SlideShare a Scribd company logo

(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data Privacy

Priyanka Aash, profile picture
Priyanka Aash

The document provides an overview of data privacy principles, emphasizing the significance of personal data and its processing. It outlines the roles of data subjects, controllers, and processors, along with the guiding principles for data privacy such as consent and security safeguards. Additionally, the document discusses frameworks for organizations to implement effective privacy measures and highlights the relationship between data privacy and information security.

Technology
Related topics:
Data Protection PracticesData Collection Insights Cyber-Security
1 of 16
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
SACONConfidential (c) Arrka, 2020 SACON International 2020 India | Bangalore | February 21 - 22 | Taj Yeshwantpur An Introduction to Data Privacy 1
SACON 2020 An Introduction to Data Privacy 2 • What is Personal Data? • An Overview of Privacy Principles & Rights • Relationship between Information Security and Privacy • How should an organization implement Privacy?
SACON 2020 When we talk Data Privacy, we talk Personal Data Any data that can – directly or indirectly - or in combination with other data – make a person ‘identifiable’ What is Personal Data? Device Identifiers Online Identifiers Social Media MarkersMetadata Data that has been processed using analytics that can identify a person Trackers & CookiesLocation Data Above – the – surface (ATS) Personal data Demographic/ Identity Data Health/ Biometric/Genetic/ Gender Data Political Affiliations/ Personal beliefs/ Criminal History/etc Financial Data Govt Ids Any compromise of this category of data can cause greater harm to the person as compared to other types of PD Sensitive Personal Data (SPD) Financial data, health data, official identifier, sex life, sexual orientation, biometric data, genetic data, transgender status, intersex status, caste or tribe, religious or political belief or affiliation* Further sub-categories Comprises: Personal Data (PD) Below – the – surface (BTS) Personal data
SACON 2020 Personal Data In Context Data Personal Data Sensitive Personal Data Data Privacy not Applicable Data Privacy Applicable
SACON 2020 Data Privacy Applies to Personal Data Processing Collection Recording Organisation Structuring Storage Alteration Transmission Dissemination Restriction Destruction Generation
SACON 2020 Roles in the Privacy Ecosystem Data Subject/ Principal She ‘OWNS’ her Personal Data Data Controller/ Fiduciary The entity that, alone or jointly with others, determines the Purposes for data processing (“Why”) & Means of data processing (“How”) 6 DATA PROCESSOR The entity that processes personal data: On behalf of the Fiduciary Under the instructions of the fiduciary
SACON 2020 What are the Principles that guide Personal Data Processing? 7
SACON 2020 Grounds for Processing Personal Data – The When Consent Function of State Public Interest Compliance with law or order of court/ tribunal Prompt action in case emergencies Purposes related to employment *Reasonable Purposes of Data Fiduciary • Processing for prevention & detection of any unlawful activity including fraud • Whistle blowing • M&A • Network and information security • Credit scoring • Recovery of debt • Processing of publicly available PD *Reasonable Purpose Examples
SACON 2020 Principles Guiding Personal Data Processing – The How Security Safeguards: Ensure Security Safeguards throughout the Lifecycle to protect against loss, unauthorised access, destruction, use, modification, disclosure or other reasonably foreseeable risks. User Rights: Provide Rights to user for Access, Correction, Processing Restrictions, etc. Data Collection Data Usage Data Destruction Consent: Obtain Informed, freely given and unambiguous consent where applicable Collection Limitation: Collect adequate, relevant based on Purpose Use Limitation: Use and disclose collected Personal Data only for pre- defined purposes. Limit Access to only relevant users. Storage Limitation: Retain Personal Data long enough to satisfy the purpose of Collection. Define Retention Periods Notice/ Transparency: Organization should publish a Public Statement on the Type of Personal Data collected, used, who it is shared with and how long it is retained Accountability: Organization needs to implement Accountability measures to manage Privacy. Examples of these measures include Breach Notification, Privacy By Design, inserting Privacy Clauses in 3rd Party Contracts, maintaining Records of Processing
SACON 2020 Is Data Privacy the same as Information Security? 10
SACON 2020 Information Security Data Privacy 11 Relationship: Infosec & Privacy Security of Personal Data Covers Security of non-Personal Data Covers non-Security related Privacy Principles (i.e. Notice, Collection Limitation)
SACON 2020 How should an Organization implement Privacy? 12
SACON 202013 The need for a Framework.. Organization Questions on Privacy Implementation Where should we start? What kind of Organization structure and capabilities do we need? What are the Policies and Processes that need to be implemented? What are the Technical, Administrative measures needed? How do we monitor Privacy on an ongoing basis? Privacy Implementation is a complex exercise impacting more than 80% of the organization Most Privacy Requirements need coordination between multiple functions Lack of Governance has seen failure of many Privacy Programs Lack of a structured Approach is a common cause for failure
SACON 2020 Some Privacy Program Frameworks DPF ISO 27701 BS 10012 14 Privacy Frameworks that provide a Structured Approach BS 10012:2017 is the British standard that sets out the requirements for a Personal Information Management System and aligns with the principles of the European General Data Protection Regulation (EU GDPR). ISO 27701 is a privacy extension to ISO 27001&02 and provides additional guidance for the protection of privacy, which is potentially affected by the processing of Personal Data. The DSCI Privacy Framework (DPF) has been developed to guide an organization on developing & implementing a Privacy Program
SACON 2020 9. PIS 7. IUA 3. PPP1. VPI 2. POR 4. RCI 5. PCM 6. MIM 8. PAT 15 A Sample Framework: DSCI Privacy Framework (DPF) # Practice Areas 1 Visibility over Personal Information (VPI) 2 Privacy Org & Responsibilities (POR) 3 Privacy Policy and Processes (PPP) 4 Regulatory Compliance and Intelligence (RCI) 5 Privacy Contract Management (PCM) 6 Privacy Monitoring and Incident Mgt (MIM) 7 Information Usage & Access (IUA) 8 Privacy Awareness and Training (PAT) 9 Personal Information Security (PIS) DSCI PRIVACY FRAMEWORK (DPF) Confidential (c) Arrka, 2018
SACON 2020 Thank You Q & A

