digital first digital by default Digital engagement Big data protection Business & Technical Consulting Home

Privacy Audit

As service provision increasingly adopts digital methods of engagement with it’s service users so it is that concerns for the management of personal and private data increase also.

And despite investment in technology and development of digital capability service user complaints and employee tips are the primary methods of identifying potentially damaging data protection incidents. Manual random privacy audits sometimes helps, but more often they are unreliable, incomplete and unsustainable.

Data Protection and Privacy Auditing Challenges

Information assets - Manual assimilation of user access information from multiple information and operational assets is an extremely complex, time consuming and costly activity.

A joined up view - A high level of informatics and technical expertise is required to produce the joined up view of user interaction with data across all systems.

Delegating access - Providing appropriate access to the assimilated systems access information to ICT and information asset owners to enable them to identify issues and take corrective action is very difficult.

Reactive, not proactive - The cost and complexity of resolving the challenges above, result only in the ability to implement a re-active damage limitation approach rather than a pro-active risk management monitoring solution.

Key therefore requirements to be considered…..

Any privacy / data protection approach need to facilitate verification  / validation from a citizen / patient perspective i.e. enable the auditor to follow the citizen / user through the systems and consequently understand the interface points to which users of the systems have the ability to access personal and confidential information.

Having identified the staff that have access to the information the reason and rights by which this access is approved can be validated.

Subsequently a single enterprise-wide approach, and central solution for compliance automation, with support for filtering and alerting that streamlines forensic citizen / patient auditing and user access across all of an organisations digital information assets, is the only viable approach.

eCulture Solution

Essential to deterring and eliminating insider privacy incidents is creating the right culture through technology, training and a holistic approach encompassing all digital information assets, delivery objectives should include:

Greatly simplified and more cost effective confidentiality and privacy auditing capability for all information assets.

Caldicott Guardian - privacy control review and confidentiality audits.

Senior Information Risk Owner - risk assessments and forensic reports.

Information Asset Owners - data access rights management validation and review.

Implemented correctly and with a pro-active audit, issue and risk management capability, the right solution will also provide valuable business intelligence on staff use of digital information assets, helping to identify gaps in utilisation that have the ability to undermine measures in business delivery performance and service quality.

Thus the right approach delivers broader strategic value that enhance the overall benefits secured and return on investment made.

We believe that from ethics, enlightened self-interest, and the commonwealth, our governance will emerge

John Perry Barlow

Services Portfolio

© 2014 eCulture Solutions Ltd.

follow eCS

Blogger Logo LinkedIn Logo Twitter Logo Facebook Logo Google Plus Logo