Loading presentation...

Present Remotely

Send the link below via email or IM


Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.


Data Protection

No description

Raaj Zutshi

on 13 July 2014

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Data Protection

Sensitive Personal Data
Data Protection
An Introduction to Data Protection
John Magee & John Farrell
Technology Department

Data Controller and Data Processor
Websites and Cookies
International Transfers
Trending Issues
relating to a living

who is or can be
either from the data
from the data
in conjunction with
other information that is in, or likely to come into, the possession of the data controller
What is Personal Data?
Data Protection Introduction
New Data Protection Regulation
History of Data Protection
Key Concepts
Data Regulation

Trending Issues
Data Controller
Data Processor
"Right to be Forgotten"
C 131/12 Google Spain
Content and Use of Personal Data
Processes Data
on Behalf
of data controller
- racial origin
- political or religious views
- physical or mental health
- sexual life
- criminal convictions
- trade union membership
EU Data Protection Directive
ePrivacy Directive 2009/136/EC
European Data Regulation ?
Data Protection Acts
1988 and 2003
Obtain and process information fairly
Keep it only for specified, explicit and lawful purposes
Use it only in ways compatible with those purposes
Keep it safe and secure
Keep it accurate, complete and up to date
Ensure it is adequate, relevant and not excessive
Retain for no longer than necessary for the purposes
Give a copy to individuals on requires
Who enforces Data Protection in
45 secs to 3.21 if you like the video!
Security Breach Code & Practices
Key Protection Principles

- 20% Increase in ODPC budget 2013
- Additional Staffing resources in place including a Chief Technology Advisor, Legal Advisor and additional administrative staff

- Investigations, audits and raids
- Criminal and Civil Sanctions
- Fines of up to
and personal
liability for directors, officers and managers
- ePrivacy Regulations - fines of
per offense
Expansion of ODPC
- March 2012 - First award of Damages under DPA (FBD Insurance) (overturned by High Court on appeal)
- September 2012 - First Prosecution for data security breach following theft of two unencrypted laptops (Eircom and Meteor)
In a recent Irish High Court judicial review case Hogan J referred the case to the CJEU to determine whether or not the DPC could investigate Facebook even with the existence of the "safe harbor" provisions"
Actual Enforcement

- 2012 - An Garda Siochana audit
Inappropriate access to PULSE
Excessive access to records of media personalities
Loyalty Build
Snapchat Hack - December
Name, Addresses, Phone Numbers and E-mail Addresses 1.12 million clients taken

Credit Card details of 376,000 customers taken in security breach

Sophisticated "external criminal act"

Data Commissioner and Officers investigated

4.6 Million accounts affected in US & Canada
User names and redacted mobile phone numbers published on snapchatdb.info
255,000 Irish users - DPC noted that some may be affected
The Effect of the New Regulation: What to do?
- Dealing with the right to be forgotten
- Commission proposed mandatory Data Protection Officer
- Records and documenting compliance maintained
- Commission - all security breaches to be notified
- Costs of compliance to increase
- Council final draft due end 2014
- Nothing set in stone!

There has been immense growth due to
Cloud Computing

Generally prohibition to send outside of EEA (EU + Norway, Iceland and Liechtenstein

Transfers allowed to Switzerland,
Argentina, Guernsey, Jersey, Isle of Man,
Faroe Islands, Andorra, New Zealand,
Uruguay, Canada and Israel.

Special Safe Harbour for the US.
Breaches should be reported to ODPC as soon as data controller becomes aware (and in any event within
2 working days


Data subjects were notified directly

No more then 100 subjects affected
No financial data or sensitive personal data

Cookies Compliance Check
- DPC Review of Compliance

- 80 websites chosen at random

- "disappointed with the response of websites. Levels of compliance would appear to be very low compared to the UK...." Deputy Commissioner Gary Davis
What are Cookies?
Cookies and Consent
Specific Issues to Watch Out For
Big Data

What is Big Data
Big Data is a term that describes
large volumes
of high velocity, complex and variable data that require
advanced techniques
and technologies to enable the
capture, storage, distribution, management, and analysis of the information
Why is it Useful?
Full transcript