More Related Content

PPTX
India'a Proposed Privacy & Personal Data Protection Law
Priyanka Aash
 
PDF
(SACON) Gauri Vishwas - Implementing a Privacy Program in a large Conglomerat...
Priyanka Aash
 
PDF
(SACON) Ramkumar Narayanan - Personal Data Discovery & Mapping - Challenges f...
Priyanka Aash
 
PDF
BigID Data Sheet: Smart Data Labeling and Tagging
BigID Inc
 
PPTX
BigID & Collibra Joint Deck: Using BigID’s Privacy-centric Data Discovery to...
BigID Inc
 
PDF
BigID Data Sheet: LGPD Compliance Automated
BigID Inc
 
PDF
BigID DataSheet: Data Access Intelligence
BigID Inc
 
PDF
BigID Data sheet: Consent Governance & Orchestration
BigID Inc
 
India'a Proposed Privacy & Personal Data Protection Law
Priyanka Aash
 
(SACON) Gauri Vishwas - Implementing a Privacy Program in a large Conglomerat...
Priyanka Aash
 
(SACON) Ramkumar Narayanan - Personal Data Discovery & Mapping - Challenges f...
Priyanka Aash
 
BigID Data Sheet: Smart Data Labeling and Tagging
BigID Inc
 
BigID & Collibra Joint Deck: Using BigID’s Privacy-centric Data Discovery to...
BigID Inc
 
BigID Data Sheet: LGPD Compliance Automated
BigID Inc
 
BigID DataSheet: Data Access Intelligence
BigID Inc
 
BigID Data sheet: Consent Governance & Orchestration
BigID Inc
 

What's hot (14)

