GB2555488A - A computer implemented method of establishing a managed data transfer link - Google Patents

A computer implemented method of establishing a managed data transfer link Download PDF

Info

Publication number
GB2555488A
GB2555488A GB1618434.3A GB201618434A GB2555488A GB 2555488 A GB2555488 A GB 2555488A GB 201618434 A GB201618434 A GB 201618434A GB 2555488 A GB2555488 A GB 2555488A
Authority
GB
United Kingdom
Prior art keywords
data transfer
dpia
managed data
managed
transfer link
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB1618434.3A
Other versions
GB201618434D0 (en
Inventor
Cussen Danielle
O'Keeffe Shane
Tracey Michael
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Iconx Solutions Ltd
Original Assignee
Iconx Solutions Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Iconx Solutions Ltd filed Critical Iconx Solutions Ltd
Priority to GB1618434.3A priority Critical patent/GB2555488A/en
Publication of GB201618434D0 publication Critical patent/GB201618434D0/en
Publication of GB2555488A publication Critical patent/GB2555488A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/60Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
    • H04L67/62Establishing a time schedule for servicing the requests

Abstract

A method to establish a managed data transfer link between a first host and a second host via a data transfer hub 5. The method comprises the steps of specifying a source location and a destination location from hosts 3a-3g, the data to be transferred between them, and a data transfer schedule. The method further comprises the step of completing a data protection impact assessment (DPIA) relating to the data to be transferred in order to enable establishment of the data transfer link. The DPIA may stipulate the following: content of personally identifiable information, degree of sensitivity of the data, nature of data and the number of people affected by the data. An activity log that relates to the creation, modification and authorisation of the link and the DPIA may be stored. The method may be used for a managed file transfer (MFT).

