SlideShare ist ein Scribd-Unternehmen logo

Information Security and GDPR

London School of Hygiene and Tropical Medicine
London School of Hygiene and Tropical Medicine

Laurence Horton of the London School of Economics gave a talk on the information security implications of the General Data Protection Regulation (GDPR). Presented at the London Area Research Data meeting on 17th November 2017, held at the London School of Hygiene & Tropical Medicine.

Technologie
1 von 11
Information Security and GDPR Laurence Horton, LSE Library “Information Security and GDPR” by Laurence Horton is licensed under a Creative Commons Attribution 4.0 International License.
GDPR sanctions • Written warning • Data protection audit • 20,000,000€ or up to 4% annual worldwide turnover • consent • data subjects' rights • transfers of personal data
Personal data • Best way to manage personal data: don’t collect it unless necessary. – Name, identification number, location data, online identifier* – Race or ethnicity – Trade union membership – Religious or philosophical beliefs – Political opinions – Health – Sex life – Criminal record† – Genetic – Biometric • GDPR, *Article 4(1), Article 9(1), †Article 10
Information Security classifications Access levels based on ‘least privilege’ principle. • Controlled • Safeguarded • Open data Source: https://www.ukdataservice.ac.uk/manage- data/legal-ethical/access-control • Confidential • Restricted • Internal Use • Public Source: https://info.lse.ac.uk/staff/Services/Policies- and- procedures/Assets/Documents/infSecStaIT.pdf
Five safes Safe… Projects: appropriate use? People: researchers trusted to follow procedures and use data properly Settings: security arrangements prevent unauthorised access or loss Data: Is there a disclosure risk in the data itself? Outputs: Publications don’t contain identifying results Source: Ritchie, Felix (2008). "Secure access to confidential microdata: four years of the Virtual Microdata Laboratory" (PDF). Economic and Labour Market Statistics. 2:5: 29–34. http://www.ons.gov.uk/ons/rel/elmr/economic-and-labour-market-review/no--5--may-2008/secure-access-to-confidential-microdata--four- years-of-the-virtual-microdata-laboratory.pdf
Encryption BitLocker FileVault VeraCrypt 7-zip MS Office Windows EFS Hardware encryption Phones or tablets Hard drive USB/External Volume Files Folders Archives Hidden volumes Best fit Some issues Use with caution Not available LSE Encryption matrix: http://www.lse.ac.uk/intranet/LSEServices/IMT/about/policies/documents/encryption-matrix.pdf • If it is necessary, anonymise it as soon as possible. Separate and encrypt personal data.
Physical access • Don’t forget the physical: control access to rooms and storage. Image: 8th Ward Villere Street New Orleans Safe House C" by Infrogmation of New Orleans - originally posted to Flickr as 7WardVillereSafeHouseC. Licensed under CC BY 2.0 via Wikimedia Commons - https://commons.wikimedia.org/wiki/File:8th_Ward_Villere_Street_New_Orleans_Safe_House_C.jpg
Information Security guidance • Check contractual requirements – ISO27001 (formal or ‘aligned with’) – Data must not be accessed remotely – Strong access controls (password complexity & expiry, folder access, server access) – Data must be encrypted – Secure deletion
Information Security guidance • Warn about breaches – Phishing – Spoofing – Malware/ransomware – Theft
Information Security guidance • Cloud storage – LSE has SharePoint, OneDrive – data held in EU (Dublin and Amsterdam) – accounts for external users to access where needed – Information Security team can assess Cloud storage providers contracts
Contact • datalibrary@lse.ac.uk • @laurencedata

Empfohlen

AIIM 2015 - Data Privacy
AIIM 2015 - Data PrivacyAIIM 2015 - Data Privacy
AIIM 2015 - Data PrivacyAlan Pelz-Sharpe
 
Digital&computforensic
Digital&computforensicDigital&computforensic
Digital&computforensicRahul Badekar
 
Protect the Unexpected
Protect the UnexpectedProtect the Unexpected
Protect the UnexpectedCharles Mok
 
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...Stefano Maria De' Rossi
 
Module 8 security and ethical challenges
Module 8 security and ethical challengesModule 8 security and ethical challenges
Module 8 security and ethical challengesCRM
 
Computer Forensics – What Every Lawyer Needs to Know
Computer Forensics – What Every Lawyer Needs to KnowComputer Forensics – What Every Lawyer Needs to Know
Computer Forensics – What Every Lawyer Needs to KnowWinston & Strawn LLP
 
