finance and governance workshop data protection and information management 10 june 2014
TRANSCRIPT
![Page 1: Finance and Governance Workshop Data Protection and Information Management 10 June 2014](https://reader036.vdocuments.us/reader036/viewer/2022072011/56649e3b5503460f94b2e026/html5/thumbnails/1.jpg)
Finance and Governance Workshop
Data Protection and Information Management
10 June 2014
![Page 2: Finance and Governance Workshop Data Protection and Information Management 10 June 2014](https://reader036.vdocuments.us/reader036/viewer/2022072011/56649e3b5503460f94b2e026/html5/thumbnails/2.jpg)
Why look after personal data? (1)
…Because it's one of your most valuable assets:• Increase (and measure) participation• Promote good governance• Know your stakeholders• Bring money into your sport
![Page 3: Finance and Governance Workshop Data Protection and Information Management 10 June 2014](https://reader036.vdocuments.us/reader036/viewer/2022072011/56649e3b5503460f94b2e026/html5/thumbnails/3.jpg)
Why look after personal data? (2)
…Because it's one of your biggest risks:• Increasing regulation (and enforcement)• Loss of trust/bad publicity• Loss of all the benefits good data
management can bring
![Page 4: Finance and Governance Workshop Data Protection and Information Management 10 June 2014](https://reader036.vdocuments.us/reader036/viewer/2022072011/56649e3b5503460f94b2e026/html5/thumbnails/4.jpg)
Data Management Priorities for NGBs
What are YOUR data protection and data management
priorities?
![Page 5: Finance and Governance Workshop Data Protection and Information Management 10 June 2014](https://reader036.vdocuments.us/reader036/viewer/2022072011/56649e3b5503460f94b2e026/html5/thumbnails/5.jpg)
Data Management Priorities for NGBs
1. Security: Keeping personal data safe– Data Protection Act 1998 (Principle 7)– Appropriate technical and organisational security
measures to protect from loss, misuse or damage– Managing a breach: notification?– Enforcement: monetary penalties of up to
£500,000 (for now)
![Page 6: Finance and Governance Workshop Data Protection and Information Management 10 June 2014](https://reader036.vdocuments.us/reader036/viewer/2022072011/56649e3b5503460f94b2e026/html5/thumbnails/6.jpg)
Data Management Priorities for NGBs
2. Consents: making personal data work for you– Data Protection Act 1998 (Principle 1)– "Fair and lawful processing": information/consent– Privacy and Electronic Communications
Regulations 2003: electronic "direct marketing"– Data protection statements– Privacy Policies
![Page 7: Finance and Governance Workshop Data Protection and Information Management 10 June 2014](https://reader036.vdocuments.us/reader036/viewer/2022072011/56649e3b5503460f94b2e026/html5/thumbnails/7.jpg)
Data Management Priorities for NGBs
3. Information requests: how to respond– Data Protection Act 1998: Subject Access Requests• Written request for own personal data• 40 days to respond• Exemptions and limitations• A practical response?
– Freedom of Information Act 2000
![Page 8: Finance and Governance Workshop Data Protection and Information Management 10 June 2014](https://reader036.vdocuments.us/reader036/viewer/2022072011/56649e3b5503460f94b2e026/html5/thumbnails/8.jpg)
Data Management Priorities for NGBs
4. Outsourcing: trusting third parties with data– Data processor = third party processing personal
data on NGB's behalf (NGB remains responsible)– Due diligence, written contract (security, control)– No transfer outside the EEA without "adequate
protection" (Principle 8)– Data protection issues in "the cloud"
![Page 9: Finance and Governance Workshop Data Protection and Information Management 10 June 2014](https://reader036.vdocuments.us/reader036/viewer/2022072011/56649e3b5503460f94b2e026/html5/thumbnails/9.jpg)
Addressing the Issues• Cyber/Data is no longer just an IT concern – it
is a strategic business risk • Poses a tangible threat to the financial stability
of your organisation• 4 key steps you can take towards effective risk
management
![Page 10: Finance and Governance Workshop Data Protection and Information Management 10 June 2014](https://reader036.vdocuments.us/reader036/viewer/2022072011/56649e3b5503460f94b2e026/html5/thumbnails/10.jpg)
4 Key Steps• Step 1 – Understand and profile your risk
Identify and involve stakeholders – Senior management, IT heads, Marketing,
Legal and your Broker Develop scenarios and assess the likely impact,
both operationally and financially Use impact analysis to create course of action –
Treat, Tolerate or Transfer to insurance?
![Page 11: Finance and Governance Workshop Data Protection and Information Management 10 June 2014](https://reader036.vdocuments.us/reader036/viewer/2022072011/56649e3b5503460f94b2e026/html5/thumbnails/11.jpg)
4 Key Steps• Step 2 – Insurability
Work closely with your broker to determine whether key risks identified are covered by existing insurance arrangements or
insurable in the current market Review policy wordings carefully and seek
clarification from insurers Obtain indicative costs for budgeting
![Page 12: Finance and Governance Workshop Data Protection and Information Management 10 June 2014](https://reader036.vdocuments.us/reader036/viewer/2022072011/56649e3b5503460f94b2e026/html5/thumbnails/12.jpg)
4 Key Steps• Step 3 – Mitigating Risks
Identify alternative options to reduce risks. For example, limit access points/controls to
prevent unauthorised access to systems, implement written policies, review
contractual arrangements with third parties Utilise professional support from insurers Regularly review and update your risks
![Page 13: Finance and Governance Workshop Data Protection and Information Management 10 June 2014](https://reader036.vdocuments.us/reader036/viewer/2022072011/56649e3b5503460f94b2e026/html5/thumbnails/13.jpg)
4 Key Steps• Step 4 – Effective Communication
Increase awareness of these new risks through your organisation – safeguarding data is the responsibility of all
Training and competence of new policies and procedures to employees
![Page 14: Finance and Governance Workshop Data Protection and Information Management 10 June 2014](https://reader036.vdocuments.us/reader036/viewer/2022072011/56649e3b5503460f94b2e026/html5/thumbnails/14.jpg)
Hindrance into OpportunityRobust data governance provides:Reduced operational costs through leaner data
processes and improved efficienciesConsistency across databases resulting in greater
insight and innovation from informationConfidence in data for faster and better decision
makingA competitive advantage