Description

(54) Title of the Invention: A computer implemented method of establishing a managed data transfer link Abstract Title: Managed data transfer link with data protection impact assessment (57) A method to establish a managed data transfer link between a first host and a second host via a data transfer hub 5. The method comprises the steps of specifying a source location and a destination location from hosts 3a-3g, the data to be transferred between them, and a data transfer schedule. The method further comprises the step of completing a data protection impact assessment (DPIA) relating to the data to be transferred in order to enable establishment of the data transfer link. The DPIA may stipulate the following: content of personally identifiable information, degree of sensitivity of the data, nature of data and the number of people affected by the data. An activity log that relates to the creation, modification and authorisation of the link and the DPIA may be stored. The method may be used for a managed file transfer (MFT).
3(di
Figure GB2555488A_D0001
1/3
Figure GB2555488A_D0002
2/3
Figure GB2555488A_D0003
Figure GB2555488A_D0004
Figure GB2555488A_D0005
Fig,
3/3
New Approved Active Deleted
New X Y X x --
Approved X X Y X -.
Active X X X Y -.
Deleted Y X X X -.
‘41 •42 •44
Fig^
IT User IT Manager DPO CIO CEO
IT User X Y X X X -.
IT Manager Y X Y X X -.
DPO Y Y X Y X -.
CIO X X Y X Y
CEO X X X Y X -
Fig^5
Application No. GB1618434.3
RTM
Date :22 March 2017
Intellectual
Property
Office
The following terms are registered trade marks and should be read as such wherever they occur in this document:
Linux (Page 2)
Unix (Page 2)
Intellectual Property Office is an operating name of the Patent Office www.gov.uk/ipo
- 1 “A computer implemented method of establishing a managed data transfer link”
Introduction
This invention relates to a computer implemented method of establishing a managed data transfer link and a managed data transfer system.
It is common for organisations, particularly large organisations, to move data from one location to another location for storage, processing and/or analysis of the data. For example, it is not uncommon for one company department to send data to another company department or for one company to send data to another company. The company departments may be situated in the same or in different locations. Indeed, the company departments or the companies, in the case of a company to company transfer, may be located in the same or in different jurisdictions.
Take for example a large telecommunications company. The telecommunications company captures a large amount of call data relating to customer’s calls at a switch. This call data must be transferred from the switch to the billing department in order to allow the billing department determine what calls were made by which customer so that the customers can be correctly billed for their calls. Similarly, once the call data has been parsed and the call data apportioned to the individual customer accounts for billing purposes in the billing department, one or more customer account records may need to be transferred onwards from the billing department to another printing department within the company or to a separate third party company for printing and postage of those bills. It may be desirable to send some of the call data from the switch to the marketing department to allow the marketing department analyse the data and target their marketing efforts more accurately and it may be desirable to send some of the call data to the engineering department for analysis to facilitate better management of the available network resources. Finally, it may be necessary to transfer some of the call data from the switch to a third party clearing house to reconcile accounts with other telecommunications operators. The telecommunications company may operate hundreds or thousands of switches in one or more jurisdictions and data from multiple jurisdictions may be collated in one central location for company-wide analysis.
-2The transfer of data represents a material and significant risk for any organisation. Whenever moving data, even in an intracompany transfer, there is a risk that the data may be sent to the wrong destination or that the data may be intercepted en route and copied, redirected or modified. Alternatively, or in addition to this, whenever moving data, there is a risk that data that is not relevant or appropriate for the target location is transferred along with other appropriate data. For example, it would not be appropriate to transfer a customer’s billing information along with their call information to the engineering department.
It is clear that there are substantial risks when moving customer’s credit card details and/or personally identifiable information (PH) from one location to another. Organisations have a duty of care to their customers to ensure that their data is not inadvertently released and there are heavy penalties and serious consequences for breaches of this duty of care. For example, the EU General Data Protection Regulation, due to come into force in May 2018, has proposed fines of up to €20,000,000 or 4% of global company turnover, whichever is the larger, for wilful negligence in the case of inadvertent release of customer data. Furthermore, many companies have found how detrimental a serious breach of customer data can be for their business, both reputationally and financially, in many cases resulting in the closure of the business.
The data that is transferred from one location to another may be in the form of files or database content. The data may be in plain text, binary code, ASCII or other format. The locations, hereinafter referred to as host connectors, may be, for example, servers such as but not limited to HTTP, HTTPs, FTP, FTPS, sFTP, Windows ®, Linux or Unix servers or databases such as, but not limited to, Oracle ® Database, Microsoft ® SQL, IBM® DB2, SAP® ASE.
Heretofore, data could be transferred by individual IT personnel in the different companies and different departments writing scripts to transfer batches of data from one location to another. This was highly undesirable as it was haphazard, had little or no oversight or control, was highly vulnerable to an error or a malicious attack by an employee, and there was little or no accountability or traceability of errors. Managed File Transfer (MFT) products were developed, in part, in an effort to address the chaotic nature of scripts as a means of transferring files from one location to another. The MFT
- 3products provide a more structured environment for the transfer of files and provide greater security, accountability and are arguably less susceptible to operator error. There are however problems with the known MFTs in that there is still little oversight or control, and they are still prone to operator error and malicious attacks by a disgruntled employee. Given the seriousness of the consequences of a data breach, these risks are not acceptable.
It is an object of the present invention to provide a computer implemented method of establishing a managed data transfer link and a managed data transfer system that overcomes at least some of the shortcomings with the existing systems and methods. It is a further object of the present invention to provide a method and system that is more secure, less prone to a malicious attack or operator error and that provides greater visibility and oversight to management. Finally, it is an object of the present invention to provide a useful choice to the consumer.