I want to be a cyber forensic examiner
I want to be a cyber forensic examinerI want to be a cyber forensic examiner
I want to be a cyber forensic examinerNeeraj Aarora
 
Threat Modeling for Journalists
Threat Modeling for JournalistsThreat Modeling for Journalists
Threat Modeling for JournalistsGabor Szathmari
 

Empfohlen

AIIM 2015 - Data Privacy
AIIM 2015 - Data PrivacyAIIM 2015 - Data Privacy
AIIM 2015 - Data PrivacyAlan Pelz-Sharpe
 
Digital&computforensic
Digital&computforensicDigital&computforensic
Digital&computforensicRahul Badekar
 
Protect the Unexpected
Protect the UnexpectedProtect the Unexpected
Protect the UnexpectedCharles Mok
 
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...
E Fraud And Predictive Forensic Profiling Reducing Losses By Combining Sci...Stefano Maria De' Rossi
 
Module 8 security and ethical challenges
Module 8 security and ethical challengesModule 8 security and ethical challenges
Module 8 security and ethical challengesCRM
 
Computer Forensics – What Every Lawyer Needs to Know
Computer Forensics – What Every Lawyer Needs to KnowComputer Forensics – What Every Lawyer Needs to Know
Computer Forensics – What Every Lawyer Needs to KnowWinston & Strawn LLP
 
I want to be a cyber forensic examiner
I want to be a cyber forensic examinerI want to be a cyber forensic examiner
I want to be a cyber forensic examinerNeeraj Aarora
 
Threat Modeling for Journalists
Threat Modeling for JournalistsThreat Modeling for Journalists
Threat Modeling for JournalistsGabor Szathmari
 
cybercrime landscape for moldova
cybercrime landscape for moldovacybercrime landscape for moldova
cybercrime landscape for moldovamoldovaictsummit2016
 
Avoiding Common Security Breaches & HIPAA Violations
Avoiding Common Security Breaches & HIPAA ViolationsAvoiding Common Security Breaches & HIPAA Violations
Avoiding Common Security Breaches & HIPAA ViolationsBiblical Counseling Center of Bradenton, FL
 
Data protection in Practice
Data protection in PracticeData protection in Practice
Data protection in PracticeTomppa Järvinen
 
Computer crimes and forensics
Computer crimes and forensics Computer crimes and forensics
Computer crimes and forensics Avinash Mavuru
 
Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics pptNikhil Mashruwala
 
Cybercrime And Cyber forensics
Cybercrime And Cyber forensics Cybercrime And Cyber forensics
Cybercrime And Cyber forensics sunanditaAnand
 
The Data Protection Act
The Data Protection ActThe Data Protection Act
The Data Protection Actburto111
 
Privacy , Security and Ethics Presentation
Privacy , Security and Ethics PresentationPrivacy , Security and Ethics Presentation
Privacy , Security and Ethics PresentationHajarul Cikyen
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic toolsSonu Sunaliya
 
Data Masking: Testing with Near-real Data
Data Masking: Testing with Near-real DataData Masking: Testing with Near-real Data
Data Masking: Testing with Near-real DataTechWell
 
How to keep women safe, online?
How to keep women safe, online?How to keep women safe, online?
How to keep women safe, online?Ankit Mehta
 
Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...
Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...
Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...Winston & Strawn LLP
 
Confidentiality
ConfidentialityConfidentiality
Confidentialityizzati masturah
 
Divorce in the Digital Era
Divorce in the Digital EraDivorce in the Digital Era
Divorce in the Digital EraFrederick Lane
 
Internet Security is an Oxymoron
Internet Security is an OxymoronInternet Security is an Oxymoron
Internet Security is an OxymoronMax Nokhrin
 
Submitting documents anonymously by Atanas Chobanov
Submitting documents anonymously by Atanas ChobanovSubmitting documents anonymously by Atanas Chobanov
Submitting documents anonymously by Atanas Chobanoveurobsdcon
 
Ip bill issues
Ip bill issuesIp bill issues
Ip bill issuesrcorrigan
 
DPA seminar presentation
DPA seminar presentationDPA seminar presentation
DPA seminar presentationRodonoghue72
 
Electronic Signatures - Technical Foundations
Electronic Signatures - Technical FoundationsElectronic Signatures - Technical Foundations
Electronic Signatures - Technical FoundationsTorsten Eymann
 
Security and Safe Keeping of Official Information by DPO
Security and Safe Keeping of Official Information by DPOSecurity and Safe Keeping of Official Information by DPO
Security and Safe Keeping of Official Information by DPOAtlantic Training, LLC.
 
