SlideShare ist ein Scribd-Unternehmen logo

Privacy presentation for regional directors july 2009

•
•
B
brentcarey
TechnologieNews & Politik
1 von 32
Managing Privacy in the Department of Justice “Privacy Matters” Brent Carey Manager Privacy, Feedback & Whistleblowers
Learning Objectives Today you will hear about Victorian privacy requirements This session will better equip you to understand: •collection, use & disclosure, management and access to personal information • privacy incidents in the department, how to prevent, detect, recover and report • how the department is gaining a leading edge in global privacy best practices and where to go for privacy related help. “Privacy Matters”
Privacy Compliance is a risk management exercise Executives = risk Managers in part because everyday business presents them with a choice of opportunities for gain, loss, cooperation and conflict Victoria‟s privacy laws are designed to limit the risks of data loss/ fraud due to breaches of privacy and security and thereby help create a safer environment for investments in new technologies and service delivery “Privacy Matters”
World Economic Forum Global Risks 2009 “Privacy Matters”
Compliance with privacy laws guards against • Damaging the reputation of the Government, a Minister, a Secretary, a Senior Executive (Today/Tonight or Derryn Hinch test) • Compromising service delivery or care or leading to a loss of confidence • Re-assigning staff to repair and control • Incurring legal non compliance, financial penalties or costs • Undermining strategic priorities of a modern criminal justice system “Privacy Matters”
Privacy legislation Information Privacy Act State government agencies, local councils, Ministers & Statutory agencies Health Records Act Health information in Victorian public and private sectors, hospitals, doctors & employers. Federal Privacy Act 1988 Covers Federal Govt and much of the private sector Charter of Human Rights and Victorian Govt depts and agencies must act Responsibilities Act in a way that is compatible with human rights “Privacy Matters”
Privacy – Key definitions Personal information Recorded information about a living identifiable or easily identifiable individual. Health information Information able to be linked to a living or deceased person about a person‟s physical, mental or psychological health. Sensitive information Includes information about a person‟s race or ethnicity and criminal record. Is a photo personal information? Are details of a person‟s position and salary recorded on their personnel file? “Privacy Matters”
Relationship to other laws Privacy laws What they say Examples Information If there is, any inconsistency • Section 30 of the Privacy Act between the Information Corrections Act 1991. (section 6). Privacy Act and a provision in another Act, the other Act’s • Section 141 of the Fair provision prevails to the Trading Act 1999. extent of the inconsistency. Are you familiar with what your primary legislation states you can do with personal information? “Privacy Matters”
Privacy Basics Collection Minimise collection, collect only with authority, provide privacy notice Use Use only for the purpose for which collected Disclosure With Consent, or if disclosure is required to fulfil the purpose of collection Retention Information about Business decisions must be retained. Copies need to be disposed of securely Security Against risks eg unauthorised access, collection, use, disclosure and disposal Accuracy Decisions affecting an individual must be based on accurate and complete information “Privacy Matters”
Need some motivation about this time? • Are you the US Montana? “Privacy Matters”
Data Release versus Data Sharing You must You may if required by law… if allowed by law… Example: Example: the Police Regulation Act requires the Freedom of Information Act reporting of serious misconduct by allows disclosure upon a request members of the police force. being made unless an exempt document. “Privacy Matters”
You may disclose under IPP2 Under IPP2 you may disclose: to law enforcement agencies for the purpose of prevention, detection, • with consent. investigation, prosecution or punishment of criminal offences or breaches of a law. • if information is from a publicly available source. where the information is reasonably • information for statistical or research believed to be necessary to lessen or purposes; no identifiers. prevent a serious threat to public health / safety / welfare. • investigation of unlawful activity. • other reasons in IPP2. “Privacy Matters”
Consequences • A privacy breach occurs when there is unauthorized access to or collection, use, disclosure or disposal of personal information. • A privacy breach is not just about a mistake … it‟s about TRUST “Privacy Matters”
Take this moment in history Privacy incidents can just pop up Take this moment in history “Privacy Matters”
Cost of a Privacy Breach Formula • Total number of individuals affected by the breach multiply by – Downtime ( loss of productivity) – Staff Costs (indicated in hours) – additional post incident costs ( briefs, letters) – potential legal action (VCAT, Supreme Court, compensation) • Bottom line true cost of a privacy breach can be expensive “Privacy Matters”
DOJ Privacy Incident Protocol Reported within Alleged privacy 30 min via breach line management Provide summary Containment of complaint / measures at breach to location Privacy Team “Privacy Matters”
Privacy Incidents by Region 2 2 2 2 4 Eastern 12 Gippsland Loddon Mallee Southern 60 18 Hume Barwon Southwest Grampians North Western 20 Central “Privacy Matters”
Why privacy incidents? Division No. • Total of 143 since 2005 Regional & Executive Services 14 • The Department holds a large Strategic Planning & Projects 0 amount of personal & sensitive Gaming & Racing 1 information in multiple databases and systems Legal & Equity 0 Police, Emergency Services & Corrections 85 • Increased reporting of incidents Consumer Affaires 4 • Large amount of sanctioned data Community Operations & Strategy 27 sharing between DOJ, Police, DHS etc Courts 8 Non-Justice related 4 • Increased use of email & fax to send and receive information Total 143 “Privacy Matters”
