ISACA Annual General Meeting Highlights and Insights
Sven Bluemmel, Victorian
Information Commissioner
26 May 2022
ISACA Annual
General Meeting
What will we cover?
Lessons from the pandemic
ISACA AGM 26 May 2022
Outsourcing and information security: lessons from an
OVIC investigation
Artificial intelligence and facial recognition: OVIC’s view
Victorian Protective Data Security Framework and Standards
Office of the Victorian Information Commissioner
ISACA AGM 26 May 2022
Privacy Awareness Week 2022
ISACA AGM 26 May 2022
Victorian Protective
Data Security
Framework and
Standards
Victorian Protective Data Security Framework and
Standards
ISACA AGM 26 May 2022
Outsourcing and the
Privacy and Data
Protection Act 2014
(Vic): lessons from
an OVIC
investigation
“Government can outsource the delivery of
services, but not its responsibility to protect the
information it holds.”
ISACA AGM 26 May 2022
Media release: Information Commissioner publishes report on investigation into a data breach involving Department of Health and
Human Services (11 March 2021)
OVIC’s CRISSP investigation
ISACA AGM 26 May 2022
•
A serious breach of the
Information Privacy Principles
•
Compliance notice and report
issued
•
Incident caused by:
•
human error in failing to
deprovision systems access
•
inadequate protections to
address the risk of human error
Themes from the investigation’s recommendations
ISACA AGM 26 May 2022
•
Regularly check user access lists for systems and implement
a procedure to periodically check the currency of user lists
for a system.
•
Regularly provide both general and specific privacy and
security training to staff according to their role and the
types of information and systems they can access.
•
Use a risk-tiering framework for managing CSPs.
•
Simplify contractual frameworks and guidance materials for
systems.
Artificial intelligence
and facial
recognition
Just because you can, does not mean you should.
ISACA AGM 26 May 2022
Lessons learned
from the pandemic
Lessons learned from the pandemic
ISACA AGM 26 May 2022
Resources
•
OVIC, Engaging contracted service providers (Guidelines for outsourcing in the
Victorian public sector, checklist, case studies)
•
OVIC, Unauthorised access to client information held in the CRISSP database:
Investigation under section 8C(2)(e) of the
Privacy and Data Protection Act 2014
(Vic)
•
OVIC, Artificial intelligence – Understanding Privacy Obligations
•
OVIC, Artificial intelligence and privacy – Issues and challenges
•
OVIC, Biometrics and privacy – Issues and challenges
•
Global Privacy Assembly, 42nd closed session of the Global Privacy Assembly
(October 2020), Adopted Resolution on facial recognition technology
ISACA AGM 26 May 2022
Contact us
ISACA AGM 26 May 2022
enquiries@ovic.vic.gov.au
au.linkedin.com/company/ovicgov
1300 006 842
www.ovic.vic.gov.au
@OVIC_AU
Explore key topics discussed at the ISACA Annual General Meeting on May 26, 2022, featuring insights from Sven Bluemmel, Victorian Information Commissioner. Topics covered include the Victorian Protective Data Security Framework, lessons on outsourcing and information security, artificial intelligence, privacy concerns, and more. Learn about the importance of data protection, freedom of information, and privacy awareness in the current landscape.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
ISACA Annual General Meeting Sven Bluemmel, Victorian Information Commissioner 26 May 2022
ISACA AGM 26 May 2022 2 What will we cover? Victorian Protective Data Security Framework and Standards Outsourcing and information security: lessons from an OVIC investigation Artificial intelligence and facial recognition: OVIC s view Lessons from the pandemic Freedom of Information | Privacy | Data Protection
ISACA AGM 26 May 2022 3 Office of the Victorian Information Commissioner Freedom of Information | Privacy | Data Protection
ISACA AGM 26 May 2022 4 Privacy Awareness Week 2022 Freedom of Information | Privacy | Data Protection
Victorian Protective Data Security Framework and Standards
ISACA AGM 26 May 2022 6 Victorian Protective Data Security Framework and Standards PDP Act 2014 Principles Policy Standards Security guides Agency specific policies and procedures Assurance Freedom of Information | Privacy | Data Protection
Outsourcing and the Privacy and Data Protection Act 2014 (Vic): lessons from an OVIC investigation
ISACA AGM 26 May 2022 8 Government can outsource the delivery of services, but not its responsibility to protect the information it holds. Media release: Information Commissioner publishes report on investigation into a data breach involving Department of Health and Human Services (11 March 2021) Freedom of Information | Privacy | Data Protection
ISACA AGM 26 May 2022 9 OVIC s CRISSP investigation A serious breach of the Information Privacy Principles Compliance notice and report issued Incident caused by: human error in failing to deprovision systems access inadequate protections to address the risk of human error Freedom of Information | Privacy | Data Protection
ISACA AGM 26 May 2022 10 Themes from the investigation s recommendations Regularly check user access lists for systems and implement a procedure to periodically check the currency of user lists for a system. Regularly provide both general and specific privacy and security training to staff according to their role and the types of information and systems they can access. Use a risk-tiering framework for managing CSPs. Simplify contractual frameworks and guidance materials for systems. Freedom of Information | Privacy | Data Protection
Artificial intelligence and facial recognition
ISACA AGM 26 May 2022 12 Just because you can, does not mean you should. Freedom of Information | Privacy | Data Protection
Lessons learned from the pandemic
ISACA AGM 26 May 2022 14 Lessons learned from the pandemic Respect Trust Security Privacy Transparency Freedom of Information | Privacy | Data Protection
ISACA AGM 26 May 2022 15 Resources OVIC, Engaging contracted service providers (Guidelines for outsourcing in the Victorian public sector, checklist, case studies) OVIC, Unauthorised access to client information held in the CRISSP database: Investigation under section 8C(2)(e) of the Privacy and Data Protection Act 2014 (Vic) OVIC, Artificial intelligence Understanding Privacy Obligations OVIC, Artificial intelligence and privacy Issues and challenges OVIC, Biometrics and privacy Issues and challenges Global Privacy Assembly, 42nd closed session of the Global Privacy Assembly (October 2020), Adopted Resolution on facial recognition technology Freedom of Information | Privacy | Data Protection
ISACA AGM 26 May 2022 16 Contact us enquiries@ovic.vic.gov.au @OVIC_AU 1300 006 842 au.linkedin.com/company/ovicgov www.ovic.vic.gov.au Freedom of Information | Privacy | Data Protection
