Embed Size (px)
Citation preview
Securing Your DataLessons Learned from Ashley MadisonJohn Q Martin
Sales Engineer
Twitter: @SQLServerMonkey
Email: [email protected]
Blog: http://blogs.sqlsentry.com/author/JohnMartin/
Thank you to our sponsors
Introduce Yourself• John Q Martin
Working with data in many forms for more than a decade as a consultant and numerous operational IT roles and industries.
Agenda
Current landscape
Important Concepts
Compliance
Current Landscape
Criminal, State Sponsored, Vigilante, Corporate Espionage
Mobile, Dynamic, Agile workforce
Data Everywhere
Sharp focus on privacy
High Profile Data Breaches
TalkTalk
Ashley Madison
Sony
Starwood Hotels
What is a Data Breach?
“a breach of security leading to the accidental or unlawful destruction, loss, alteration,
unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed
in connection with the provision of a public electronic communications service”
Personal data breach definition – UK Information Commissioner's office.
The Work-Anywhere culture
Education• What are you working on• Simple precautions
Think Privacy• Privacy screen filters for devices• Select the right location
Working with data
Where does it reside• Are there limitations on where it can be sent• How do you transport it
Protective Markings• Tag your visualizations & data
Compliance
Understand if you need to comply• Industry Standards• Legislation Based
Understand how data is classified• What can be stored, retained, and displayed• What were the capture T&C’s
Compliance | UK DPA
Eight Key Data Protection Principles• Used fairly and lawfully.• Used for limited, specifically stated
purposes.• Used in a way that is adequate,
relevant and not excessive• Not transferred outside the
European Economic Area without adequate protection
• Accurate• Kept for no longer than is
absolutely necessary.• Handled according to people’s data
protection rights• Kept safe and Secure
Compliance | UK DPA
Eight Key Data Protection Principles• Used fairly and lawfully.• Used for limited, specifically stated
purposes.• Used in a way that is adequate,
relevant and not excessive• Not transferred outside the
European Economic Area without adequate protection
• Accurate• Kept for no longer than is
absolutely necessary.• Handled according to people’s data
protection rights• Kept safe and Secure
Compliance | UK DPA
“any set of information relating to individuals to the extent that, although the information is not
processed by means of equipment operating automatically in response to instructions given for
that purpose, the set is structured, either by reference to individuals or by reference to criteria relating to individuals, in such a way that specific information relating to a particular individual is
readily accessible.”
What type of information is protected by the Data Protection Act? – UK Information Commissioner's office.
Controlling, Processing, SharingDo you have a duty of care• What are you working on• Simple precautions
Who else can see the data• Shoulder Surfing• Granted access via sharing
SummaryAppropriate options
Protective Markings
Understand compliance requirements
Selective Sharing
Questions?
Thank You!