Nature of DOJ privacy incidents Categories of breach and complaint under IPP4 Data Security make up 85.5% of all matters. Only 15 of the total 143 relate to matters other than IPP 4 Trends in Justice: IPP 4 related categories: Inappropriate Access (e-Justice) Information Sharing/ colocation Inappropriate Access (PIMS) Theft/ Loss of items Inappropriate Access to Other Database Incorrectly addressed emails & faxes Inappropriate Collection Inappropriate Disclosure Employee Misconduct Inappropriate Email Access Threats worldwide: Inappropriate Phone Disclosure Incorrect Fax Social engineering Incorrect Information Inadequate/Outdated Technology Lost Information Exposure through web attack Wrong Email Address Employee misconduct Physical threats “Privacy Matters”
Is your business vulnerable? “Privacy Matters”
You ought to be concerned if.. Downsize, retrench, relocate or collocate Outsource services such as couriers, mail-outs, debt recovery/ workcover agents, data storage „Snoops & Leaks‟ Staff who forward & circulate information widely Don‟t know where your most sensitive information resides within your region Have a culture of Hoarders and „Chuckers‟ Have „home‟ workers Have audit recommendations not implemented “Privacy Matters”
Flavours of a Privacy Breach: CV CCS • A community work site received by fax, 15 pages of full medical history for an offender along with his community work contract. • Offender had provided extensive medical documentation to support his claim that he required a light duty site and no authority was provided for this information to be provided to any other person or agency. The site supervisor clearly indicated that the information had been provided to him by a CCO who undertakes the Community Work Coordinator role. • Confirmed that document has been destroyed. Worksite supervisor has agreed to take on the offender regardless of information received. • Employee concerned will attend Privacy training. “Privacy Matters”
Privacy Breach: CV Prison • A prison officer picked up a number of sheets of paper off the ground within a prison compound in an area accessible to visitors. • Contained a list of custodial staff members and residential and mobile numbers. • All master phone lists watermarked with confidentiality message. • Staff notified that their details were subject to potential access. “Privacy Matters”
Privacy Breach: IMES • A member of the public complained that he had received summaries of infringements and several notices from Infringements Court /IMES. One notice refers to due date 1999 which IMES state is a configuration error (IPP 3). • He also received notice addressed to another person concerning their fine which he said he has forwarded to him with his letter (IPP 4). • Action taken against contractor for error on their part in the breach. • Mail checking procedures revised. “Privacy Matters”
Privacy Breach: Indigenous Issues Unit • Member of the public complained that Aboriginal Liaison Officer assisting him with fines in court has failed to protect his information from loss and unauthorised access. (IPP 4.1). • Executive Services has considered the contract which suggests DOJ is treating the matter as a „state contract‟ as apposed to a mere funding agreement for Information Privacy Act purposes. However it is not clear that DOJ has adequately passed its responsibility for privacy compliance onto the Co-op. • Executive Services and IIU have made arrangements to discuss the matter with the Co-op with a view to resolving the complaint. “Privacy Matters”
Privacy Breach: CAV • Residential Tenancies Inspector had briefcase stolen from vehicle boot. • Briefcase contained 35 rent review files and personal information about 70 individuals. • IPP 2 (disclosure) & IPP 4 (security). • Individuals notified. • Privacy compliance reminders issued to staff. “Privacy Matters”
Policy relationships ICT & Taking Responsibility & Code of Conduct Physical Security Strategy Drive Drive Information Security and Information Privacy Policy Drive Classification Other policies Reasonable Personal Use policies “Privacy Matters”
Other Policies detailed Policies • Information Security Policy • Personal Information Policy • Information Privacy Complaint Handling Policy • Inappropriate Access to Personal Information • Clear Desk and Screen Policy • ICT Security Policy Overview • Fax Security Policy Procedures • Privacy Induction Manual • Privacy Coordinators Operational Manual • How do I…. Undertake a Information Security Classification Process “Privacy Matters”
Privacy Tools Collection Statement Generator Use for form and website design Privacy Impact Assessment Use in Projects Information Sharing Agreements Use where bulk and routine release of information Privacy Clause S17(2) - Contracted Service Providers Require all third parties to comply with privacy laws Privacy Breach Protocol Detect, file incident report to Exec Services Personal Information Consent Form Use to ensure valid consents Annual Privacy Health Check Do it once a Year to assess vulnerabilities prior to incidents occurring “Privacy Matters”
Other Privacy Measures • Volunteer Privacy Coordinators (BU‟s) & Contact Officers (Prisons & CCS) “Eyes and Ears” • Privacy Training • Privacy e-Learning Module • Privacy FAQ & Factsheet Series • Privacy HelpDesk • Privacy Awareness Materials • Taking Responsibility Fax Sticker Campaign • “Whoops Sorry!” Email Campaign “Privacy Matters”
Three things you can do straight away • Check staff in your region know how to spot and report a privacy breach • Assess vulnerabilities within your region prior to an incident occurring • Engage staff and third parties across your region in building your privacy and security culture and maintaining the department's reputation as one of three global privacy leaders “Privacy Matters”
Summary • Privacy Risk is worth managing • Personal information is more than just electronic data • Personal Information loss and leakage is a risk to the department • Move toward greater accountability, transparency within the regions and within Govt and need to be ready with robust privacy controls ( people, process technologies • Privacy Incident protection is more than just securing the system. People and culture are the key. • Let‟s end on a light note: People can be our strongest or weakest link “Privacy Matters”

