Victorian Protective Data Security Framework Victorian Information - - PowerPoint PPT Presentation

victorian protective data security framework
SMART_READER_LITE
LIVE PREVIEW

Victorian Protective Data Security Framework Victorian Information - - PowerPoint PPT Presentation

Jan 30, 2023 214 likes •446 views

Victorian Protective Data Security Framework Victorian Information Security Network - VPS Forum MELBOURNE MARCH 2017 C ommissioner for P rivacy and D ata P rotection Introductions Data Pr Data Protect otection Branch ion Branch

slide-1
SLIDE 1

Victorian Protective Data Security Framework

Victorian Information Security Network - VPS Forum MELBOURNE – MARCH 2017

slide-2
SLIDE 2

Commissioner for Privacy and Data Protection

2

Data Pr Data Protect

  • tection Branch

ion Branch

Assistant Commissioner, Data Protection Anthony Corso (Presenting) Senior Data Protection Advisor Laurencia Dimelow (Presenting) Senior Data Protection Officer Anna Harris GRC Security Manager Karl Will Specialist Data Protection Advisor Martin Harris

Contact details Email: Email: security@cpdp.vic.gov.au Ph.

  • Ph. 8684 1660

VISN – What the VPDSF means for you…

Introductions

slide-3
SLIDE 3

Commissioner for Privacy and Data Protection

3 VISN – What the VPDSF means for you…

Run through…

  • Intr

Introduction

  • duction
  • Sli.do
  • Who’s here today
  • Privacy & Data Protection Act (2014)
  • Video – Data Protection and You
  • The Framework
  • The Standards
  • What information is covered?
  • Who is involved?
  • Indirect security obligations
  • Third party engagement
  • What does this mean for partner organisations?
  • Why do we need to do this?
  • Where to start?
  • When do VPS organisations have to report?
  • Tool to support you
slide-4
SLIDE 4

Commissioner for Privacy and Data Protection

4 VISN – What the VPDSF means for you…

Sli.do

During the event we will be using an online tool (Sli.do) offering you an opportunity to interact with

  • ur presentation, engage in polls and ask

questions. For those using the tool you will have the option of posting anonymously and can also download the presentation and a summary infographic onto your local device. The team will moderate the tool and will post any relevant comments or material to the audience…

slide-5
SLIDE 5

Commissioner for Privacy and Data Protection

5 VISN – What the VPDSF means for you…

Sli.do

3190 3190

slide-6
SLIDE 6

Commissioner for Privacy and Data Protection

6 VISN – What the VPDSF means for you…

Who’s here today…

Local Councils Funded Agencies Victorian Public Sector Organisations

slide-7
SLIDE 7

Commissioner for Privacy and Data Protection

Privacy & Data Protection Act (2014)

7 VISN – What the VPDSF means for you…

slide-8
SLIDE 8

Commissioner for Privacy and Data Protection

8

‘Data Protection and You’

Awareness video of the Victorian Protective Data Security Framework

VISN – What the VPDSF means for you…

slide-9
SLIDE 9

Commissioner for Privacy and Data Protection

The Framework

9 VISN – What the VPDSF means for you…

slide-10
SLIDE 10

The Standards

Commissioner for Privacy and Data Protection

10

The Victorian Protective Data Security Standards (VPDSS) were formally issued on 28th of July, 2016.

VISN – What the VPDSF means for you…

slide-11
SLIDE 11

Commissioner for Privacy and Data Protection

What is covered?

11 VISN – What the VPDSF means for you…

Any information obtained, received or held by an agency or body to which Part 4 of the Privacy and Data Protection Act (2014) applies. This includes both hard and soft copy information, regardless of media or format!

slide-12
SLIDE 12

Commissioner for Privacy and Data Protection

12

Who’s involved?

VISN – What the VPDSF means for you…

CPDP - CPDP -

Office of the Commissioner for Privacy and Data Protection

Indir Indirect obligations - ect obligations -

Organisations with access to Victorian public sector data, have indirect protective data security obligations Public sector body Head

Dir Directly in scope - ectly in scope -

Applicable agencies or bodies set out under Part 4 of Privacy and Data Protection Act (PDPA) 2014

slide-13
SLIDE 13

Commissioner for Privacy and Data Protection

Indirect security obligations

IPP 4 13

Information Sharing Arrangements Other legal & regulatory

  • bligations

Contractual

  • bligations

Health Privacy Principles (HPP4) Information Privacy Principles (IPP4)

VISN – What the VPDSF means for you…

slide-14
SLIDE 14

Commissioner for Privacy and Data Protection

Why do we need to do this?

14 VISN – What the VPDSF means for you…

Enable VPS organisations to achieve their business objectives in a secure way Have confidence in the information you are using Support secure information sharing practices (within and beyond government) Ensure the right people have access to the right information at the right time… Adhere to legislative requirements and offer a level of assurance around your organisations security practices

slide-15
SLIDE 15

Commissioner for Privacy and Data Protection

15

Applicable VPS organisations must ensure that any contractual arrangements or information sharing agreements (including Memorandum of Understandings) have the relevant protective data security requirements embedded into the terms or conditions of the agreement.

Third party engagement

VISN – What the VPDSF means for you…

slide-16
SLIDE 16

Commissioner for Privacy and Data Protection

What does this mean for partner organisations?

IPP 4 16 VISN – What the VPDSF means for you…

  • Under the VPDSS partner organisations do not need

to provide CPDP a -

  • Security Risk Profile Assessment (SRPA), or
  • Protective Data Security Plan (PDSP)
  • Given this, Standards 11 & 12 do not strictly apply to

partner organisations Instead, VPS agencies who are in scope for the VPDSF will require partner

  • rganisations provide a level of assurance on their protective data security practices.

Responses from partner organisations will inform the SRPA and PDSP of the VPS agency. How VPS agencies will seek this assurance form their partners will differ, depending

  • n the value of the information and the type of engagement or arrangement.
slide-17
SLIDE 17

Five Step Action Plan

Commissioner for Privacy and Data Protection

Where to start?

17 VISN – What the VPDSF means for you…

Ident Identify ify

your information assets Determine the 'value

value'

  • f this

information Identify any

risks risks to this

information

Apply Apply

security measures to protect the information

Manage Manage

risks across the information lifecycle

slide-18
SLIDE 18

By July 2018

each applicable organisation must provide CPDP with their first round of reporting…

Compliance self-assessment

(including an attestation by the organisations Public sector body Head of current implemented security controls)

Protective Data Security Plan (PDSP) Security Risk Profile Assessment (SRPA)

When?

Commissioner for Privacy and Data Protection

18 VISN – What the VPDSF means for you…

slide-19
SLIDE 19

Commissioner for Privacy and Data Protection

Tools to support you

19 VISN – What the VPDSF means for you…

‘BIL ‘BIL’ Mobile App ’ Mobile App

Currently available for download on table devices (iPad and Android) Simply search for ‘CPDP CPDP’ in the app store to download your own copy

CPDP Mobile App CPDP Mobile App

slide-20
SLIDE 20

Commissioner for Privacy and Data Protection

20

Question & Answer session

VISN – What the VPDSF means for you…

slide-21
SLIDE 21

Commissioner for Privacy and Data Protection

21

For any other feedback or enquiries please direct your comments to the the security@cpdp.vic.gov.au mailbox

Questions?

VISN – What the VPDSF means for you…

Opportunity for you to ask questions through Sli.do Sli.do or to take questions from the floor…