Laws and Regulations & Data Governance

Similar documents
Data Governance for Smart City Management

Cybersecurity in Asia-Pacific State of play, key issues for trade and e-commerce

Data Security: Public Contracts and the Cloud

Cybersecurity in Higher Ed

Data Security and Breach Notification Legislative Update: What You Need to Know (SESSION CODE CRM001)

Thailand Digital Government Development Plan Digital Government Development Agency (Public Organization) (DGA)

Gramm Leach Bliley Act 15 U.S.C GLBA/HIPAA Information Security Program Committee GLBA, Safeguards Rule Training, Rev.

GuardTower TM White Paper. Enterprise Security Management Systems

The NIST Cybersecurity Framework

U.S. Private-sector Privacy Certification

Shaping Smart Sustainable Cities in Asia Pacific Mr. Sameer Sharma, Senior Advisor, ITU 30 March 2018

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

Keeping It Under Wraps: Personally Identifiable Information (PII)

Commonwealth Cyber Declaration

DIGITAL AGENDA FOR EUROPE

Government Privacy. Julie Smith McEwen, CIPP/G, CISSP Principal Information Systems Privacy and Security Engineer

The United Nations Convention On the Use of Electronic Communication in International Contracts, 2005 and Electronic Transactions Law in Thailand

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld

Cybersecurity Conference Presentation North Bay Business Journal. September 27, 2016

Directive on security of network and information systems (NIS): State of Play

E Government in Tonga

Security Awareness Compliance Requirements. Updated: 11 October, 2017

UNODC tackling cybercrime in support of a safe and secure AP-IS

Data Privacy and Cybersecurity

Consumer Protection & System Security Update. Bill Jenkins and Cammie Blais

INDEPENDENT COMMUNICATIONS AUTHORITY OF SOUTH AFRICA(ICASA) CYBERSECURITY PRESENTATION AT SAIGF. 28 th November 2018

Technology and data privacy Global perspectives

Cybersecurity: Federalism as Defense-in-Depth

The NIS Directive and Cybersecurity in

Leading the Digital Transformation from the Centre of Government

Altitude Software. Data Protection Heading 2018

CCISO Blueprint v1. EC-Council

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)

International Legal Regulation of Cybersecurity U.S.-German Standards Panel 2018

Development of smart authentication and identification in Asia

Altius IT Policy Collection Compliance and Standards Matrix

Are your data ready for GDPR Compliance?

ENISA EU Threat Landscape

Garry Mukelabai Communications Authority Zambia

Cyber Security and Cyber Fraud

OVERVIEW OF DATA GOVERNANCE NICHOLAS TAN

Doug Couto Texas A&M Transportation Technology Conference 2017 College Station, Texas May 4, 2017

ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)

National Cybersecurity preparation to deal with Cyber Attacks

Cyber Security: Are digital doors still open?

Security Breaches: How to Prepare and Respond

INNOVATIONS CENTER. Fariz T. JAFAROV Director. e-gov Development Center of Azerbaijan

Safeguards on Personal Data Privacy.

I GOT ROBBED! HOW NYS AND THE US SHOULD PROTECT YOUR DATA ONLINE

Sri Lanka THE JOURNEY OF TOWARDS A CREATIVE KNOWLEDGE BASED ECONOMY

Privacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information

Thailand Initiatives and Challenges in Cyber Terrorism

How Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner

Cyber Security Strategy

Cybersecurity Strategy of the Republic of Cyprus

Netherlands Cyber Security Strategy. Michel van Leeuwen Head of Cyber Security Policy Ministry of Security and Justice

Cyber Security in Europe

Generate growth in Asia Pacific with Intelligent Connectivity. Edward Zhou Huawei Technologizes

Promoting Global Cybersecurity

Website Privacy Policy

Internet Governance in April April 2016

Digital Healthcare. Yordan Iliev Director R&D Healthcare. Regional Cybersecurity Forum, November 2016, Grand Hotel Sofia, Bulgaria

PROTECTING NATIONAL CRITICAL INFRASTRUCTURE AGAINST CYBER ATTACKS BEST PRACTICES RELATED TO TECHNOLOGY AND STANDARDS FROM EUROPE BANGKOK

Smart Sustainable Cities

NATIONAL STRATEGY:- MALAYSIAN EXPERIENCE

DIGITALISATION OF MALAYSIA PUBLIC SERVICE: CITIZEN CENTRIC IMPERATIVE

India s National Policy On. Information Technology. Ajay Sawhney, President & CEO, National egovernance Division, Dept of IT