IoT PPT Deck
IoT PPT DeckIoT PPT Deck
IoT PPT DeckJohn Yates
 
Wipo smes ge_08_topic07
Wipo smes ge_08_topic07Wipo smes ge_08_topic07
Wipo smes ge_08_topic07AbdurrahmanADandalam1
 

Weitere ähnliche Inhalte

Was ist angesagt?

Data protection in Practice
Data protection in PracticeData protection in Practice
Data protection in PracticeTomppa Järvinen
 
Computer crimes and forensics
Computer crimes and forensics Computer crimes and forensics
Computer crimes and forensics Avinash Mavuru
 
Cybercrime And Cyber forensics
Cybercrime And Cyber forensics Cybercrime And Cyber forensics
Cybercrime And Cyber forensics sunanditaAnand
 
The Data Protection Act
The Data Protection ActThe Data Protection Act
The Data Protection Actburto111
 
Privacy , Security and Ethics Presentation
Privacy , Security and Ethics PresentationPrivacy , Security and Ethics Presentation
Privacy , Security and Ethics PresentationHajarul Cikyen
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic toolsSonu Sunaliya
 
Data Masking: Testing with Near-real Data
Data Masking: Testing with Near-real DataData Masking: Testing with Near-real Data
Data Masking: Testing with Near-real DataTechWell
 
How to keep women safe, online?
How to keep women safe, online?How to keep women safe, online?
How to keep women safe, online?Ankit Mehta
 
Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...
Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...
Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...Winston & Strawn LLP
 
Divorce in the Digital Era
Divorce in the Digital EraDivorce in the Digital Era
Divorce in the Digital EraFrederick Lane
 
Internet Security is an Oxymoron
Internet Security is an OxymoronInternet Security is an Oxymoron
Internet Security is an OxymoronMax Nokhrin
 
Submitting documents anonymously by Atanas Chobanov
Submitting documents anonymously by Atanas ChobanovSubmitting documents anonymously by Atanas Chobanov
Submitting documents anonymously by Atanas Chobanoveurobsdcon
 
Ip bill issues
Ip bill issuesIp bill issues
Ip bill issuesrcorrigan
 
DPA seminar presentation
DPA seminar presentationDPA seminar presentation
DPA seminar presentationRodonoghue72
 
Electronic Signatures - Technical Foundations
Electronic Signatures - Technical FoundationsElectronic Signatures - Technical Foundations
Electronic Signatures - Technical FoundationsTorsten Eymann
 
Security and Safe Keeping of Official Information by DPO
Security and Safe Keeping of Official Information by DPOSecurity and Safe Keeping of Official Information by DPO
Security and Safe Keeping of Official Information by DPOAtlantic Training, LLC.
 

Was ist angesagt? (20)

cybercrime landscape for moldova
cybercrime landscape for moldovacybercrime landscape for moldova
cybercrime landscape for moldova
 
Avoiding Common Security Breaches & HIPAA Violations
Avoiding Common Security Breaches & HIPAA ViolationsAvoiding Common Security Breaches & HIPAA Violations
Avoiding Common Security Breaches & HIPAA Violations
 
Data protection in Practice
Data protection in PracticeData protection in Practice
Data protection in Practice
 
Computer crimes and forensics
Computer crimes and forensics Computer crimes and forensics
Computer crimes and forensics
 
Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics ppt
 
Cybercrime And Cyber forensics
Cybercrime And Cyber forensics Cybercrime And Cyber forensics
Cybercrime And Cyber forensics
 
The Data Protection Act
The Data Protection ActThe Data Protection Act
The Data Protection Act
 
Privacy , Security and Ethics Presentation
Privacy , Security and Ethics PresentationPrivacy , Security and Ethics Presentation
Privacy , Security and Ethics Presentation
 
cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic tools
 
Data Masking: Testing with Near-real Data
Data Masking: Testing with Near-real DataData Masking: Testing with Near-real Data
Data Masking: Testing with Near-real Data
 
How to keep women safe, online?
How to keep women safe, online?How to keep women safe, online?
How to keep women safe, online?
 
Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...
Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...
Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...
 
