Thomas F. Zych October 25, 2012 ATLANTA CINCINNATI CLEVELAND COLUMBUS DAYTON NEW YORK WASHINGTON, D.C.

Transcription

1 DATA SECURITY IN THE NON-PROFIT WORLD Thomas F. Zych October 25, 2012 Data Security: The Other Side of the Privacy Coin Growing Focus of Regulatory and Compliance Planning Not Just for Consumers Not Just for For-Profit World 2 2 1

2 Job 1 in Data Management is Maintaining the Mission- Critical Use of Vital Information Internal Operational and Personal Data Donor Information Served Community Information Financial Data 3 3 Data Security Profile in the Non-Profit World Board Turnover Inadequate Staffing Insecure Facilities Mission Priorities Multiple Repositories of Significant Information 4 4 2

3 Know Triage Manage Monitor Repeat 5 5 What s a Company to Do? Know for all significant information Data Sources Data Uses Data Repositories Data Flows Within organization Outside of organization Data Life Cycles Data Destruction 6 6 3

4 Triage Identify High-Risk Data Practices Plan Short- and Near-Term Remediation Document Best and Better Practices 7 7 Manage Assessment of Compliance Standards Use Board, Donor and Sponsor Resources Policies, Procedures andppractices Plan for Data Incidents Before They Occur Training 8 8 4

5 Monitor Assign Responsibilities Establish Review Schedule Determine Whose Sleep is at Stake 9 9 Repeat Changing Regulatory Landscape Institutional Knowledge Erosion Avoiding Acquired Amnesia Keep on Board Governance Agenda

6 Data Security and the Real World: It s Not Just Electronic Tremendous amounts of data still exist on paper Often, little awareness of organization-wide paper repositories Inconsistent personal practices Not always the subject of clear policies High profile enforcement actions for unsafe disposal/storage Data Security and the Real World: Into Your Hands I Commend My Data Third parties inevitably possess, process and transmit personal and proprietary data You can outsource the function; you can t outsource the liability Oversight is essential Service Provider Selection Contracting practices Oversight

7 Data Security and the Real World: When Home and Work Collide The day is no longer divided, and neither are the devices Mobile and remote devices create: Their own storage Their own vulnerabilities Their own private/public/company paradigm Clear policies and culture are necessary When the Worst Happens All Data Can Be Lost, Stolen or Misused Legal and Relational Obligations to Avoid Harm Data Breach Notification Laws Civil Liability Regulational Injury The Right Thing Have a Plan: Investigate Document Notify Learn!

8 Questions? DATA SECURITY IN THE NON-PROFIT WORLD Thomas F. Zych