victorian protective data security framework
play

Victorian Protective Data Security Framework Victorian Information - PowerPoint PPT Presentation

Victorian Protective Data Security Framework Victorian Information Security Network PARTNERS Forum December 2016 C ommissioner for P rivacy and D ata P rotection Introductions Pr Presenter esenter Commissioner Privacy and Data Protection


  1. Victorian Protective Data Security Framework Victorian Information Security Network – PARTNERS Forum December 2016

  2. C ommissioner for P rivacy and D ata P rotection Introductions Pr Presenter esenter Commissioner Privacy and Data Protection David Watts Data Pr Data Protect otection Branch ion Branch Assistant Commissioner, Data Protection Anthony Corso Senior Data Protection Advisor Laurencia Dimelow Senior Data Protection Officer Anna Harris GRC Security Manager Karl Will Specialist Data Protection Advisor Martin Harris Contact details Email: Email: security@cpdp.vic.gov.au Ph. Ph. 8684 1660 VISN – What the VPDSF means for you… 2

  3. C ommissioner for P rivacy and D ata P rotection Run through… David Watts David W atts Introduction • Anthony Anthony Corso Corso & the & the Sli.do • Data Pr Data Protection Branch (DPB) otection Branch (DPB) Privacy & Data Protection Act (2014) • Video – Data Protection and You • VPDSF & VPDSS • What information is covered? • Who is involved? • Why do we need to do this? • Where to start? • Third party engagement • What does this mean for partner organisations? • When do VPS organisations have to report? • Tool to support you • Help build your ideal Partners VISN • VISN – What the VPDSF means for you… 3

  4. C ommissioner for P rivacy and D ata P rotection Sli.do During the event we will be using an online tool (Sli.do) offering you an opportunity to interact with our presentation, engage in polls and ask questions. For those using the tool you will have the option of posting anonymously and can also download the presentation and a summary infographic onto your local device. The team will moderate the tool and will post any relevant comments or material to the audience… VISN – What the VPDSF means for you… 4

  5. C ommissioner for P rivacy and D ata P rotection Sli.do PAR ARTNERSVISN TNERSVISN VISN – What the VPDSF means for you… 5

  6. C ommissioner for P rivacy and D ata P rotection Who’s here today… Funded Agencies Private Industry Research Bodies / External Third Party Educational Organisations institutions VISN – What the VPDSF means for you… 6

  7. C ommissioner for P rivacy and D ata P rotection Privacy & Data Protection Act (2014) VISN – What the VPDSF means for you… 7

  8. C ommissioner for P rivacy and D ata P rotection ‘Data Protection and You’ Awareness video of the Victorian Protective Data Security Framework VISN – What the VPDSF means for you… 8

  9. C ommissioner for P rivacy and D ata P rotection The Framework VISN – What the VPDSF means for you… 9

  10. C ommissioner for P rivacy and D ata P rotection The Standards The Victorian Protective Data Security Standards (VPDSS) were formally issued on 28 th of July, 2016. VISN – What the VPDSF means for you… 10

  11. C ommissioner for P rivacy and D ata P rotection What is covered? Any information obtained, received or held by an agency or body to which Part 4 of the Privacy and Data Protection Act (2014) applies. This includes both hard and soft copy information, regardless of media or format! VISN – What the VPDSF means for you… 11

  12. C ommissioner for P rivacy and D ata P rotection Who’s involved? CPDP - CPDP - Office of the Commissioner for Privacy and Data Protection Dir Directly in scope - ectly in scope - Applicable agencies or bodies set out under Part 4 of Privacy and Data Protection Act (PDPA) 2014 Public sector body Head Indir Indirect obligations - ect obligations - Organisations with access to Victorian public sector data, have indirect protective data security obligations VISN – What the VPDSF means for you… 12

  13. C ommissioner for P rivacy and D ata P rotection Indirect security obligations IPP 4 Other legal & Information Privacy Health Privacy Contractual Information Sharing regulatory Principles (IPP4) Principles (HPP4) obligations Arrangements obligations VISN – What the VPDSF means for you… 13

  14. C ommissioner for P rivacy and D ata P rotection Why do we need to do this? Enable VPS organisations achieve their business objectives in a secure way Ensure the right people have access to the right information at the right time… Support secure information sharing practices (within and beyond government) Have confidence in the information you are using Offer a level of assurance around your security practices VISN – What the VPDSF means for you… 14

  15. C ommissioner for P rivacy and D ata P rotection Where to start? Five Step Action Plan Determine Ident Identify ify Identify any Apply Apply Manage Manage the ' value value ' your risks risks to this security risks across of this information information measures to the information assets protect the information information lifecycle VISN – What the VPDSF means for you… 15

  16. C ommissioner for P rivacy and D ata P rotection Third party engagement Applicable VPS organisations must ensure that any contractual arrangements or information sharing agreements (including Memorandum of Understandings) have the relevant protective data security requirements embedded into the terms or conditions of the agreement. VISN – What the VPDSF means for you… 16

  17. C ommissioner for P rivacy and D ata P rotection What does this mean for partner organisations? Under the VPDSS partner organisations do not need • to provide CPDP a - Security Risk Profile Assessment (SRPA), or • IPP 4 Protective Data Security Plan (PDSP) • Given this, Standards 11 & 12 do not strictly apply to • partner organisations Instead, VPS agencies who are in scope for the VPDSF will require partner organisations provide a level of assurance on their protective data security practices. Responses from partner organisations will inform the SRPA and PDSP of the VPS agency. How VPS agencies will seek this assurance form their partners will differ, depending on the value of the information and the type of engagement or arrangement. VISN – What the VPDSF means for you… 17

  18. C ommissioner for P rivacy and D ata P rotection VPS reporting obligations Compliance self-assessment (including an attestation by your Public sector body Head of current implemented security controls) Security Risk By July 2018 Protective Data Profile each applicable organisation must provide CPDP a Security Plan Assessment copy of their: (PDSP) (SRPA) SRPA o PDSP o Compliance self o assessment VISN – What the VPDSF means for you… 18

  19. C ommissioner for P rivacy and D ata P rotection Tools to support you CPDP Mobile App CPDP Mobile App ‘BIL ‘BIL’ Mobile App ’ Mobile App Currently available for download on table devices (iPad and Android) Simply search for ‘CPDP CPDP’ in the app store to download your own copy VISN – What the VPDSF means for you… 19

  20. C ommissioner for P rivacy and D ata P rotection Question & Answer session VISN – What the VPDSF means for you… 20

  21. C ommissioner for P rivacy and D ata P rotection Questions? Opportunity for you to ask questions through Sli.do Sli.do or to take questions from the floor… For any other feedback or enquiries please direct your comments to the the security@cpdp.vic.gov.au mailbox VISN – What the VPDSF means for you… 21

  22. C ommissioner for P rivacy and D ata P rotection Help build your ideal Partners VISN VISN – What the VPDSF means for you… 22

  23. C ommissioner for P rivacy and D ata P rotection Help build your ideal Partners VISN Help us: • Determine the membership of the Partner network • Understand what you want from the Partner VISN • Understand how you want the Partner VISN to operate both now and in the future • Input into, and help develop, the VISN Charter & Terms of Reference (TOR) • Help frame important messages to encourage participation and collaboration across your business ,between partner groups and with the VPS. This includes those who haven’t traditionally been engaged in protective data security activities and programs VISN – What the VPDSF means for you… 23

Recommend


More recommend