20140514 protecting your data and business_paul malone

5/16/14 Footer Content Here 1

Protecting your Data and Business Paul  Malone,  Security  &  Trust  Research  

1

MEET THE TEAM Our driving innovative minds

Paul  Malone  

Unit  Manger  

Frances  Cleary  

Project  Coordinator  

Tom  Curran  

Business  Development  

Hisain  Elshaafi  

Research  Felow  

2

Trust  

Difficult  to  gain  

but…  

Easy  to  lose  

3  

Your  Assets  Your  customer  data  is  your  most  valuable  digital  asset  

Your  customers’  trust  is  vital  to  your  business  

Your  customers  trust  you  with  their  personal  data    

4  

You  as  the  Data  Subject…  

How  would  you  feel  if  …  

…  your  credit  card  details  were  not  protected  properly  by  retailers  …  ?  

5  

Cost  of  a  Data  Breach?  ReputaNon  

Trust  

Customers  

Business  

Under  the  Data  ProtecNon  Act  Maximum  fine  of:  €100,000  

6  

Loss Reduction

Loss Loss

Case  Study  Example  

Client  list  taken  from  employer  A  to  employer  B  

7  

Are  you  a  Data  Controller?  

Do  you  keep  or  process  any  informaNon  about  living  people?  

YES!  

You  are  a  Data  Controller  (Under  the  Data  ProtecNon  Act  1983)  

8  

As  a  Data  Controller  

You  have  ResponsibiliAes  (Under  the  Data  ProtecNon  Act  1983)  

9  

8  Key  ResponsibiliNes  1.  Obtain  and  process  the  informaNon  fairly  

2.  Keep  it  only  for  one  or  more  specified  and  lawful  purposes  

3.  Process  it  only  in  ways  compaNble  with  the  purposes  for  which  it  was  given  to  you  iniNally  

10  

8  Key  ResponsibiliNes  

4.  Keep  it  safe  and  secure    

5.  Keep  it  accurate  and  up-­‐to-­‐date    

6.  Ensure  that  it  is  adequate,  relevant  and  not  excessive    

11  

8  Key  ResponsibiliNes  7.  Retain  it  no  longer  than  is  necessary  for  the  specified  purpose  or  purposes  

8.  Give  a  copy  of  his/her  personal  data  to  any  individual,  on  request.  

12  

Further  complicaNons  

MigraNon  to  cloud  services  …  ?  

– Reduced  costs  –  ImplicaNons  for  Data  ProtecNon  

EU  General  Data  ProtecNon  RegulaNon  (GDPR)  

– GlobalisaNon  – Cloud  CompuNng  – AdopNon  2014  – TransiNon  Period  of  2  years  (2016)  

13  

EU  General  Data  ProtecNon  RegulaNon  

Single  Set  of  Rules  

The  Right  to  be  Forgoeen  

Data  Portability  

Responsibility  &  Accountability    

14  

Are  you  compliant?  

15  

Are you obliged to register (annually) with the Data Protection Commissioner?

Do  you  have  data  handling  policies  in  

place?  

16  

Can  you  improve?  

17  

We can help

We  can…  

•  Evaluate  your  data  handling  processes  •  IdenNfy  weaknesses  •  RecommendaNons  for  improvement  •  Assist  in  the  development  of  policies  

•  Future  proof  – MigraNon  to  cloud  services  – Future  legislaNve  changes  

19  

How?  

Under  the  Enterprise  Ireland  InnovaNon  Voucher  programme  

We  can  help  you  apply  and  reduce  administraNve  barriers  

20  

Cost?  

EI  InnovaNon  Voucher  provides  you  with  a  voucher  of  €5,000  

You  can  use  this  voucher  to  exploit  our  experNse  to  protect  your  business  

21  

How  to  engage?  •  Speak  directly  with  us  

•  We  will  help  with  EI  applicaNon  

•  We  will  visit  your  business  and  examine  your  data  handling  pracNces  

•  We  will  provide  a  report  of  our  findings  and  recommendaNons  

22  

Summary  

•  Uncertainty  about  Compliance    •  ComplicaNons  in  future  LegislaNon  

•  Data  Handling  Assessment  

TSSG  can  help  

23  

Contact  Us  

Paul  Malone  –  email:  pmalone@tssg.org  

24