You are on page 1of 30

Basics of IT

Module 1 Introduction to Computer Basics


Module 2 Open Office Calc
Module 3 Open Office Writer
Module 4 Open Office Impress
Module 5 Networking
Module 6 IT Security
Topic 0 Introduction to IT Security
Topic 1 Password Management
Topic 2 Data Protection
Topic 3 Social Networking Sites and Social Netiquettes
Topic 4 Summary

Topic 2:
Data Protection

Learning Objectives

At the end of this topic, you will be able to:


Define personal information
List components of personal information
Define privacy and privacy breach
List key privacy principles

Data Protection Think Privacy


What happened when Privacy failed?

T-Mobile admitted losing a storage device holding the records, including names, addresses, phone numbers
and dates of birth, of 17 million German customers

Unencrypted back-up computer tapes from BNY Mellon's Share owner Services unit containing the confidential
details of over 12 million customers was lost by a third party vendor

HSBC lost a computer disc containing the confidential personal details of around 370,000 of its UK life
assurance customers

In August 2010,Zurich UK fined 2.26 million pounds

Enforcement action on Nationwide, Norwich Union, HSBC as well

Data Protection Think Privacy


What is Privacy?
Privacy is the right to
control access to
information about oneself.
The right to privacy
means that the
individuals get to decide
what and how much
information to give up, to
whom it is given and for
what purposes.

Communication Privacy

Organizational Privacy

Privacy

Information Privacy

Physical Privacy

Data Privacy
What is Data Privacy?

Data privacy is the relationship between collection and dissemination of data, the public expectation of privacy
and the legal issues surrounding them .

It is protecting corporate and personal customer and employee data under the possession of the organization.

Data Privacy
What is personal Information?

Any identifiable information about the customer held in any format is personal information.

In case of corporate, any information that is not available in the public domain but is shared with ICICI Bank is
treated as personal information

Personal Data
What is personal details??

Name and
Address
Passport
Number

Contact
Details

Personal
Details
National
Insurance
number

Date of Birth
Age, Sex
and ethnicity

Personal Data
What is family lifestyle details??

Marital
Status

Club
Membership
Details

Leisure
activities

Next of Kin
Family
Lifestyle
Details

Travel
Habits

Personal Data
What is financial details?

Income
Insurance
Details

Salary

Financial
Details
Loans

Credit
History

Investments

Bank
Account

Personal Data
Career
History

What is employment details?


Disciplinary
And
grievance
Records

Recruitment
CV

Employment
Details
Performance
and
Appraisal
Records

Attendance
Record
Sickness
Record

Personal Data
What is sensitive personal
data?

Racial /
Ethnic Origin

The data subject must give


explicit consent to the processing
of sensitive personal data.
Criminal
Convictions

Sensitive
Personal
Data

Physical or
Mental
health
Conditions

Religious
Beliefs

Privacy Breach
What is privacy breach?
Any identifiable information about an individual held in any format is personal information. Privacy breach is
unauthorized access or collection, use or disclosure of personal information. Most common causes of privacy
breach are as follows:
Stolen, lost or mistakenly disclosed information

Faulty business procedure or operational break down

Privacy Breach
What constitutes privacy breach?
The following are few scenarios that could occur in a bank. Can you identify if it constitutes as privacy breach?

Compromise
of Customer
Name

No

Privacy Breach
What constitutes privacy breach?
The following are few scenarios that could occur in a bank. Can you identify if it constitutes as privacy breach?

Compromise
of Customer
Name

Compromise
of Account
Number

Yes

Privacy Breach
What constitutes privacy breach?
The following are few scenarios that could occur in a bank. Can you identify if it constitutes as privacy breach?

Compromise
of Customer
Name

Compromise
of Gender

No

Privacy Breach
What constitutes privacy breach?
The following are few scenarios that could occur in a bank. Can you identify if it constitutes as privacy breach?

Compromise
of Customer
Name

Compromise
of Gender

Compromise
of Age

Yes

Key Privacy Principles

The following are key privacy principles for ICICI Bank.