Statements of Invention
According to the invention there is provided a computer implemented method of establishing a managed data transfer link between a first host connector and a second host connector, the method comprising the steps of:
specifying a source location in the first host connector;
specifying a destination location in the second host connector;
specifying the data to be transferred between the source location in the first host connector and the destination location in the second host connector;
specifying the data transfer schedule for the managed data transfer link;
characterised in that, the method further comprises the step of completing a data protection impact assessment (DPIA) relating to the data to be transferred in order to enable establishment of the managed data transfer link.
-4By having such a method, an integral part of the process of establishing a managed data transfer link between two host connectors will entail the completion of a data protection impact assessment (DPIA). Without the completion of the DPIA, it is not possible to establish the managed data transfer link and no data will be transferred. The completion of the DPIA will bring in an important additional layer of security to the method by ensuring that the operator transferring the data is less likely to have an error. This is due to the fact that a further check of the destination and the nature of data being transferred will be introduced into the method. This results in a more secure system. This is also advantageous from the point of view that the management will be able to demonstrate that they did not abrogate their duty of care to their customers as it will be possible to show that due consideration was given to the consequences of the transfer of that data to the given destination. Accordingly, there is provided a method with greater accountability, more security and less susceptibility to operator error.
In one embodiment of the invention there is provided a computer implemented method in which the method comprises the further step of, prior to establishment of the managed data transfer link, passing the completed DPIA to a supervisor for authorization in order to enable establishment of the managed data transfer link. This is seen as a particularly preferred aspect of the present invention. By passing the completed DPIA to a supervisor for authorization, the managed data transfer link will go through a second level of scrutiny prior to the establishment of the link. This provides a more secure system and method. As well as mitigating against operator errors, such a method will help to obviate the occurrence of malicious attack by a lone disgruntled employee.
In one embodiment of the invention there is provided a computer implemented method in which the completed DPIA is processed strictly in accordance with an authorization workflow in order to enable establishment of the managed data transfer link. Again, this is seen as a preferred embodiment of the present invention. By processing the DPIA in accordance with an authorization workflow, the DPIA may go through a number of authorization steps before the managed data transfer link goes live. This will ensure that greater scrutiny is given to the DPIA and that it has been correctly and thoroughly considered.
- 5In one embodiment of the invention there is provided a computer implemented method in which the managed data transfer link is processed strictly in accordance with an authorization workflow in order to enable establishment of the managed data transfer link. Again, this is another preferred embodiment of the present invention. By processing the managed data transfer link in accordance with an authorization workflow, the managed data transfer link will undergo several stages of scrutiny to ensure that it is correct, thereby reducing the possibility of data being sent to an incorrect location or inappropriate data being sent to a location. Furthermore, it will not be possible for the managed data transfer link to be modified without undergoing scrutiny in accordance with the specification of the authorization workflow.
In one embodiment of the invention there is provided a computer implemented method in which the method comprises the step of storing a record of the managed data transfer link and the DPIA in a secure memory. By having a record of the managed data transfer link and the DPIA in secure memory, it will be possible to trace the origins of the managed data transfer link and the DPIA and provide greater accountability. Furthermore, modification or falsification of the records will be prevented.
In one embodiment of the invention there is provided a computer implemented method in which the method comprises the step of storing in the record of the managed data transfer link and the DPIA in memory an activity log relating to the creation, modification and authorization of the managed data transfer link and the DPIA. This is seen as useful as an activity log showing all modifications, approvals, rejections and the like of a managed data transfer link and/or a DPIA will be stored in memory so it will be possible to trace the history of the managed data transfer link and the DPIA.
In one embodiment of the invention there is provided a computer implemented method in which the DPIA stipulates whether the data to be transferred contains personally identifiable information (PH). By stipulating whether or not the data contains PH, it will be possible to put in place appropriate measures in the event of an inadvertent loss of data.
In one embodiment of the invention there is provided a computer implemented method in which the DPIA stipulates the nature of the data to be transferred.
-6In one embodiment of the invention there is provided a computer implemented method in which the DPIA stipulates degree of sensitivity of the data to be transferred.
In one embodiment of the invention there is provided a computer implemented method in which the DPIA stipulates the number of people affected by the data to be transferred. By stipulating the nature of the data, whether or not the data is sensitive (i.e. medical records or food shopping preferences), or whether the number of people affected by a breach is likely to be small or large, it will be possible to put in place appropriate measures in the event of an inadvertent loss of data. For example, depending on the nature of the data, the sensitivity of the data and the number of people affected, it may be necessary to put out a notice in one or more periodicals or it may be necessary to engage the services of medical professionals if the release of the data could potentially cause harm to the affected party or if it might cause the injured party to self-harm.
In one embodiment of the invention there is provided a computer implemented method in which the method comprises the initial step of creating a DPIA for the data to be transferred prior to completing the DPIA. In this way, a DPIA can be configured to suit the needs of the data being transferred and also to suit the needs of the particular organisation.
