Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

You must be logged in to join this group.

Privacy/Data Protection

Welcome to the Privacy/Data Protection topic!

Collaborate, contribute, consume and create knowledge around topics such as privacy frameworks and governance (OECD), protection of data, data leaks and data communicated across borders

ISACA members can participate by clicking on the “Join this Community” button. You must be signed into the site. Set your alerts to be notified of new discussion activity within this community. Not an ISACA member? Join now!

This Topic Has:
948 Members
1 Online
9896 Visits

Community Leader

Marc Vael

Marc Vael

Badge: Influential


NEW! Activity Badges

Badges help others understand your level of community activity and your reputation as a contributor within the Knowledge Center. Learn More.

Discussions: 65 total

Must be a Topic member to contribute
View All »
Dear colleagues, According to The Guardian [1] "The White House has ordered that US data privacy protections will soon be extended to non-Americans [...] Officials will seek to make sure US government departments and companies treat data on foreigners wi...
Fidel Santiago | 11/24/2014 3:13:22 PM | COMMENTS(8)
Can anyone provide a standard or regulation that would require, allow, or deny access from another country, i.e., North Korea and/or China besides an internal policy?
MsFord | 11/12/2014 2:39:18 PM | COMMENTS(0)
If an unauthorised person gets access to Bank details such as Payee name, Payee Address and IBAN number, What is the potential risk? It will be great to get views on this front. Thanks
Ammara Waseem | 11/11/2014 9:28:47 AM | COMMENTS(0)
Hi,I'm very new to Cobit, and I'd like to know if any of you  could share with me ideas about defining a data anonymization program or initiative using the Cobit 5 framework ? 
mb | 11/3/2014 10:33:35 AM | COMMENTS(4)
In 2013, HHS clarified that an entity that maintains electronic protected health information (ePHI) on behalf of a covered entity is a business associate. The HIPAA rules, however, were not designed with cloud computing in mind. A multitude of questions r...
yves_le_roux | 11/3/2014 9:18:49 AM | COMMENTS(1)
At the CSA Congress last September, the authors presented the latest regulatory enforcement trends on privacy and data security in the U.S., Canada and EU. You will find that presentation at
yves_le_roux | 10/27/2014 5:20:56 AM | COMMENTS(0)

Documents & Publications: 53 total

Must be a Topic member to contribute
View All »
Information Systems Assurance and Control Guideline for Verifing Compliance with Personal Data Protection Act [POLAND]
Posted by JoannaK 327 days ago
Posted by ISACA 16 days ago
In Google Spain v AEPD and Mario Costeja Gonzalez (C-131/12), the Court of Justice for the European Union (CJEU) ruled that Google must delete "inadequate, irrelevant or no longer relevant" data from its results when an individual requests it. This has generated a lot of discussion as the "right to be forgotte"n is a new right that is introduced in the Draft Proposal for a General Data Protection Regulation of 2012,
Posted by yves_le_roux 63 days ago
In this publication the four European data protection authorities from Poland, the Czech Republic, Croatia and Bulgaria tried to compare the different practices implemented in their countries and find the general rules which might be common for all or most of the EU countries in the field of data protection from the point of view of a natural person searching for a job or being employed in one of the EU countries.
Posted by yves_le_roux 63 days ago
The Nymity Privacy Management Accountability Framework (“Framework”) is a comprehensive listing of over 150 privacy management activities identified through Nymity’s global data privacy accountability research. The privacy management activities are structured in 13 privacy management processes, and are jurisdiction and industry neutral.
Posted by yves_le_roux 63 days ago

Events & Online Learning: 8 total

19 Aug 2013
ISACA International Event
San Francisco, CA, USA
6 Nov 2013
ISACA International Event
Las Vegas, NV, USA
North America ISRM features relevant security and risk management topics presented by leading industry experts and practitioners.
29 Sep 2014
ISACA International Event
Barcelona, Spain
Stay on top of the trends and opportunities of the dynamic technology industry at EuroCACS/ISRM 2014—the leading European conference for IT audit, assurance, security and risk professionals.

Journal Articles: 115 total

Volume 6, 2014
by Ulf T. Mattsson
Data analysts require access to the data to efficiently perform meaningful analysis and gain a return on investment (ROI), and traditional data security has served to limit that access.
Volume 6, 2014
by Muhammad Mushfiqur Rahman, CISA, CCNA, CEH, ITIL V3, MCITP, MCP, MCSE, MCTS, OCP, SCSA
Database auditing is the activity of monitoring and recording configured database actions from database users and nondatabase users, to ensure the security of the databases.
Volume 6, 2014
by Ed Gelbstein, Ph.D., and Viktor Polic, CISA, CRISC, CISSP
Understanding who owns data is not as simple as it appears at first. It is easy to say that all data belong to the organization.
Volume 6, 2014
by Richard A. Spinello | Reviewed by Maria Patricia Prandini, CISA, CRISC
Every IT professional should be aware of the challenges posed by cyberethics, and this book represents an opportunity to do so.
Volume 6, 2014
by Flint Brenton
While there is no one-size-fits-all solution to securing every network, the following seven mistakes of current SIEM systems must be solved to effectively secure data in the modern enterprise.
Volume 5, 2014
by Ashwin Chaudhary, CISA, CISM, CGEIT, CRISC, CISSP, CPA, PMP
Mobile computing and the bring your own device (BYOD) trend are revolutionizing end-user computing in many organizations.

Wikis: 2 total

Blog Posts: 20 total

13 Nov 2014
Posted By : masarker | 4 comments
One of the many challenging risk management issues faced by organisations today is protecting the privacy of customers’ and employees’ personal information. When privacy is well managed, organisations earn the trust of their customers, employees, and othe...
Posted By : Patrick Soenen | 0 comments
13 Nov 2014
Now a days, you don’t need to be a IT guru or best software programmer to access /control other personal/organization data. If you follow below techniques, you can easily get confidential information.1. Masquerading2. Tailgeting (Piggy back)3. Dumpster di...
Posted By : Shaklain | 1 comments
On March 1st,  I was invited to speak at the CampIT conference on Enterprise Risk/Security Management at Rosemont Convention Center. Before me there were two speakers. The first presenter spent an hour presenting the story from the trenches of technolog...
Posted By : Umesh391 | 2 comments
26 Jun 2013
Aspectos de seguridad de informacion en BIG DATA
Posted By : Roque | 0 comments
During an audit you may find that shell scripts are used to connect to your Oracle database (these are often scheduled jobs).  In many instances this represents a security risk as the Oracle database password is hardcoded into the script.  This means th...
Posted By : Ian Cooke | 0 comments