Deloitte Enterprise Risk: Issue 6
Personal data protection - Complying with laws and taking appropriate measures to manage personal data
* Should you be interested in purchasing this book, please download the subscription form attached.
Published: May 2013
This issue focuses on information security issues, discussing the data leakage protection challenges we are facing and how we can protect personal privacy in a technological age. We also invite an external expert to introduce the opportunities, risks and innovation of the leasing industry. In addition, our experts introduce the development trends and outlook of the insurance industries, as well as the importance of data analysis to commercial banks.
- How to meet the more and more rigorous standards of information protection regulations and supervision via a Data Loss Protection system (DLP)
In recent years, organizations have constantly been facing the crisis of confidential information disclosure and personal data misuse. Therefore,how to protect confidential information and personal privacy has become a focus of concern for organizations. This article introduces the regulatory standards related to personal data (privacy) protection in Hong Kong and the Chinese Mainland, challenges organizations are facing, and how companies can realize data protection by using DLP.
- Legislation of personal data protection and standards of supervision
As we step into the information age, legislation on personal data protection is now being gradually strengthened. In 2013, Personal Data Protection Guidelines on Information Security Technology & Commercial Service Information System (Guideline), as the first national standards on personal data protection in China, was officially issued and carried out on 1 Feb 2013. This article gives a general introduction of the guideline, and points out that we should deal with major risks of personal data protection by enhancing national legislation, improving people's self-protection awareness and regulating information usage in companies.
- Experience sharing on establishing a mechanism for personal data protection
This article shares Deloitte's experience in establishing a mechanism for protecing personal data based on the Data Protection Act in Taiwan and related personal data protection standards, which were concluded into "five aspects and seven steps".
- Discussion on trends in personal data protection
Recently, Chinese organizations have experienced frequent incidents of personal data disclosure. Considering the five stages of information life cycle, this article explains the trends in personal data protection, based on the Guiding Principles on Privacy Protection and Personal Data Transnational Circulation issued by the Organization for Economic Cooperation and Development.
- Suggestions on personal data protection for companies
This article gives suggestions on personal data protection from the organization, procedure and information technology levels, in relation to the Data Protection Act officially coming into force on 1 October 2012 in Taiwan.
- Present situation and regulatory challenges on privacy protection
A look at the industries requiring special attention on personal privacy and handling of sensitive information, as well as the regulatory challenges facing them.
- An effective tool for data privacy management: Identity and access management
Identity and access management mechanism works as an important measure for managing data privacy. This article introduces the present status, overall competency framework and success factors for identity and access management.
- Experience sharing on investigation of personal data leakage
The author shares his own professional experience of the possible situations one may face in the beginning, middle and final stages of such investigation, based on the Data Protection Act in Taiwan.
- Measure for sensitive information protection
It discusses the significance of sensitive information protection, and the main functions and limits of data leakage defense tools. It also provides an introduction of Deloitte's general methods and ideas for sensitive information protection, followed by an exploration of the value a sensitive information protection system brings to companies.
- Risk management of IT security for banks
Chinese regulators are strengthening their risk management on information technology security in the banking industry. This article analyses the status quo of IT risk management in Chinese banks, and presents construction ideas and implementation approaches.
- Opportunities, risks and innovation in a macro-economy for the leasing industry
We invited Mr. Yu Kaiqi, Legislation Advisor of Financial Leasing Act from NPC, as well as the former president of Shanghai Leasing Industry Association, to introduce to us the opportunities and risks that the Chinese finance leasing industry is facing under the economic transition, and explains how this industry can actively conquer those risks. The article also highlights some hot issues remaining to be solved in the finance leasing industry.
Multivariate perspective from Deloitte experts
- Top 10 trends and outlook in China's insurance industry 2013 (I)
Deloitte's experts in the insurance sector analyze the top 10 trends and outlook for the industry in 2013. This issue highlights four of them.
- How to establish data analysis competency in commercial banks
Data is the strategic asset for banks. Experts from Deloitte demonstrate the meaning of data analysis for commercial banks, and show how to establish data analysis competency by providing relevant case studies.
- "Low-carbon" audit: Discussion on the integration of internal control self-assessment and economic responsibility audit
As part of internal control monitoring elements, internal control self-assessment and economic responsibility audit have much in common in technical methods. This article studies how we can integrate the two work methods in audit standards, scope and procedures in order to avoid repetitive work, improve work efficiency and realize "low-carbon" audit.
Internal control practices
Topics covered are as follows:
- Short stories on risk management in the insurance industry (5) – Who approved that deal?
- Internal control practices (9) – Treasury management