EU policy on Network and Information Security & Critical Information Infrastructures Protection

DRAFT AGENDA MEETING OF SADC MINISTERS RESPONSIBLE FOR COMMUNICATIONS AND ICT

Strategic Technology Trends for Digital Government

Cyber Risks and Emerging Technology/Threats

Cyber Security. Activities of an national insurance association based on the example of VVO

Developments in Global Data Protection & Transfer: How They Impact Third-Party Contracts

Cybersecurity Risk Management:

NEW INNOVATIONS NEED FOR NEW LAW ENFORCEMENT CAPABILITIES

Critical Information Infrastructure Protection. Role of CIRTs and Cooperation at National Level

Protecting Your Business: Best Practices for Implementing a Legally Compliant Cybersecurity Program Trivalent Solutions Expo June 19, 2014

Cyber Risks in the Boardroom Conference

Data Compromise Notice Procedure Summary and Guide

Presented by: - Anselm Charles ICT Manager CARICOM IMPACS

Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston

Cybersecurity Protecting your crown jewels

Forum. Ningbo, China 25 February

UCOP ITS Systemwide CISO Office Systemwide IT Policy

Rohana Palliyaguru Director -Operations Sri Lanka CERT CC APCERT AGM and Conference, 24 th October 2018 Shanghai, China MINISTRY OF TELECOMMUNICATION

The Role of Public Sector Audit and Risk Committees in Cybersecurity & Digital Transformation. ISACA All Rights Reserved.

Safeguarding company from cyber-crimes and other technology scams ASSOCHAM

An Overview of Smart Sustainable Cities and the Role of Information and Communication Technologies (ICTs)

Hong Kong s Personal Data (Privacy) Ordinance

Altius IT Policy Collection Compliance and Standards Matrix

What To Do When Your Data Winds Up Where It Shouldn t

NATIONAL GUIDELINES ON CLOUD COMPUTING FOR GOVERNMENT, MINISTRIES, DEPARTMENTS AND AGENCIES

Toward Horizon 2020: INSPIRE, PSI and other EU policies on data sharing and standardization

Caribbean Cyber Security: Not Only Government s Responsibility

Cybersecurity & Digital Privacy in the Energy sector

Putting It All Together:

Overview Bank IT examination perspective Background information Elements of a sound plan Customer notifications

Accelerate Digital Transformation

Summary Comparison of Current Data Security and Breach Notification Bills

SQL Compliance Whitepaper HOW COMPLIANCE IMPACTS BACKUP STRATEGY

Transcription:

Executive Development Course: Digital Government for Transformation Towards Sustainable and Resilient Societies the Singapore Experience Laws and Regulations & Data Governance 2-6 April 2018 UNDP Global Center for Public Service Excellence, Singapore Keping Yao United Nations Project Office on Governance, Division for Public Administration and Development Management United Nations Department of Economic and Social Affairs

Contents I. Data governance for better public service delivery II. Data governance from the perspective of government III. Laws and regulations for data governance IV. Policy recommendations 2

I. Data governance for better public service delivery The 2030 Agenda refers to various types of public service delivery 13 Goals relate to public service delivery. 59 targets (35%) require delivery of specific public services. Among 230 indicators, 66 of them (29%) require some public service to be delivered by public institutions. 3

I. Data governance for better public service delivery Open government data as public asset Data driven innovation - open standard, open source and open code Collaboration among ministries and with citizens Integrated services eid/digital ID 4

I. Data governance for better public service delivery Gartner Top 10 Strategic Technology Trends for 2018 5

I. Data governance for better public service delivery Deloitte - Technology trends facing the government Reengineering technology Enterprise data sovereignty Digital reality API imperative No collar workforce The new core Blockchain to blockchains Exponential technology watch list 6

1. Innovation and Public Service Delivery for the SDGs 7

Government as service providers and data generators Government as regulator and guardian of privacy of the users and citizens 8

Building resilience in IT infrastructure against cyberattacks cyberspace security as national security Business continuity of online services archiving and backup 9

Data governance is not just about data security and privacy protection 10

Data governance is more about the framework and process, and less technical than other data management capabilities Data governance is about data standards and policies that manages availability, usability, integrity, and security of the data employed in an organization 11

3 perspectives Organization/People strategic, tactical and stewards Process to define and enforce data standard and policies, and audit, monitor and control of data governance activities Technology secure infrastructure, identity and access control, information protection, auditing and reporting (compliance controls) 12

Government-wide governance structure for Setting the policy and strategy for data collection/gathering, data classification, naming conventions, data processing, access control, usage and analysis, data release, and data security during the information life cycle & consistent across gov. agencies 13