In one embodiment of the invention there is provided a computer implemented method in which there is provided a DPIA template for creation of the DPIA.
In one embodiment of the invention there is provided a computer implemented method in which the DPIA template for creation of the DPIA comprises a plurality of question fields and a corresponding response field for each question field, and in which the question fields are editable. In this way, the method will allow for a number of questions to be inserted at the choosing and wording of the organisation management.
In one embodiment of the invention there is provided a managed data transfer system comprising:
a plurality of host connectors;
- 7a managed data transfer hub through which data being transferred from one of the plurality of host connectors to another of the plurality of host connectors is controlled;
the managed data transfer hub having a managed data transfer link establishment module loaded thereon to enable a user create a managed data transfer link and to specify for a managed data transfer link: a source location in one of the host connectors, a destination location in the other of the host connectors, the data to be transferred between the source location and the destination location, and the data transfer schedule for the managed data transfer link;
characterised in that, the managed data transfer link establishment module further comprises a data protection impact assessment (DPIA) module integral therewith operable to generate a DPIA for the managed data transfer link upon creation of the managed data transfer link so that each managed data transfer link will have a data protection impact assessment associated therewith.
By having such a system, a more secure environment for the transfer of data from one location to another location is provided. For each managed data transfer link that is created, a DPIA is created for that link. This will provide a system that is less prone to operator error, is more secure than existing approaches and provides good visibility to the management where their data is going.
In one embodiment of the invention there is provided a managed data transfer system in which the managed data transfer system is a managed file transfer system. This is seen as a particularly preferred and effective embodiment of the present invention.
In one embodiment of the invention there is provided a managed data transfer system in which there is provided a secure memory and in which the managed data transfer link and the DPIA associated therewith is stored in secure memory. In this way, the system will have a record of all the DPIAs and their associated managed data transfer links so that it will be simple to track the history of the managed data transfer link and the DPIA, thereby giving greater accountability.
- 8In one embodiment of the invention there is provided a managed data transfer system in which there is provided an activity log relating to the creation, modification and authorization of the managed data transfer link and the DPIA stored in secure memory.
In one embodiment of the invention there is provided a managed data transfer in which there is provided an authorization workflow module for processing the completed DPIA in order to enable establishment of the managed data transfer link. The authorization workflow module for processing the completed DPIA will provide greater security to the system as the DPIA will undergo multiple layers of scrutiny and cannot be fraudulently altered.
In one embodiment of the invention there is provided a managed data transfer system in which there is provided an authorization workflow module for processing the managed data transfer link in order to enable establishment of the managed data transfer link. Similarly, the authorization workflow module for processing the managed data transfer link will provide greater security to the system as the managed data transfer link will undergo multiple layers of scrutiny and cannot be fraudulently altered.
In one embodiment of the invention there is provided a managed data transfer in which the DPIA stipulates whether the data to be transferred contains personally identifiable information (PH).
In one embodiment of the invention there is provided a managed data transfer system in which the DPIA stipulates the nature of the data to be transferred.
In one embodiment of the invention there is provided a managed data transfer system in which the DPIA stipulates degree of sensitivity of the data to be transferred.
In one embodiment of the invention there is provided a managed data transfer system in which the DPIA stipulates the number of people affected by the data to be transferred. By stipulating whether or not the data is PI I, the nature of the data, whether or not the data is sensitive (i.e. medical records or food shopping preferences), or whether the
- 9number of people affected by a breach is likely to be small or large, it will be possible to put in place appropriate measures in the event of an inadvertent loss of data.
In one embodiment of the invention there is provided a managed data transfer system in which there is provided a DPIA template for creation of the DPIA.
Detailed Description of the Invention
The invention will now be more clearly understood from the following description of some embodiments thereof given by way of example only with reference to the accompanying drawings, in which:Figure 1 is a diagrammatic representation of a system for the transfer of data in which the method and system according to the invention may operate;
Figure 2 is a flow diagram of the method according to the invention;
Figure 3 is a block diagram of a managed data transfer hub according to the invention;
Figure 4 is a diagrammatic representation of a DPIA workflow; and
Figure 5 is a diagrammatic representation of a managed data transfer link workflow.
Referring to Figure 1, there is shown a diagrammatic representation of a system for the transfer of data in which the method and system according to the invention may operate, indicated generally by the reference numeral 1. The system for the transfer of data comprises a plurality of host connectors 3(a)-3(g) and a managed data transfer hub 5 through which data being transferred from one of the host connectors to another host connector is controlled. There is further shown a pair of laptops 7, 9 and a pair of PCs 11, 13. Finally, there are provided a plurality of managed data transfer links 15(a)-15(g) for transfer of data from one of the host connectors 3(a)-3(g) to another of the host connectors.
- 10In the embodiment shown, the managed data transfer links 15(a)-15(g) are illustrated between their respective host connectors 3(a)-3(g) and the managed data transfer hub. The managed data transfer links 15(a)-15(g) may permit flow of information in one or both directions (i.e. to and/or from the host connectors) as indicated by headed arrow. For example, managed data transfer link 15(d) permits transfer of data in both directions to and from host connector 3(d). Managed data transfer link 15(g) on the other hand only permits one way flow of data, from the managed data transfer hub 5 to the host connector 3(g).
