SlideShare una empresa de Scribd logo

Privacy icms (handouts)

B
brentcarey
TecnologíaNoticias y política
1 de 13
Data Privacy and ICMS “Privacy Matters”
Learning Objectives Today you will hear about Victorian privacy requirements This session will better equip you to understand: •Privacy legislation & the definition of personal information; • data security procedures for responsibly handling production data; and • where to go for privacy and records management related help. “Privacy Matters”
What is information privacy?  Some control over who knows what about us.  About balancing: • the public interest in the free flow of information (to enable necessary government operations and services) with • the public interest in respecting privacy and protecting personal information of individuals. “Privacy Matters”
Privacy legislation Information Privacy Act State government agencies, (Vic) 2000 local councils, Ministers & Statutory agencies. Health Records Act (Vic) Health information in 2001 Victorian public and private sectors, hospitals, doctors & employers. “Privacy Matters”
Privacy – Key definitions Personal information Recorded information about a living identifiable or easily identifiable individual. Health information Information able to be linked to a living or deceased person about a person’s physical, mental or psychological health. Sensitive information Includes information about a person’s race or ethnicity and criminal record. Is a photo personal information? Are details of a person’s position and salary recorded on their personnel file? “Privacy Matters”
How does privacy relate to information security? Information Security is a component of privacy : • A secure approach facilitates access to, accuracy of and confidentiality of personal & health information so that the right people have the right information Information Security is one of the 10 Information Privacy Principles (IPPs) IPP4 –: • An organisation must take reasonable steps to: • (4.1) protect the personal information it holds from misuse and loss and from unauthorised access, modification or disclosure. • (4.2) destroy or permanently de-identify personal information if it is no longer needed for any purpose. “Privacy Matters”
Meaning of ‘reasonable steps’ The meaning of ‘reasonable steps’ is context dependent: •if the risk of a privacy breach is of sufficient concern; and •the means of providing better protection are known and feasible; but the organisation does not act on this awareness; then reasonable steps have not been taken. “Privacy Matters”
What might constitute reasonable steps in systems? • Typical reasonable steps for systems: – effective access control based on a manageable number of roles; – meaningful audit trails to the level of detail deemed necessary e.g. Single person look-up events, change of location events, remote access events & large access events – all users to be suitably trained to ensure that authorised parties are fully aware of their privacy responsibilities; – data encryption as appropriate; – well managed and monitored data connections (e.g. with other DoJ, contractors or VicPol); – informed, involved contract management of service providers (s17 IPA re outsourcing) – Reporting incidents of privacy breaches. “Privacy Matters”
Reasonable steps for ICMS systems You must You must not • Follow ICMS procedure • Leave production data • Anonymise or de-identify data early & wherever in an unsecured possible environment • Secure production data by • Email production data lock and key • Dispose of hard and soft • Keep copies of copy information securely production data longer • Expect to be able to justify your use of data than necessary “Privacy Matters”
De-identification messages • De-identifying data is considered a leading practice, and is also legislated in regulations such as the Information Privacy Act. • There are several options for de-identifying data, both operational and automated. These include – Data deletion – Data Mixing – Data replacement – Data Substitution – Encryption – Interjecting Unrelated Text – Modifying Numerical Data – Using an Isolated Testing Environment • Whatever de-identification method you use, you need to make sure the de-identification results are appropriate for the context of the application being tested, and must make sense to the person reviewing the test results. “Privacy Matters”
Remaining key privacy considerations • Collection (IPPs 8, 1, and 10) Collect only what you need. Do it lawfully, fairly, directly and not unreasonably intrusively. Tell people you are doing it and why. Be extra careful with sensitive information. • Use and Disclosure (IPPs 2 and 9) Use and disclose personal information for the reason you collected it. Other public interest reasons e.g. law enforcement, personal safety permit use and disclosure. Properly obtained consent allows any use or disclosure. If a person’s personal information travels interstate or overseas it must be protected by Victoria’s standards. “Privacy Matters”
Remaining Key privacy considerations Access & Correction (IPP6 & FOI Act)  People have a right to access & correct personal information.  Assume people will see what you write.  If involved in discovering documents respond promptly. Management (IPPs 3, 4, 5 & 7)  Keep personal information accurate & secure.  Follow Departmental policies. “Privacy Matters”
Where to go for help?  Privacy, Freedom of Information & Records Management materials are on J-NET>Our Business>Knowledge Management  Each of the Dept’s business units has a Privacy Coordinator • Court Services - Susan Brent 9603 9456 • ICMS – Jim Paterson 9093 8430 Brent Carey, Senior Privacy Adviser can be contacted on 8684 0071 or by e-mail privacy@justice.vic.gov.au  EDRMS (records) helpdesk 8684 0555; the FOI unit 8684 0063  Privacy Victoria 8619 8719 www.privacy.vic.gov.au “Privacy Matters”

