SlideShare ist ein Scribd-Unternehmen logo

CTO Cybersecurity Forum 2013 Patricia Dovi Sampson

Commonwealth Telecommunications Organisation
Commonwealth Telecommunications Organisation

Supporting the global efforts in strengthening the safety, security and resilience of Cyberspace, the Commonwealth Cybersecurity Forum 2013, organised by the Commonwealth Telecommunications Organisation. The ceremonial opening examined how Cyberspace could be governed and utilised in a manner to foster freedom and entrepreneurship, while protecting individuals, property and the state, leading to socio-economic development. Speakers of this session, Mr Mario Maniewicz, Chief, Department of Infrastructure, Enabling Environment and E-Applications, ITU; Mr David Pollington, Director, International Security Relations, Microsoft; Mr Alexander Seger, Secretary, Cybercrime Convention Committee, Council of Europe; Mr Nigel Hickson, Vice President, Europe, ICANN and Mr Pierre Dandjinou, Vice President, Africa, ICANN, added their perspectives on various approaches to Cybergovernance, with general agreement on the role Cyberspace could play to facilitate development equitably and fairly across the world. Hosted by the Ministry of Posts and Telecommunications of Cameroon together with the Telecommunications Regulatory Board of Cameroon and backed by partners and industry supporters including ICANN, Council of Europe, Microsoft, MTN Cameroon, AFRINIC and Internet Watch Foundation, the Commonwealth Cybersecurity Forum 2013 seeks to broaden stakeholder dialogue to facilitate practical action in Cybergovernance and Cybersecurity, some of which will be reflected in the CTO’s own work programmes under its Cybersecurity agenda.

