How Non-Profits can Assess and Evaluate
Privacy Risks
Christopher ParsonsUniversity of Victoria
Talk outline•Nailing down ‘privacy’
•‘Risk talk’
•Setting your own expectations
•Securing your data...from who?
•Considering your policies
•Basic tips
•Intermediate tips
<Caveat>
Nailing down privacy
By Sang Valte
‘Risk talk’By flosofl
Setting your own expectations
internally•Assess: Data collection, use,
management, disposal
•Understand: How and why you collect data
•Explain: Data processes clearly!
Effective collection
•Clear
•Purpose driven (and limited)
•Secured for clear duration
•Minimum needed for service offering
Securing your data
•‘Where’ is data, and who can access, and when/why?
•Are you geographically limited in where you can store?
•Who are securing it from?
•If you don’t have it, you don’t need to secure it!
Considering your policies
•Secure email? Data retention? Share PII?
•What if LEAs arrive? Where is the data?
•Who to contact?
•Do you update? How?
•Not just legalese!
Basic tips
•Role based access
•‘Good’ hygiene
•Secure mobile devices
•Outsource to reliable partners
Intermediate tips
•Encrypt OS and thumbdrives
•Activate remote wipe capabilities
•Lunchtime briefs
•Privacy ‘point’
•Plan for FUBAR, and beyond!
Contact information
• Email: [email protected]
•Homepage: http://www.christopher-parsons.com
• Twitter: @caparsons