Recomendados

Information privacy and Security
Information privacy and SecurityInformation privacy and Security
Information privacy and Security
AnuMarySunny
 
Confidentiality
ConfidentialityConfidentiality
Confidentiality
Jasleen Khalsa
 
Information Privacy
Information PrivacyInformation Privacy
Information Privacy
primeteacher32
 
Eight principles of consumer data privacy
Eight principles of consumer data privacyEight principles of consumer data privacy
Eight principles of consumer data privacy
Solix Technologies, Inc
 
Security and Safe Keeping of Official Information by DPO
Security and Safe Keeping of Official Information by DPOSecurity and Safe Keeping of Official Information by DPO
Security and Safe Keeping of Official Information by DPO
Atlantic Training, LLC.
 
Data Security
Data SecurityData Security
Data Security
ankita_kashyap
 
Handling information Standard by Skills for Care
Handling information Standard by Skills for CareHandling information Standard by Skills for Care
Handling information Standard by Skills for Care
Atlantic Training, LLC.
 
Data Protection In Ghana
Data Protection In GhanaData Protection In Ghana
Data Protection In Ghana
Emmanuel K Asare
 

Recomendados

Information privacy and Security
Information privacy and SecurityInformation privacy and Security
Information privacy and Security
AnuMarySunny
 
Confidentiality
ConfidentialityConfidentiality
Confidentiality
Jasleen Khalsa
 
Information Privacy
Information PrivacyInformation Privacy
Information Privacy
primeteacher32
 
Eight principles of consumer data privacy
Eight principles of consumer data privacyEight principles of consumer data privacy
Eight principles of consumer data privacy
Solix Technologies, Inc
 
Security and Safe Keeping of Official Information by DPO
Security and Safe Keeping of Official Information by DPOSecurity and Safe Keeping of Official Information by DPO
Security and Safe Keeping of Official Information by DPO
Atlantic Training, LLC.
 
Data Security
Data SecurityData Security
Data Security
ankita_kashyap
 
Handling information Standard by Skills for Care
Handling information Standard by Skills for CareHandling information Standard by Skills for Care
Handling information Standard by Skills for Care
Atlantic Training, LLC.
 
Data Protection In Ghana
Data Protection In GhanaData Protection In Ghana
Data Protection In Ghana
Emmanuel K Asare
 
Personal privacy and computer technologies
Personal privacy and computer technologiesPersonal privacy and computer technologies
Personal privacy and computer technologies
sidra batool
 
Ley protección de datos personales
Ley protección de datos personalesLey protección de datos personales
Ley protección de datos personales
Juan Carlos Carrillo
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protection
sp_krishna
 
Solutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionSolutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryption
Trend Micro
 
Data Protection (Download for slideshow)
Data Protection (Download for slideshow)Data Protection (Download for slideshow)
Data Protection (Download for slideshow)
Andrew Sharpe
 
Enlightened Privacy – by Design for a Smarter Grid
Enlightened Privacy – by Design for a Smarter GridEnlightened Privacy – by Design for a Smarter Grid
Enlightened Privacy – by Design for a Smarter Grid
bradley_g
 
What is Information Security and why you should care ...
What is Information Security and why you should care ...What is Information Security and why you should care ...
What is Information Security and why you should care ...
James Mulhern
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data Security
WilmerHale
 
Privacy by design for peerlyst meetup
Privacy by design for peerlyst meetupPrivacy by design for peerlyst meetup
Privacy by design for peerlyst meetup
Ishay Tentser
 
Rightscale webinar-hipaa-public-cloud
Rightscale webinar-hipaa-public-cloudRightscale webinar-hipaa-public-cloud
Rightscale webinar-hipaa-public-cloud
RightScale
 
Privacy by design for startups: legal and technology
Privacy by design for startups: legal and technologyPrivacy by design for startups: legal and technology
Privacy by design for startups: legal and technology
Ishay Tentser
 
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
Harrison Clark Rickerbys
 
Waldrons march 2013 v1.0
Waldrons march 2013 v1.0Waldrons march 2013 v1.0
Waldrons march 2013 v1.0
Advent IM Ltd
 
Avoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by DesignAvoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by Design
bradley_g
 
Privacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the artPrivacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the art
James Mulhern
 
Gdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulationGdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulation
James Mulhern
 
Looking back and forward: Improving Health Data Security in Utah
Looking back and forward: Improving Health Data Security in UtahLooking back and forward: Improving Health Data Security in Utah
Looking back and forward: Improving Health Data Security in Utah
State of Utah, Salt Lake City
 
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
Harrison Clark Rickerbys
 
PG & Associates
PG & AssociatesPG & Associates
PG & Associates
Premanandha Gangiah
 
Intro to information governance booklet
Intro to information governance bookletIntro to information governance booklet
Intro to information governance booklet
Gerardo Medina
 
Training for managers and supervisors presentation
Training for managers and supervisors presentationTraining for managers and supervisors presentation
Training for managers and supervisors presentation
brentcarey
 
Privacy presentation for regional directors july 2009
Privacy presentation for regional directors july 2009Privacy presentation for regional directors july 2009
Privacy presentation for regional directors july 2009
brentcarey
 

Más contenido relacionado

La actualidad más candente

Solutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionSolutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryption
Trend Micro
 
Rightscale webinar-hipaa-public-cloud
Rightscale webinar-hipaa-public-cloudRightscale webinar-hipaa-public-cloud
Rightscale webinar-hipaa-public-cloud
RightScale
 
Waldrons march 2013 v1.0
Waldrons march 2013 v1.0Waldrons march 2013 v1.0
Waldrons march 2013 v1.0
Advent IM Ltd
 
Looking back and forward: Improving Health Data Security in Utah
Looking back and forward: Improving Health Data Security in UtahLooking back and forward: Improving Health Data Security in Utah
Looking back and forward: Improving Health Data Security in Utah
State of Utah, Salt Lake City
 

La actualidad más candente (20)

Personal privacy and computer technologies
Personal privacy and computer technologiesPersonal privacy and computer technologies
Personal privacy and computer technologies
 
Ley protección de datos personales
Ley protección de datos personalesLey protección de datos personales
Ley protección de datos personales
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protection
 
Solutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionSolutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryption
 
Data Protection (Download for slideshow)
Data Protection (Download for slideshow)Data Protection (Download for slideshow)
Data Protection (Download for slideshow)
 
Enlightened Privacy – by Design for a Smarter Grid
Enlightened Privacy – by Design for a Smarter GridEnlightened Privacy – by Design for a Smarter Grid
Enlightened Privacy – by Design for a Smarter Grid
 
What is Information Security and why you should care ...
What is Information Security and why you should care ...What is Information Security and why you should care ...
What is Information Security and why you should care ...
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data Security
 
Privacy by design for peerlyst meetup
Privacy by design for peerlyst meetupPrivacy by design for peerlyst meetup
Privacy by design for peerlyst meetup
 
Rightscale webinar-hipaa-public-cloud
Rightscale webinar-hipaa-public-cloudRightscale webinar-hipaa-public-cloud
Rightscale webinar-hipaa-public-cloud
 
Privacy by design for startups: legal and technology
Privacy by design for startups: legal and technologyPrivacy by design for startups: legal and technology
Privacy by design for startups: legal and technology
 
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
 
Waldrons march 2013 v1.0
Waldrons march 2013 v1.0Waldrons march 2013 v1.0
Waldrons march 2013 v1.0
 
Avoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by DesignAvoid Privacy by Disaster by Adopting Privacy by Design
Avoid Privacy by Disaster by Adopting Privacy by Design
 
Privacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the artPrivacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the art
 
Gdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulationGdpr demystified - making sense of the regulation
Gdpr demystified - making sense of the regulation
 
Looking back and forward: Improving Health Data Security in Utah
Looking back and forward: Improving Health Data Security in UtahLooking back and forward: Improving Health Data Security in Utah
Looking back and forward: Improving Health Data Security in Utah
 
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
 
PG & Associates
PG & AssociatesPG & Associates
PG & Associates
 
Intro to information governance booklet
Intro to information governance bookletIntro to information governance booklet
Intro to information governance booklet
 

Destacado

Training for managers and supervisors presentation
Training for managers and supervisors presentationTraining for managers and supervisors presentation
Training for managers and supervisors presentation
brentcarey
 
Privacy presentation for regional directors july 2009
Privacy presentation for regional directors july 2009Privacy presentation for regional directors july 2009
Privacy presentation for regional directors july 2009
brentcarey
 