PPTX
BigID GDPR Compliance Automation Webinar Slides
Dimitri Sirota
 
PDF
BigID Data Sheet: GDPR Compliance
BigID Inc
 
PDF
BigID's Smart Data Labeling and Tagging
Dimitri Sirota
 
PDF
BigID Data Sheet HIPAA Data Security & Privacy
BigID Inc
 
PDF
BigID Virtual MDM Data Sheet
Dimitri Sirota
 
PDF
BigID Data Subject Rights Automation for GDPR & Privacy Data Sheet
Dimitri Sirota
 
PDF
BigID Datasheet: CCPA Data Rights Automation
BigID Inc
 
PDF
Beginning your General Data Protection Regulation (GDPR) Journey
Microsoft Österreich
 
PDF
Finding Data at Risk for CCPA Compliance
Precisely
 
PPTX
Personally Identifiable Information – FTC: Identity theft is the most common ...
Jan Carroza
 
PPTX
GDPR: Your Journey to Compliance
Cobweb
 
PDF
Privacy & Data Protection in the Digital World
Arab Federation for Digital Economy
 
PPTX
Ensuring GDPR Compliance - A Zymplify Guide
Zymplify
 
PDF
GDPR changes affect direct marketing
Spotler
 
BigID GDPR Compliance Automation Webinar Slides
Dimitri Sirota
 
BigID Data Sheet: GDPR Compliance
BigID Inc
 
BigID's Smart Data Labeling and Tagging
Dimitri Sirota
 
BigID Data Sheet HIPAA Data Security & Privacy
BigID Inc
 
BigID Virtual MDM Data Sheet
Dimitri Sirota
 
BigID Data Subject Rights Automation for GDPR & Privacy Data Sheet
Dimitri Sirota
 
BigID Datasheet: CCPA Data Rights Automation
BigID Inc
 
Beginning your General Data Protection Regulation (GDPR) Journey
Microsoft Österreich
 
Finding Data at Risk for CCPA Compliance
Precisely
 
Personally Identifiable Information – FTC: Identity theft is the most common ...
Jan Carroza
 
GDPR: Your Journey to Compliance
Cobweb
 
Privacy & Data Protection in the Digital World
Arab Federation for Digital Economy
 
Ensuring GDPR Compliance - A Zymplify Guide
Zymplify
 
GDPR changes affect direct marketing
Spotler
 
Ad

Similar to (SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data Privacy (20)

PPTX
GDPR in the Healthcare Industry
EMMAIntl
 
PDF
The Rise of Data Ethics and Security - AIDI Webinar
Eryk Budi Pratama
 
PPTX
GDPR How to get started?
Peter Witsenburg
 
PPT
Legal And Regulatory Dp Challenges For The Financial Services Sector
MSpadea
 
PDF
GDPR for your Payroll Bureau
BrightPay Payroll and Auto Enrolment Software
 
PDF
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
Eryk Budi Pratama
 
PPTX
Data Privacy and consent management .. .
ClinosolIndia
 
PPTX
Data privacy and consent management (K.sailaja).pptx
kandalamsailaja17
 
PPTX
My presentation- Ala about privacy and GDPR
zayadeen2003
 
PDF
General Data Protection Regulation (GDPR) and ISO 27001
Owako Rodah
 
PDF
50 Most Asked Interview Questions for DPO
InfosecTrain
 
PDF
50 Most Asked Interview Questions for Data Protection Officer (DPO).pdf
infosec train
 
PDF
50 Asked Interview Questions for Data Protection Officer
priyanshamadhwal2
 
PDF
Top Interview Questions for Data Protection Officer (DPO).pdf
infosecTrain
 
PDF
Ready to Become a Data Protection Officer (DPO)?
Azpirantz Technologies
 
PPTX
Keep Calm and Comply: 3 Keys to GDPR Success
Sirius
 
PDF
Implementing and Auditing GDPR Series (2 of 10)
Jim Kaplan CIA CFE
 
PDF
Implementing and Auditing GDPR Series (3 of 10)
Jim Kaplan CIA CFE
 
PDF
Uchi data local presentation 2020
Christo W. Meyer
 
PDF
GDPR – Readiness in IT offshore organization
Vishnuvarthanan Moorthy
 
GDPR in the Healthcare Industry
EMMAIntl
 
The Rise of Data Ethics and Security - AIDI Webinar
Eryk Budi Pratama
 
GDPR How to get started?
Peter Witsenburg
 
Legal And Regulatory Dp Challenges For The Financial Services Sector
MSpadea
 
GDPR for your Payroll Bureau
BrightPay Payroll and Auto Enrolment Software
 
Enabling Data Governance - Data Trust, Data Ethics, Data Quality
Eryk Budi Pratama
 
