As service provision increasingly adopts digital methods of engagement with it’s service users so it is that concerns for the management of personal and private data increase also.
And despite investment in technology and development of digital capability service user complaints and employee tips are the primary methods of identifying potentially damaging data protection incidents. Manual random privacy audits sometimes helps, but more often they are unreliable, incomplete and unsustainable.
Information assets -
A joined up view -
Delegating access -
Reactive, not proactive -
Any privacy / data protection approach need to facilitate verification / validation from a citizen / patient perspective i.e. enable the auditor to follow the citizen / user through the systems and consequently understand the interface points to which users of the systems have the ability to access personal and confidential information.
Having identified the staff that have access to the information the reason and rights by which this access is approved can be validated.
Subsequently a single enterprise-
Essential to deterring and eliminating insider privacy incidents is creating the right culture through technology, training and a holistic approach encompassing all digital information assets, delivery objectives should include:
Greatly simplified and more cost effective confidentiality and privacy auditing capability for all information assets.
Caldicott Guardian -
Senior Information Risk Owner -
Information Asset Owners -
Implemented correctly and with a pro-
Thus the right approach delivers broader strategic value that enhance the overall benefits secured and return on investment made.
© 2014 eCulture Solutions Ltd.