TechnologieBusiness
1 von 29
Privacy & Security in the Information Age Data Protection Act N a t i o n a l I n f o r m a t i o n T e c h n o l o g y A g e n c y ( N I T A ) Tony A Bediako, Director Strategy & Architecture April 26, 2013 Patricia Dovi Sampson, Director Research, Statistics & Information Management Ministry of Communications, Ghana
N a t i o n a l I n f o r m a t i o n T e c h n o l o g y A g e n c y ( N I T A ) Tony A Bediako, Director Strategy & Architecture Agenda  Privacy in The Information Age  The right to privacy  WhyWe Need Legislation  Purpose of the Act  The Data Protection Act ◦ Definitions ◦ Principles ◦ Rights ◦ Enforcement/ Supervision ◦ Exemptions / S ◦ DPA Issues:The Media;The Internet kenne Patricia Dovi Sampson, Director Research, Statistics & Information Management Ministry of Communications, Ghana
N a t i o n a l I n f o r m a t i o n T e c h n o l o g y A g e n c y ( N I T A ) Tony A Bediako, Director Strategy & Architecture Privacy inThe Information Age  Today, we leave “an electronic trail” from: ◦ Surfing the Internet & mobile phones ◦ Bank cash points & credit cards ◦ Supermarket loyalty cards  Not to mention: ◦ CCTVs in city centres (with face recognition) ◦ Speed cameras (number plate recognition) ◦ Banks, employers, govt, and credit agencies Patricia Dovi Sampson, Director Research, Statistics & Information Management Ministry of Communications, Ghana
N a t i o n a l I n f o r m a t i o n T e c h n o l o g y A g e n c y ( N I T A ) Tony A Bediako, Director Strategy & Architecture The Right to Privacy  Do we / should we have a right to privacy?  We all have personal details which we would generally expect to be kept confidential – Examples:  Financial (bank details), professional (salary), tax status, credit status, health status, sexual preference, criminal record, political affiliation etc  Often, employers and govt agencies need to know some of this information, BUT:  Until recently, Ghanaians had no legal right to privacy Patricia Dovi Sampson, Director Research, Statistics & Information Management Ministry of Communications, Ghana
N a t i o n a l I n f o r m a t i o n T e c h n o l o g y A g e n c y ( N I T A ) Tony A Bediako, Director Strategy & Architecture Why we need Legislation  Modern technology means: ◦ Data can be retrieved & processed quickly ◦ Data is easily copied & sent over networks ◦ Errors are easily replicated but hard to fix  The consequences of misuse or even simple mistakes can be severe: ◦ You could be refused credit or employment ◦ You could be misrepresented (defamation) ◦ You could wrongly accused of crime/fraud, etc. Patricia Dovi Sampson, Director Research, Statistics & Information Management Ministry of Communications, Ghana
N a t i o n a l I n f o r m a t i o n T e c h n o l o g y A g e n c y ( N I T A ) Tony A Bediako, Director Strategy & Architecture The Purpose of the Act • Balances an individual’s right to privacy against an organisation’s need to use data relating to the individual for the purposes of their business – this includes where that purpose is research • Defines a series of “rules” to follow when managing personal data –which include some exemptions especially for the use of data when conducting research. • Sets out levels of “punishments” that can be handed out to organisations and individuals who fail to stay within the rules. Patricia Dovi Sampson, Director Research, Statistics & Information Management Ministry of Communications, Ghana
N a t i o n a l I n f o r m a t i o n T e c h n o l o g y A g e n c y ( N I T A ) Tony A Bediako, Director Strategy & Architecture The Data Protection Act • Definitions • Principles • Rights • Enforcement • DPA Issues:The Media;The Internet Patricia Dovi Sampson, Director Research, Statistics & Information Management Ministry of Communications, Ghana
N a t i o n a l I n f o r m a t i o n T e c h n o l o g y A g e n c y ( N I T A ) Tony A Bediako, Director Strategy & Architecture Definitions  Data: ◦ Information which is recorded as part of a “relevant filing system”  Personal Data: ◦ Data relating to a living, identifiable person  Relevant Filing System: ◦ Such technology that specific information on a particular individual is readily accessible Patricia Dovi Sampson, Director Research, Statistics & Information Management Ministry of Communications, Ghana
N a t i o n a l I n f o r m a t i o n T e c h n o l o g y A g e n c y ( N I T A ) Tony A Bediako, Director Strategy & Architecture Definitions Cont.  Data Subject: ◦ Individual who is the subject of personal data  Data Controller (individual or undertaking): ◦ Determines the purposes for which and the manner in which any personal data are, or are to be, processed  Data Processor: ◦ Any person who processes the data on behalf of the data controller Patricia Dovi Sampson, Director Research, Statistics & Information Management Ministry of Communications, Ghana
N a t i o n a l I n f o r m a t i o n T e c h n o l o g y A g e n c y ( N I T A ) Tony A Bediako, Director Strategy & Architecture Definitions Cont.  Personal data is defined as:  Data relating to a living individual who (a) can be identified from those data, or (b) can be identified from those data and other information held by the data controller, including any expressions of opinion about that individual Patricia Dovi Sampson, Director Research, Statistics & Information Management Ministry of Communications, Ghana
N a t i o n a l I n f o r m a t i o n T e c h n o l o g y A g e n c y ( N I T A ) Tony A Bediako, Director Strategy & Architecture Definitions Cont.  Sensitive Data is defined as data relating to: ◦ Racial or ethnic origin ◦ Political opinions, or religious or other similar beliefs ◦ Trade union membership ◦ Status of physical or mental health ◦ Sexual life ◦ Criminal record and court case appearances  Processing sensitive data requires special conditions to be satisfied under the Act Patricia Dovi Sampson, Director Research, Statistics & Information Management Ministry of Communications, Ghana
N a t i o n a l I n f o r m a t i o n T e c h n o l o g y A g e n c y ( N I T A ) Tony A Bediako, Director Strategy & Architecture Principles The data controller has a statutory duty to ensure that personal data are: 1. Processed fairly and lawfully, plus schedules 2 & 3 2. Processed only for specified and lawful purpose(s) 3. Adequate, relevant and not excessive 4. Accurate and kept up-to-date 5. Not kept longer than necessary 6. Respectful of data subjects’ rights 7. Kept secure by technical/organisational means 8. Transfers outside Ghana Patricia Dovi Sampson, Director Research, Statistics & Information Management Ministry of Communications, Ghana
N a t i o n a l I n f o r m a t i o n T e c h n o l o g y A g e n c y ( N I T A ) Tony A Bediako, Director Strategy & Architecture Principles 1 Fair and Legal Processing 1. Obtaining Data • identify the Data Controller • state a clear purpose why it is required • what is involved in participation • data uses – primary research, storing, processing, re-use, sharing, archiving, publishing, • strategies to ensure confidentiality of data where this is relevant –anonymisation etc 2. Legitimate Processing • data Subject must give consent • processing is in legitimate interests of Data Controller 3. Processing of Sensitive Data – Informed Consent Patricia Dovi Sampson, Director Research, Statistics & Information Management Ministry of Communications, Ghana
N a t i o n a l I n f o r m a t i o n T e c h n o l o g y A g e n c y ( N I T A ) Tony A Bediako, Director Strategy & Architecture Principles 2 Processed only for specified and lawful purpose(s)  Personal data shall be obtained only for specified and lawful purposes, and shall not be further processed in any manner incompatible with those purposes However, researchers may be provided with an exemption. They may not need to further consent from the individual if: • it was not initially anticipated that the data would be used for research purposes, and • it is deemed as not practical to retrospectively inform the individuals, and From a Other perspective • that he use of the data has been approved by the ethics committee Patricia Dovi Sampson, Director Research, Statistics & Information Management Ministry of Communications, Ghana
N a t i o n a l I n f o r m a t i o n T e c h n o l o g y A g e n c y ( N I T A ) Tony A Bediako, Director Strategy & Architecture Principles 3 Adequate, relevant and not excessive  Personal data shall be adequate, relevant and not excessive in relation to the purposes for which it is processed • this means that researchers are only allowed to obtain the information required to complete the task at hand. • there should be no “stock piling” of information you think might be useful “later on” – this is different to finding a new use for information already held • if there is a valid reason for asking someone their ethnicity it is permitted, if it does not contribute to the research - it should not be asked. • If the information is collected for research it should not be used for any other purpose Patricia Dovi Sampson, Director Research, Statistics & Information Management Ministry of Communications, Ghana
N a t i o n a l I n f o r m a t i o n T e c h n o l o g y A g e n c y ( N I T A ) Tony A Bediako, Director Strategy & Architecture Principles 4 Accurate and kept up-to-date • Personal data shall be accurate, and where necessary, kept up to date • researchers have a duty to ensure that the information they collect is accurate • they are not required to keep the information up to date unless it is absolutely necessary for ongoing research • For example, where you will go back to the subjects again • where the research is based around a “snap shot” in time, there is no need to go back and update it Patricia Dovi Sampson, Director Research, Statistics & Information Management Ministry of Communications, Ghana
N a t i o n a l I n f o r m a t i o n T e c h n o l o g y A g e n c y ( N I T A ) Tony A Bediako, Director Strategy & Architecture Principles 5 Retention and Disposal /Not kept longer than necessary  Personal data shall not be kept for longer than is necessary, for the purposes for which it is being processed • Records should be retained as evidence of the project • How it was managed - controlled • The procedures followed • The data collected • Standard University Retention periods are available • External funded research may be subject to their own retention periods – check them • Make sure you specify the correct retention period when you seek consent- holding it for longer than permitted would be a breach! Patricia Dovi Sampson, Director Research, Statistics & Information Management Ministry of Communications, Ghana
N a t i o n a l I n f o r m a t i o n T e c h n o l o g y A g e n c y ( N I T A ) Tony A Bediako, Director Strategy & Architecture Principles 6 Respectful of data subjects’ rights  Personal data shall be processed in accordance with the rights of data subjects under this Act • This means that you cannot do things that violate the rights given to data subjects, especially denying access • They have the right to object to processing which may cause unwarranted damage or distress • They have the right to withdraw consent • Right to ask the Information Commissioner to assess an organisation’s processing for compliance – Possible Compensation or fines Patricia Dovi Sampson, Director Research, Statistics & Information Management Ministry of Communications, Ghana
N a t i o n a l I n f o r m a t i o n T e c h n o l o g y A g e n c y ( N I T A ) Tony A Bediako, Director Strategy & Architecture Principles 7 Kept secure by technical/organisational means  Appropriate security measures shall be taken against the unauthorised or unlawful processing, accidental loss , destruction , or damage of personal data  Store personal data on a secure server – not hard drives  Make use of central filing  Avoid duplication as much as possible  Restrict access on the basis of authority levels  Use strong password protected documents and screensavers  Change passwords at regular intervals  Do not use global passwords  Keep paper records under lock and key Patricia Dovi Sampson, Director Research, Statistics & Information Management Ministry of Communications, Ghana
N a t i o n a l I n f o r m a t i o n T e c h n o l o g y A g e n c y ( N I T A ) Tony A Bediako, Director Strategy & Architecture Security  Determine what is appropriate having regard to - ◦ the nature of the personal data to be protected ◦ the resulting harm which might arise from a breach ◦ state of the art & implementation cost ◦ the effectiveness of existing measures ◦ reliability of staff (e.g. appropriate training for all staff) Patricia Dovi Sampson, Director Research, Statistics & Information Management Ministry of Communications, Ghana
N a t i o n a l I n f o r m a t i o n T e c h n o l o g y A g e n c y ( N I T A ) Tony A Bediako, Director Strategy & Architecture Risk  Is there proof that all reasonable steps have been taken to comply with DPA’s security duties?  Are security standards for industry or sector being met?  Is there a security policy?  Is there a business continuity plan to cover inability to process data in an emergency?  Does management take security seriously?  Are the service provider’s staff adequately trained in respect of data protection requirements? Have they been security vetted? Patricia Dovi Sampson, Director Research, Statistics & Information Management Ministry of Communications, Ghana
N a t i o n a l I n f o r m a t i o n T e c h n o l o g y A g e n c y ( N I T A ) Tony A Bediako, Director Strategy & Architecture Risk  What contractual security obligations have you imposed upon the service provider?  Is there a duty upon the service provider to report data security breaches?  What powers do you have to audit the service provider to ensure that they are complying with their data protection obligations?  What are the known risks for the kind of processing undertaken?  Are data transferred securely?  Is encryption used when data are processed on mobile devices? Patricia Dovi Sampson, Director Research, Statistics & Information Management Ministry of Communications, Ghana
N a t i o n a l I n f o r m a t i o n T e c h n o l o g y A g e n c y ( N I T A ) Tony A Bediako, Director Strategy & Architecture Principles 8 Data transfers outside of Ghana “Personal data shall not be transferred to a country or territory outside Ghana unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data” Patricia Dovi Sampson, Director Research, Statistics & Information Management Ministry of Communications, Ghana
N a t i o n a l I n f o r m a t i o n T e c h n o l o g y A g e n c y ( N I T A ) Tony A Bediako, Director Strategy & Architecture Rights  Individuals have the following rights under the DPA: 1. Subject access 2. Object to processing in certain circumstances 3. Object to direct marketing (promotion of aims & ideals is marketing) 4. Automated decisions 5. Ask court to order compensation for damage caused by controller’s breach of principles 6. Ask court to order correction of inaccurate data  Controller liable under 6th Principle for 1-4 above Patricia Dovi Sampson, Director Research, Statistics & Information Management Ministry of Communications, Ghana
N a t i o n a l I n f o r m a t i o n T e c h n o l o g y A g e n c y ( N I T A ) Tony A Bediako, Director Strategy & Architecture Enforcement  If the Information Commissioner finds that the DPA has been breached by a DC, he/she serves an enforcement notice on the DC  The notice identifies the breach or omission, and specifies how to correct it ◦ Failure to comply is an offence ◦ However, a DC may appeal to the DP tribunal ◦ With the approval of the Director of Public Prosecutions, legal proceedings may follow, which could result in a fine Patricia Dovi Sampson, Director Research, Statistics & Information Management Ministry of Communications, Ghana
N a t i o n a l I n f o r m a t i o n T e c h n o l o g y A g e n c y ( N I T A ) Tony A Bediako, Director Strategy & Architecture Exemptions  Certain agencies or types of data are exempt from the DPA ◦ National Security ◦ Tax/revenue gathering agencies ◦ Judicial appointments & honours ◦ Corporate finance / negotiations ◦ Legal/professional privilege (doctor/patient) ◦ Human embryos/ IVF/adoption Patricia Dovi Sampson, Director Research, Statistics & Information Management Ministry of Communications, Ghana
N a t i o n a l I n f o r m a t i o n T e c h n o l o g y A g e n c y ( N I T A ) Tony A Bediako, Director Strategy & Architecture Supervision  Data Controllers must apply for registration on the Data Protection Register  DPR is overseen by the Information Commissioner  On registration (notification), DCs must provide details of the data to be stored and its use, and the measures to be taken to comply with the Act (including data security and data transfer)  Note:“notification” does not mean “licensing”  DCs do not need to wait for approval from DPR  Establishment of Data Protection Commission Patricia Dovi Sampson, Director Research, Statistics & Information Management Ministry of Communications, Ghana
N a t i o n a l I n f o r m a t i o n T e c h n o l o g y A g e n c y ( N I T A ) Tony A Bediako, Director Strategy & Architecture DPA Issues: The Media  The DPA has special provisions for journalism, and artistic or literary purposes ◦ Basically, journalists/authors may hold/use personal data for journalistic/artistic/literary purposes only if the data are necessary to reconcile the rights to privacy with the rules governing freedom of expression  So, investigative journalists & political strategists or commentators are not treated as Data Controllers!! Patricia Dovi Sampson, Director Research, Statistics & Information Management Ministry of Communications, Ghana
N a t i o n a l I n f o r m a t i o n T e c h n o l o g y A g e n c y ( N I T A ) Tony A Bediako, Director Strategy & Architecture The End ThankYou! CONTACT Email: Patricia.dovi-sampson@moc.gov.gh : sampsonpatricia@hotmail.com Patricia Dovi Sampson, Director Research, Statistics & Information Management Ministry of Communications (MoC), Ghana