Data Privacy and consent management .. .
ClinosolIndia
 
Data privacy and consent management (K.sailaja).pptx
kandalamsailaja17
 
My presentation- Ala about privacy and GDPR
zayadeen2003
 
General Data Protection Regulation (GDPR) and ISO 27001
Owako Rodah
 
50 Most Asked Interview Questions for DPO
InfosecTrain
 
50 Most Asked Interview Questions for Data Protection Officer (DPO).pdf
infosec train
 
50 Asked Interview Questions for Data Protection Officer
priyanshamadhwal2
 
Top Interview Questions for Data Protection Officer (DPO).pdf
infosecTrain
 
Ready to Become a Data Protection Officer (DPO)?
Azpirantz Technologies
 
Keep Calm and Comply: 3 Keys to GDPR Success
Sirius
 
Implementing and Auditing GDPR Series (2 of 10)
Jim Kaplan CIA CFE
 
Implementing and Auditing GDPR Series (3 of 10)
Jim Kaplan CIA CFE
 
Uchi data local presentation 2020
Christo W. Meyer
 
GDPR – Readiness in IT offshore organization
Vishnuvarthanan Moorthy
 
Ad

More from Priyanka Aash (20)

PPTX
AI Code Generation Risks (Ramkumar Dilli, CIO, Myridius)
Priyanka Aash
 
PDF
From Chatbot to Destroyer of Endpoints - Can ChatGPT Automate EDR Bypasses (1...
Priyanka Aash
 
PDF
Cracking the Code - Unveiling Synergies Between Open Source Security and AI.pdf
Priyanka Aash
 
PDF
Oh, the Possibilities - Balancing Innovation and Risk with Generative AI.pdf
Priyanka Aash
 
PDF
Lessons Learned from Developing Secure AI Workflows.pdf
Priyanka Aash
 
PDF
Cyber Defense Matrix Workshop - RSA Conference
Priyanka Aash
 
PDF
A Constitutional Quagmire - Ethical Minefields of AI, Cyber, and Privacy.pdf
Priyanka Aash
 
PDF
Securing AI - There Is No Try, Only Do!.pdf
Priyanka Aash
 
PDF
GenAI Opportunities and Challenges - Where 370 Enterprises Are Focusing Now.pdf
Priyanka Aash
 
PDF
Coordinated Disclosure for ML - What's Different and What's the Same.pdf
Priyanka Aash
 
PDF
10 Key Challenges for AI within the EU Data Protection Framework.pdf
Priyanka Aash
 
PDF
Techniques for Automatic Device Identification and Network Assignment.pdf
Priyanka Aash
 
PDF
Keynote : Presentation on SASE Technology
Priyanka Aash
 
PDF
Keynote : AI & Future Of Offensive Security
Priyanka Aash
 
PDF
Redefining Cybersecurity with AI Capabilities
Priyanka Aash
 
PDF
Demystifying Neural Networks And Building Cybersecurity Applications
Priyanka Aash
 
PDF
Finetuning GenAI For Hacking and Defending
Priyanka Aash
 
PDF
(CISOPlatform Summit & SACON 2024) Kids Cyber Security .pdf
Priyanka Aash
 
PDF
(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf
Priyanka Aash
 
PDF
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
Priyanka Aash
 
AI Code Generation Risks (Ramkumar Dilli, CIO, Myridius)
Priyanka Aash
 
From Chatbot to Destroyer of Endpoints - Can ChatGPT Automate EDR Bypasses (1...
Priyanka Aash
 
