2010 Data Protection Workshops - Programme

Programme

An Introduction to Data Protection – (a ½ day course)


09:30    Introduction

09:40    Course Objectives

09:50    Data Protection Legal Overview:  the UK perspective

  • Data Protection Laws as they stand
  • What do we mean by Data?
  • Principles
  • Who or what do they apply to
  • Processing and acquisition
  • Maintenance and disposal of data
  • Subject Access Requests


10:25    Case Study

10:45    Coffee

11:00    Data Protection in business

  • Data Controller
  • Data Processor
  • Data Subject
  • Information Commissioner
  • The Financial Services Authority (FSA)
  • Enforcement Powers


11:20    Effective data security is important

  • The risks attaching to third parties, (including outsourcing)
  • Why third parties matter
  • Issues for you to consider
  • Employee Risk
  • Attitudes to data security and ID fraud
  • The five fallacies


12:00    Data Loss Incidents or what happens when it all goes wrong

  • The FSA perimeter and its Enforcement Powers
  • Recent cases or who has been fined or criticised and for what?
  • How did that happen?
  • Identifying, assessing and escalating a data compromise incident
  • Firm response?
  • Notifying the client of data loss
  • The risk of regulatory arbitrage
  • External liaison


12:30    Summary & Questions and Answers 



Intermediate Level Data Protection – (a ½ day course)

13:30    Introduction

13:40    Course Objectives

13:50    Data Protection Legal Overview:  the EU and Cross border perspective

  • Current EU Data Protection Directives
  • The Amended Directive on Electronic Communications (2002)
  • Issues surrounding international data transfers


14:10    FSA perspective on Data Protection and security

  • A recap of the Data Protection Laws as they stand
  • Processing, Acquisition and maintenance
  • Subject Access Requests


14:45    Case Study

15:00    Coffee

15:15    Data Loss Incidents or what happens when it all goes wrong

  • Recent cases or who has been fined or criticised and for what?
  • How did that happen?
  • Identifying, assessing and escalating a data compromise incident
  • Firm response?
  • Notifying the client of data loss
  • The risk of regulatory arbitrage
  • External liaison


15:45    How to avoid security breaches

  • Physical Security
  • Access permission & Controls
  • Maintenance
  • Disposal of Data


15:15    Training & awareness

  • Risk awareness
  • Effective Training
  • Staff recruitment & vetting


16:45    Summary & Questions and Answers

Attached documents