Empfohlen

Dataprotectionactnew13 12-11-111213033116-phpapp02
Dataprotectionactnew13 12-11-111213033116-phpapp02Dataprotectionactnew13 12-11-111213033116-phpapp02
Dataprotectionactnew13 12-11-111213033116-phpapp02tinkusing
 
SQL Server and Azure Mobile Business Intelligence
SQL Server and Azure Mobile Business IntelligenceSQL Server and Azure Mobile Business Intelligence
SQL Server and Azure Mobile Business IntelligenceJen Stirrup
 
Applying the Personal Data Protection Act (Singapore)
Applying the Personal Data Protection Act (Singapore)Applying the Personal Data Protection Act (Singapore)
Applying the Personal Data Protection Act (Singapore)Benjamin Ang
 
IoT PPT Deck
IoT PPT DeckIoT PPT Deck
IoT PPT DeckJohn Yates
 
General Data Protection Regulation: what do you need to do to get prepared? -...
General Data Protection Regulation: what do you need to do to get prepared? -...General Data Protection Regulation: what do you need to do to get prepared? -...
General Data Protection Regulation: what do you need to do to get prepared? -...IISPEastMids
 
Information technology act 2000.avi
Information technology act 2000.aviInformation technology act 2000.avi
Information technology act 2000.aviavinashmsy
 
Internet Security and Legal Compliance: Cyber Law in India
Internet Security and Legal Compliance: Cyber Law in IndiaInternet Security and Legal Compliance: Cyber Law in India
Internet Security and Legal Compliance: Cyber Law in IndiaRodney D. Ryder
 
New General Data Protection Regulation (Agnes Andersson Hammarstrand)
New General Data Protection Regulation (Agnes Andersson Hammarstrand)New General Data Protection Regulation (Agnes Andersson Hammarstrand)
New General Data Protection Regulation (Agnes Andersson Hammarstrand)Nordic APIs
 

Empfohlen

Dataprotectionactnew13 12-11-111213033116-phpapp02
Dataprotectionactnew13 12-11-111213033116-phpapp02Dataprotectionactnew13 12-11-111213033116-phpapp02
Dataprotectionactnew13 12-11-111213033116-phpapp02tinkusing
 
SQL Server and Azure Mobile Business Intelligence
SQL Server and Azure Mobile Business IntelligenceSQL Server and Azure Mobile Business Intelligence
SQL Server and Azure Mobile Business IntelligenceJen Stirrup
 
