Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cloud Data Privacy and Data Sovereignty Chris Dury

Published bySalvatore Randall Modified over 9 years ago

Similar presentations

Presentation on theme: "Cloud Data Privacy and Data Sovereignty Chris Dury"— Presentation transcript:

1 Cloud Data Privacy and Data Sovereignty Chris Dury chris@dury.me

2 Agenda Government Leadership Australian and State Government Frameworks for Mortals Managing and Evaluating Risk Office 365 Compliance

3 Australian Government Leadership Opens $5B in ICT spending to cloud Requires federal agencies to consider cloud

4 Australian Government Leadership GOAL:- “The Australian Government will be a leader in the use of cloud services to achieve greater efficiency, generate greater value from ICT investment, deliver better services and support a more flexible workforce STATEMENT:- Australian Government agencies will: - consider cloud services for new ICT procurements - commence procurement of public cloud services for their test & dev needs, as appropriate value for money - transition public facing websites to public cloud hosting at natural ICT refresh points - establish info sharing initiatives to facilitate continual improvement, case studies, risk models, lessons etc

5 SA Government Leadership Discussion Paper which focuses on the importance of “connectedness” and improving the state’s ability to innovate Digital by default Moving from… Buying software to buying services Big monolithic projects to rapid prototyping Competing for resources to sharing first Little mention of… Social Computing Cloud Computing

6 Security Policies and Frameworks Standards

7 What does it mean for Office 365? ISMF Standard 12 - Section 7.2.1. Risk identification associated with external organisations - Responsible Parties must conduct a thorough risk assessment in accordance with Section 5.1 of the PSMF and supported by the Government of South Australia Risk Management Policy Statement prior to granting access to information and/or information processing facilities by any External Organisation. 7.2.2 ISMF Standard 13 Access provided to third parties (including customers, contractors etc.) shall be controlled based on the specific business requirements of the Responsible Party

8 So… There are no specific aversions to cloud based technologies, and There are no requirements for cloud infrastructure to be hosted in Australia If… A Risk Assessment is completed, and The Business Requirements are compatible

9 Because… Privacy Act 1988 Schedule 3 – National Privacy Principles – 9 – Trans border Data flows An organisation in Australia or an external Territory may transfer personal information about an individual to someone (other than the organisation or the individual) who is in a foreign country only if: (a) the organisation reasonably believes that the recipient of the information is subject to a law, binding scheme or contract which effectively upholds principles for fair handling of the information that are substantially similar to the National Privacy Principles; or

10 Risk Assessment

11

12 Office 365 Compliance http://trustoffice365.com/

13

14 Bridging the gap Use Rights Management Service E3,E4 or On-Premise Use your Risk Assessment to build a Classification Scheme and don’t store certain data in the cloud Office 365 provides What you need to do

15

16 Questions & Next steps Microsoft is working to reduce uncertainty with PSPF, ISMF More Risk Analysis Tools coming

Download ppt "Cloud Data Privacy and Data Sovereignty Chris Dury"

Similar presentations

Governance, Risk, Compliance & Trust Presentation to KPMG May 20, 2009 By Alex Todd

Governance, Risk, Compliance & Trust Presentation to KPMG May 20, 2009 By Alex Todd
IP in Government Contracts Under the Whole of Victorian Government Intellectual Property Policy.

IP in Government Contracts Under the Whole of Victorian Government Intellectual Property Policy.
1 Division of Aging and Adult Services (DAAS) Knowledge Management and Transfer Project 7/30/12.

1 Division of Aging and Adult Services (DAAS) Knowledge Management and Transfer Project 7/30/12.
1. 2 August 2009 - Recommendation 9.1 of the Strategic Information Technology Advisory Committee (SITAC) report initiated the effort to create an Administrative.

1. 2 August Recommendation 9.1 of the Strategic Information Technology Advisory Committee (SITAC) report initiated the effort to create an Administrative.
Research Administration Capacity Building in an Established Institution Presenter: M.M.Aboud, MD Director of Research and Publications, MUHAS.

Research Administration Capacity Building in an Established Institution Presenter: M.M.Aboud, MD Director of Research and Publications, MUHAS.
Victoria’s IP Policy and Records Management Richard Vinciullo, Manager, Government IP Policy.

Victoria’s IP Policy and Records Management Richard Vinciullo, Manager, Government IP Policy.
© 2013 Rainmaker Solutions Limited. All rights reserved. G-Cloud Services – Lot 4 Cloud Consultancy.

© 2013 Rainmaker Solutions Limited. All rights reserved. G-Cloud Services – Lot 4 Cloud Consultancy.
Little cloud – big difference Matt Healy – Chairman, OzHub April 2012.

Little cloud – big difference Matt Healy – Chairman, OzHub April 2012.
International Telecommunication Union HIPSSA Project Support for Harmonization of the ICT Policies in Sub-Sahara Africa.

International Telecommunication Union HIPSSA Project Support for Harmonization of the ICT Policies in Sub-Sahara Africa.
1 Life Insurance Policy Review.

1 Life Insurance Policy Review.
Governor’s Center for Efficient Government. Mission The mission of the Governor's Center for Efficient Government is to promote fair and transparent best.

Governor’s Center for Efficient Government. Mission The mission of the Governor's Center for Efficient Government is to promote fair and transparent best.
Cloud Computing - clearing the fog Rob Gear 8 th December 2009.

Cloud Computing - clearing the fog Rob Gear 8 th December 2009.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
LGAP’s Initiatives to Support Procurement in Local Government

LGAP’s Initiatives to Support Procurement in Local Government
Welcome! Internal Auditing CHAPTER 1. Definition Internal auditing is an independent, objective, assurance and consulting activity designed to add value.

Welcome! Internal Auditing CHAPTER 1. Definition Internal auditing is an independent, objective, assurance and consulting activity designed to add value.
Auditor General’s Office One key audit focus area – Compliance with Laws and Regulations.

Auditor General’s Office One key audit focus area – Compliance with Laws and Regulations.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Managing Personal Information - Australian Companies Outsourcing to India and the Philippines Professor Margaret Jackson and Marita Shelly.

Managing Personal Information - Australian Companies Outsourcing to India and the Philippines Professor Margaret Jackson and Marita Shelly.
ISS IT Assessment Framework

ISS IT Assessment Framework
What is Cloud Computing? o Cloud computing:- is a style of computing in which dynamically scalable and often virtualized resources are provided as a service.

What is Cloud Computing? o Cloud computing:- is a style of computing in which dynamically scalable and often virtualized resources are provided as a service.

Similar presentations

Ads by Google