1

Accountability

Identify purpose

Consent from customer

Limiting use, Disclosure and Retention

Limiting collection

Accuracy

Safe Guarding of data

Key Privacy Principles

You will learn more about these principles in the next few slides.

Accountability

Identify purpose

The bank is responsible for processing and storing the personal


information collected in accordance with the applicable requirements.

The bank should identify the purpose at or before the time of collection
The bank must document why the information is collected
The bank must inform the individual of whom the information is collected
and why the information is needed

Key Privacy Principles

You will learn more about these principles in the next few slides.

Consent

Consent should be obtained at the time of collection of personal


information
Consent must be obtained every time a new use of the information is
identified

Limiting Collection

Collect only as much information that is directly required to serve the


identification purpose

Key Privacy Principles

You will learn more about these principles in the next few slides.

Customer or employee personal data should not be disclosed to anyone


including other employees who are not authorized to receive it. The
following are the exceptions:
Limiting Use
Disclosure and
Retention

The disclosure is authorized by the customer


Where disclosure is under compulsion of law
Where there is duty to the public to disclose
Where interest of bank requires disclosure
Where the disclosure is made with the expressed or implied consent
of the customer

Key Privacy Principles

You will learn more about these principles in the next few slides.

Keep the personal information of the customer and the employee


complete and up to date as necessary. The measure to keep the data
updated are:
Accuracy

While accepting the customers application and other service


requests, make sure that the handwriting is readable and mandatory
fields are completed
Be cautious while entering , amending customers or employees
information in the system
Be cautious while adding any additional notes in customer or
employees files

Key Privacy Principles

You will learn more about these principles in the next few slides.

Organizational security measures and policies should be strictly


maintained to protect personal information against
Safeguard Client
Information

Loss or theft
Unauthorized access, disclosure, use, copying
Destruction
Personal customer and employee data needs to be stored and treated
with utmost care and security

Benefits and Risks


The following are the benefits of ensuring the security of customers or employees personal information :
1.

Builds customer confidence and trust

2.

Increases customer satisfaction

3.

Creates brand differentiator

The following are the security risks of losing customers or employees personal information:
1.

Reputational risk and brand damage

2.

Customer dissatisfaction

3.

Fines, Compensation claims and prosecution and so on

Dos and Donts for Data Privacy

Follow these guidelines to ensure data privacy.


Dos
Shred confidential customer data if not required
Retain sensitive personal data if safe custody only till such a time as is necessary
Keep your desks and soft boards clear of customer data
Lock your drawers and cabinets
Delete records of personal data held in laptops or PCs that are not needed for business use

Harden your laptops and desktops with the help of IT team


Exercise caution during inter-judicial file transfers
Send personal data only through password protected files

Dos and Donts for Data Privacy

Follow these guidelines to ensure data privacy.


Donts
Email containing large amount of data. For example, name account numbers, balance
outstanding being sent in unprotected spreadsheet formats.
Keeping PCs or laptops unlocked
Leaving confidential documents on unattended printers
Sending emails that contain personal data in subject headings
Sharing customer personal data with friends or family
Sharing your NT password with your peers

Check Your Understanding

01

You have the personal information of a customer on your laptop. You have left your workstation with
your laptop open for few seconds to have a glass of water. Is this a breach of data privacy?
a)

Yes

b)

No

Check Your Understanding

02

You have access to your neighbors account details. You have shared this information with your
family member as you are confident that your family will not disclose this information to others. Is this
a breach of data privacy?

a)

Yes

b)

No

Summary
Here is a recap of what you learnt:
Both, customers and employees personal information is collected by
the bank.

Personal information constitutes of personal details, family lifestyle


details, financial details, employment details and sensitive personal
details
Data privacy is extremely important for a bank. Breach of privacy may
harm the reputation of the bank and cause expensive litigations.

Summary
Here is a recap of what you learnt:
Key privacy principles determines the privacy categories for both
customers and employees

You might also like