Applying the Personal Data Protection Act (Singapore)
Applying the Personal Data Protection Act (Singapore)Applying the Personal Data Protection Act (Singapore)
Applying the Personal Data Protection Act (Singapore)Benjamin Ang
 
IoT PPT Deck
IoT PPT DeckIoT PPT Deck
IoT PPT DeckJohn Yates
 
General Data Protection Regulation: what do you need to do to get prepared? -...
General Data Protection Regulation: what do you need to do to get prepared? -...General Data Protection Regulation: what do you need to do to get prepared? -...
General Data Protection Regulation: what do you need to do to get prepared? -...IISPEastMids
 
Information technology act 2000.avi
Information technology act 2000.aviInformation technology act 2000.avi
Information technology act 2000.aviavinashmsy
 
Internet Security and Legal Compliance: Cyber Law in India
Internet Security and Legal Compliance: Cyber Law in IndiaInternet Security and Legal Compliance: Cyber Law in India
Internet Security and Legal Compliance: Cyber Law in IndiaRodney D. Ryder
 
New General Data Protection Regulation (Agnes Andersson Hammarstrand)
New General Data Protection Regulation (Agnes Andersson Hammarstrand)New General Data Protection Regulation (Agnes Andersson Hammarstrand)
New General Data Protection Regulation (Agnes Andersson Hammarstrand)Nordic APIs
 
Polina Zvyagina - Airbnb - Privacy & GDPR Compliance - Stanford Engineering -...
Polina Zvyagina - Airbnb - Privacy & GDPR Compliance - Stanford Engineering -...Polina Zvyagina - Airbnb - Privacy & GDPR Compliance - Stanford Engineering -...
Polina Zvyagina - Airbnb - Privacy & GDPR Compliance - Stanford Engineering -...Burton Lee
 
Charity Law Updates for 2018: Making the Most of Change
Charity Law Updates for 2018: Making the Most of ChangeCharity Law Updates for 2018: Making the Most of Change
Charity Law Updates for 2018: Making the Most of ChangeIBB Law
 
Data science and ethics in fundraising
Data science and ethics in fundraisingData science and ethics in fundraising
Data science and ethics in fundraisingJames Orton
 
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEnabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEryk Budi Pratama
 
A Little Privacy, Please… Diving into Data Privacy for Nonprofits
A Little Privacy, Please… Diving into Data Privacy for NonprofitsA Little Privacy, Please… Diving into Data Privacy for Nonprofits
A Little Privacy, Please… Diving into Data Privacy for NonprofitsTechSoup
 
Personal identifiable information vs attribute data
Personal identifiable information vs attribute data Personal identifiable information vs attribute data
Personal identifiable information vs attribute data EleanorCollard
 
Data Analytics and the Legal Landscape: Intellectual Property and Data Protec...
Data Analytics and the Legal Landscape: Intellectual Property and Data Protec...Data Analytics and the Legal Landscape: Intellectual Property and Data Protec...
Data Analytics and the Legal Landscape: Intellectual Property and Data Protec...FutureTDM
 
The Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarThe Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarEryk Budi Pratama
 
Hivos and Responsible Data
Hivos and Responsible DataHivos and Responsible Data
Hivos and Responsible DataTom Walker
 
GDPR in the Healthcare Industry
GDPR in the Healthcare IndustryGDPR in the Healthcare Industry
GDPR in the Healthcare IndustryEMMAIntl
 
Employee monitoring updated
Employee monitoring updatedEmployee monitoring updated
Employee monitoring updatedAdvent IM Ltd
 
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127Frank Dawson
 
PII.pptx
PII.pptxPII.pptx
PII.pptxEleanorCollard
 
POPI Act compliance presentation
POPI Act compliance presentationPOPI Act compliance presentation
POPI Act compliance presentationOvationsGroup
 
GDPR for your Payroll Bureau
GDPR for your Payroll BureauGDPR for your Payroll Bureau
GDPR for your Payroll BureauBrightPay Payroll and Auto Enrolment Software
 
Digital inclusion at the Home Office: UX Oxford March 2018
Digital inclusion at the Home Office: UX Oxford March 2018Digital inclusion at the Home Office: UX Oxford March 2018
Digital inclusion at the Home Office: UX Oxford March 2018Home Office Digital, Data abnd Technology
 
Digital inclusion at the Home Office: building services for all
Digital inclusion at the Home Office: building services for allDigital inclusion at the Home Office: building services for all
Digital inclusion at the Home Office: building services for allHome Office Digital, Data abnd Technology
 
Applying Data Privacy Techniques on Published Data in Uganda
Applying Data Privacy Techniques on Published Data in Uganda Applying Data Privacy Techniques on Published Data in Uganda
Applying Data Privacy Techniques on Published Data in UgandaKato Mivule
 
GDPR - Sink or Swim
GDPR - Sink or SwimGDPR - Sink or Swim
GDPR - Sink or SwimGuy Griffiths
 
OVERVIEW OF DATA PROTECTION AND PRIVACY.pptx
OVERVIEW OF DATA PROTECTION AND PRIVACY.pptxOVERVIEW OF DATA PROTECTION AND PRIVACY.pptx
OVERVIEW OF DATA PROTECTION AND PRIVACY.pptxUsmanMAmeer
 
Commonwealth Digital Broadcasting Siwtchover FOrum 2015 Regis Le Roux
Commonwealth Digital Broadcasting Siwtchover FOrum 2015 Regis Le RouxCommonwealth Digital Broadcasting Siwtchover FOrum 2015 Regis Le Roux
Commonwealth Digital Broadcasting Siwtchover FOrum 2015 Regis Le RouxCommonwealth Telecommunications Organisation
 
Commonwealth Digital Broadcasting Switchover Forum 2015 Michael Ojo
Commonwealth Digital Broadcasting Switchover Forum 2015 Michael OjoCommonwealth Digital Broadcasting Switchover Forum 2015 Michael Ojo
Commonwealth Digital Broadcasting Switchover Forum 2015 Michael OjoCommonwealth Telecommunications Organisation
 

Weitere ähnliche Inhalte

Ähnlich wie CTO Cybersecurity Forum 2013 Patricia Dovi Sampson

Polina Zvyagina - Airbnb - Privacy & GDPR Compliance - Stanford Engineering -...
Polina Zvyagina - Airbnb - Privacy & GDPR Compliance - Stanford Engineering -...Polina Zvyagina - Airbnb - Privacy & GDPR Compliance - Stanford Engineering -...
Polina Zvyagina - Airbnb - Privacy & GDPR Compliance - Stanford Engineering -...Burton Lee
 
Charity Law Updates for 2018: Making the Most of Change
Charity Law Updates for 2018: Making the Most of ChangeCharity Law Updates for 2018: Making the Most of Change
Charity Law Updates for 2018: Making the Most of ChangeIBB Law
 
Data science and ethics in fundraising
Data science and ethics in fundraisingData science and ethics in fundraising
Data science and ethics in fundraisingJames Orton
 