Ark presentation
Ark presentationArk presentation
Ark presentation
brentcarey
 
Privacy morwell june 09
Privacy morwell june 09 Privacy morwell june 09
Privacy morwell june 09
brentcarey
 
Privacy learning forum broadmeadows
Privacy learning forum broadmeadowsPrivacy learning forum broadmeadows
Privacy learning forum broadmeadows
brentcarey
 

Destacado (7)

Training for managers and supervisors presentation
Training for managers and supervisors presentationTraining for managers and supervisors presentation
Training for managers and supervisors presentation
 
Privacy presentation for regional directors july 2009
Privacy presentation for regional directors july 2009Privacy presentation for regional directors july 2009
Privacy presentation for regional directors july 2009
 
Ark presentation
Ark presentationArk presentation
Ark presentation
 
Privacy morwell june 09
Privacy morwell june 09 Privacy morwell june 09
Privacy morwell june 09
 
Privacy learning forum broadmeadows
Privacy learning forum broadmeadowsPrivacy learning forum broadmeadows
Privacy learning forum broadmeadows
 
Bebs update
Bebs updateBebs update
Bebs update
 
Frankston
FrankstonFrankston
Frankston
 

Similar a Privacy icms (handouts)

Privacy introduction
Privacy introduction Privacy introduction
Privacy introduction
brentcarey
 
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
PECB
 
2011 hildebrandt institute cio forum data privacy and security presentation...
2011 hildebrandt institute cio forum data privacy and security presentation...2011 hildebrandt institute cio forum data privacy and security presentation...
2011 hildebrandt institute cio forum data privacy and security presentation...
David Cunningham
 
Privacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidancePrivacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and Avoidance
Amy Purcell
 
Ethical Dimension and understanding Ethical Foundation of IT
Ethical Dimension and understanding Ethical Foundation of ITEthical Dimension and understanding Ethical Foundation of IT
Ethical Dimension and understanding Ethical Foundation of IT
Dr. Rosemarie Sibbaluca-Guirre
 
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Frank Dawson
 

Similar a Privacy icms (handouts) (20)

Privacy introduction
Privacy introduction Privacy introduction
Privacy introduction
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information Privacy
 
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
 
2011 hildebrandt institute cio forum data privacy and security presentation...
2011 hildebrandt institute cio forum data privacy and security presentation...2011 hildebrandt institute cio forum data privacy and security presentation...
2011 hildebrandt institute cio forum data privacy and security presentation...
 
Ecommerce Chap 10
Ecommerce Chap 10Ecommerce Chap 10
Ecommerce Chap 10
 
Privacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidancePrivacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and Avoidance
 
cybersecurity
cybersecurity cybersecurity
cybersecurity
 
Data Protection & Risk Management
Data Protection & Risk Management Data Protection & Risk Management
Data Protection & Risk Management
 
internet security and cyber lawUnit1
internet security and cyber lawUnit1internet security and cyber lawUnit1
internet security and cyber lawUnit1
 
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018
Next Dimension and Siskinds PIPEDA Legislation Updates as of November 1 2018
 
Siskinds | Incident Response Plan
Siskinds | Incident Response PlanSiskinds | Incident Response Plan
Siskinds | Incident Response Plan
 
Ethical Dimension and understanding Ethical Foundation of IT
Ethical Dimension and understanding Ethical Foundation of ITEthical Dimension and understanding Ethical Foundation of IT
Ethical Dimension and understanding Ethical Foundation of IT
 
Information Security
Information Security Information Security
Information Security
 
Securing your Data, Reporting Recommended Practices
Securing your Data, Reporting Recommended PracticesSecuring your Data, Reporting Recommended Practices
Securing your Data, Reporting Recommended Practices
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11
 
Data set Legislation
Data set Legislation Data set Legislation
Data set Legislation
 
Data set Legislation
Data set LegislationData set Legislation
Data set Legislation
 
Data set Legislation
Data set LegislationData set Legislation
Data set Legislation
 
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
 
Privacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be TellingPrivacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be Telling
 

Último

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 

Último (20)

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 

Privacy icms (handouts)