Confidentiality
ConfidentialityConfidentiality
Confidentiality
 
Divorce in the Digital Era
Divorce in the Digital EraDivorce in the Digital Era
Divorce in the Digital Era
 
Internet Security is an Oxymoron
Internet Security is an OxymoronInternet Security is an Oxymoron
Internet Security is an Oxymoron
 
Submitting documents anonymously by Atanas Chobanov
Submitting documents anonymously by Atanas ChobanovSubmitting documents anonymously by Atanas Chobanov
Submitting documents anonymously by Atanas Chobanov
 
Ip bill issues
Ip bill issuesIp bill issues
Ip bill issues
 
DPA seminar presentation
DPA seminar presentationDPA seminar presentation
DPA seminar presentation
 
Electronic Signatures - Technical Foundations
Electronic Signatures - Technical FoundationsElectronic Signatures - Technical Foundations
Electronic Signatures - Technical Foundations
 
Security and Safe Keeping of Official Information by DPO
Security and Safe Keeping of Official Information by DPOSecurity and Safe Keeping of Official Information by DPO
Security and Safe Keeping of Official Information by DPO
 

Ähnlich wie Information Security and GDPR

Trust in a Digital World
Trust in a Digital WorldTrust in a Digital World
Trust in a Digital Worlditnewsafrica
 
2013.11.30.Brook-CSA_Congress_EU_Avoiding_US_Cloud_Providers
2013.11.30.Brook-CSA_Congress_EU_Avoiding_US_Cloud_Providers2013.11.30.Brook-CSA_Congress_EU_Avoiding_US_Cloud_Providers
2013.11.30.Brook-CSA_Congress_EU_Avoiding_US_Cloud_ProvidersJon-Michael C. Brook, CISSP
 
What I learned at the Infosecurity ISACA North America Conference 2019
What I learned at the Infosecurity ISACA North America Conference 2019What I learned at the Infosecurity ISACA North America Conference 2019
What I learned at the Infosecurity ISACA North America Conference 2019Ulf Mattsson
 
A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaA practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaUlf Mattsson
 
Bcc comp4 ppt1
Bcc comp4 ppt1Bcc comp4 ppt1
Bcc comp4 ppt1ifrieshe
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudUlf Mattsson
 
Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Ulf Mattsson
 
ISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniquesISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniquesUlf Mattsson
 
The Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage DevicesThe Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage DevicesGFI Software
 
Five steps to secure big data
Five steps to secure big dataFive steps to secure big data
Five steps to secure big dataUlf Mattsson
 
Privacy & Data Ethics
Privacy & Data EthicsPrivacy & Data Ethics
Privacy & Data EthicsErik Kokkonen
 
I spy. The world of info Security from the known to the unknown.
I spy. The world of info Security from the known to the unknown.I spy. The world of info Security from the known to the unknown.
I spy. The world of info Security from the known to the unknown.Internet Security Auditors
 
Refugees on Rails Berlin - #2 Tech Talk on Security
Refugees on Rails Berlin - #2 Tech Talk on SecurityRefugees on Rails Berlin - #2 Tech Talk on Security
Refugees on Rails Berlin - #2 Tech Talk on SecurityGianluca Varisco
 
IT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceIT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceJeff Lemmermann
 
Securing Your Digital Files from Legal Threats
Securing Your Digital Files from Legal ThreatsSecuring Your Digital Files from Legal Threats
Securing Your Digital Files from Legal ThreatsAbbie Hosta
 

Ähnlich wie Information Security and GDPR (20)

IoT PPT Deck
IoT PPT DeckIoT PPT Deck
IoT PPT Deck
 
Wipo smes ge_08_topic07
Wipo smes ge_08_topic07Wipo smes ge_08_topic07
Wipo smes ge_08_topic07
 
Trust in a Digital World
Trust in a Digital WorldTrust in a Digital World
Trust in a Digital World
 
2013.11.30.Brook-CSA_Congress_EU_Avoiding_US_Cloud_Providers
2013.11.30.Brook-CSA_Congress_EU_Avoiding_US_Cloud_Providers2013.11.30.Brook-CSA_Congress_EU_Avoiding_US_Cloud_Providers
2013.11.30.Brook-CSA_Congress_EU_Avoiding_US_Cloud_Providers
 
What I learned at the Infosecurity ISACA North America Conference 2019
What I learned at the Infosecurity ISACA North America Conference 2019What I learned at the Infosecurity ISACA North America Conference 2019
What I learned at the Infosecurity ISACA North America Conference 2019
 
A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaA practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpa
 
Bcc comp4 ppt1
Bcc comp4 ppt1Bcc comp4 ppt1
Bcc comp4 ppt1
 
INT 1010 07-4.pdf
INT 1010 07-4.pdfINT 1010 07-4.pdf
INT 1010 07-4.pdf
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloud
 
Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...
 
ISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniquesISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniques
 
The Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage DevicesThe Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage Devices
 
Network security
Network securityNetwork security
Network security
 
Five steps to secure big data
Five steps to secure big dataFive steps to secure big data
Five steps to secure big data
 
Privacy & Data Ethics
Privacy & Data EthicsPrivacy & Data Ethics
Privacy & Data Ethics
 
I spy. The world of info Security from the known to the unknown.
I spy. The world of info Security from the known to the unknown.I spy. The world of info Security from the known to the unknown.
I spy. The world of info Security from the known to the unknown.
 
Refugees on Rails Berlin - #2 Tech Talk on Security
Refugees on Rails Berlin - #2 Tech Talk on SecurityRefugees on Rails Berlin - #2 Tech Talk on Security
Refugees on Rails Berlin - #2 Tech Talk on Security
 
IT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceIT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 Conference
 
Internal social networks
Internal social networksInternal social networks
Internal social networks
 
Securing Your Digital Files from Legal Threats
Securing Your Digital Files from Legal ThreatsSecuring Your Digital Files from Legal Threats
Securing Your Digital Files from Legal Threats
 

Mehr von London School of Hygiene and Tropical Medicine

Mehr von London School of Hygiene and Tropical Medicine (20)

Preparing to submit your thesis at LSHTM
Preparing to submit your thesis at LSHTMPreparing to submit your thesis at LSHTM
Preparing to submit your thesis at LSHTM
 
Your research is more than a thesis: Make the most of research data and other...
Your research is more than a thesis: Make the most of research data and other...Your research is more than a thesis: Make the most of research data and other...
Your research is more than a thesis: Make the most of research data and other...
 
Enhance your rese​arch impact through open science
Enhance your rese​arch impact through open scienceEnhance your rese​arch impact through open science
Enhance your rese​arch impact through open science
 
GDPR and Research Data Management
GDPR and Research Data ManagementGDPR and Research Data Management
GDPR and Research Data Management
 
Towards Open Research: practices, experiences, barriers and opportunities
Towards Open Research: practices, experiences, barriers and opportunitiesTowards Open Research: practices, experiences, barriers and opportunities
Towards Open Research: practices, experiences, barriers and opportunities
 
Data Journals and repositories: Getting academic credit for data sharing
Data Journals and repositories: Getting academic credit for data sharingData Journals and repositories: Getting academic credit for data sharing
Data Journals and repositories: Getting academic credit for data sharing
 
Crowd sourcing and high resolution satellite imagery in public health
Crowd sourcing and high resolution satellite imagery in public healthCrowd sourcing and high resolution satellite imagery in public health
Crowd sourcing and high resolution satellite imagery in public health
 
Determining the relationship between physical environment and weight status u...
Determining the relationship between physical environment and weight status u...Determining the relationship between physical environment and weight status u...
Determining the relationship between physical environment and weight status u...
 
i-Sense: an early-warning sensing systems for infectious diseases
i-Sense: an early-warning sensing systems for infectious diseasesi-Sense: an early-warning sensing systems for infectious diseases
i-Sense: an early-warning sensing systems for infectious diseases
 
Internet-based surveillance of illness: the FluSurvey platform
Internet-based surveillance of illness: the FluSurvey platformInternet-based surveillance of illness: the FluSurvey platform
Internet-based surveillance of illness: the FluSurvey platform
 
An overview of the MyHeart Counts app
An overview of the MyHeart Counts appAn overview of the MyHeart Counts app
An overview of the MyHeart Counts app
 
Electronic data collection for a modular household survey in Ethiopia
Electronic data collection for a modular household survey in EthiopiaElectronic data collection for a modular household survey in Ethiopia
Electronic data collection for a modular household survey in Ethiopia
 
Mobile-Based Experience Sampling for Behaviour Research
Mobile-Based Experience Sampling for Behaviour ResearchMobile-Based Experience Sampling for Behaviour Research
Mobile-Based Experience Sampling for Behaviour Research
 
Preparing Data for Sharing: The FAIR Principles
Preparing Data for Sharing: The FAIR PrinciplesPreparing Data for Sharing: The FAIR Principles
Preparing Data for Sharing: The FAIR Principles
 
RDM Training for health researchers: An institutional perspective
RDM Training for health researchers: An institutional perspectiveRDM Training for health researchers: An institutional perspective
RDM Training for health researchers: An institutional perspective
 
Research Data Readiness in UK Institutions: Digital Curation Centre’s 2015 Su...
Research Data Readiness in UK Institutions: Digital Curation Centre’s 2015 Su...Research Data Readiness in UK Institutions: Digital Curation Centre’s 2015 Su...
Research Data Readiness in UK Institutions: Digital Curation Centre’s 2015 Su...
 
