48
results found in
8 ms
Page 1
of 5
Protection of automatically processed personal data
Over the past few years, a number of legal, management, supervision, information, and methodological issues related to the protection of personal data have piled up. As they have not been fully ... resolved,the National Audit Office conducted an audit to assess the efficiency of the protection and supervision of automatically processed personal data and to check whether: - the regulation of personal data ... protection conforms to the data processing practices; - personal data is properly processed at public sector bodies; - the State Data Protection Inspectorate (SDPI) performs sufficient supervision ... ... Data protection needs a long term strategy ... Rapid development of information and communication technology continuously brings about issues of personal data protection. Due to lack of long-term vision in this area they are frequently ... not addressed by the existing legislation. Moreover, SAI of Lithuania revealed failures in organization and control of personal data protection by public sector.
Full description
Over the past few years, a number of legal, management, supervision, information, and methodological issues related to the protection of personal data have piled up. As they have not been fully ... resolved,the National Audit Office conducted an audit to assess the efficiency of the protection and supervision of automatically processed personal data and to check whether: - the regulation of personal data ... protection conforms to the data processing practices; - personal data is properly processed at public sector bodies; - the State Data Protection Inspectorate (SDPI) performs sufficient supervision ... ... Data protection needs a long term strategy ... Rapid development of information and communication technology continuously brings about issues of personal data protection. Due to lack of long-term vision in this area they are frequently ... not addressed by the existing legislation. Moreover, SAI of Lithuania revealed failures in organization and control of personal data protection by public sector.
Full description
National Audit Office of the Republic of Lithuania
, issued in 2013
Risk cases: 2
Effectiveness of internal controls in the protection of personal data in national databases
The NAO analysed seven national databases in order to find out how the legitimate use of personal data is ensured. In accordance with the Personal Data Protection Act, the agencies who run databases ... must ensure that personal data is protected from abuse. The information system of the database must function appropriately, incl. be reliable and safe. Log files must be retained of all instances ... of viewing, amending, deleting, transmitting of data, etc. These files must allow ex-post determination of who did what, why, when and using which data. In its audit the NAO focused on the functioning ... ... Basic controls analysis can fail in data protection ... Estonian SAI analyzed personal data safety. Main finding were: poor log analysis and unprotected data.
Full description
The NAO analysed seven national databases in order to find out how the legitimate use of personal data is ensured. In accordance with the Personal Data Protection Act, the agencies who run databases ... must ensure that personal data is protected from abuse. The information system of the database must function appropriately, incl. be reliable and safe. Log files must be retained of all instances ... of viewing, amending, deleting, transmitting of data, etc. These files must allow ex-post determination of who did what, why, when and using which data. In its audit the NAO focused on the functioning ... ... Basic controls analysis can fail in data protection ... Estonian SAI analyzed personal data safety. Main finding were: poor log analysis and unprotected data.
Full description
National Audit Office of Estonia
, issued in 2008
Risk cases: 2
Report on the government’s processing of confidential data on persons and companies
Rigsrevisionen has examined how eight government institutions process confidential data on persons and companies in 11 selected IT systems. The report is based on IT audits carried out in connection ... with the annual audit in the spring 2014. The purpose of the audit was to assess whether confidential data on persons and companies are adequately protected by the government institutions. ... ... Inadequate protection of confidential data ... , inadequate protection of confidential data may also erode the citizens’ and companies’ confidence in government data security. That may eventually become a barrier for the continued efforts to implement ... If a government institution does not protect confidential data to the extent necessary, the risk that third parties get unauthorized access to the data is very high. In opinion of the Danish SAI ... e-government and make government administration more efficient.
Full description
Rigsrevisionen has examined how eight government institutions process confidential data on persons and companies in 11 selected IT systems. The report is based on IT audits carried out in connection ... with the annual audit in the spring 2014. The purpose of the audit was to assess whether confidential data on persons and companies are adequately protected by the government institutions. ... ... Inadequate protection of confidential data ... , inadequate protection of confidential data may also erode the citizens’ and companies’ confidence in government data security. That may eventually become a barrier for the continued efforts to implement ... If a government institution does not protect confidential data to the extent necessary, the risk that third parties get unauthorized access to the data is very high. In opinion of the Danish SAI ... e-government and make government administration more efficient.
Full description
National Audit Office of Denmark
, issued in 2014
Risk cases: 2
Audit on the current management and supervision of information protection and cyber security in the financial sector
- Evaluation of management and supervision of information protection and cyber security in the financial sector - Evaluation of current state of security management system in the financial sector ... - Based on a sample of 10 public institutions and 9 financial institutions. ... Information Protection and cyber security in the financial sector ... SAI Korea reviewed 10 public and nine financial institutions. Their analysis shows how the lack of evaluation at management level can result in decrease of stakeholders' confidence or even ... in economic damage.
Full description
- Evaluation of management and supervision of information protection and cyber security in the financial sector - Evaluation of current state of security management system in the financial sector ... - Based on a sample of 10 public institutions and 9 financial institutions. ... Information Protection and cyber security in the financial sector ... SAI Korea reviewed 10 public and nine financial institutions. Their analysis shows how the lack of evaluation at management level can result in decrease of stakeholders' confidence or even ... in economic damage.
Full description
Board of Audit and Inspection of Korea
, issued in 2011
Risk cases: 2
Management and protection of assets in the field of the information-communication technologies at the ME SR
internal and security directives, unidentified critical and strategic Information Systems (IS), absolutely unsatisfying principles, procedures, conditions and policy relating to the data backuping (and ... control of backup's functionality), restoring and security, possibility of unauthorised persons to access the IS and data, which increases the risk of information leakage and security risk, and inadequate ... The Supreme Audit office of the Slovak Republic (SAO SR) has conducted the audit at the Ministry of Environment of the Slovak Republic (ME SR) for the audit period 2011 and 2012 to examine ... ... Started from contracting, ended in security ... The perceptive and filled with findings audit - conducted by the Slovak SAI - discovered the list of issues which started in careless contracting procedures, failure to update the development concept ... and ended in exposing the organization to high security risks.
Full description
internal and security directives, unidentified critical and strategic Information Systems (IS), absolutely unsatisfying principles, procedures, conditions and policy relating to the data backuping (and ... control of backup's functionality), restoring and security, possibility of unauthorised persons to access the IS and data, which increases the risk of information leakage and security risk, and inadequate ... The Supreme Audit office of the Slovak Republic (SAO SR) has conducted the audit at the Ministry of Environment of the Slovak Republic (ME SR) for the audit period 2011 and 2012 to examine ... ... Started from contracting, ended in security ... The perceptive and filled with findings audit - conducted by the Slovak SAI - discovered the list of issues which started in careless contracting procedures, failure to update the development concept ... and ended in exposing the organization to high security risks.
Full description
Supreme Audit Office of the Slovak Republic
, issued in 2012
Risk cases: 4
Management and protection of assets in the field of the information-communication technologies at the AO SR
with the state assets, the compliance with the generally binding legal regulations and the general statues in the field of the ISPA. There were 24 irregularities found, mainly in the field of the protection ... The Supreme Audit office of the Slovak Republic (SAO SR) has executed the audit at the Antimonopoly Office of the Slovak Republic (AO SR) for the audit period 2010 and 2011 to verify the operation ... and security of the information-communication technologies (ICT) and the information systems of the public administration (ISPA) as well as the state assets administration, the economy and disposal ... ... ... Failure to comply with the law leads to unnecessary jeopardizing of data security ... SR) exposed several deficiencies related to the information systems and the data security as a consequence of a lawbreaking. ... The audit in the field of the information systems of the public administration (ISPA) executed by the Supreme Audit Office of the Slovak Republic at the Antimonopoly Office of the Slovak Republic (AO
Full description
with the state assets, the compliance with the generally binding legal regulations and the general statues in the field of the ISPA. There were 24 irregularities found, mainly in the field of the protection ... The Supreme Audit office of the Slovak Republic (SAO SR) has executed the audit at the Antimonopoly Office of the Slovak Republic (AO SR) for the audit period 2010 and 2011 to verify the operation ... and security of the information-communication technologies (ICT) and the information systems of the public administration (ISPA) as well as the state assets administration, the economy and disposal ... ... ... Failure to comply with the law leads to unnecessary jeopardizing of data security ... SR) exposed several deficiencies related to the information systems and the data security as a consequence of a lawbreaking. ... The audit in the field of the information systems of the public administration (ISPA) executed by the Supreme Audit Office of the Slovak Republic at the Antimonopoly Office of the Slovak Republic (AO
Full description
Supreme Audit Office of the Slovak Republic
, issued in 2011
Risk cases: 4
Submission of data to national databases in municipalities, towns and cities
must be clearly financed from the state budget. It was also assessed whether the measures taken by database managers have been sufficient to guarantee that local authorities submit all required data ... and that these data are correct. ... The National Audit Office analysed the activities of the database managers following a ruling made by the Supreme Court in 2010, which stated that the public functions assigned to local authorities ... ... Funds as basic factor of data processing ... The NAO of Estonia audited the activities of state agencies in the management of the database selected for the audit, to which local authorities are obliged to submit data. It was found that in most ... cases the state does not compensate the costs of data submission for local governments.
Full description
must be clearly financed from the state budget. It was also assessed whether the measures taken by database managers have been sufficient to guarantee that local authorities submit all required data ... and that these data are correct. ... The National Audit Office analysed the activities of the database managers following a ruling made by the Supreme Court in 2010, which stated that the public functions assigned to local authorities ... ... Funds as basic factor of data processing ... The NAO of Estonia audited the activities of state agencies in the management of the database selected for the audit, to which local authorities are obliged to submit data. It was found that in most ... cases the state does not compensate the costs of data submission for local governments.
Full description
National Audit Office of Estonia
, issued in 2013
Risk cases: 1
Storage of Electronic Documents and Data at the National Archives of Latvia
Ever since electronic documents with legal force equivalent to that of paper documents have entered our daily lives and the majority of state administration processes have been transferred ... to electronic information systems, the role of the archives has become unclear — whether an inhabitant can rely on that the archives will be able to issue statements in the areas, which are currently processed ... in electronic form, many years later.<br/> The audit concerning the storage of electronic documents was carried out in order to assess the development of the area of electronic document circulation and storage ... ... Do Archives ensure the storage of e-documents? ... National archives fulfil an important function for storing the documentary heritage and became one of the most important sources of information. But after electronic documents have entered our daily ... lives and majority of state administration processes have been transferred to electronic information systems, the archives still have a lot of work to do for improving the storage of electronic documents ... . SAI Latvia analysed causes of over 12 years with no progress in this domain.
Full description
Ever since electronic documents with legal force equivalent to that of paper documents have entered our daily lives and the majority of state administration processes have been transferred ... to electronic information systems, the role of the archives has become unclear — whether an inhabitant can rely on that the archives will be able to issue statements in the areas, which are currently processed ... in electronic form, many years later.<br/> The audit concerning the storage of electronic documents was carried out in order to assess the development of the area of electronic document circulation and storage ... ... Do Archives ensure the storage of e-documents? ... National archives fulfil an important function for storing the documentary heritage and became one of the most important sources of information. But after electronic documents have entered our daily ... lives and majority of state administration processes have been transferred to electronic information systems, the archives still have a lot of work to do for improving the storage of electronic documents ... . SAI Latvia analysed causes of over 12 years with no progress in this domain.
