Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

You must be logged in to join this group.

Privacy/Data Protection

Welcome to the Privacy/Data Protection topic!

Collaborate, contribute, consume and create knowledge around topics such as privacy frameworks and governance (OECD), protection of data, data leaks and data communicated across borders

ISACA members can participate by clicking on the “Join this Community” button. You must be signed into the site. Set your alerts to be notified of new discussion activity within this community. Not an ISACA member? Join now!

 
This Topic Has:
1055 Members
1 Online
10636 Visits

Community Leader

Marc Vael

Marc Vael

Title: Director Internal Audit & Risk Management

Badge: Influential

ShanShan

ShanShan

Badge: Social

 

NEW! Activity Badges

Badges help others understand your level of community activity and your reputation as a contributor within the Knowledge Center. Learn More.

Discussions: 95 total

Must be a Topic member to contribute
View All »
Hello! I am part of a working group and we are creating a list of log (all kind of logs: audit log, access, network, etc.), the regulation with each log (is there any law regarding the log, retention period, etc.) and the impact on the privacy (what PII s...
Melanie168 | 7/1/2015 5:08:43 AM | COMMENTS(0)
Again the issue of mobile devices . . . The president and CEO of Eastern Health, David Diamond, said "It was a drive that was simply being used in human resources and wasn't meant to go external," and … "So inappropriately, as it turns out, the decision...
M.Lambert | 6/26/2015 12:47:08 PM | COMMENTS(1)
Google was downloading audio listeners onto computers without consent, say Chromium users. Read more: http://www.independent.co.uk/life-style/gadgets-and-tech/news/google-was-downloading-audio-listeners-onto-computers-without-consent-say-chromium-user...
M.Lambert | 6/22/2015 8:02:36 AM | COMMENTS(0)
Hope you don't mind me posting in this groupabout this year's ISACA Ireland conference, which is focusing on placingbusiness first. Wewould like this conference to be as successful as last year's, which was trulyinternational with 24 speakers from 12 coun...
Neil_Curran | 6/19/2015 9:59:07 AM | COMMENTS(2)
Here' another artcle on the actual cost. Is there some benchmarking available for comaring the actual expenditures organizations have incured ? read more and share your thoughts http://ww2.cfo.com/data-security/2015/03/calculating-colossal-cost-d...
M.Lambert | 6/16/2015 4:35:21 AM | COMMENTS(2)
Should the consumer in every person respond by making choices with this issue in mind? Once again, a major player is under investigation for the exposure of personal information on around 4 million U.S. federal government workers. Read more and shar...
M.Lambert | 6/8/2015 12:27:04 PM | COMMENTS(0)

Documents & Publications: 53 total

Must be a Topic member to contribute
View All »
Information Systems Assurance and Control Guideline for Verifing Compliance with Personal Data Protection Act [POLAND]
Posted by JoannaK 519 days ago
Books
Posted by ISACA 109 days ago
Books
Posted by ISACA 151 days ago
In Google Spain v AEPD and Mario Costeja Gonzalez (C-131/12), the Court of Justice for the European Union (CJEU) ruled that Google must delete "inadequate, irrelevant or no longer relevant" data from its results when an individual requests it. This has generated a lot of discussion as the "right to be forgotte"n is a new right that is introduced in the Draft Proposal for a General Data Protection Regulation of 2012,
Posted by yves_le_roux 255 days ago
In this publication the four European data protection authorities from Poland, the Czech Republic, Croatia and Bulgaria tried to compare the different practices implemented in their countries and find the general rules which might be common for all or most of the EU countries in the field of data protection from the point of view of a natural person searching for a job or being employed in one of the EU countries.
Posted by yves_le_roux 255 days ago

Events & Online Learning: 10 total

19 Aug 2013
ISACA International Event
San Francisco, CA, USA
6 Nov 2013
ISACA International Event
Las Vegas, NV, USA
North America ISRM features relevant security and risk management topics presented by leading industry experts and practitioners.

Journal Articles: 122 total

Volume 4, 2015
by Mohammed J. Khan, CISA, CRISC, CIPM
This article will align the UK Data Protection Act of 1998 and the American Institute of Certified Public Accountants Generally Accepted Privacy Principles in order to help global companies with a presence in both the US and the UK.
Volume 4, 2015
by Sivarama Subramanian, CISM, Varadarajan Vellore Gopal, CEH, and Marimuthu Muthusamy
The Internet of Things (IoT) is captivating organizations because of its potential to rapidly transform businesses and people’s lives.
Volume 3, 2015
by Brett van Niekerk, Ph.D., and Pierre Jacobs
According to a survey by Infonetics Research, companies operating their own data centers spent an average of US $17 million on security products in 2013.
Volume 2, 2015
by Marcelo Hector Gonzalez, CISA, CRISC, and Jana Djurica
There are a number of definitions of Internet of Things (IoT), with all of them having slightly different meanings.
Volume 1, 2015
by Tieu Luu
In November 2013, the US Office of Management and Budget (OMB) issued memorandum M-14-03 requiring all federal departments and agencies to establish an information security continuous monitoring (ISCM) program.
Volume 1, 2015
by Dimitri Vlachos
On the one hand, user-based attacks—whether from hackers using stolen credentials, careless third-party vendors, or negligent or even malicious insiders—represent the largest IT security threat to organizations.

Wikis: 2 total

Blog Posts: 21 total

During an audit you may find that shell scripts are used to connect to your Oracle database (these are often scheduled jobs).  In many instances this represents a security risk as the Oracle database password is hardcoded into the script.  This means th...
Posted By : Ian Cooke | 1 comments
Data Privacy in today's world has crossed over from a requirement dependent on one agency or organization to be the global phenomenon.  Today the data traverses across the countries as well as continents at the speed unimaginable in past. In a flash of se...
Posted By : Mayank | 0 comments
13 Nov 2014
Posted By : masarker | 4 comments
One of the many challenging risk management issues faced by organisations today is protecting the privacy of customers’ and employees’ personal information. When privacy is well managed, organisations earn the trust of their customers, employees, and othe...
Posted By : Patrick Soenen | 0 comments
13 Nov 2014
Now a days, you don’t need to be a IT guru or best software programmer to access /control other personal/organization data. If you follow below techniques, you can easily get confidential information.1. Masquerading2. Tailgeting (Piggy back)3. Dumpster di...
Posted By : Shaklain | 1 comments
On March 1st,  I was invited to speak at the CampIT conference on Enterprise Risk/Security Management at Rosemont Convention Center. Before me there were two speakers. The first presenter spent an hour presenting the story from the trenches of technolog...
Posted By : Umesh391 | 2 comments