The handling of sensitive information remains one of the key concerns for organizations. Recent events regarding the disclosure of client-related data in the banking sector have again underlined the importance of this subject. Significant reputational risks and financial penalties are often the direct effects organizations face when confronted with data loss.
Modern technologies facilitate the storage, transmission and duplication of data. Due to the ever increasing volumes of information handled by organizations as well as its borderless flow through a greater number of channels, the challenge of safeguarding information has become increasingly complex. Furthermore, changing operating models of organizations (e.g. outsourcing of non-core activities) also require the transmission of information to external entities.
Regulatory requirements on the other hand demand an adequate level of protection with regards to sensitive data which is captured, processed, transmitted or archived. Information Security Officers aim to strike the right balance between several objectives: the provision of adequate security measures, while minimizing the interference with the organizations business processes and compliance with regulatory requirements. While a number of technical solutions are available which are supposed to mitigate the risk of data loss (e.g. content-aware DLP suites), their implementation is only one element in a holistic approach to be taken by organizations who seek to improve their ability to protect their sensitive data. In this respect, organizations face the following challenges and questions:
- What kind of data does the organization consider to be of sensitive nature and where does it reside?
- Which regulatory requirements does the organization need to comply with?
- Have all risks related to the handling of sensitive data been identified and accounted for?
- Which measures and controls could be implemented to further reduce these identified risks?
- How can the organization anticipate future changes regarding the regulatory requirements and business needs?
To assist you in these challenges, PwC's Academy is pleased to offer a dedicated training workshop which provides participants with an overview of different scenarios requiring the handling of sensitive data, applicable regulatory requirements as well as an approach to better manage the handling of sensitive data within your organization.
At the end of the training, participants will be able to:
- Reflect on their organization to identify processes involving the handling of sensitive data
- Explain the main types of risks related to the handling of sensitive data
- Describe the main regulatory requirements related to the handling of sensitive data
- Adopt a holistic approach to address risks related to the handling of sensitive data
Section 1: Introduction: Setting the scene
- Growing importance of data protection in light of recent events and regulatory and tax requirements
Section 2: Context: Why organizations need to handle sensitive data
- Scenarios and market issues which organizations are facing today
Section 3: Identification of risks related to the handling of sensitive data
- Operational, regulatory and reputational risks
- Establishing the link with the organization’s risk strategy
- Identifying and assessing internal controls to mitigate risks related to the handling of sensitive data
Section 4: Regulatory requirements: Responsibilities of organizations handling sensitive data
- Defining sensitive data
- Main principles (banking secrecy, data privacy law, CSSF circulars, MiFID)
- Processing of personal data (main principles, formalities and anticipated impact by the European Regulation)
Section 5: A practical approach to safeguarding sensitive data
- Identifying all relevant data
- Classifying data
- Introducing standards and procedures
- Available technical solutions – an overview
- Monitoring and continuous alignment
Section 6: Outlook - preparing for the future
- Trends in the market
- Potential future regulatory and tax changes
Financial Institutions, who would like to understand the regulations and risks related to handling sensitive data as well as practical measures to address these risks:
- IT managers
- HR managers
- Compliance officers
- (Operational) risk managers
- Internal auditors
- Security officers
- Department heads
This training is coordinated by Florian Bewig, Director in Risk Assurance Advisory Services, PwC Luxembourg. The different sessions will be presented by PwC IT audit and tax experts.
Florian is a Director in the Risk Assurance Advisory Services where he mainly focuses on Information Technology internal control and regulatory compliance engagements. lorian is a Director in the Risk Assurance Advisory Services where he mainly focuses on Information Technology internal control and regulatory compliance engagements.
Since he joined PricewaterhouseCoopers in 2001, Florian has specialised in the review of internal controls mainly in the context of statutory audit assignments and third party assurance engagements for financial institutions. Florian is also specialized in assessing the feasibility of IT-sourcing projects, both from a regulatory as well as operational point of view.
Florian is also providing technical trainings on an ongoing basis to both colleagues and clients, covering areas such as developing an IT audit approach, protection of sensitive data and regulatory requirements regarding IT outsourcing.
Number of participants
Limited to 20 participants, to ensure good interactivity