Download pptx - Data Protection in the Age of BYOD and Social Media by Vicki Bowles (Barrister)

NEW TECHNOLOGIES, OLD DATA: WHAT ALL ORGANISATIONS NEED

TO KNOW

Brian Miller, Partner

Vicki Bowles, Barrister

Content

• Legislative framework – reminder• Disclosure to third parties• BYOD• Social Media

Legislative framework - reminder

• Back to basics – key information:– Who is the data controller?– What personal data do you have?– Are you compliant with the principles?

Disclosure

• Comply with the first data protection principle:Personal data shall be processed fairly and lawfully, and in particular, shall not be processed unless-

– At least one of the conditions in Schedule 2 is met, and– In the case of sensitive personal data, at least one of the

conditions in Schedule 3 is also met.

Disclosure

• What is “fair”?– How was the information obtained?– What was the individual told about the

purposes of processing when the information was obtained?

Disclosure

• Schedule 2 conditions:– Para 1: consent– Para 2: contracts– Para 3: compliance with legal obligation– Para 4: protect vital interest of data subject– Para 6: Necessary for the legitimate interests

subject to unwarranted prejudice to rights and freedoms

BYOD

• Bring Your Own Device– Responsibility for breaches– Level of risk v resources

• No BYOD – low risk/not practical• You supply the device and control security settings

– medium risk/expensive• Access limited to certain components of system –

medium/high risk/more practical• Unlimited access – high risk

BYOD

• Have a policy in place:– Minimum levels of security required– Expectations re: downloads etc. if your device

• Training– Do your staff/volunteers understand what they

need to do to secure their device?– Make your requirements clear

Social Media

• Areas of risk:– Use by your organisation– Use by your employees/volunteers outside of

work– Comments made about your organisation

Social Media

• Use by you:– Dedicate necessary resources – reputation– Be clear on what is and is not acceptable– “Chain of command” for authorisation

• Use by employees/volunteers:– Same as BYOD – policy and training– Important to protect reputation– WWTDMT?

Social Media• Use by others

– Be vigilant– Report

Attributions

Slide 1 Some rights reserved by Symo0

Slide 2 Some rights reserved by giulia.forsythe

Slide 3 Some rights reserved by IntelFreePress

Slide 4 Some rights reserved by MichaelMKenny

Slide 5 Some rights reserved by Mista Bob

Slide 6 Some rights reserved by jk5854

Slide 7 Some rights reserved by adactio

Slide 8 Some rights reserved by justgrimes

Slide 9 Some rights reserved by angermann

Slide 10 Some rights reserved by opensourceway

Slide 11 Some rights reserved by AsGood

12

https://creativecommons.org/licenses/by-nd/2.0/

https://www.flickr.com/photos/symo0/

https://creativecommons.org/licenses/by-nc-sa/2.0/

https://www.flickr.com/photos/gforsythe/

https://creativecommons.org/licenses/by/2.0/

https://www.flickr.com/photos/intelfreepress/


https://www.flickr.com/photos/michaelmkenny/

https://creativecommons.org/licenses/by-nc-nd/2.0/

https://www.flickr.com/photos/mistabob/

https://www.flickr.com/photos/mistabob/

https://creativecommons.org/licenses/by-nc-nd/2.0/

https://www.flickr.com/photos/julishannon/

https://creativecommons.org/licenses/by/2.0/

https://www.flickr.com/photos/adactio/

https://creativecommons.org/licenses/by-sa/2.0/

https://www.flickr.com/photos/notbrucelee/


https://www.flickr.com/photos/angermann/


https://www.flickr.com/photos/opensourceway/


https://www.flickr.com/photos/asgood/