Cracking the Code - Unveiling Synergies Between Open Source Security and AI.pdf
Priyanka Aash
 
Oh, the Possibilities - Balancing Innovation and Risk with Generative AI.pdf
Priyanka Aash
 
Lessons Learned from Developing Secure AI Workflows.pdf
Priyanka Aash
 
Cyber Defense Matrix Workshop - RSA Conference
Priyanka Aash
 
A Constitutional Quagmire - Ethical Minefields of AI, Cyber, and Privacy.pdf
Priyanka Aash
 
Securing AI - There Is No Try, Only Do!.pdf
Priyanka Aash
 
GenAI Opportunities and Challenges - Where 370 Enterprises Are Focusing Now.pdf
Priyanka Aash
 
Coordinated Disclosure for ML - What's Different and What's the Same.pdf
Priyanka Aash
 
10 Key Challenges for AI within the EU Data Protection Framework.pdf
Priyanka Aash
 
Techniques for Automatic Device Identification and Network Assignment.pdf
Priyanka Aash
 
Keynote : Presentation on SASE Technology
Priyanka Aash
 
Keynote : AI & Future Of Offensive Security
Priyanka Aash
 
Redefining Cybersecurity with AI Capabilities
Priyanka Aash
 
Demystifying Neural Networks And Building Cybersecurity Applications
Priyanka Aash
 
Finetuning GenAI For Hacking and Defending
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) Kids Cyber Security .pdf
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) Regulation & Response In Banks.pdf
Priyanka Aash
 
(CISOPlatform Summit & SACON 2024) Cyber Insurance & Risk Quantification.pdf
Priyanka Aash
 

Recently uploaded (20)

PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
PPTX
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PDF
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Chapter 3 Spatial Domain Image Processing.pdf
Getnet Tigabie Askale -(GM)
 
Detection-First SIEM: Rule Types, Dashboards, and Threat-Informed Strategy
ReZa AdineH
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Teaching material agriculture food technology
LiaRayya
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
A Presentation on Artificial Intelligence
memembruh336
 
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Encapsulation theory and applications.pdf
gurumoop
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
MYSQL Presentation for SQL database connectivity
Swati270511
 

