how non profits can assess and evaluate privacy risks (net2vic october 2013)
DESCRIPTION
How Non-Profits can Assess and Evaluate Privacy Risks Everyone is worried about privacy but what exactly should we actually be worried about? What are some of the daily ‘risks’ and the broader considerations for non-profits, today? In this presentation, Christopher will identify some practices that non-profits can adopt to both secure their clients’ personal information and to make better decisions about what information to collect or not. He’ll identify how non-profits can develop transparent and effective policies concerning the collection of personal information, basic and intermediate levels of securing some of that data (and what not to do with it, once you’ve collected it!), as well as some common ‘threats’ that such organizations might experience. These threats will identify different parties that could intentionally or accidently compromise non-profits’ computers, some of tactics third-parties might adopt to compromise data stores, and ways to potentially manage such threats.TRANSCRIPT
How Non-Profits can Assess and Evaluate
Privacy Risks
Christopher ParsonsUniversity of Victoria
Talk outline•Nailing down ‘privacy’
•‘Risk talk’
•Setting your own expectations
•Securing your data...from who?
•Considering your policies
•Basic tips
•Intermediate tips
<Caveat>
Nailing down privacy
By Sang Valte
‘Risk talk’By flosofl
Setting your own expectations
internally•Assess: Data collection, use,
management, disposal
•Understand: How and why you collect data
•Explain: Data processes clearly!
Effective collection
•Clear
•Purpose driven (and limited)
•Secured for clear duration
•Minimum needed for service offering
Securing your data
•‘Where’ is data, and who can access, and when/why?
•Are you geographically limited in where you can store?
•Who are securing it from?
•If you don’t have it, you don’t need to secure it!
Considering your policies
•Secure email? Data retention? Share PII?
•What if LEAs arrive? Where is the data?
•Who to contact?
•Do you update? How?
•Not just legalese!
Basic tips
•Role based access
•‘Good’ hygiene
•Secure mobile devices
•Outsource to reliable partners
Intermediate tips
•Encrypt OS and thumbdrives
•Activate remote wipe capabilities
•Lunchtime briefs
•Privacy ‘point’
•Plan for FUBAR, and beyond!
Contact information
• Email: [email protected]
•Homepage: http://www.christopher-parsons.com
• Twitter: @caparsons