

This time it’s personal: consumerising records management
Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.

Key Changes to HIPAA from the Stimulus Bill (ARRA) Children’s Health System Department Leadership Meeting October 28, 2009 Kathleen Street Privacy Officer/Risk.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 25 & 27 November 2013.
1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.

1 Electronic Information Security – What Researchers Need to Know University of California Office of the President Office of Research May 2005.
For further information computersecurity.wlu.ca

For further information computersecurity.wlu.ca
The Identity Theft Protection Act of 2005 Kim D’Arruda Roy Cooper Attorney General.

The Identity Theft Protection Act of 2005 Kim D’Arruda Roy Cooper Attorney General.
SAFEGUARDING DHS CLIENT DATA PART 2 SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure.

SAFEGUARDING DHS CLIENT DATA PART 2 SAFEGUARDING PHI AND HIPAA Safeguards must: Protect PHI from accidental or intentional unauthorized use/disclosure.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.

Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.
Module #1: Introduction to Cyber Security

Module #1: Introduction to Cyber Security
9/20/07 STLSecurity is Everyone's Responsibility 1 FHDA Technology Security Awareness.

9/20/07 STLSecurity is Everyone's Responsibility 1 FHDA Technology Security Awareness.
Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.

Personal Data Protection and Security Measures Justin Law IT Services - Information Security Team 18, 20 & 25 March 2015.
Beyond WiFi: Securing Your Mobile Devices Thomas Kuhn Information Technology Assistance Center (iTAC) Kansas State University.

Beyond WiFi: Securing Your Mobile Devices Thomas Kuhn Information Technology Assistance Center (iTAC) Kansas State University.
Government Databases and You or How I Learned to Stop Worrying and Love Information Loss. By Patrick Fahey Mis 304.

Government Databases and You or How I Learned to Stop Worrying and Love Information Loss. By Patrick Fahey Mis 304.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.

1 Enterprise Security Your Information Security and Privacy Responsibilities © 2008 Providence Health & Services This information may be replicated for.
Information Security Steven Hall 21 st Jan 2009. Today’s Presentation Why do this now? What is information? The effects of lost information Newcastle.

Information Security Steven Hall 21 st Jan Today’s Presentation Why do this now? What is information? The effects of lost information Newcastle.
HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)

HIPAA What’s Said Here – Stays Here…. WHAT IS HIPAA  Health Insurance Portability and Accountability Act  Purpose is to protect clients (patients)

Similar presentations

Ads by Google