Data Protection and Privacy: A New - PowerPoint Presentation

Slide1

Data Protection and Privacy: A New

Paradigm

Richard Spires

June 23, 2015Slide2

Data Protection and Privacy: A New Paradigm

2

Resilient Network Systems

– All Rights ReservedExisting security/identity models are inadequate:The complexity of an Agency’s IT environment Significant “off the radar” IT Antiquated systems lead to OS, DB, and other system software vulnerabilities

PIV rollout issues along with high assurance identity management for outsidersContinuous Monitoring still in its infancyAgencies struggle to protect their IT systems, are reactive, and may not know for significant time they have been breachedSlide3

3

Resilient

Network Systems – All Rights Reserved

Data Protection:Prioritize what you are protecting – what cannot be compromised without significant impactSafeguard at the data set and document level – even separate records within data setsMinimize movement of highly sensitive data to only what is requiredMove to “attestation” based models against sensitive data (particularly for PII)Strengthen the identity management and other policies for accessing sensitive data

Data Protection and Privacy: A New ParadigmSlide4

4

Resilient

Network Systems – All Rights Reserved

Privacy:Lessen exposure of PII – only when absolute “need to know”Leverage attestation-based models against PII data (e.g., IRS attesting to an income amount, rather than sending a transcript)Minimize holding of PII when possible – leverage other public or private authoritative data stores rather creating another oneLeverage sophisticated encryption and segmentation technology when holding PII

Data Protection and Privacy: A New Paradigm