STRICTLY CONFIDENTIAL © Copyright 2014 Progressive Intelligence

9225 W. Jewell Place,#101, LakewoodColorado 80227

USA

•1245 Wild Rose Lane

Lake ForestIllinois 60045

USA

•333 Rector Pl, #908

New YorkNew York 10280

USA

•4921 Waterfowl Way,

RockvilleMaryland 20853

USA

•6143 Leesburg Pike, #607

Falls Church

Virginia 22041

USA

•1st Floor, 19 BracknellGardens, Hampstead,

London NW3 7EEUK

•B-18 Swasthya Vihar

Vikas MargDelhi 110092

INDIA

info@piplinc.com

USA • UK • INDIA

Progressive Intelligence

Partners in Achievement

Data Protection and SecurityRisk, Mitigation, and Management

Trusted Advisory Services Trusted Advisory Services

Legal & Operational Landscape

Dr. Sanjeev B. AhujaManaging Director

sanjeev.ahuja@piplinc.com

2

Overview

Event Management

Contact

Data Risk

Exposure Mitigation

3

Data Risk

BiographicalPersonal

Data

Data

Protection

Act

Tech & Org

Measures

Sector Specific

Regulator

Info & Comm

Office

Liability

Consequential

Liability

Living

Individual

Ability to Identify

Individual

Security

Protection

Security

Breach

Principles

Unauthorized

Or Unlawful

Processing

Identity

Fraud

Criminal

Activity

Technology

& Cost

Feasibility

Appropriate

Diligence

Systems &

Controls

Accidental,

Unauthorized, or

Unlawful Action

Loss or Alteration.

Access or Disclosure,

Destruction or Damage

Damage to Organization

& Reputation

Caused by Organization,

Employees, or 3rd-Parties

Civil Contract Breach

Non-Compliance

Criminal

Public

UndertakingLiability of

Individual

Officers

Fines

DPA Enofrcement

Notice

Public Naming

& Shaming

Time

Action

Compensation

Customers

Employees

Current/Former

Suppliers

3rd Parties

Nature of

Data

Harm That

Results

Individual

Corporation

Reliability of Employees

& 3rd-Party Suppliers

Client Instructions

& Obligations

By Law

Data Protection & Privacy

Security Risk

4

Exposure Mitigation

Data Protection & Privacy

Exposure Mitigation

Tech & Org

Measures

Staff

Recruitment

& Vetting

Information

Access

Control

Training &

Awareness

Programs

Contracts

With 3rd-Party

Suppliers

Physical

Security

Processes for

Customer Data

Disposal

Executive &

Operational

Governance

Information

Security

Policies

Compliance

Audit & Monitoring

Process

5

Event Management

Data Protection & Privacy

Event Management

Exception

Handling &

Management

Evaluation

& Response

Containment

& Recovery

Assessment of

Ongoing Risk

Notification

Of Breach

1 2

3 4

6

Contact