The laptops 7, 9 and the PCs 11, 13 are operated by staff in an organisation that are involved in the process of the establishment of the managed data transfer links. For example, PCs 11, 13 may be operated by IT personnel in the organisation. Laptop 7 may be operated by an IT manager in the organisation and laptop 9 may be operated by a Data Protection Officer (DPO) in the organisation. Each of these will have access to the managed data transfer hub 5 as will be explained in greater detail below. In the embodiment shown, the host connectors 3(a)-3(g) are locations where data is stored. By way of example, the host connectors 3(a)-3(g) may be servers, databases or a combination of servers and databases (i.e. some are servers, some are databases).
For example, referring to the example of a telecommunications company discussed briefly in the introduction, one of the host connectors may comprise a switch and another host connector may comprise a billing department. Due to the very large volumes of data being handled, often in the terabytes range, it is common to transfer data in batches from a switch to the billing department every 15 minutes. This data is then used to update users’ accounts. The data may be transferred from the switch (i.e. a first host connector) to a billing department (i.e. a second host connector) in accordance with a transfer schedule set out in the managed data transfer link once the link is established. Furthermore, the data that is extracted from the raw data at the switch may include an I MSI or other unique identifier of the telephone that may be used to match the call record to the customer. The data may also include the call duration, the network that carried the call, whether the call was a local, national or international call, whether the call was to a mobile or landline number, whether the call was to someone on the same network, the number that the call was made to, and the time of the call. This data may be the bare
- 11 minimum necessary for comprehensive billing purposes. As all of the data is required by the billing department, the managed data transfer link would have been established and a DPIA would have been created in order to allow the link to be established.
Referring now to Figure 2, there is shown a flow diagram of the method of establishing a managed data transfer link between a first host connector and a second host connector according to the invention, indicated generally by the reference numeral 20. In step 21, a user, such as a member of the IT staff using PC 11, specifies the source location in the host connector of the data that they wish to transfer. This may include the IP address of the host connector and may specify one or more files, folders or other data components in the host connector. In step 22, the IT staff member specifies the destination location in the host connector where they wish to transfer the data. Again, this may include the IP address of the host connector and may specify one or more files, folder or other data components in the second host connector. In step 23, the IT staff member specifies the data to be transferred. This may include one or more files, folders, sub-folders, fields in a database or other data components. In step 24, the IT staff member specifies the transfer schedule for the data, i.e. whether the data is to be transferred as a one-off transfer or whether the data is to be transferred periodically, such as monthly, weekly, daily, hourly or at other intervals and at what time or times that it is to be transferred.
In step 25, the IT worker will then have to complete a data protection impact assessment (DPIA) for the data that they wish to transfer before the managed data transfer link can be established. The DPIA may comprise one or more (typically multiple) questions relating to the data. For example, the DPIA may comprise questions regarding how sensitive the data is (e.g. does it relate to medical records in which case it is highly sensitive or does it relate to the type of device that an individual most frequently uses when accessing a website in which case it is not highly sensitive), whether the data is being transferred to another jurisdiction and if so, whether that jurisdiction is outside an area of common control (such as the EU) and/or whether there is a similar duty of care over the handling of data in that jurisdiction, whether the data contains personally identifiable information (PI I) and the number of people that would be affected if the data were misplaced or released into the public domain. Other questions that are deemed particularly appropriate are (i) what is the business reason for this file transfer request? (ii) Has anonymization been considered for this categorisation of data? (iii) Has
- 12encryption been considered for this categorisation of data? and (iv) Has the level of security required in the transfer protocol been confirmed? The list of questions outlined above is not exhaustive and is merely illustrative of some of the questions that may be asked. Other questions and/or a subset of the above questions may be posed as part of the DPIA. The IT worker will complete the DPIA electronically using their PC 11 and the DPIA will be stored in secure memory along with a record of the managed data transfer link.
In step 26, the managed data transfer link along with the DPIA is sent for authorization. This step is performed in preferred embodiments but in other, less preferred embodiments, this step may not be required in order to allow establishment of the managed data transfer link in which case the process moves directly onwards to step 27, in which the managed data transfer link is established. In those embodiments where authorization is required, the managed data transfer link and the DPIA are sent onwards to a supervisor, for example an IT manager operating the PC 13, for authorization. This will entail the IT supervisor reviewing the managed data transfer link and the DPIA and confirming whether or not it is permissible to transfer the data according to the managed data transfer link and secondly whether the DPIA has been comprehensively completed by the IT worker. If the DPIA has not been comprehensively or correctly completed, the IT manager may complete the DPIA correctly themselves or they may return the DPIA and the managed data transfer link to the IT worker for them to correct prior to resending the updated DPIA and managed data transfer link to the IT manager for approval. If the data according to the managed data transfer link simply should not be sent, it is within the IT managers ability to delete the managed data transfer link prior to the establishment of the link. The authorization may require more than one level of authorization and in addition to the IT Manager, a Data Protection Officer (DPO) and/or others may also be called upon to authorize the managed data transfer link and the DPIA. If the IT manager (and/or others if appropriate) approves the managed data transfer link and DPIA in step 26, the link is established in step 27.
Referring now to Figure 3, there is shown a block diagram of a managed data transfer hub 5 according to the invention including some of the unique components thereof. The managed data transfer hub comprises a managed data transfer link establishment module 31 having a data protection impact assessment module 32 integral therewith.