Empfohlen

Privacy introduction
Privacy introduction Privacy introduction
Privacy introduction brentcarey
 
Put your left leg in, put your left leg out: the exclusions and exemptions of...
Put your left leg in, put your left leg out: the exclusions and exemptions of...Put your left leg in, put your left leg out: the exclusions and exemptions of...
Put your left leg in, put your left leg out: the exclusions and exemptions of...Werksmans Attorneys
 
Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Werksmans Attorneys
 
Documents, documents and more documents - is it time to spring clean? - Ahmor...
Documents, documents and more documents - is it time to spring clean? - Ahmor...Documents, documents and more documents - is it time to spring clean? - Ahmor...
Documents, documents and more documents - is it time to spring clean? - Ahmor...Werksmans Attorneys
 
Privacy learning forum broadmeadows
Privacy learning forum broadmeadowsPrivacy learning forum broadmeadows
Privacy learning forum broadmeadowsbrentcarey
 
Privacy and personal information
Privacy and personal informationPrivacy and personal information
Privacy and personal informationUc Man
 
Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...Werksmans Attorneys
 
Ark presentation
Ark presentationArk presentation
Ark presentationbrentcarey
 

Empfohlen

Privacy introduction
Privacy introduction Privacy introduction
Privacy introduction brentcarey
 
Put your left leg in, put your left leg out: the exclusions and exemptions of...
Put your left leg in, put your left leg out: the exclusions and exemptions of...Put your left leg in, put your left leg out: the exclusions and exemptions of...
Put your left leg in, put your left leg out: the exclusions and exemptions of...Werksmans Attorneys
 
Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Werksmans Attorneys
 
Documents, documents and more documents - is it time to spring clean? - Ahmor...
Documents, documents and more documents - is it time to spring clean? - Ahmor...Documents, documents and more documents - is it time to spring clean? - Ahmor...
Documents, documents and more documents - is it time to spring clean? - Ahmor...Werksmans Attorneys
 
Privacy learning forum broadmeadows
Privacy learning forum broadmeadowsPrivacy learning forum broadmeadows
Privacy learning forum broadmeadowsbrentcarey
 
Privacy and personal information
Privacy and personal informationPrivacy and personal information
Privacy and personal informationUc Man
 
Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...Werksmans Attorneys
 
Ark presentation
Ark presentationArk presentation
Ark presentationbrentcarey
 
Data privacy & social media
Data privacy & social mediaData privacy & social media
Data privacy & social mediaProf. Jacques Folon (Ph.D)
 
Information Privacy
Information PrivacyInformation Privacy
Information Privacyimehreenx
 
Privacy Security Data Breach - Regulatory Compliance for Financial Institutio...
Privacy Security Data Breach - Regulatory Compliance for Financial Institutio...Privacy Security Data Breach - Regulatory Compliance for Financial Institutio...
Privacy Security Data Breach - Regulatory Compliance for Financial Institutio...Lisa Abe-Oldenburg, B.Comm., JD.
 
