Portable/mobile devices and privacy in Local Government
-
Upload
clare-farley -
Category
Documents
-
view
31 -
download
2
description
Transcript of Portable/mobile devices and privacy in Local Government
![Page 1: Portable/mobile devices and privacy in Local Government](https://reader037.fdocuments.in/reader037/viewer/2022110101/56813238550346895d989f87/html5/thumbnails/1.jpg)
04/20/23 1
Portable/mobile devices and privacy in Local
Government
Dr Anthony BendallActing Victorian Privacy
Commissioner
![Page 2: Portable/mobile devices and privacy in Local Government](https://reader037.fdocuments.in/reader037/viewer/2022110101/56813238550346895d989f87/html5/thumbnails/2.jpg)
Overview
• OVPC Surveys and Guide
• Privacy laws
• Recent developments :– Tablets– Smart phones– Portable hard drives– BYOD– Cloud computing
• Looking ahead
![Page 3: Portable/mobile devices and privacy in Local Government](https://reader037.fdocuments.in/reader037/viewer/2022110101/56813238550346895d989f87/html5/thumbnails/3.jpg)
Example
• “A staff member was responsible for collating information about individuals from numbers sourced for the purpose of preparing reports. The staff member would often work on these reports at home and stored the work on a personal USB key. But the USB key was lost, possibly at a supermarket car-park, with over 30 reports.”
![Page 4: Portable/mobile devices and privacy in Local Government](https://reader037.fdocuments.in/reader037/viewer/2022110101/56813238550346895d989f87/html5/thumbnails/4.jpg)
OVPC Surveys and Guide
• OVPC, Use of Portable Storage Devices: Privacy Survey, January 2009
• OVPC, Portable Storage Devices: Privacy Survey 2011, December 2011
• OVPC, Use of Portable Storage Devices – a guide to policy development, August 2009
• All available at www.privacy.vic.gov.au
![Page 5: Portable/mobile devices and privacy in Local Government](https://reader037.fdocuments.in/reader037/viewer/2022110101/56813238550346895d989f87/html5/thumbnails/5.jpg)
04/20/23 5
Privacy laws
• Information Privacy Act 2000 (Vic)• IPP 4: Data Security
– ...”must take reasonable steps to protect personal information... from misuse, loss, unauthorised access, modification and disclosure.”
– Personal information should be destroyed or de-identified when it is no longer needed.
• Similar laws at Cth level and in other States and Territories
![Page 6: Portable/mobile devices and privacy in Local Government](https://reader037.fdocuments.in/reader037/viewer/2022110101/56813238550346895d989f87/html5/thumbnails/6.jpg)
2008 Survey
• 55 organisations
• “Major security risk”
• 17 recommendations
• Recommendation 1: formal policy– 2009 Guide– 27 point checklist
![Page 7: Portable/mobile devices and privacy in Local Government](https://reader037.fdocuments.in/reader037/viewer/2022110101/56813238550346895d989f87/html5/thumbnails/7.jpg)
Surveys by others
• NZ 2010:– 42 NZ agencies– 120 devices lost in 12 months– “inadequate controls”
• Australian Privacy Commissioner 2009:– 58% of agencies suffered loss or theft– “mixed results”
![Page 8: Portable/mobile devices and privacy in Local Government](https://reader037.fdocuments.in/reader037/viewer/2022110101/56813238550346895d989f87/html5/thumbnails/8.jpg)
2011 Survey
• 31 of previous 55 organisations• General improvement• 12 organisations – no controls• Lack of encryption• 10 organisations – no tracking• 8 – no improvement• 2 – deterioration• Local Councils – from “poor” to
“commended”
![Page 9: Portable/mobile devices and privacy in Local Government](https://reader037.fdocuments.in/reader037/viewer/2022110101/56813238550346895d989f87/html5/thumbnails/9.jpg)
Tablets and other developments
• Explosion in period between two surveys
• 2011 – 50% provide tablets to staff
• Portable hard drives
![Page 10: Portable/mobile devices and privacy in Local Government](https://reader037.fdocuments.in/reader037/viewer/2022110101/56813238550346895d989f87/html5/thumbnails/10.jpg)
BYOD
• Increasing
• Lack of policy and technical controls
![Page 11: Portable/mobile devices and privacy in Local Government](https://reader037.fdocuments.in/reader037/viewer/2022110101/56813238550346895d989f87/html5/thumbnails/11.jpg)
The cloud
• New challenges• Loss of control• Offshore storage• OVPC Information Sheet: Cloud
Computing, May 2011
![Page 12: Portable/mobile devices and privacy in Local Government](https://reader037.fdocuments.in/reader037/viewer/2022110101/56813238550346895d989f87/html5/thumbnails/12.jpg)
2011 recommendations
• 6 additional recommendations:– Strict control over external hard drives– Control of all active ports– Encrypted USB keys
• Smart phones and tablets– Integrity– Expanded policies
• Privacy Impact Assessments
– Collection & notice– data security– transborder flows
• Loss of control• Accountability
![Page 13: Portable/mobile devices and privacy in Local Government](https://reader037.fdocuments.in/reader037/viewer/2022110101/56813238550346895d989f87/html5/thumbnails/13.jpg)
Conclusion
• Accountability
• Costs
• Compliance notices
• Potential data breach laws
![Page 14: Portable/mobile devices and privacy in Local Government](https://reader037.fdocuments.in/reader037/viewer/2022110101/56813238550346895d989f87/html5/thumbnails/14.jpg)
More information
Privacy Victoriawww.privacy.vic.gov.au 1300 666 444