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEnabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEryk Budi Pratama
 
A Little Privacy, Please… Diving into Data Privacy for Nonprofits
A Little Privacy, Please… Diving into Data Privacy for NonprofitsA Little Privacy, Please… Diving into Data Privacy for Nonprofits
A Little Privacy, Please… Diving into Data Privacy for NonprofitsTechSoup
 
Personal identifiable information vs attribute data
Personal identifiable information vs attribute data Personal identifiable information vs attribute data
Personal identifiable information vs attribute data EleanorCollard
 
Data Analytics and the Legal Landscape: Intellectual Property and Data Protec...
Data Analytics and the Legal Landscape: Intellectual Property and Data Protec...Data Analytics and the Legal Landscape: Intellectual Property and Data Protec...
Data Analytics and the Legal Landscape: Intellectual Property and Data Protec...FutureTDM
 
The Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarThe Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarEryk Budi Pratama
 
Hivos and Responsible Data
Hivos and Responsible DataHivos and Responsible Data
Hivos and Responsible DataTom Walker
 
GDPR in the Healthcare Industry
GDPR in the Healthcare IndustryGDPR in the Healthcare Industry
GDPR in the Healthcare IndustryEMMAIntl
 
Employee monitoring updated
Employee monitoring updatedEmployee monitoring updated
Employee monitoring updatedAdvent IM Ltd
 
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127Frank Dawson
 
POPI Act compliance presentation
POPI Act compliance presentationPOPI Act compliance presentation
POPI Act compliance presentationOvationsGroup
 
Applying Data Privacy Techniques on Published Data in Uganda
Applying Data Privacy Techniques on Published Data in Uganda Applying Data Privacy Techniques on Published Data in Uganda
Applying Data Privacy Techniques on Published Data in UgandaKato Mivule
 
OVERVIEW OF DATA PROTECTION AND PRIVACY.pptx
OVERVIEW OF DATA PROTECTION AND PRIVACY.pptxOVERVIEW OF DATA PROTECTION AND PRIVACY.pptx
OVERVIEW OF DATA PROTECTION AND PRIVACY.pptxUsmanMAmeer
 

Ähnlich wie CTO Cybersecurity Forum 2013 Patricia Dovi Sampson (20)

Polina Zvyagina - Airbnb - Privacy & GDPR Compliance - Stanford Engineering -...
Polina Zvyagina - Airbnb - Privacy & GDPR Compliance - Stanford Engineering -...Polina Zvyagina - Airbnb - Privacy & GDPR Compliance - Stanford Engineering -...
Polina Zvyagina - Airbnb - Privacy & GDPR Compliance - Stanford Engineering -...
 
Charity Law Updates for 2018: Making the Most of Change
Charity Law Updates for 2018: Making the Most of ChangeCharity Law Updates for 2018: Making the Most of Change
Charity Law Updates for 2018: Making the Most of Change
 
Data science and ethics in fundraising
Data science and ethics in fundraisingData science and ethics in fundraising
Data science and ethics in fundraising
 
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data QualityEnabling Data Governance - Data Trust, Data Ethics, Data Quality
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
 
A Little Privacy, Please… Diving into Data Privacy for Nonprofits
A Little Privacy, Please… Diving into Data Privacy for NonprofitsA Little Privacy, Please… Diving into Data Privacy for Nonprofits
A Little Privacy, Please… Diving into Data Privacy for Nonprofits
 
Personal identifiable information vs attribute data
Personal identifiable information vs attribute data Personal identifiable information vs attribute data
Personal identifiable information vs attribute data
 
Data Analytics and the Legal Landscape: Intellectual Property and Data Protec...
Data Analytics and the Legal Landscape: Intellectual Property and Data Protec...Data Analytics and the Legal Landscape: Intellectual Property and Data Protec...
Data Analytics and the Legal Landscape: Intellectual Property and Data Protec...
 
The Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarThe Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI Webinar
 
Hivos and Responsible Data
Hivos and Responsible DataHivos and Responsible Data
Hivos and Responsible Data
 
GDPR in the Healthcare Industry
GDPR in the Healthcare IndustryGDPR in the Healthcare Industry
GDPR in the Healthcare Industry
 
Employee monitoring updated
Employee monitoring updatedEmployee monitoring updated
Employee monitoring updated
 
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
 
PII.pptx
PII.pptxPII.pptx
PII.pptx
 
POPI Act compliance presentation
POPI Act compliance presentationPOPI Act compliance presentation
POPI Act compliance presentation
 
GDPR for your Payroll Bureau
GDPR for your Payroll BureauGDPR for your Payroll Bureau
GDPR for your Payroll Bureau
 
Digital inclusion at the Home Office: UX Oxford March 2018
Digital inclusion at the Home Office: UX Oxford March 2018Digital inclusion at the Home Office: UX Oxford March 2018
Digital inclusion at the Home Office: UX Oxford March 2018
 
Digital inclusion at the Home Office: building services for all
Digital inclusion at the Home Office: building services for allDigital inclusion at the Home Office: building services for all
Digital inclusion at the Home Office: building services for all
 
Applying Data Privacy Techniques on Published Data in Uganda
Applying Data Privacy Techniques on Published Data in Uganda Applying Data Privacy Techniques on Published Data in Uganda
Applying Data Privacy Techniques on Published Data in Uganda
 
GDPR - Sink or Swim
GDPR - Sink or SwimGDPR - Sink or Swim
GDPR - Sink or Swim
 
OVERVIEW OF DATA PROTECTION AND PRIVACY.pptx
OVERVIEW OF DATA PROTECTION AND PRIVACY.pptxOVERVIEW OF DATA PROTECTION AND PRIVACY.pptx
OVERVIEW OF DATA PROTECTION AND PRIVACY.pptx
 

Mehr von Commonwealth Telecommunications Organisation

Mehr von Commonwealth Telecommunications Organisation (20)

Commonwealth Digital Broadcasting Siwtchover FOrum 2015 Regis Le Roux
Commonwealth Digital Broadcasting Siwtchover FOrum 2015 Regis Le RouxCommonwealth Digital Broadcasting Siwtchover FOrum 2015 Regis Le Roux
Commonwealth Digital Broadcasting Siwtchover FOrum 2015 Regis Le Roux
 
Commonwealth Digital Broadcasting Switchover Forum 2015 Michael Ojo
Commonwealth Digital Broadcasting Switchover Forum 2015 Michael OjoCommonwealth Digital Broadcasting Switchover Forum 2015 Michael Ojo
Commonwealth Digital Broadcasting Switchover Forum 2015 Michael Ojo
 
Commonwealth Digital Broadcasting Switchover Forum 2015 Loren Braithwaite Kab...
Commonwealth Digital Broadcasting Switchover Forum 2015 Loren Braithwaite Kab...Commonwealth Digital Broadcasting Switchover Forum 2015 Loren Braithwaite Kab...
Commonwealth Digital Broadcasting Switchover Forum 2015 Loren Braithwaite Kab...
 
Commonwealth Digital Broadcasting Switchover Forum 2015 Régis Saint Girons
Commonwealth Digital Broadcasting Switchover Forum 2015 Régis Saint GironsCommonwealth Digital Broadcasting Switchover Forum 2015 Régis Saint Girons
Commonwealth Digital Broadcasting Switchover Forum 2015 Régis Saint Girons
 
Commonwealth Digital Broadcasting Switchover Forum 2015 Francois Hernandez
Commonwealth Digital Broadcasting Switchover Forum 2015 Francois HernandezCommonwealth Digital Broadcasting Switchover Forum 2015 Francois Hernandez
Commonwealth Digital Broadcasting Switchover Forum 2015 Francois Hernandez
 
Commonwealth digital broadcasting switchover forum 2015 dr mothobi mutloatse
Commonwealth digital broadcasting switchover forum 2015 dr mothobi mutloatseCommonwealth digital broadcasting switchover forum 2015 dr mothobi mutloatse
Commonwealth digital broadcasting switchover forum 2015 dr mothobi mutloatse
 
Commonwealth digital broadcasting switchover forum 2015 annemarie meijer
Commonwealth digital broadcasting switchover forum 2015 annemarie meijerCommonwealth digital broadcasting switchover forum 2015 annemarie meijer
Commonwealth digital broadcasting switchover forum 2015 annemarie meijer
 
Commonwealth Digital Broadcasting Switchover Forum 2015 Mortimer Hope
Commonwealth Digital Broadcasting Switchover Forum 2015 Mortimer HopeCommonwealth Digital Broadcasting Switchover Forum 2015 Mortimer Hope
Commonwealth Digital Broadcasting Switchover Forum 2015 Mortimer Hope
 
Commonwealth Digital Broadcasting Switchover Forum 2015 Michele Coat Degert
Commonwealth Digital Broadcasting Switchover Forum 2015 Michele Coat DegertCommonwealth Digital Broadcasting Switchover Forum 2015 Michele Coat Degert
Commonwealth Digital Broadcasting Switchover Forum 2015 Michele Coat Degert
 
we.learn.it - February 2015
we.learn.it - February 2015we.learn.it - February 2015
we.learn.it - February 2015
 
We learn it agenda
We learn it agendaWe learn it agenda
We learn it agenda
 
Reflections on scale up and transferability
Reflections on scale up and transferabilityReflections on scale up and transferability
Reflections on scale up and transferability
 
Planning your learning expedition final
Planning your learning expedition finalPlanning your learning expedition final
Planning your learning expedition final
 
Le template 2015 final
Le template 2015 finalLe template 2015 final
Le template 2015 final
 
Mapping Tools Version 3
Mapping Tools Version 3Mapping Tools Version 3
Mapping Tools Version 3
 
5 expedition posters
5 expedition posters5 expedition posters
5 expedition posters
 
Session 6.2 Cécile Barayre El Shami
Session 6.2 Cécile Barayre El ShamiSession 6.2 Cécile Barayre El Shami
Session 6.2 Cécile Barayre El Shami
 
Session 6.1 Stewart Room
Session 6.1 Stewart RoomSession 6.1 Stewart Room
Session 6.1 Stewart Room
 
Session 5.3 Alexander Ntoko
Session 5.3 Alexander NtokoSession 5.3 Alexander Ntoko
Session 5.3 Alexander Ntoko
 
Session 5.2 Martin Koyabe
Session 5.2 Martin KoyabeSession 5.2 Martin Koyabe
Session 5.2 Martin Koyabe
 

Kürzlich hochgeladen

FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 

Kürzlich hochgeladen (20)

FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 

CTO Cybersecurity Forum 2013 Patricia Dovi Sampson

  • 1. Privacy & Security in the Information Age Data Protection Act N a t i o n a l I n f o r m a t i o n T e c h n o l o g y A g e n c y ( N I T A ) Tony A Bediako, Director Strategy & Architecture April 26, 2013 Patricia Dovi Sampson, Director Research, Statistics & Information Management Ministry of Communications, Ghana
  • 2. N a t i o n a l I n f o r m a t i o n T e c h n o l o g y A g e n c y ( N I T A ) Tony A Bediako, Director Strategy & Architecture Agenda  Privacy in The Information Age  The right to privacy  WhyWe Need Legislation  Purpose of the Act  The Data Protection Act ◦ Definitions ◦ Principles ◦ Rights ◦ Enforcement/ Supervision ◦ Exemptions / S ◦ DPA Issues:The Media;The Internet kenne Patricia Dovi Sampson, Director Research, Statistics & Information Management Ministry of Communications, Ghana
  • 3. N a t i o n a l I n f o r m a t i o n T e c h n o l o g y A g e n c y ( N I T A ) Tony A Bediako, Director Strategy & Architecture Privacy inThe Information Age  Today, we leave “an electronic trail” from: ◦ Surfing the Internet & mobile phones ◦ Bank cash points & credit cards ◦ Supermarket loyalty cards  Not to mention: ◦ CCTVs in city centres (with face recognition) ◦ Speed cameras (number plate recognition) ◦ Banks, employers, govt, and credit agencies Patricia Dovi Sampson, Director Research, Statistics & Information Management Ministry of Communications, Ghana
  • 4. N a t i o n a l I n f o r m a t i o n T e c h n o l o g y A g e n c y ( N I T A ) Tony A Bediako, Director Strategy & Architecture The Right to Privacy  Do we / should we have a right to privacy?  We all have personal details which we would generally expect to be kept confidential – Examples:  Financial (bank details), professional (salary), tax status, credit status, health status, sexual preference, criminal record, political affiliation etc  Often, employers and govt agencies need to know some of this information, BUT:  Until recently, Ghanaians had no legal right to privacy Patricia Dovi Sampson, Director Research, Statistics & Information Management Ministry of Communications, Ghana
  • 5. N a t i o n a l I n f o r m a t i o n T e c h n o l o g y A g e n c y ( N I T A ) Tony A Bediako, Director Strategy & Architecture Why we need Legislation  Modern technology means: ◦ Data can be retrieved & processed quickly ◦ Data is easily copied & sent over networks ◦ Errors are easily replicated but hard to fix  The consequences of misuse or even simple mistakes can be severe: ◦ You could be refused credit or employment ◦ You could be misrepresented (defamation) ◦ You could wrongly accused of crime/fraud, etc. Patricia Dovi Sampson, Director Research, Statistics & Information Management Ministry of Communications, Ghana
  • 6. N a t i o n a l I n f o r m a t i o n T e c h n o l o g y A g e n c y ( N I T A ) Tony A Bediako, Director Strategy & Architecture The Purpose of the Act • Balances an individual’s right to privacy against an organisation’s need to use data relating to the individual for the purposes of their business – this includes where that purpose is research • Defines a series of “rules” to follow when managing personal data –which include some exemptions especially for the use of data when conducting research. • Sets out levels of “punishments” that can be handed out to organisations and individuals who fail to stay within the rules. Patricia Dovi Sampson, Director Research, Statistics & Information Management Ministry of Communications, Ghana
  • 7. N a t i o n a l I n f o r m a t i o n T e c h n o l o g y A g e n c y ( N I T A ) Tony A Bediako, Director Strategy & Architecture The Data Protection Act • Definitions • Principles • Rights • Enforcement • DPA Issues:The Media;The Internet Patricia Dovi Sampson, Director Research, Statistics & Information Management Ministry of Communications, Ghana
  • 8. N a t i o n a l I n f o r m a t i o n T e c h n o l o g y A g e n c y ( N I T A ) Tony A Bediako, Director Strategy & Architecture Definitions  Data: ◦ Information which is recorded as part of a “relevant filing system”  Personal Data: ◦ Data relating to a living, identifiable person  Relevant Filing System: ◦ Such technology that specific information on a particular individual is readily accessible Patricia Dovi Sampson, Director Research, Statistics & Information Management Ministry of Communications, Ghana
  • 9. N a t i o n a l I n f o r m a t i o n T e c h n o l o g y A g e n c y ( N I T A ) Tony A Bediako, Director Strategy & Architecture Definitions Cont.  Data Subject: ◦ Individual who is the subject of personal data  Data Controller (individual or undertaking): ◦ Determines the purposes for which and the manner in which any personal data are, or are to be, processed  Data Processor: ◦ Any person who processes the data on behalf of the data controller Patricia Dovi Sampson, Director Research, Statistics & Information Management Ministry of Communications, Ghana
  • 10. N a t i o n a l I n f o r m a t i o n T e c h n o l o g y A g e n c y ( N I T A ) Tony A Bediako, Director Strategy & Architecture Definitions Cont.  Personal data is defined as:  Data relating to a living individual who (a) can be identified from those data, or (b) can be identified from those data and other information held by the data controller, including any expressions of opinion about that individual Patricia Dovi Sampson, Director Research, Statistics & Information Management Ministry of Communications, Ghana
  • 11. N a t i o n a l I n f o r m a t i o n T e c h n o l o g y A g e n c y ( N I T A ) Tony A Bediako, Director Strategy & Architecture Definitions Cont.  Sensitive Data is defined as data relating to: ◦ Racial or ethnic origin ◦ Political opinions, or religious or other similar beliefs ◦ Trade union membership ◦ Status of physical or mental health ◦ Sexual life ◦ Criminal record and court case appearances  Processing sensitive data requires special conditions to be satisfied under the Act Patricia Dovi Sampson, Director Research, Statistics & Information Management Ministry of Communications, Ghana
  • 12. N a t i o n a l I n f o r m a t i o n T e c h n o l o g y A g e n c y ( N I T A ) Tony A Bediako, Director Strategy & Architecture Principles The data controller has a statutory duty to ensure that personal data are: 1. Processed fairly and lawfully, plus schedules 2 & 3 2. Processed only for specified and lawful purpose(s) 3. Adequate, relevant and not excessive 4. Accurate and kept up-to-date 5. Not kept longer than necessary 6. Respectful of data subjects’ rights 7. Kept secure by technical/organisational means 8. Transfers outside Ghana Patricia Dovi Sampson, Director Research, Statistics & Information Management Ministry of Communications, Ghana
  • 13. N a t i o n a l I n f o r m a t i o n T e c h n o l o g y A g e n c y ( N I T A ) Tony A Bediako, Director Strategy & Architecture Principles 1 Fair and Legal Processing 1. Obtaining Data • identify the Data Controller • state a clear purpose why it is required • what is involved in participation • data uses – primary research, storing, processing, re-use, sharing, archiving, publishing, • strategies to ensure confidentiality of data where this is relevant –anonymisation etc 2. Legitimate Processing • data Subject must give consent • processing is in legitimate interests of Data Controller 3. Processing of Sensitive Data – Informed Consent Patricia Dovi Sampson, Director Research, Statistics & Information Management Ministry of Communications, Ghana
  • 14. N a t i o n a l I n f o r m a t i o n T e c h n o l o g y A g e n c y ( N I T A ) Tony A Bediako, Director Strategy & Architecture Principles 2 Processed only for specified and lawful purpose(s)  Personal data shall be obtained only for specified and lawful purposes, and shall not be further processed in any manner incompatible with those purposes However, researchers may be provided with an exemption. They may not need to further consent from the individual if: • it was not initially anticipated that the data would be used for research purposes, and • it is deemed as not practical to retrospectively inform the individuals, and From a Other perspective • that he use of the data has been approved by the ethics committee Patricia Dovi Sampson, Director Research, Statistics & Information Management Ministry of Communications, Ghana
  • 15. N a t i o n a l I n f o r m a t i o n T e c h n o l o g y A g e n c y ( N I T A ) Tony A Bediako, Director Strategy & Architecture Principles 3 Adequate, relevant and not excessive  Personal data shall be adequate, relevant and not excessive in relation to the purposes for which it is processed • this means that researchers are only allowed to obtain the information required to complete the task at hand. • there should be no “stock piling” of information you think might be useful “later on” – this is different to finding a new use for information already held • if there is a valid reason for asking someone their ethnicity it is permitted, if it does not contribute to the research - it should not be asked. • If the information is collected for research it should not be used for any other purpose Patricia Dovi Sampson, Director Research, Statistics & Information Management Ministry of Communications, Ghana
  • 16. N a t i o n a l I n f o r m a t i o n T e c h n o l o g y A g e n c y ( N I T A ) Tony A Bediako, Director Strategy & Architecture Principles 4 Accurate and kept up-to-date • Personal data shall be accurate, and where necessary, kept up to date • researchers have a duty to ensure that the information they collect is accurate • they are not required to keep the information up to date unless it is absolutely necessary for ongoing research • For example, where you will go back to the subjects again • where the research is based around a “snap shot” in time, there is no need to go back and update it Patricia Dovi Sampson, Director Research, Statistics & Information Management Ministry of Communications, Ghana
  • 17. N a t i o n a l I n f o r m a t i o n T e c h n o l o g y A g e n c y ( N I T A ) Tony A Bediako, Director Strategy & Architecture Principles 5 Retention and Disposal /Not kept longer than necessary  Personal data shall not be kept for longer than is necessary, for the purposes for which it is being processed • Records should be retained as evidence of the project • How it was managed - controlled • The procedures followed • The data collected • Standard University Retention periods are available • External funded research may be subject to their own retention periods – check them • Make sure you specify the correct retention period when you seek consent- holding it for longer than permitted would be a breach! Patricia Dovi Sampson, Director Research, Statistics & Information Management Ministry of Communications, Ghana
  • 18. N a t i o n a l I n f o r m a t i o n T e c h n o l o g y A g e n c y ( N I T A ) Tony A Bediako, Director Strategy & Architecture Principles 6 Respectful of data subjects’ rights  Personal data shall be processed in accordance with the rights of data subjects under this Act • This means that you cannot do things that violate the rights given to data subjects, especially denying access • They have the right to object to processing which may cause unwarranted damage or distress • They have the right to withdraw consent • Right to ask the Information Commissioner to assess an organisation’s processing for compliance – Possible Compensation or fines Patricia Dovi Sampson, Director Research, Statistics & Information Management Ministry of Communications, Ghana
  • 19. N a t i o n a l I n f o r m a t i o n T e c h n o l o g y A g e n c y ( N I T A ) Tony A Bediako, Director Strategy & Architecture Principles 7 Kept secure by technical/organisational means  Appropriate security measures shall be taken against the unauthorised or unlawful processing, accidental loss , destruction , or damage of personal data  Store personal data on a secure server – not hard drives  Make use of central filing  Avoid duplication as much as possible  Restrict access on the basis of authority levels  Use strong password protected documents and screensavers  Change passwords at regular intervals  Do not use global passwords  Keep paper records under lock and key Patricia Dovi Sampson, Director Research, Statistics & Information Management Ministry of Communications, Ghana
  • 20. N a t i o n a l I n f o r m a t i o n T e c h n o l o g y A g e n c y ( N I T A ) Tony A Bediako, Director Strategy & Architecture Security  Determine what is appropriate having regard to - ◦ the nature of the personal data to be protected ◦ the resulting harm which might arise from a breach ◦ state of the art & implementation cost ◦ the effectiveness of existing measures ◦ reliability of staff (e.g. appropriate training for all staff) Patricia Dovi Sampson, Director Research, Statistics & Information Management Ministry of Communications, Ghana
  • 21. N a t i o n a l I n f o r m a t i o n T e c h n o l o g y A g e n c y ( N I T A ) Tony A Bediako, Director Strategy & Architecture Risk  Is there proof that all reasonable steps have been taken to comply with DPA’s security duties?  Are security standards for industry or sector being met?  Is there a security policy?  Is there a business continuity plan to cover inability to process data in an emergency?  Does management take security seriously?  Are the service provider’s staff adequately trained in respect of data protection requirements? Have they been security vetted? Patricia Dovi Sampson, Director Research, Statistics & Information Management Ministry of Communications, Ghana
  • 22. N a t i o n a l I n f o r m a t i o n T e c h n o l o g y A g e n c y ( N I T A ) Tony A Bediako, Director Strategy & Architecture Risk  What contractual security obligations have you imposed upon the service provider?  Is there a duty upon the service provider to report data security breaches?  What powers do you have to audit the service provider to ensure that they are complying with their data protection obligations?  What are the known risks for the kind of processing undertaken?  Are data transferred securely?  Is encryption used when data are processed on mobile devices? Patricia Dovi Sampson, Director Research, Statistics & Information Management Ministry of Communications, Ghana
  • 23. N a t i o n a l I n f o r m a t i o n T e c h n o l o g y A g e n c y ( N I T A ) Tony A Bediako, Director Strategy & Architecture Principles 8 Data transfers outside of Ghana “Personal data shall not be transferred to a country or territory outside Ghana unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data” Patricia Dovi Sampson, Director Research, Statistics & Information Management Ministry of Communications, Ghana
  • 24. N a t i o n a l I n f o r m a t i o n T e c h n o l o g y A g e n c y ( N I T A ) Tony A Bediako, Director Strategy & Architecture Rights  Individuals have the following rights under the DPA: 1. Subject access 2. Object to processing in certain circumstances 3. Object to direct marketing (promotion of aims & ideals is marketing) 4. Automated decisions 5. Ask court to order compensation for damage caused by controller’s breach of principles 6. Ask court to order correction of inaccurate data  Controller liable under 6th Principle for 1-4 above Patricia Dovi Sampson, Director Research, Statistics & Information Management Ministry of Communications, Ghana
  • 25. N a t i o n a l I n f o r m a t i o n T e c h n o l o g y A g e n c y ( N I T A ) Tony A Bediako, Director Strategy & Architecture Enforcement  If the Information Commissioner finds that the DPA has been breached by a DC, he/she serves an enforcement notice on the DC  The notice identifies the breach or omission, and specifies how to correct it ◦ Failure to comply is an offence ◦ However, a DC may appeal to the DP tribunal ◦ With the approval of the Director of Public Prosecutions, legal proceedings may follow, which could result in a fine Patricia Dovi Sampson, Director Research, Statistics & Information Management Ministry of Communications, Ghana
  • 26. N a t i o n a l I n f o r m a t i o n T e c h n o l o g y A g e n c y ( N I T A ) Tony A Bediako, Director Strategy & Architecture Exemptions  Certain agencies or types of data are exempt from the DPA ◦ National Security ◦ Tax/revenue gathering agencies ◦ Judicial appointments & honours ◦ Corporate finance / negotiations ◦ Legal/professional privilege (doctor/patient) ◦ Human embryos/ IVF/adoption Patricia Dovi Sampson, Director Research, Statistics & Information Management Ministry of Communications, Ghana
  • 27. N a t i o n a l I n f o r m a t i o n T e c h n o l o g y A g e n c y ( N I T A ) Tony A Bediako, Director Strategy & Architecture Supervision  Data Controllers must apply for registration on the Data Protection Register  DPR is overseen by the Information Commissioner  On registration (notification), DCs must provide details of the data to be stored and its use, and the measures to be taken to comply with the Act (including data security and data transfer)  Note:“notification” does not mean “licensing”  DCs do not need to wait for approval from DPR  Establishment of Data Protection Commission Patricia Dovi Sampson, Director Research, Statistics & Information Management Ministry of Communications, Ghana
  • 28. N a t i o n a l I n f o r m a t i o n T e c h n o l o g y A g e n c y ( N I T A ) Tony A Bediako, Director Strategy & Architecture DPA Issues: The Media  The DPA has special provisions for journalism, and artistic or literary purposes ◦ Basically, journalists/authors may hold/use personal data for journalistic/artistic/literary purposes only if the data are necessary to reconcile the rights to privacy with the rules governing freedom of expression  So, investigative journalists & political strategists or commentators are not treated as Data Controllers!! Patricia Dovi Sampson, Director Research, Statistics & Information Management Ministry of Communications, Ghana
  • 29. N a t i o n a l I n f o r m a t i o n T e c h n o l o g y A g e n c y ( N I T A ) Tony A Bediako, Director Strategy & Architecture The End ThankYou! CONTACT Email: Patricia.dovi-sampson@moc.gov.gh : sampsonpatricia@hotmail.com Patricia Dovi Sampson, Director Research, Statistics & Information Management Ministry of Communications (MoC), Ghana