This is a practical training session for SIROs and those who support them – it’s about identifying and managing risks proactively rather than waiting for them to happen.
Information rights law and what can go wrong:
- Data Protection – what it asks you to do and why security, accuracy and access are the biggest risks
- Data Protection enforcement – recent cases and lessons you can learn from the Ministry of Defence and PSNI fines
- Freedom of Information – what problems it can pose
Information Risk Management overall
- Management Structure
- The SIRO and their role
- What the SIRO should do – risk assessment and risk management
The Information Asset Owner role:
- What is an information asset?
- Understanding the asset and the data the IAO is responsible for
- Data flow mapping
- Supporting a proactive approach to managing information, including investigating incidents and concerns
Information risk
- What is risk appetite – where are the areas where risks are more / less acceptable?
- What risks do you face?
- Disclosure
- Loss / theft of data
- Storage of data
- Disposal of Data
- Contractors and their relative lack of legal liability
- Carrying out an information risk assessment
- How do you deal with those risks?
- Removing, mitigating, and living with information risks
- Using Data Protection Impact Assessments and Data Protection by Design to prevent risks in the future
Dealing with incidents
- Identifying adverse data-related incidents
- Investigating and limiting the scope of an incident
- Reporting incidents to the Information Commissioner
- Informing individuals about incidents that affect them
- Learning the lessons