Full description
State Audit Office of the Republic of Latvia
, issued in 2015
Risk cases: 3
State funds spent on development, operation and using of data centres services
The aim of the audit was to scrutinise the management of funds spent on building and operating the national data centre (hereinafter “STC1 data centre”), including the expenditure of selected ... organisational units of the state on buying hosting, server-housing and other related services. The audited period was between 2010 and 2014; where relevant, the preceding period was also scrutinised. Audited ... entities: Ministry of the Interior (“MoI”); Ministry of Finance (“MoF”); STÁTNÍ TISKÁRNA CENIN, state firm (state banknote printing firm, hereinafter “STC” or “the state firm”). The audit was conducted ... ... Risks steming from uncoordinated strategy ... SAI of Czech Republic analysed consequences of failures in strategic IT management at the state level. Lack of coordination and implementation rules reduced practical role of the ministry whose task ... was to guard high quality standards for all crucial IT systems in the state administration. Next consecquences were (among others) risk of uneconomical results of large IT investment and risk of inefficient ... supply of services, as well as opposite results of workforce reduction.
Full description
The aim of the audit was to scrutinise the management of funds spent on building and operating the national data centre (hereinafter “STC1 data centre”), including the expenditure of selected ... organisational units of the state on buying hosting, server-housing and other related services. The audited period was between 2010 and 2014; where relevant, the preceding period was also scrutinised. Audited ... entities: Ministry of the Interior (“MoI”); Ministry of Finance (“MoF”); STÁTNÍ TISKÁRNA CENIN, state firm (state banknote printing firm, hereinafter “STC” or “the state firm”). The audit was conducted ... ... Risks steming from uncoordinated strategy ... SAI of Czech Republic analysed consequences of failures in strategic IT management at the state level. Lack of coordination and implementation rules reduced practical role of the ministry whose task ... was to guard high quality standards for all crucial IT systems in the state administration. Next consecquences were (among others) risk of uneconomical results of large IT investment and risk of inefficient ... supply of services, as well as opposite results of workforce reduction.
Full description
Supreme Audit Office of Czech Republic
, issued in 2015
Risk cases: 7
Is the project 'E-health in Latvia' a step towards the right direction?
the objective? 2) Are the actual activities performed by the National Health Service justified for achievement of the set objectives? 3) Will necessary information security and personal data protection be ensured ... Objective of the audit was to verify efficiency and productivity of the actions by the institutions in charge for implementation of the e-health, as well as to audit economy and productivity of use ... of funds invested in the project for achievement of set objectives and gaining the planned benefits. Audit covered such main questions: 1) Will the e-health policy be able to solve problems and achieve ... E-health is a step forward in right direction, but not all objectives will be reached! ... a step towards the right direction then. However, as found the Latvian SAI, the e-health policy will not be implemented within the initially planned scope and deadline and within set data security levels ... Project “E-health in Latvia” supports healthy lifestyle, it will provide valuable and accessible information and will promote more efficient provision of services to patients. It is undoubtedly ... , thus the objective of this policy – to promote more effective provision of healthcare services will be attained only partially.
Full description
the objective? 2) Are the actual activities performed by the National Health Service justified for achievement of the set objectives? 3) Will necessary information security and personal data protection be ensured ... Objective of the audit was to verify efficiency and productivity of the actions by the institutions in charge for implementation of the e-health, as well as to audit economy and productivity of use ... of funds invested in the project for achievement of set objectives and gaining the planned benefits. Audit covered such main questions: 1) Will the e-health policy be able to solve problems and achieve ... E-health is a step forward in right direction, but not all objectives will be reached! ... a step towards the right direction then. However, as found the Latvian SAI, the e-health policy will not be implemented within the initially planned scope and deadline and within set data security levels ... Project “E-health in Latvia” supports healthy lifestyle, it will provide valuable and accessible information and will promote more efficient provision of services to patients. It is undoubtedly ... , thus the objective of this policy – to promote more effective provision of healthcare services will be attained only partially.
Full description
State Audit Office of the Republic of Latvia
, issued in 2015
Risk cases: 3