Privacy morwell june 09
Privacy morwell june 09 Privacy morwell june 09
Privacy morwell june 09 brentcarey
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
Privacy in India: Legal issues
Privacy in India: Legal issuesPrivacy in India: Legal issues
Privacy in India: Legal issuesSagar Rahurkar
 
POPI Act compliance presentation
POPI Act compliance presentationPOPI Act compliance presentation
POPI Act compliance presentationOvationsGroup
 
Data Privacy in India and data theft
Data Privacy in India and data theftData Privacy in India and data theft
Data Privacy in India and data theftAmber Gupta
 
The Protection of Personal Information Act: A Presentation
The Protection of Personal Information Act: A PresentationThe Protection of Personal Information Act: A Presentation
The Protection of Personal Information Act: A PresentationEndcode_org
 
3rd party considerations gdpr
3rd party considerations gdpr3rd party considerations gdpr
3rd party considerations gdprJoe Orlando
 
3rd party considerations Under GDPR and Privacy Laws
3rd party considerations Under GDPR and Privacy Laws3rd party considerations Under GDPR and Privacy Laws
3rd party considerations Under GDPR and Privacy LawsJoe Orlando
 
ILP Durham webinar: GDPR in the Lighting Industry
ILP Durham webinar: GDPR in the Lighting IndustryILP Durham webinar: GDPR in the Lighting Industry
ILP Durham webinar: GDPR in the Lighting IndustryInstitution of Lighting Professionals
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information PrivacyPerry Slack
 
The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013Myron Duncan Burton Betshanger
 
POPI
POPI POPI
POPI POPI ACT Protection of Personal Info
 
Privacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidancePrivacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidanceAmy Purcell
 
“Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation “Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation tomasztopa
 
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...Harrison Clark Rickerbys
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
 
Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...David Cunningham
 
Privacy icms (handouts)
Privacy icms (handouts)Privacy icms (handouts)
Privacy icms (handouts)brentcarey
 
Privacy Compliance for Law Firms: Moving Beyond Confidentiality
Privacy Compliance for Law Firms: Moving Beyond ConfidentialityPrivacy Compliance for Law Firms: Moving Beyond Confidentiality
Privacy Compliance for Law Firms: Moving Beyond ConfidentialityClio - Cloud-Based Legal Technology
 

Weitere ähnliche Inhalte

Was ist angesagt?

Information Privacy
Information PrivacyInformation Privacy
Information Privacyimehreenx
 
Privacy Security Data Breach - Regulatory Compliance for Financial Institutio...
Privacy Security Data Breach - Regulatory Compliance for Financial Institutio...Privacy Security Data Breach - Regulatory Compliance for Financial Institutio...
Privacy Security Data Breach - Regulatory Compliance for Financial Institutio...Lisa Abe-Oldenburg, B.Comm., JD.
 
Privacy morwell june 09
Privacy morwell june 09 Privacy morwell june 09
Privacy morwell june 09 brentcarey
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
Privacy in India: Legal issues
Privacy in India: Legal issuesPrivacy in India: Legal issues
Privacy in India: Legal issuesSagar Rahurkar
 
POPI Act compliance presentation
POPI Act compliance presentationPOPI Act compliance presentation
POPI Act compliance presentationOvationsGroup
 
Data Privacy in India and data theft
Data Privacy in India and data theftData Privacy in India and data theft
Data Privacy in India and data theftAmber Gupta
 
The Protection of Personal Information Act: A Presentation
The Protection of Personal Information Act: A PresentationThe Protection of Personal Information Act: A Presentation
The Protection of Personal Information Act: A PresentationEndcode_org
 
3rd party considerations gdpr
3rd party considerations gdpr3rd party considerations gdpr
3rd party considerations gdprJoe Orlando
 
3rd party considerations Under GDPR and Privacy Laws
3rd party considerations Under GDPR and Privacy Laws3rd party considerations Under GDPR and Privacy Laws
3rd party considerations Under GDPR and Privacy LawsJoe Orlando
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information PrivacyPerry Slack
 
The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013Myron Duncan Burton Betshanger
 
Privacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidancePrivacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidanceAmy Purcell
 
“Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation “Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation tomasztopa
 
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...Harrison Clark Rickerbys
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
 
Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...David Cunningham
 

Was ist angesagt? (20)

Data privacy & social media
Data privacy & social mediaData privacy & social media
Data privacy & social media
 
Information Privacy
Information PrivacyInformation Privacy
Information Privacy
 
Privacy Security Data Breach - Regulatory Compliance for Financial Institutio...
Privacy Security Data Breach - Regulatory Compliance for Financial Institutio...Privacy Security Data Breach - Regulatory Compliance for Financial Institutio...
Privacy Security Data Breach - Regulatory Compliance for Financial Institutio...
 
Privacy morwell june 09
Privacy morwell june 09 Privacy morwell june 09
Privacy morwell june 09
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data Security
 
Privacy in India: Legal issues
Privacy in India: Legal issuesPrivacy in India: Legal issues
Privacy in India: Legal issues
 
POPI Act compliance presentation
POPI Act compliance presentationPOPI Act compliance presentation
POPI Act compliance presentation
 
Data Privacy in India and data theft
Data Privacy in India and data theftData Privacy in India and data theft
Data Privacy in India and data theft
 
The Protection of Personal Information Act: A Presentation
The Protection of Personal Information Act: A PresentationThe Protection of Personal Information Act: A Presentation
The Protection of Personal Information Act: A Presentation
 
3rd party considerations gdpr
3rd party considerations gdpr3rd party considerations gdpr
3rd party considerations gdpr
 
3rd party considerations Under GDPR and Privacy Laws
3rd party considerations Under GDPR and Privacy Laws3rd party considerations Under GDPR and Privacy Laws
3rd party considerations Under GDPR and Privacy Laws
 
ILP Durham webinar: GDPR in the Lighting Industry
ILP Durham webinar: GDPR in the Lighting IndustryILP Durham webinar: GDPR in the Lighting Industry
ILP Durham webinar: GDPR in the Lighting Industry
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information Privacy
 
The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013The Protection of Personal Information Act 4 of 2013
The Protection of Personal Information Act 4 of 2013
 
POPI
POPI POPI
POPI
 
Privacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidancePrivacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and Avoidance
 
“Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation “Privacy Today” Slide Presentation
“Privacy Today” Slide Presentation
 
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hr
 
Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...
 

Ähnlich wie Privacy presentation for regional directors july 2009

Privacy icms (handouts)
Privacy icms (handouts)Privacy icms (handouts)
Privacy icms (handouts)brentcarey
 
Privacy Compliance for Law Firms: Moving Beyond Confidentiality
Privacy Compliance for Law Firms: Moving Beyond ConfidentialityPrivacy Compliance for Law Firms: Moving Beyond Confidentiality
Privacy Compliance for Law Firms: Moving Beyond ConfidentialityClio - Cloud-Based Legal Technology
 
Privacy and missing persons
Privacy and missing personsPrivacy and missing persons
Privacy and missing personsmpcislides
 
74 x9019 bea legal slides short form ged12.12.16
74 x9019 bea legal slides short form ged12.12.1674 x9019 bea legal slides short form ged12.12.16
74 x9019 bea legal slides short form ged12.12.16Glenn E. Davis
 
Data Security Regulatory Lansdcape
Data Security Regulatory LansdcapeData Security Regulatory Lansdcape
Data Security Regulatory LansdcapeBrian Bauer
 
The Privacy Law Landscape: Issues for the research community
The Privacy Law Landscape: Issues for the research communityThe Privacy Law Landscape: Issues for the research community
The Privacy Law Landscape: Issues for the research communityARDC
 
Cybersecurity and the Law: Fasken Law Firm
Cybersecurity and the Law: Fasken Law FirmCybersecurity and the Law: Fasken Law Firm
Cybersecurity and the Law: Fasken Law FirmNext Dimension Inc.
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11pdewitte
 
How your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacyHow your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacyTechSoup Canada
 
Francoise Gilbert Proposed EU Data Protection Regulation-20120214
Francoise Gilbert Proposed EU Data Protection Regulation-20120214Francoise Gilbert Proposed EU Data Protection Regulation-20120214
Francoise Gilbert Proposed EU Data Protection Regulation-20120214Francoise Gilbert
 
Ley protecciĂłn de datos personales
Ley protecciĂłn de datos personalesLey protecciĂłn de datos personales
Ley protecciĂłn de datos personalesJuan Carlos Carrillo
 
A Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachA Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachJim Brashear
 
GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsGDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsHarrison Clark Rickerbys
 
Siskinds | Incident Response Plan
Siskinds | Incident Response PlanSiskinds | Incident Response Plan
Siskinds | Incident Response PlanNext Dimension Inc.
 