  • 1. Data Privacy and ICMS “Privacy Matters”
  • 2. Learning Objectives Today you will hear about Victorian privacy requirements This session will better equip you to understand: •Privacy legislation & the definition of personal information; • data security procedures for responsibly handling production data; and • where to go for privacy and records management related help. “Privacy Matters”
  • 3. What is information privacy?  Some control over who knows what about us.  About balancing: • the public interest in the free flow of information (to enable necessary government operations and services) with • the public interest in respecting privacy and protecting personal information of individuals. “Privacy Matters”
  • 4. Privacy legislation Information Privacy Act State government agencies, (Vic) 2000 local councils, Ministers & Statutory agencies. Health Records Act (Vic) Health information in 2001 Victorian public and private sectors, hospitals, doctors & employers. “Privacy Matters”
  • 5. Privacy – Key definitions Personal information Recorded information about a living identifiable or easily identifiable individual. Health information Information able to be linked to a living or deceased person about a person’s physical, mental or psychological health. Sensitive information Includes information about a person’s race or ethnicity and criminal record. Is a photo personal information? Are details of a person’s position and salary recorded on their personnel file? “Privacy Matters”
  • 6. How does privacy relate to information security? Information Security is a component of privacy : • A secure approach facilitates access to, accuracy of and confidentiality of personal & health information so that the right people have the right information Information Security is one of the 10 Information Privacy Principles (IPPs) IPP4 –: • An organisation must take reasonable steps to: • (4.1) protect the personal information it holds from misuse and loss and from unauthorised access, modification or disclosure. • (4.2) destroy or permanently de-identify personal information if it is no longer needed for any purpose. “Privacy Matters”
  • 7. Meaning of ‘reasonable steps’ The meaning of ‘reasonable steps’ is context dependent: •if the risk of a privacy breach is of sufficient concern; and •the means of providing better protection are known and feasible; but the organisation does not act on this awareness; then reasonable steps have not been taken. “Privacy Matters”
  • 8. What might constitute reasonable steps in systems? • Typical reasonable steps for systems: – effective access control based on a manageable number of roles; – meaningful audit trails to the level of detail deemed necessary e.g. Single person look-up events, change of location events, remote access events & large access events – all users to be suitably trained to ensure that authorised parties are fully aware of their privacy responsibilities; – data encryption as appropriate; – well managed and monitored data connections (e.g. with other DoJ, contractors or VicPol); – informed, involved contract management of service providers (s17 IPA re outsourcing) – Reporting incidents of privacy breaches. “Privacy Matters”
  • 9. Reasonable steps for ICMS systems You must You must not • Follow ICMS procedure • Leave production data • Anonymise or de-identify data early & wherever in an unsecured possible environment • Secure production data by • Email production data lock and key • Dispose of hard and soft • Keep copies of copy information securely production data longer • Expect to be able to justify your use of data than necessary “Privacy Matters”
  • 10. De-identification messages • De-identifying data is considered a leading practice, and is also legislated in regulations such as the Information Privacy Act. • There are several options for de-identifying data, both operational and automated. These include – Data deletion – Data Mixing – Data replacement – Data Substitution – Encryption – Interjecting Unrelated Text – Modifying Numerical Data – Using an Isolated Testing Environment • Whatever de-identification method you use, you need to make sure the de-identification results are appropriate for the context of the application being tested, and must make sense to the person reviewing the test results. “Privacy Matters”
  • 11. Remaining key privacy considerations • Collection (IPPs 8, 1, and 10) Collect only what you need. Do it lawfully, fairly, directly and not unreasonably intrusively. Tell people you are doing it and why. Be extra careful with sensitive information. • Use and Disclosure (IPPs 2 and 9) Use and disclose personal information for the reason you collected it. Other public interest reasons e.g. law enforcement, personal safety permit use and disclosure. Properly obtained consent allows any use or disclosure. If a person’s personal information travels interstate or overseas it must be protected by Victoria’s standards. “Privacy Matters”
  • 12. Remaining Key privacy considerations Access & Correction (IPP6 & FOI Act)  People have a right to access & correct personal information.  Assume people will see what you write.  If involved in discovering documents respond promptly. Management (IPPs 3, 4, 5 & 7)  Keep personal information accurate & secure.  Follow Departmental policies. “Privacy Matters”
  • 13. Where to go for help?  Privacy, Freedom of Information & Records Management materials are on J-NET>Our Business>Knowledge Management  Each of the Dept’s business units has a Privacy Coordinator • Court Services - Susan Brent 9603 9456 • ICMS – Jim Paterson 9093 8430 Brent Carey, Senior Privacy Adviser can be contacted on 8684 0071 or by e-mail privacy@justice.vic.gov.au  EDRMS (records) helpdesk 8684 0555; the FOI unit 8684 0063  Privacy Victoria 8619 8719 www.privacy.vic.gov.au “Privacy Matters”