Securing your Data, Reporting Recommended Practices

Post on 10-Apr-2017

143 views 3 download

Transcript of Securing your Data, Reporting Recommended Practices

Securing Your DataLessons Learned from Ashley MadisonJohn Q Martin

Sales Engineer

Twitter: @SQLServerMonkey



Thank you to our sponsors

Introduce Yourself• John Q Martin

Working with data in many forms for more than a decade as a consultant and numerous operational IT roles and industries.


Current landscape

Important Concepts


Current Landscape

Criminal, State Sponsored, Vigilante, Corporate Espionage

Mobile, Dynamic, Agile workforce

Data Everywhere

Sharp focus on privacy

High Profile Data Breaches


Ashley Madison


Starwood Hotels

What is a Data Breach?

“a breach of security leading to the accidental or unlawful destruction, loss, alteration,

unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed

in connection with the provision of a public electronic communications service”

Personal data breach definition – UK Information Commissioner's office.

The Work-Anywhere culture

Education• What are you working on• Simple precautions

Think Privacy• Privacy screen filters for devices• Select the right location

Working with data

Where does it reside• Are there limitations on where it can be sent• How do you transport it

Protective Markings• Tag your visualizations & data


Understand if you need to comply• Industry Standards• Legislation Based

Understand how data is classified• What can be stored, retained, and displayed• What were the capture T&C’s

Compliance | UK DPA

Eight Key Data Protection Principles• Used fairly and lawfully.• Used for limited, specifically stated

purposes.• Used in a way that is adequate,

relevant and not excessive• Not transferred outside the

European Economic Area without adequate protection

• Accurate• Kept for no longer than is

absolutely necessary.• Handled according to people’s data

protection rights• Kept safe and Secure

Compliance | UK DPA

Eight Key Data Protection Principles• Used fairly and lawfully.• Used for limited, specifically stated

purposes.• Used in a way that is adequate,

relevant and not excessive• Not transferred outside the

European Economic Area without adequate protection

• Accurate• Kept for no longer than is

absolutely necessary.• Handled according to people’s data

protection rights• Kept safe and Secure

Compliance | UK DPA

“any set of information relating to individuals to the extent that, although the information is not

processed by means of equipment operating automatically in response to instructions given for

that purpose, the set is structured, either by reference to individuals or by reference to criteria relating to individuals, in such a way that specific information relating to a particular individual is

readily accessible.”

What type of information is protected by the Data Protection Act? – UK Information Commissioner's office.

Controlling, Processing, SharingDo you have a duty of care• What are you working on• Simple precautions

Who else can see the data• Shoulder Surfing• Granted access via sharing

SummaryAppropriate options

Protective Markings

Understand compliance requirements

Selective Sharing


Thank You!