NOT PROTECTIVELY MARKED Data Protection Information Security Information
- Slides: 35
NOT PROTECTIVELY MARKED Data Protection & Information Security Information Management
NOT PROTECTIVELY MARKED Data Protection? Information Security? What’s the difference? ?
NOT PROTECTIVELY MARKED Data Protection Current Requirements n n Personal Data Processing of that data Data from which a person can be identified, e. g. name, date of birth, reference number, video image Applies to a living individual - the Act itself provides no protection after death but Force policy has an impact.
NOT PROTECTIVELY MARKED Data Protection Relevant Legislation Data Protection Act 1998 n Human Rights Act 1998 n Computer Misuse Act 1990 n Copyright Designs & Patents Act 1988 n Freedom of Information (Scotland) Act 2002 n
NOT PROTECTIVELY MARKED Data - what’s that?
NOT PROTECTIVELY MARKED Data Protection Act 1998 • Registrable Particulars – Policing The prevention and detection of crime The apprehension and prosecution of offenders The protection of life and property The maintenance of law and order Rendering assistance to the public Vetting and Licencing Public Safety
NOT PROTECTIVELY MARKED Data Protection Act 1998 • The Act imposes strict conditions on the PROCESSING of personal data “Processing means obtaining, recording or holding information or data or carrying out any operation or set of operations on the information or data” i. e. anything we do with the data
NOT PROTECTIVELY MARKED Data Protection Act 1998 • The Eight Data Protection principles • • • Processed fairly and lawfully Only obtained for a specified purpose Data shall be relevant, adequate and not excessive Data shall be accurate and kept up to date Data shall not be kept longer than is necessary Data shall be processed in accordance with rights of data subjects • Appropriate measures shall be taken against unlawful or unauthorised processing and against loss, destruction or damage to data • Data shall not be transferred outside the EEA unless adequate protection exists for the rights and freedoms of individuals
NOT PROTECTIVELY MARKED Data Protection Act 1998 • Sensitive personal data Ø Ø Ø Ø Racial or ethnic origin Political opinions Religious beliefs or beliefs of a similar nature Membership of a Trade Union Details of physical or mental health Details of sexual life Commission or alleged commission of any offence Details of any proceedings for any offence committed or alleged to have been committed, the disposal of such proceedings or the sentence of the court in such proceedings
NOT PROTECTIVELY MARKED Disclosing Data To Others n n n In general can only be released for a purpose in line with Policing Ask the 3 important questions WHO wants the data? WHY do they want it? WHAT are they going to do with it? If you get it wrong there is a personal liability UNLIMITED FINE
NOT PROTECTIVELY MARKED Data Protection Individual Rights n n n Ä Any data subject has the right of access to their personal data The data subject has the right to demand the correction or deletion of inaccurate data The data subject has the right to compensation if they have suffered damage or distress SUBJECT ACCESS - £ 10 fee
NOT PROTECTIVELY MARKED Data Protection DPO Responsibilities The Data Protection Department u u u Ensures all force systems are compliant Maintains Data Protection Notification Gives advice and assistance Liaises with other agencies Prepares information sharing protocols AUDITS EVERYONE!
NOT PROTECTIVELY MARKED Data Protection Responsibility of Users ¨ ¨ YOU MUST Have a working knowledge of the Act Apply the principles as you work Take notebook entries Ensure the data you are processing is C Accurate CRelevant CUp to date CSECURE
NOT PROTECTIVELY MARKED Criminal Offences Under the Act • Knowingly or recklessly obtain, disclose or procure the disclosure of personal data without the consent of the data controller • Sell or offer to sell personal data obtained in the above manner
NOT PROTECTIVELY MARKED Data Protection Questions
NOT PROTECTIVELY MARKED Information Security Information security applies to all information, including personal data, and in any format. I. T. - Force network, PCs, Laptops, PDAs, magnetic media, non-magnetic media. Paper - written & printed. Communications - radio & telephone. Conversation. Internet & e-mail.
NOT PROTECTIVELY MARKED Information Security Information is a vast resource, and a valuable asset. More importantly, it is the lifeblood of the Police Service. So why is information security needed? Information security is about protecting that valuable lifeblood from a wide range of threats.
NOT PROTECTIVELY MARKED Information Security Threats Deliberate - theft, denial of service, hacker. Accidental - coffee, power supply. Natural - fire, flood.