- 13The managed data transfer hub 5 further comprises an authorization workflow module 33 for processing the completed DPIA and an authorization workflow module 34 for processing the managed data transfer link. Finally, there is provided a secure memory 35 for storage of the DPIA and the managed data transfer link information of established links and a secure memory 36 for storage of the activity log relating to the creation, modification and authorization of the managed data transfer link and the DPIA stored in secure memory. It will be understood that the managed data transfer hub will further comprise components for permitting communications to and from the hub and for allowing read and write commands and other instructions to the various components however these have been omitted for clarity.
Referring now to Figure 4, there is shown a diagrammatic representation of a managed data transfer link workflow used in the method of creating a managed data transfer link according to the invention. The managed data transfer link workflow is illustrated by a 5X5 grid 40. This grid 40 shows the state possibilities for the managed data transfer link as it progresses through an organisation during use. The managed data transfer link, when created initially, will be given a status of “new”. It is not however approved or active yet. Reading along the row 41, it can be seen that a new managed data transfer link can progress to “approved” if it is approved/authorized by a supervisor. The “approved” managed data transfer link may then be passed to a DPO who may further approve/authorize the managed data transfer link in which case the managed data transfer link will transition from “approved” to “active”, as illustrated by row 42. If an “active” managed data transfer link is no longer required or is found to be inappropriate after activation, the “active” managed data transfer link may be transitioned to a status of “deleted” as illustrated by the row 43 and if it is desired to reinstate a “deleted” managed data transfer link, it will be seen by reading across the bottom row 44 in the grid that the “deleted” managed data transfer link can be reinstated to “new” status. It will be appreciated that the reinstated, previously deleted managed data transfer link will transition to “new” where it will thereafter have to go though approval steps in order to become “active” once more. In this way, a “deleted” managed data transfer link cannot transition directly back to an “active” managed data transfer link and it must go through further scrutiny.
- 14Referring now to Figure 5, there is shown a diagrammatic representation of a DPIA workflow used in the method of creating a managed data transfer link according to the invention. The DPIA workflow is illustrated by a 6X6 grid 50. This grid 50 shows the flow of a DPIA as it progresses through an organisation during authorisation. The grid comprises a plurality of rows, 51, 52, 53, 54 and 55 arranged in a similar manner to the grid 40 for the managed data transfer link workflow. In the example above, the workflow for the managed data transfer link was effectively uni-directional. In other words, the managed data transfer link could not be passed back in that chain (unique to that example). In the DPIA workflow illustrated in Figure 5, there is no such limitation and in some cases, the DPIA may travel forwards or backwards in the workflow. For example, in row 51, it is seen that an IT user can only pass the DPIA onwards to the IT manager for approval. However, in row 52, the IT manager can pass the DPIA onwards to the DPO or alternatively can pass the DPIA back to the IT user for review and potential amendment. It will be appreciated that the IT manager (or any other entity shown for that matter) cannot pass the DPIA to themselves, it must either go forwards in the chain or backwards in the chain. Similarly, referring to row 53, it can be seen that the DPO can pass the DPIA for review back to the IT user or the IT manager and the DPO can pass the DPIA onwards for approval to the Chief Information Officer (CIO). Referring to row 54, the CIO can pass the DPIA back to the DPO or forwards to the Chief Executive Officer (CEO) and referring to row 55, it can be seen that the CEO can pass the DPIA back to the CIO. The establishment of a managed data transfer link may be conditional on one or both of the authorisation workflows 40, 50. Furthermore, these may be adjusted to suit the organisations structure and requirements.
It will be understood that various modifications may be made to the invention without departing from the scope of the claims. What is most important is that in order to establish a managed data transfer link, it is necessary to complete a data protection impact assessment and that a managed data transfer link cannot be established without such a DPIA being completed. The completion of a DPIA becomes integral to the process of creating a managed data transfer link. Furthermore, a record of the DPIA, the managed data transfer link and the activity log relating to that link is stored in a secure memory, which for example may only be accessed by designated employees such as the DPO or the CIO. This will allow a full history of the link to be retrieved if need be. Altogether, the method and system provide a more robust, secure method and system.
- 15It will be understood that various parts of the present invention are performed in hardware and other parts of the invention may be performed either in hardware and/or software. It will be understood that the method steps and various components of the present invention will be performed largely in software and therefore the present invention extends also to computer programs, on or in a carrier, comprising program instructions for causing a computer or a processor to carry out steps of the method or provide functional components for carrying out those steps. The computer program may be in source code format, object code format or a format intermediate source code and object code. The computer program may be stored on or in a carrier, in other words a computer program product, including any computer readable medium, including but not limited to a floppy disc, a CD, a DVD, a memory stick, a tape, a RAM, a ROM, a PROM, an EPROM or a hardware circuit. In certain circumstances, a transmissible carrier such as a carrier signal when transmitted either wirelessly and/or through wire and/or cable could carry the computer program in which cases the wire and/or cable constitute the carrier.
It will be further understood that the present invention may be performed on two, three or more devices with certain parts of the invention being performed by one device and other parts of the invention being performed by another device. The devices may be connected together over a communications network. The present invention and claims are intended to also cover those instances where the system is operated across two or more devices or pieces of apparatus located in one or more locations.
In this specification, the terms “comprise, comprises, comprised and comprising” and the terms “include, includes, included and including” are all deemed totally interchangeable and should be afforded the widest possible interpretation.
The invention is in no way limited to the embodiments hereinbefore described but may be varied in both construction and detail within the scope of the appended claims.