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...Harrison Clark Rickerbys
 
The Current State of FOI
The Current State of FOIThe Current State of FOI
The Current State of FOIDan Michaluk
 
What You Need to Know About Privacy
What You Need to Know About PrivacyWhat You Need to Know About Privacy
What You Need to Know About PrivacyNow Dentons
 
What You Need To Know About Privacy - Now!
What You Need To Know About Privacy - Now!What You Need To Know About Privacy - Now!
What You Need To Know About Privacy - Now!Now Dentons
 
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...Diana Maier
 
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Financial Poise
 

Ähnlich wie Privacy presentation for regional directors july 2009 (20)

Privacy icms (handouts)
Privacy icms (handouts)Privacy icms (handouts)
Privacy icms (handouts)
 
Privacy Compliance for Law Firms: Moving Beyond Confidentiality
Privacy Compliance for Law Firms: Moving Beyond ConfidentialityPrivacy Compliance for Law Firms: Moving Beyond Confidentiality
Privacy Compliance for Law Firms: Moving Beyond Confidentiality
 
Privacy and missing persons
Privacy and missing personsPrivacy and missing persons
Privacy and missing persons
 
74 x9019 bea legal slides short form ged12.12.16
74 x9019 bea legal slides short form ged12.12.1674 x9019 bea legal slides short form ged12.12.16
74 x9019 bea legal slides short form ged12.12.16
 
Data Security Regulatory Lansdcape
Data Security Regulatory LansdcapeData Security Regulatory Lansdcape
Data Security Regulatory Lansdcape
 
The Privacy Law Landscape: Issues for the research community
The Privacy Law Landscape: Issues for the research communityThe Privacy Law Landscape: Issues for the research community
The Privacy Law Landscape: Issues for the research community
 
Cybersecurity and the Law: Fasken Law Firm
Cybersecurity and the Law: Fasken Law FirmCybersecurity and the Law: Fasken Law Firm
Cybersecurity and the Law: Fasken Law Firm
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11
 
How your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacyHow your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacy
 
Francoise Gilbert Proposed EU Data Protection Regulation-20120214
Francoise Gilbert Proposed EU Data Protection Regulation-20120214Francoise Gilbert Proposed EU Data Protection Regulation-20120214
Francoise Gilbert Proposed EU Data Protection Regulation-20120214
 
Ley protecciĂłn de datos personales
Ley protecciĂłn de datos personalesLey protecciĂłn de datos personales
Ley protecciĂłn de datos personales
 
A Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachA Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data Breach
 
GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsGDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business Advisors
 
Siskinds | Incident Response Plan
Siskinds | Incident Response PlanSiskinds | Incident Response Plan
Siskinds | Incident Response Plan
 
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
 
The Current State of FOI
The Current State of FOIThe Current State of FOI
The Current State of FOI
 
What You Need to Know About Privacy
What You Need to Know About PrivacyWhat You Need to Know About Privacy
What You Need to Know About Privacy
 
What You Need To Know About Privacy - Now!
What You Need To Know About Privacy - Now!What You Need To Know About Privacy - Now!
What You Need To Know About Privacy - Now!
 
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
 
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
 

KĂźrzlich hochgeladen

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 

KĂźrzlich hochgeladen (20)

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 

Privacy presentation for regional directors july 2009

  • 1. Managing Privacy in the Department of Justice “Privacy Matters” Brent Carey Manager Privacy, Feedback & Whistleblowers
  • 2. Learning Objectives Today you will hear about Victorian privacy requirements This session will better equip you to understand: •collection, use & disclosure, management and access to personal information • privacy incidents in the department, how to prevent, detect, recover and report • how the department is gaining a leading edge in global privacy best practices and where to go for privacy related help. “Privacy Matters”
  • 3. Privacy Compliance is a risk management exercise Executives = risk Managers in part because everyday business presents them with a choice of opportunities for gain, loss, cooperation and conflict Victoria‟s privacy laws are designed to limit the risks of data loss/ fraud due to breaches of privacy and security and thereby help create a safer environment for investments in new technologies and service delivery “Privacy Matters”
  • 4. World Economic Forum Global Risks 2009 “Privacy Matters”
  • 5. Compliance with privacy laws guards against • Damaging the reputation of the Government, a Minister, a Secretary, a Senior Executive (Today/Tonight or Derryn Hinch test) • Compromising service delivery or care or leading to a loss of confidence • Re-assigning staff to repair and control • Incurring legal non compliance, financial penalties or costs • Undermining strategic priorities of a modern criminal justice system “Privacy Matters”
  • 6. Privacy legislation Information Privacy Act State government agencies, local councils, Ministers & Statutory agencies Health Records Act Health information in Victorian public and private sectors, hospitals, doctors & employers. Federal Privacy Act 1988 Covers Federal Govt and much of the private sector Charter of Human Rights and Victorian Govt depts and agencies must act Responsibilities Act in a way that is compatible with human rights “Privacy Matters”
  • 7. Privacy – Key definitions Personal information Recorded information about a living identifiable or easily identifiable individual. Health information Information able to be linked to a living or deceased person about a person‟s physical, mental or psychological health. Sensitive information Includes information about a person‟s race or ethnicity and criminal record. Is a photo personal information? Are details of a person‟s position and salary recorded on their personnel file? “Privacy Matters”
  • 8. Relationship to other laws Privacy laws What they say Examples Information If there is, any inconsistency • Section 30 of the Privacy Act between the Information Corrections Act 1991. (section 6). Privacy Act and a provision in another Act, the other Act’s • Section 141 of the Fair provision prevails to the Trading Act 1999. extent of the inconsistency. Are you familiar with what your primary legislation states you can do with personal information? “Privacy Matters”
  • 9. Privacy Basics Collection Minimise collection, collect only with authority, provide privacy notice Use Use only for the purpose for which collected Disclosure With Consent, or if disclosure is required to fulfil the purpose of collection Retention Information about Business decisions must be retained. Copies need to be disposed of securely Security Against risks eg unauthorised access, collection, use, disclosure and disposal Accuracy Decisions affecting an individual must be based on accurate and complete information “Privacy Matters”
  • 10. Need some motivation about this time? • Are you the US Montana? “Privacy Matters”
  • 11. Data Release versus Data Sharing You must You may if required by law… if allowed by law… Example: Example: the Police Regulation Act requires the Freedom of Information Act reporting of serious misconduct by allows disclosure upon a request members of the police force. being made unless an exempt document. “Privacy Matters”
  • 12. You may disclose under IPP2 Under IPP2 you may disclose: to law enforcement agencies for the purpose of prevention, detection, • with consent. investigation, prosecution or punishment of criminal offences or breaches of a law. • if information is from a publicly available source. where the information is reasonably • information for statistical or research believed to be necessary to lessen or purposes; no identifiers. prevent a serious threat to public health / safety / welfare. • investigation of unlawful activity. • other reasons in IPP2. “Privacy Matters”
  • 13. Consequences • A privacy breach occurs when there is unauthorized access to or collection, use, disclosure or disposal of personal information. • A privacy breach is not just about a mistake … it‟s about TRUST “Privacy Matters”
  • 14. Take this moment in history Privacy incidents can just pop up Take this moment in history “Privacy Matters”
  • 15. Cost of a Privacy Breach Formula • Total number of individuals affected by the breach multiply by – Downtime ( loss of productivity) – Staff Costs (indicated in hours) – additional post incident costs ( briefs, letters) – potential legal action (VCAT, Supreme Court, compensation) • Bottom line true cost of a privacy breach can be expensive “Privacy Matters”
  • 16. DOJ Privacy Incident Protocol Reported within Alleged privacy 30 min via breach line management Provide summary Containment of complaint / measures at breach to location Privacy Team “Privacy Matters”
  • 17. Privacy Incidents by Region 2 2 2 2 4 Eastern 12 Gippsland Loddon Mallee Southern 60 18 Hume Barwon Southwest Grampians North Western 20 Central “Privacy Matters”
  • 18. Why privacy incidents? Division No. • Total of 143 since 2005 Regional & Executive Services 14 • The Department holds a large Strategic Planning & Projects 0 amount of personal & sensitive Gaming & Racing 1 information in multiple databases and systems Legal & Equity 0 Police, Emergency Services & Corrections 85 • Increased reporting of incidents Consumer Affaires 4 • Large amount of sanctioned data Community Operations & Strategy 27 sharing between DOJ, Police, DHS etc Courts 8 Non-Justice related 4 • Increased use of email & fax to send and receive information Total 143 “Privacy Matters”
  • 19. Nature of DOJ privacy incidents Categories of breach and complaint under IPP4 Data Security make up 85.5% of all matters. Only 15 of the total 143 relate to matters other than IPP 4 Trends in Justice: IPP 4 related categories: Inappropriate Access (e-Justice) Information Sharing/ colocation Inappropriate Access (PIMS) Theft/ Loss of items Inappropriate Access to Other Database Incorrectly addressed emails & faxes Inappropriate Collection Inappropriate Disclosure Employee Misconduct Inappropriate Email Access Threats worldwide: Inappropriate Phone Disclosure Incorrect Fax Social engineering Incorrect Information Inadequate/Outdated Technology Lost Information Exposure through web attack Wrong Email Address Employee misconduct Physical threats “Privacy Matters”
  • 20. Is your business vulnerable? “Privacy Matters”
  • 21. You ought to be concerned if.. Downsize, retrench, relocate or collocate Outsource services such as couriers, mail-outs, debt recovery/ workcover agents, data storage „Snoops & Leaks‟ Staff who forward & circulate information widely Don‟t know where your most sensitive information resides within your region Have a culture of Hoarders and „Chuckers‟ Have „home‟ workers Have audit recommendations not implemented “Privacy Matters”
  • 22. Flavours of a Privacy Breach: CV CCS • A community work site received by fax, 15 pages of full medical history for an offender along with his community work contract. • Offender had provided extensive medical documentation to support his claim that he required a light duty site and no authority was provided for this information to be provided to any other person or agency. The site supervisor clearly indicated that the information had been provided to him by a CCO who undertakes the Community Work Coordinator role. • Confirmed that document has been destroyed. Worksite supervisor has agreed to take on the offender regardless of information received. • Employee concerned will attend Privacy training. “Privacy Matters”
  • 23. Privacy Breach: CV Prison • A prison officer picked up a number of sheets of paper off the ground within a prison compound in an area accessible to visitors. • Contained a list of custodial staff members and residential and mobile numbers. • All master phone lists watermarked with confidentiality message. • Staff notified that their details were subject to potential access. “Privacy Matters”
  • 24. Privacy Breach: IMES • A member of the public complained that he had received summaries of infringements and several notices from Infringements Court /IMES. One notice refers to due date 1999 which IMES state is a configuration error (IPP 3). • He also received notice addressed to another person concerning their fine which he said he has forwarded to him with his letter (IPP 4). • Action taken against contractor for error on their part in the breach. • Mail checking procedures revised. “Privacy Matters”
  • 25. Privacy Breach: Indigenous Issues Unit • Member of the public complained that Aboriginal Liaison Officer assisting him with fines in court has failed to protect his information from loss and unauthorised access. (IPP 4.1). • Executive Services has considered the contract which suggests DOJ is treating the matter as a „state contract‟ as apposed to a mere funding agreement for Information Privacy Act purposes. However it is not clear that DOJ has adequately passed its responsibility for privacy compliance onto the Co-op. • Executive Services and IIU have made arrangements to discuss the matter with the Co-op with a view to resolving the complaint. “Privacy Matters”
  • 26. Privacy Breach: CAV • Residential Tenancies Inspector had briefcase stolen from vehicle boot. • Briefcase contained 35 rent review files and personal information about 70 individuals. • IPP 2 (disclosure) & IPP 4 (security). • Individuals notified. • Privacy compliance reminders issued to staff. “Privacy Matters”
  • 27. Policy relationships ICT & Taking Responsibility & Code of Conduct Physical Security Strategy Drive Drive Information Security and Information Privacy Policy Drive Classification Other policies Reasonable Personal Use policies “Privacy Matters”
  • 28. Other Policies detailed Policies • Information Security Policy • Personal Information Policy • Information Privacy Complaint Handling Policy • Inappropriate Access to Personal Information • Clear Desk and Screen Policy • ICT Security Policy Overview • Fax Security Policy Procedures • Privacy Induction Manual • Privacy Coordinators Operational Manual • How do I…. Undertake a Information Security Classification Process “Privacy Matters”
  • 29. Privacy Tools Collection Statement Generator Use for form and website design Privacy Impact Assessment Use in Projects Information Sharing Agreements Use where bulk and routine release of information Privacy Clause S17(2) - Contracted Service Providers Require all third parties to comply with privacy laws Privacy Breach Protocol Detect, file incident report to Exec Services Personal Information Consent Form Use to ensure valid consents Annual Privacy Health Check Do it once a Year to assess vulnerabilities prior to incidents occurring “Privacy Matters”
  • 30. Other Privacy Measures • Volunteer Privacy Coordinators (BU‟s) & Contact Officers (Prisons & CCS) “Eyes and Ears” • Privacy Training • Privacy e-Learning Module • Privacy FAQ & Factsheet Series • Privacy HelpDesk • Privacy Awareness Materials • Taking Responsibility Fax Sticker Campaign • “Whoops Sorry!” Email Campaign “Privacy Matters”
  • 31. Three things you can do straight away • Check staff in your region know how to spot and report a privacy breach • Assess vulnerabilities within your region prior to an incident occurring • Engage staff and third parties across your region in building your privacy and security culture and maintaining the department's reputation as one of three global privacy leaders “Privacy Matters”
  • 32. Summary • Privacy Risk is worth managing • Personal information is more than just electronic data • Personal Information loss and leakage is a risk to the department • Move toward greater accountability, transparency within the regions and within Govt and need to be ready with robust privacy controls ( people, process technologies • Privacy Incident protection is more than just securing the system. People and culture are the key. • Let‟s end on a light note: People can be our strongest or weakest link “Privacy Matters”