Collaboration to avoid duplicate data collection/gathering, e.g. customs and border control, tourism Data quality assurance framework consistent in data quality and data publication process 14

Government as service providers and data generators Collecting and using data to ensure compliance with data privacy (PII) Open government data de-identification and anonymization to ensure privacy and data security 15

Data-smart government delivering service using open/big data: traffic control smart grid waste management social media analysis predictive policing sound analytics emergency response 16

Governments hold personally identifiable and commercially sensitive information e.g. eid or digital ID with biometrics info, bank account info, driver license, and customer registered info for gaining certain types of services 17

When collaborating with other agencies or outsourcing to third parties Gaining access to database without knowing by users Data usage without following proper rules and procedures Not fulfilling the data protection responsibilities Maximizing the commercial value for sharing data with other parties 18

Aadhaar data leak: Edward Snowden backs India reporter over expose 19

20

Government as regulator and the guardian of privacy of the users and citizens 21

In IT era, ordinary citizens have no capacity to protect personal information 22

Legislation privacy first Enforcing compliance 23

Facebook and Cambridge Analytica data breach - the data breach of a collection of personally identifiable information of about 50 million Facebook users that Cambridge Analytica began collecting in 2014. A data breach is the intentional or unintentional release of secure or private/confidential information to an untrusted environment 24

25

26

III. Laws and regulations for data governance General Data Protection Regulation (GDPR) Effective May 25, 2018 Privacy Amendment (Notifiable Data Breaches) Bill 2016 Effective Feb 2018 Health Insurance Portability and Accountability Act In effect Payment Card Industry Data Security Standard In effect 27

III. Laws and regulations for data governance No single, comprehensive federal law regulating the collection and use of personal data The Federal Trade Commission Act (15 U.S.C. 41-58) (FTC Act) - a federal consumer protection law The Financial Services Modernization Act (Gramm-Leach-Bliley Act (GLB)) (15 U.S.C. 6801-6827) The Health Insurance Portability and Accountability Act (HIPAA) (42 U.S.C. 1301 et seq.) regulates medical information. Children's Online Privacy Protection Act of 1998 The Fair Credit Reporting Act (15 U.S.C. 1681) (and the Fair and Accurate Credit Transactions Act (Pub. L. No. 108-159) The Electronic Communications Privacy Act (18 U.S.C. 2510) and the Computer Fraud and Abuse Act (18 U.S.C. 1030) 28

III. Laws and regulations for data governance 29

III. Laws and regulations for data governance Brunei has ratified several laws related to cybersecurity Chapter 197 Anti-Terrorism (Financial and Other Measures) Act Chapter 194 Computer Misuse Act Chapter 153 Official Secrets Act Chapter 108 Evidence Act National ICT Security Policy Authority and Bru-CERT 30

III. Laws and regulations for data governance Indonesia has ratified several laws related to security Electronic Transaction Act No. 11/2008 Electronic Transaction and System Provider Regulation No. 82/2012 Information Security Guideline GOV-Cert ID-SIRTII ID-CERT ID-SIRTII Setting up CERT-Indonesia 31

III. Laws and regulations for data governance Cyber Security Malaysia - national info security coordination center Digital Signature Act of 1997 Computer Crimes Act of 1997 Telemedicine Act of 1997 e-commerce Act of 2006 Electronic Government Activities Act of 2007 Personal Data Protection Act by 2010 32

III. Laws and regulations for data governance Philippines Digital Signature Act of 1997 Computer Crimes Act of 1997 Telemedicine Act of 1997 e-commerce Act of 2006 Electronic Government Activities Act of 2007 Personal Data Protection Act by 2010 33

III. Laws and regulations for data governance Thailand Electronic Act 2001 - the core of its cyber law The Computer Crime Act B.E.2550 (2007) In the process of establishing new legislation on digital economy three among eight items on cybersecurity: Computer-Related Crime Bill (amendment); Personal Data Protection Bill; Cyber security Bill 34

III. Laws and regulations for data governance 35

IV. Policy recommendations Government-wide data governance All stakeholders inclusive approach bringing in citizens* Government legislation should be with foresight adaptive, review and amend Develop a culture of data privacy awareness-raising Prudential in outsourcing in the cloud environment A holistic approach data security, maintaining data privacy and meeting compliance requirements International collaboration in cyberspace security 36

Questions? شكرا gracias 谢谢 thank you merci bienvenidos Publicadministration.un.org unpog.org Email: yaok@un.org

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback