Organizations today are concerned about data security for two main reasons: First, they need to minimize the risk of experiencing a data breach, and second, they need to comply with the requirements of national/state laws, industry regulations, and best practise benchmarks.
Privacy laws regulate the collection, storage, sharing, control, and use of personal information about individuals, also called personal data or Personally Identifiable Information (PII).
Organizations must consider a host of laws that may apply to their activities such as Data Protection Act, EU GDPR, Payment Card Industry Data Security Standard (PCI-DSS), services contracts stipulating compliance to various standard and benchmarks; ISO 27001, Defence Information Security Agency (DISA) Secure Technical Implementation Guide (STIG) standards.
Globally, more than 130 different governments have enacted privacy legislation and many more have pending bills or initiatives.
The Kenya Data protection Act 2019 governs the use, collection, processing, and archiving of personal data, establishes the Office of the Data Protection Commissioner, makes provision for the regulation of the processing of personal data, stipulates the data producers’ rights, and specifies the obligations of the data controllers and processors.
The Act expects that certain technical safeguards are applied to personal data. In this webcast, we;
- Review overall organizational, administrative and technical safeguards the Act envisages
- Consider some important technology controls that supports compliance to the Act
- Participate in a hands on lab / demo featuring various use cases that support DPA compliance;
- Data classification based on sensitivity
- Granular Access control to sensitive data
- Consent Management using Oracle label security