Research data services at the University of Oxford
Research data services at the University of OxfordResearch data services at the University of Oxford
Research data services at the University of Oxford
 
Research Data Management at The University of Edinburgh
Research Data Management at The University of EdinburghResearch Data Management at The University of Edinburgh
Research Data Management at The University of Edinburgh
 
Research data management at UAL
Research data management at UALResearch data management at UAL
Research data management at UAL
 
RDM at UEL: agile, fragile or feral?
RDM at UEL: agile, fragile or feral?RDM at UEL: agile, fragile or feral?
RDM at UEL: agile, fragile or feral?
 

Kürzlich hochgeladen

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 

Kürzlich hochgeladen (20)

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 

Information Security and GDPR

  • 1. Information Security and GDPR Laurence Horton, LSE Library “Information Security and GDPR” by Laurence Horton is licensed under a Creative Commons Attribution 4.0 International License.
  • 2. GDPR sanctions • Written warning • Data protection audit • 20,000,000€ or up to 4% annual worldwide turnover • consent • data subjects' rights • transfers of personal data
  • 3. Personal data • Best way to manage personal data: don’t collect it unless necessary. – Name, identification number, location data, online identifier* – Race or ethnicity – Trade union membership – Religious or philosophical beliefs – Political opinions – Health – Sex life – Criminal record† – Genetic – Biometric • GDPR, *Article 4(1), Article 9(1), †Article 10
  • 4. Information Security classifications Access levels based on ‘least privilege’ principle. • Controlled • Safeguarded • Open data Source: https://www.ukdataservice.ac.uk/manage- data/legal-ethical/access-control • Confidential • Restricted • Internal Use • Public Source: https://info.lse.ac.uk/staff/Services/Policies- and- procedures/Assets/Documents/infSecStaIT.pdf
  • 5. Five safes Safe… Projects: appropriate use? People: researchers trusted to follow procedures and use data properly Settings: security arrangements prevent unauthorised access or loss Data: Is there a disclosure risk in the data itself? Outputs: Publications don’t contain identifying results Source: Ritchie, Felix (2008). "Secure access to confidential microdata: four years of the Virtual Microdata Laboratory" (PDF). Economic and Labour Market Statistics. 2:5: 29–34. http://www.ons.gov.uk/ons/rel/elmr/economic-and-labour-market-review/no--5--may-2008/secure-access-to-confidential-microdata--four- years-of-the-virtual-microdata-laboratory.pdf
  • 6. Encryption BitLocker FileVault VeraCrypt 7-zip MS Office Windows EFS Hardware encryption Phones or tablets Hard drive USB/External Volume Files Folders Archives Hidden volumes Best fit Some issues Use with caution Not available LSE Encryption matrix: http://www.lse.ac.uk/intranet/LSEServices/IMT/about/policies/documents/encryption-matrix.pdf • If it is necessary, anonymise it as soon as possible. Separate and encrypt personal data.
  • 7. Physical access • Don’t forget the physical: control access to rooms and storage. Image: 8th Ward Villere Street New Orleans Safe House C" by Infrogmation of New Orleans - originally posted to Flickr as 7WardVillereSafeHouseC. Licensed under CC BY 2.0 via Wikimedia Commons - https://commons.wikimedia.org/wiki/File:8th_Ward_Villere_Street_New_Orleans_Safe_House_C.jpg
  • 8. Information Security guidance • Check contractual requirements – ISO27001 (formal or ‘aligned with’) – Data must not be accessed remotely – Strong access controls (password complexity & expiry, folder access, server access) – Data must be encrypted – Secure deletion
  • 9. Information Security guidance • Warn about breaches – Phishing – Spoofing – Malware/ransomware – Theft
  • 10. Information Security guidance • Cloud storage – LSE has SharePoint, OneDrive – data held in EU (Dublin and Amsterdam) – accounts for external users to access where needed – Information Security team can assess Cloud storage providers contracts