Claims (27)

  1. Claims:
    (1) A computer implemented method of establishing a managed data transfer link between a first host connector and a second host connector, the method comprising the steps of:
    specifying a source location in the first host connector;
    specifying a destination location in the second host connector;
    specifying the data to be transferred between the source location in the first host connector and the destination location in the second host connector;
    specifying the data transfer schedule for the managed data transfer link;
    characterised in that, the method further comprises the step of completing a data protection impact assessment (DPIA) relating to the data to be transferred in order to enable establishment of the managed data transfer link.
  2. (2) A computer implemented method as claimed in claim 1 in which the method comprises the further step of, prior to establishment of the managed data transfer link, passing the completed DPIA to a supervisor for authorization in order to enable establishment of the managed data transfer link.
  3. (3) A computer implemented method as claimed in claims 1 or 2 in which the completed DPIA is processed strictly in accordance with an authorization workflow in order to enable establishment of the managed data transfer link.
  4. (4) A computer implemented method as claimed in any preceding claim in which the managed data transfer link is processed strictly in accordance with an authorization workflow in order to enable establishment of the managed data transfer link.
    - 17(
  5. 5) A computer implemented method as claimed in any preceding claim in which the method comprises the step of storing a record of the managed data transfer link and the DPIA in a secure memory.
  6. (6) A computer implemented method as claimed in claim 5 in which the method comprises the step of storing in the record of the managed data transfer link and the DPIA in memory an activity log relating to the creation, modification and authorization of the managed data transfer link and the DPIA.
  7. (7) A computer implemented method as claimed in any preceding claim in which the DPIA stipulates whether the data to be transferred contains personally identifiable information (Pll).
  8. (8) A computer implemented method as claimed in any preceding claim in which the DPIA stipulates the nature of the data to be transferred.
  9. (9) A computer implemented method as claimed in claim 7 or 8 in which the DPIA stipulates degree of sensitivity of the data to be transferred.
  10. (10) A computer implemented method as claimed in any preceding claim in which the DPIA stipulates the number of people affected by the data to be transferred.
  11. (11) A computer implemented method as claimed in any preceding claim in which the method comprises the initial step of creating a DPIA for the data to be transferred prior to completing the DPIA.
  12. (12) A computer implemented method as claimed in claim 11 in which there is provided a DPIA template for creation of the DPIA.
  13. (13) A computer implemented method as claimed in claim 12 in which the DPIA template for creation of the DPIA comprises a plurality of question fields and a corresponding response field for each question field, and in which the question fields are editable.
    - 18(
  14. 14) A managed data transfer system comprising:
    a plurality of host connectors;
    a managed data transfer hub through which data being transferred from one of the plurality of host connectors to another of the plurality of host connectors is controlled;
    the managed data transfer hub having a managed data transfer link establishment module loaded thereon to enable a user create a managed data transfer link and to specify for a managed data transfer link: a source location in one of the host connectors, a destination location in the other of the host connectors, the data to be transferred between the source location and the destination location, and the data transfer schedule for the managed data transfer link;
    characterised in that, the managed data transfer link establishment module further comprises a data protection impact assessment (DPIA) module integral therewith operable to generate a DPIA for the managed data transfer link upon creation of the managed data transfer link so that each managed data transfer link will have a data protection impact assessment associated therewith.
  15. (15) A managed data transfer system as claimed in claim 14 in which the managed data transfer system is a managed file transfer system.
  16. (16) A managed data transfer system as claimed in claim 14 or 15 in which there is provided a secure memory and in which the managed data transfer link and the DPIA associated therewith is stored in secure memory.
  17. (17) A managed data transfer system as claimed in claim 16 in which there is provided an activity log relating to the creation, modification and authorization of the managed data transfer link and the DPIA stored in secure memory.
    - 19(
  18. 18) A managed data transfer system as claimed in claim 14 to 17 in which there is provided an authorization workflow module for processing the completed DPIA in order to enable establishment of the managed data transfer link.
  19. (19) A managed data transfer system as claimed in claim 14 to 18 in which there is provided an authorization workflow module for processing the managed data transfer link in order to enable establishment of the managed data transfer link.
  20. (20) A managed data transfer system as claimed in claim 14 to 19 in which the DPIA stipulates whether the data to be transferred contains personally identifiable information (Pll).
  21. (21) A managed data transfer system as claimed in claim 14 to 20 in which the DPIA stipulates the nature of the data to be transferred.
  22. (22) A managed data transfer system as claimed in claim 14 to 21 in which the DPIA stipulates degree of sensitivity of the data to be transferred.
  23. (23) A managed data transfer system as claimed in claim 14 to 22 in which the DPIA stipulates the number of people affected by the data to be transferred.
  24. (24) A managed data transfer system as claimed in claim 14 to 23 in which there is provided a DPIA template for creation of the DPIA.
  25. (25) A computer program product having program instructions that when loaded on a computer, cause the computer to perform the method of any one of claims 1 to 13.
  26. (26) A managed data transfer system substantially as hereinbefore described with reference to and as illustrated in the accompanying drawings.
  27. (27) A computer implemented method of establishing a managed data transfer link between a first host connector and a second host connector substantially as
    -20hereinbefore described with reference to and as illustrated in the accompanying drawings.
    Intellectual
    Property
    Office
    Application No: Claims searched:
    GB1618434.3
    1-27
GB1618434.3A 2016-11-01 2016-11-01 A computer implemented method of establishing a managed data transfer link Withdrawn GB2555488A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB1618434.3A GB2555488A (en) 2016-11-01 2016-11-01 A computer implemented method of establishing a managed data transfer link