NOT PROTECTIVELY MARKED Information Security Sources Internal - employees. External - criminals, investigative journalists, members of the public. employees Most dangerous = employees
NOT PROTECTIVELY MARKED Information Security What do we get from information security? CIA Confidentiality The restriction of information and assets to authorised individuals Integrity The maintenance of information systems and physical assets in their complete and proper form Availability The continuous or timely access to information, systems or physical assets by authorised individuals
NOT PROTECTIVELY MARKED Information Security Personnel Physical Document Procedural CIA Radiation Computer Communications
NOT PROTECTIVELY MARKED Information Security How do we go about protecting our sensitive assets? GPMS Or to give it the full title, the Government Protective Marking Scheme which is designed to enhance the security and help protect the value of sensitive assets through the use of ‘protective markings’.
NOT PROTECTIVELY MARKED Information Security GPMS The six markings used are: NOT PROTECTIVELY MARKED PROTECT RESTRICTED CONFIDENTIAL SECRET TOP SECRET
NOT PROTECTIVELY MARKED Information Security GPMS Once applied these markings (and handling instructions) indicate to others the value of an asset and the impact of compromise. Value and impact determine how it should be protected, and who should be given access to it. The fundamental principle of this system is to assure that protectively marked assets will be given adequate protection against accidental or deliberate compromise. Examples of impact are:
NOT PROTECTIVELY MARKED Information Security GPMS Accidental or deliberate compromise of assets marked NOT PROTECTIVELY MARKED would be likely to: have no impact on the Force
NOT PROTECTIVELY MARKED Information Security GPMS Accidental or deliberate compromise of assets marked PROTECT would be likely to have: no impact on life or safety but may cause inconvenience or discomfort to an individual no impact on crime fighting but may cause minor disruption to emergency service activities
NOT PROTECTIVELY MARKED Information Security GPMS Accidental or deliberate compromise of assets marked RESTRICTED would be likely to: cause substantial distress to individuals prejudice the investigation or facilitate the commission of crime
NOT PROTECTIVELY MARKED Information Security GPMS Accidental or deliberate compromise of assets marked CONFIDENTIAL would be likely to: prejudice individual security or liberty impede the investigation or facilitate the commission of serious crime
NOT PROTECTIVELY MARKED Information Security GPMS Accidental or deliberate compromise of assets marked SECRET would be likely to: threaten life directly, or seriously prejudice public order, or individual security or liberty cause serious damage to the continuing effectiveness of highly valuable security or intelligence operations
NOT PROTECTIVELY MARKED Information Security GPMS Accidental or deliberate compromise of assets marked TOP SECRET would be likely to: lead directly to widespread loss of life cause exceptionally grave damage to the continuing effectiveness of extremely valuable security or intelligence operations
NOT PROTECTIVELY MARKED Information Security GPMS However, the most common markings you will probably see and use on a day-to-day basis are: NOT PROTECTIVELY MARKED PROTECT RESTRICTED CONFIDENTIAL
NOT PROTECTIVELY MARKED Information Security The Basics Warrant Cards/IDs. Destruction. Clear desk policy. Access control. Passwords/logging out. E-mail/Internet use. Desktop software. Viruses.
NOT PROTECTIVELY MARKED Information Security A Problem Shared Is A Problem Halved Reporting Procedure: E-mail. Telephone. In person. As Soon As Possible
NOT PROTECTIVELY MARKED Information Security More Information – see your copy of Police Scotland Information Security Standard Operating Procedure
NOT PROTECTIVELY MARKED Information Security Any questions? Information Governance Officer
Not protectively marked
Private security
Visa international security model in information security
Cnss security model คือ
Not genuine, not true, not valid
Protection and security in operating system
Security and protection in operating system
E commerce security and fraud protection
E-commerce security and fraud protection
Security and protection in operating system
Protection and security in operating system
File protection and security
American heritage protective services inc
Meat is firmest when it is cooked
Marked consonants
Marked segmentering
Two households both alike in dignity modern english
Sinusoidal pattern
Markedsfølger
The spanish american war marked a turning point
Marked price-selling price=
Heterogeneous segment
A biologist originally marked 40 butterflies
When sam listens to his girlfriend susan
A is a work area designated and clearly marked in which
Totalmarked
Konsumentenheder
Which battle
What caused the fall of the roman empire
Floke marked
Who marked when france sneezes europe catches a cold
Negative clause
A marked improvement
The merging area of an entrance ramp is marked by
Ready to eat tcs food must be date marked
End of persian war
