is/dpp for staff #3b - data classification
TRANSCRIPT
- Internal -
IS/DPP Baseline Training
E-learning – Part 3 – Data & Classification
2- Internal - Page
Confidentiality
3- Internal - Page
Confidentiality
4- Internal - Page
Confidentiality
Website content, approved media releases, marketing materials, … Public
Inte
nded
for
publ
ic di
strib
utio
n
Website content, approved media releases, marketing materials, …
5- Internal - Page
Confidentiality
Public
Inte
nded
for
publ
ic di
strib
utio
n
Acce
ss b
ased
on
“nee
d-to
-kno
w”
“CONFI
DENTI
AL”
6- Internal - Page
Confidentiality
Internal
Public
Inte
nded
for
publ
ic di
strib
utio
n
Acce
ss b
ased
on
“nee
d-to
-kno
w”
“CONFI
DENTI
AL”
Departmental memos, information on bulletin boards, training materials, policies, procedures, instructions, phone/email directories,…
7- Internal - Page
Confidentiality
Website content, approved media releases, marketing materials, …
Restricted
Internal
Public
Inte
nded
for
publ
ic di
strib
utio
n
Acce
ss b
ased
on
“nee
d-to
-kno
w”
“CONFI
DENTI
AL”
Personal data, customer correspondence, staff data, internal audit reports, …
8- Internal - Page
Confidentiality
Website content, approved media releases, marketing materials, …
Restricted
Internal
Public
Inte
nded
for
publ
ic di
strib
utio
n
Acce
ss b
ased
on
“nee
d-to
-kno
w”
“CONFI
DENTI
AL”
Secret Passwords and other authentication credentials, new products, mergers,…
9- Internal - Page
10- Internal - Page
ConfidentialityIntegrity
11- Internal - Page
ConfidentialityIntegrityAvailability
12- Internal - Page
ConfidentialityAvailabilityPrivacyIntegrity
13- Internal - Page
Control
Data Subject
Processing personal data
Data Controller
Finality Legitimacy
Transparency Organisation
Proportional
end-to-end
Data Protection Act / GDPR
Expectations
14- Internal - Page
Data Subject
Processing personal data
Data Controller
Data Protection Act / GDPR
1. What would your reaction be if we did it to your personal data?
Expectations
15- Internal - Page
Data Subject
Processing personal data
Data Controller
Data Protection Act / GDPR
1. What would your reaction be if we did it to your personal data?2. What would the reaction be of somebody who likes his privacy,if we did it to his/her personal data?
Expectations
16- Internal - Page
Data Subject
Processing personal data
Data Controller
Data Protection Act / GDPR
1. What would your reaction be if we did it to your personal data?2. What would the reaction be of somebody who likes his privacy,if we did it to his/her personal data?
3. What would the reaction of the public be if what we do to personal data is in detail explained on the front page of tomorrow’s newspaper?
Expectations
17- Internal - Page
Data Subject
Processing personal data
Data Controller
Data Protection Act / GDPR
1. What would your reaction be if we did it to your personal data?2. What would the reaction be of somebody who likes his privacy,if we did it to his/her personal data?
3. What would the reaction of the public be if what we do to personal data is in detail explained on the front page of tomorrow’s newspaper?
Expectations
18- Internal - Page
Full Set of Data Classifications: PATRIC
Category Classifications
Privacy
Use the (personal) data in line with the original purpose (original) purpose
Availability
Ensure that information is available to authorized persons Non-Essential, Essential, Critical and Highly Critical
Traceability
Modifications can be traced back Non-Traceable, Sensitive and Critical
Retention
Retained & disposed in line with law & business objectives No Retention, Short-Term, Mid-Term and Long-Term
Integrity
Prevent accidental, unauthorized and deliberate alteration or deletion Accurate, Vital and Absolute
Confidentiality
Prevent unauthorized disclosure Public, Internal, Restricted and Secret
Company specific
19- Internal - Page
Full Set of Data Classifications: PATRIC
Category Classifications
Privacy
Use the (personal) data in line with the original purpose (original) purpose
Availability
Ensure that information is available to authorized persons Non-Essential, Essential, Critical and Highly Critical
Traceability
Modifications can be traced back Non-Traceable, Sensitive and Critical
Retention
Retained & disposed in line with law & business objectives No Retention, Short-Term, Mid-Term and Long-Term
Integrity
Prevent accidental, unauthorized and deliberate alteration or deletion Accurate, Vital and Absolute
Confidentiality
Prevent unauthorized disclosure Public, Internal, Restricted and Secret
Company specific
20- Internal - Page
Key Takeaways
ABC Group classifies on different levels : personal data and PATRIC.
All information has a classification, even if it is not explicit.
You should classify.
Confidentiality distinguishes different circles: public, internal, restricted and secret, wherein personal data is always at least “restricted”.
30 sec IS/DPP survival kit
Wra
p U
p