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB1618434.3A GB2555488A (en) 2016-11-01 2016-11-01 A computer implemented method of establishing a managed data transfer link

Publications (2)

Publication Number Publication Date
GB201618434D0 GB201618434D0 (en) 2016-12-14
GB2555488A true GB2555488A (en) 2018-05-02

Family

ID=57963696

Family Applications (1)

Application Number Title Priority Date Filing Date
GB1618434.3A Withdrawn GB2555488A (en) 2016-11-01 2016-11-01 A computer implemented method of establishing a managed data transfer link

Country Status (1)

Country Link
GB (1) GB2555488A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019089114A1 (en) * 2017-10-31 2019-05-09 Mastercard International Incorporated Validation devices, servers, validation methods, and file modification methods
US11074257B2 (en) 2010-04-19 2021-07-27 Facebook, Inc. Filtering search results for structured search queries

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150301839A1 (en) * 2014-04-17 2015-10-22 Oracle International Corporation Mft load balancer
US20150324593A1 (en) * 2014-05-09 2015-11-12 International Business Machines Corporation Intelligent security analysis and enforcement for data transfer

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150301839A1 (en) * 2014-04-17 2015-10-22 Oracle International Corporation Mft load balancer
US20150324593A1 (en) * 2014-05-09 2015-11-12 International Business Machines Corporation Intelligent security analysis and enforcement for data transfer

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11074257B2 (en) 2010-04-19 2021-07-27 Facebook, Inc. Filtering search results for structured search queries
WO2019089114A1 (en) * 2017-10-31 2019-05-09 Mastercard International Incorporated Validation devices, servers, validation methods, and file modification methods
US11625359B2 (en) 2017-10-31 2023-04-11 Mastercard International Incorporated Validation devices, servers, validation methods, and file modification methods

Also Published As

Publication number Publication date
GB201618434D0 (en) 2016-12-14

Similar Documents

Publication Publication Date Title
US20190342341A1 (en) Information technology governance and controls methods and apparatuses
US7822724B2 (en) Change audit method, apparatus and system
Henning Security service level agreements: quantifiable security for the enterprise?
Alruwaili et al. Secure migration to compliant cloud services: A case study
GB2555488A (en) A computer implemented method of establishing a managed data transfer link
US9465951B1 (en) Systems and methods for resource management and certification
Lightle et al. Segregation of duties in ERP: an automated assessment tool enables internal auditors at MeadWestvaco to enhance their SOD control reviews throughout the enterprise
Reini GDPR implementation, Case: Headpower Oy
Stanik System risk model of the IT system supporting the processing of documents at different levels of sensitivity
Safonova et al. Modeling the information security management system (ISMS) of a medical organization
Pelkola A framework for managing privacy-enhancing technology
US Department of Health and Human Services Regulatory Compliance/OCR Cybersecurity Newsletter: securing your legacy (system security)
DSS About our organization
Doc QUALITY SYSTEM
Cissé Third-party risk management: Strategy to mitigate ‘on-premise’and ‘cloud’cyber security risks
Hassan et al. Governance in practice: Effective data governance: From strategy through to implementation
Fowler IT Strategy Policy
Sengupta Modeling dependencies of iso/iec 27002: 2013 security controls
GB2555487A (en) A method of controlling the transfer of data in a managed data transfer system
Anturaniemi Information Security Plan for SAP HCM
Chick et al. DEVSECOPS PLATFORM-INDEPENDENT MODEL: OPERATIONAL AND PERSONEL
Βλαχάκης GDPR, from theory to practice. Development of a minimum basic data protection system for public and private sector entities
Simpson An Introduction to Computer Auditing
Deysel A model for information security control audit for small to mid-sized organisations
Auditor-General Information systems audit report

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)