(SACON) Shivangi Nadkarni & Sandeep Rao - An introduction to Data Privacy

  • 1. SACONConfidential (c) Arrka, 2020 SACON International 2020 India | Bangalore | February 21 - 22 | Taj Yeshwantpur An Introduction to Data Privacy 1
  • 2. SACON 2020 An Introduction to Data Privacy 2 • What is Personal Data? • An Overview of Privacy Principles & Rights • Relationship between Information Security and Privacy • How should an organization implement Privacy?
  • 3. SACON 2020 When we talk Data Privacy, we talk Personal Data Any data that can – directly or indirectly - or in combination with other data – make a person ‘identifiable’ What is Personal Data? Device Identifiers Online Identifiers Social Media MarkersMetadata Data that has been processed using analytics that can identify a person Trackers & CookiesLocation Data Above – the – surface (ATS) Personal data Demographic/ Identity Data Health/ Biometric/Genetic/ Gender Data Political Affiliations/ Personal beliefs/ Criminal History/etc Financial Data Govt Ids Any compromise of this category of data can cause greater harm to the person as compared to other types of PD Sensitive Personal Data (SPD) Financial data, health data, official identifier, sex life, sexual orientation, biometric data, genetic data, transgender status, intersex status, caste or tribe, religious or political belief or affiliation* Further sub-categories Comprises: Personal Data (PD) Below – the – surface (BTS) Personal data
  • 4. SACON 2020 Personal Data In Context Data Personal Data Sensitive Personal Data Data Privacy not Applicable Data Privacy Applicable
  • 5. SACON 2020 Data Privacy Applies to Personal Data Processing Collection Recording Organisation Structuring Storage Alteration Transmission Dissemination Restriction Destruction Generation
  • 6. SACON 2020 Roles in the Privacy Ecosystem Data Subject/ Principal She ‘OWNS’ her Personal Data Data Controller/ Fiduciary The entity that, alone or jointly with others, determines the Purposes for data processing (“Why”) & Means of data processing (“How”) 6 DATA PROCESSOR The entity that processes personal data: On behalf of the Fiduciary Under the instructions of the fiduciary
  • 7. SACON 2020 What are the Principles that guide Personal Data Processing? 7
  • 8. SACON 2020 Grounds for Processing Personal Data – The When Consent Function of State Public Interest Compliance with law or order of court/ tribunal Prompt action in case emergencies Purposes related to employment *Reasonable Purposes of Data Fiduciary • Processing for prevention & detection of any unlawful activity including fraud • Whistle blowing • M&A • Network and information security • Credit scoring • Recovery of debt • Processing of publicly available PD *Reasonable Purpose Examples
  • 9. SACON 2020 Principles Guiding Personal Data Processing – The How Security Safeguards: Ensure Security Safeguards throughout the Lifecycle to protect against loss, unauthorised access, destruction, use, modification, disclosure or other reasonably foreseeable risks. User Rights: Provide Rights to user for Access, Correction, Processing Restrictions, etc. Data Collection Data Usage Data Destruction Consent: Obtain Informed, freely given and unambiguous consent where applicable Collection Limitation: Collect adequate, relevant based on Purpose Use Limitation: Use and disclose collected Personal Data only for pre- defined purposes. Limit Access to only relevant users. Storage Limitation: Retain Personal Data long enough to satisfy the purpose of Collection. Define Retention Periods Notice/ Transparency: Organization should publish a Public Statement on the Type of Personal Data collected, used, who it is shared with and how long it is retained Accountability: Organization needs to implement Accountability measures to manage Privacy. Examples of these measures include Breach Notification, Privacy By Design, inserting Privacy Clauses in 3rd Party Contracts, maintaining Records of Processing
  • 10. SACON 2020 Is Data Privacy the same as Information Security? 10
  • 11. SACON 2020 Information Security Data Privacy 11 Relationship: Infosec & Privacy Security of Personal Data Covers Security of non-Personal Data Covers non-Security related Privacy Principles (i.e. Notice, Collection Limitation)
  • 12. SACON 2020 How should an Organization implement Privacy? 12
  • 13. SACON 202013 The need for a Framework.. Organization Questions on Privacy Implementation Where should we start? What kind of Organization structure and capabilities do we need? What are the Policies and Processes that need to be implemented? What are the Technical, Administrative measures needed? How do we monitor Privacy on an ongoing basis? Privacy Implementation is a complex exercise impacting more than 80% of the organization Most Privacy Requirements need coordination between multiple functions Lack of Governance has seen failure of many Privacy Programs Lack of a structured Approach is a common cause for failure
  • 14. SACON 2020 Some Privacy Program Frameworks DPF ISO 27701 BS 10012 14 Privacy Frameworks that provide a Structured Approach BS 10012:2017 is the British standard that sets out the requirements for a Personal Information Management System and aligns with the principles of the European General Data Protection Regulation (EU GDPR). ISO 27701 is a privacy extension to ISO 27001&02 and provides additional guidance for the protection of privacy, which is potentially affected by the processing of Personal Data. The DSCI Privacy Framework (DPF) has been developed to guide an organization on developing & implementing a Privacy Program
  • 15. SACON 2020 9. PIS 7. IUA 3. PPP1. VPI 2. POR 4. RCI 5. PCM 6. MIM 8. PAT 15 A Sample Framework: DSCI Privacy Framework (DPF) # Practice Areas 1 Visibility over Personal Information (VPI) 2 Privacy Org & Responsibilities (POR) 3 Privacy Policy and Processes (PPP) 4 Regulatory Compliance and Intelligence (RCI) 5 Privacy Contract Management (PCM) 6 Privacy Monitoring and Incident Mgt (MIM) 7 Information Usage & Access (IUA) 8 Privacy Awareness and Training (PAT) 9 Personal Information Security (PIS) DSCI PRIVACY FRAMEWORK (DPF) Confidential (c) Arrka, 2018