Privacy by Design @ UoM PowerPoint Presentation

Privacy by Design @ UoM PowerPoint Presentation

2017-11-29 34K 34 0 0

Description

An Overview of our . Responsibilities. Gioconda Di Lorenzo. - . University Secretary . Privacy Officer & Freedom of Information Officer. Policy and Compliance Education – Legal & Risk. Raffaella. ID: 611051

Embed code:

Download this presentation



DownloadNote - The PPT/PDF document "Privacy by Design @ UoM" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.

Presentations text content in Privacy by Design @ UoM

Slide1

Privacy by Design @ UoM

An Overview of our

Responsibilities

Slide2

Gioconda Di Lorenzo- University Secretary Privacy Officer & Freedom of Information OfficerPolicy and Compliance Education – Legal & RiskRaffaella Di MaioPrivacy & Freedom of Information CoordinatorJo-anne DyerManager, Risk & ComplianceMary OppyEducation & Training Coordinator Bronwyn ThomasCoordinator Risk & Compliance

Introductions

Raffaella Di Maio & Mary Oppy

Records & Compliance

Legal & Risk, University Services

Slide3

Topics

Privacy lawsPrivacy key termsInformation Privacy Principles (IPPs)7 Foundational Principles of Privacy by DesignPrivacy impact assessmentsQuestions

Raffaella

Di Maio & Mary Oppy

Records & Compliance

Legal & Risk, University Services

Slide4

Privacy Protection

Raffaella Di Maio & Mary Oppy

Records & ComplianceLegal & Risk, University Services

Slide5

What is Personal Information?

Recorded information or opinion whether true or not about an individual whose identity is apparent or can be reasonably ascertained

Raffaella Di Maio & Mary Oppy

Records & ComplianceLegal & Risk, University Services

NameSignatureTelephone NumberEmail, Home or Work AddressEmployment PositionVoice Recordings, Photographs or VideosMedical RecordsAcademic Records

Slide6

What is Sensitive Information?

Recorded information or opinion whether true or not about an individual whose identity is apparent or can be reasonably ascertained

Raffaella Di Maio & Mary Oppy

Records & ComplianceLegal & Risk, University Services

racial or ethnic originpolitical opinionsmembership of a political associationreligious beliefs or affiliationsphilosophical beliefsmembership of a professional or trade associationmembership of a trade unionsexual preferences or practicescriminal record

Slide7

When can I use or Disclose Personal & Sensitive Information?

Raffaella Di Maio & Mary Oppy

Records & ComplianceLegal & Risk, University Services

Primary Purpose

Secondary Purpose

Personal Information

Sensitive Information

As outlined in the collection notice

A related purpose & one the individual would reasonably expect

A directly related purpose & one the individual would reasonably expect

Only

as outlined in the collection notice

Slide8

10 Information

Privacy Principles (IPPs)

Raffaella Di Maio & Mary Oppy

Records & ComplianceLegal & Risk, University Services

An organisation must not do an act, or engage in a practice, that contravenes an

Information

Privacy Principle

in

respect of personal information collected, held, managed, used, disclosed or transferred by it

Slide9

Preventative not remedialEstablish and monitor governance mechanisms for privacy responsibility.Promote an organisation-wide ‘privacy-culture’ to ensure that privacy is integrated into your policies and programs.‘Operationalise’ privacy by establishing and implementing privacy policies, conducting privacy awareness training, and developing data breach response protocols in the event that a breach does occur.Audit and monitor your organisation’s information handling processes.

Proactive not reactive

Raffaella Di Maio & Mary Oppy

Records & ComplianceLegal & Risk, University Services

Slide10

Ensure that the necessary privacy controls are built into new systems during the design and procurement phases.Undertake privacy impact assessments for all projects and programs that involve personal information.

Privacy as the default setting

Raffaella

Di Maio & Mary Oppy

Records & Compliance

Legal & Risk, University Services

Slide11

Ensure that a program’s overall risk assessment includes an obligation to consider potential privacy risks.Ensure that programs are signed off with appropriate privacy protections in place prior to a project’s commencement.

Privacy embedded into design

Raffaella

Di Maio & Mary Oppy

Records & Compliance

Legal & Risk, University Services

Slide12

Commit to finds workable solutions to achieve multiple objectives, rather than compromising any interests that seem to be in competition

Full functionality: Positive-sum not zero sum

Raffaella

Di Maio & Mary Oppy

Records & Compliance

Legal & Risk, University Services

Slide13

Ensure University staff understand – and are able to adhere to – their privacy responsibilities at all times.Ensure that contractual agreements with third parties and vendors clearly set out obligations and responsibilities, from the commencement of a program through to the point of data destruction.Map a program’s data flows and ensure that security measures are in place at each stage, including user authentication, encryption and destruction of data.

End–to–end security

Raffaella

Di Maio & Mary Oppy

Records & Compliance

Legal & Risk, University Services

Slide14

Commit to keeping the organisation’s practices transparent to the extent possible, without inviting risk.Seek independent verification for programs and procedures (processes) to ensure compliance with privacy obligations.

Visibility and transparency

Raffaella

Di Maio & Mary Oppy

Records & Compliance

Legal & Risk, University Services

Slide15

Support an approach to designing programs that considers privacy from a user’s point of view.All seven foundational principles work together and need to be implemented holistically: Privacy by Design can’t be ‘cherry picked.’

Respect for user privacy

Raffaella

Di Maio & Mary Oppy

Records & Compliance

Legal & Risk, University Services

Slide16

Privacy impact assessments (PIAs)

Raffaella

Di Maio & Mary Oppy

Records & ComplianceLegal & Risk, University Services

PIAs

are undertaken as part of a sound risk management strategy, to assess whether it is safe to proceed

with any

new

project

.  

PIAs

are

living documents and are undertaken

if

changes

are made to the way we

collect

,

use

,

store

or

dispose

of personal information

.

Slide17

Privacy Impact Assessment

Slide18

Why we need Privacy by Design

Most privacy breaches remain undetected, what is reported to the Privacy Officer may only be the tip of the iceberg

Slide19

Last Word & Questions


About DocSlides
DocSlides allows users to easily upload and share presentations, PDF documents, and images.Share your documents with the world , watch,share and upload any time you want. How can you benefit from using DocSlides? DocSlides consists documents from individuals and organizations on topics ranging from technology and business to travel, health, and education. Find and search for what interests you, and learn from people and more. You can also download DocSlides to read or reference later.