Send the link below via email or IMCopy
Present to your audienceStart remote presentation
- Invited audience members will follow you as you navigate and present
- People invited to a presentation do not need a Prezi account
- This link expires 10 minutes after you close the presentation
- A maximum of 30 users can follow your presentation
- Learn more about this feature in our knowledge base article
Do you really want to delete this prezi?
Neither you, nor the coeditors you shared it with will be able to recover it again.
Make your likes visible on Facebook?
You can change this under Settings & Account at any time.
Transcript of Data Protection
An Introduction to Data Protection
John Magee & John Farrell
Data Controller and Data Processor
Websites and Cookies
relating to a living
who is or can be
either from the data
from the data
in conjunction with
other information that is in, or likely to come into, the possession of the data controller
What is Personal Data?
Data Protection Introduction
New Data Protection Regulation
History of Data Protection
"Right to be Forgotten"
C 131/12 Google Spain
Content and Use of Personal Data
of data controller
- racial origin
- political or religious views
- physical or mental health
- sexual life
- criminal convictions
- trade union membership
EU Data Protection Directive
ePrivacy Directive 2009/136/EC
European Data Regulation ?
Data Protection Acts
1988 and 2003
Obtain and process information fairly
Keep it only for specified, explicit and lawful purposes
Use it only in ways compatible with those purposes
Keep it safe and secure
Keep it accurate, complete and up to date
Ensure it is adequate, relevant and not excessive
Retain for no longer than necessary for the purposes
Give a copy to individuals on requires
Who enforces Data Protection in
45 secs to 3.21 if you like the video!
Security Breach Code & Practices
Key Protection Principles
- 20% Increase in ODPC budget 2013
- Additional Staffing resources in place including a Chief Technology Advisor, Legal Advisor and additional administrative staff
FINES and SANCTIONS
- Investigations, audits and raids
- Criminal and Civil Sanctions
- Fines of up to
liability for directors, officers and managers
- ePrivacy Regulations - fines of
Expansion of ODPC
- March 2012 - First award of Damages under DPA (FBD Insurance) (overturned by High Court on appeal)
- September 2012 - First Prosecution for data security breach following theft of two unencrypted laptops (Eircom and Meteor)
In a recent Irish High Court judicial review case Hogan J referred the case to the CJEU to determine whether or not the DPC could investigate Facebook even with the existence of the "safe harbor" provisions"
- 2012 - An Garda Siochana audit
Inappropriate access to PULSE
Excessive access to records of media personalities
Snapchat Hack - December
Name, Addresses, Phone Numbers and E-mail Addresses 1.12 million clients taken
Credit Card details of 376,000 customers taken in security breach
Sophisticated "external criminal act"
Data Commissioner and Officers investigated
4.6 Million accounts affected in US & Canada
User names and redacted mobile phone numbers published on snapchatdb.info
255,000 Irish users - DPC noted that some may be affected
The Effect of the New Regulation: What to do?
- Dealing with the right to be forgotten
- Commission proposed mandatory Data Protection Officer
- Records and documenting compliance maintained
- Commission - all security breaches to be notified
- Costs of compliance to increase
- Council final draft due end 2014
- Nothing set in stone!
There has been immense growth due to
Generally prohibition to send outside of EEA (EU + Norway, Iceland and Liechtenstein
Transfers allowed to Switzerland,
Argentina, Guernsey, Jersey, Isle of Man,
Faroe Islands, Andorra, New Zealand,
Uruguay, Canada and Israel.
Special Safe Harbour for the US.
Breaches should be reported to ODPC as soon as data controller becomes aware (and in any event within
2 working days
Data subjects were notified directly
No more then 100 subjects affected
No financial data or sensitive personal data
Cookies Compliance Check
- DPC Review of Compliance
- 80 websites chosen at random
- "disappointed with the response of websites. Levels of compliance would appear to be very low compared to the UK...." Deputy Commissioner Gary Davis
What are Cookies?
Cookies and Consent
Specific Issues to Watch Out For
What is Big Data
Big Data is a term that describes
of high velocity, complex and variable data that require
and technologies to enable the
capture, storage, distribution, management, and analysis of the information
Why is it Useful?