SlideShare a Scribd company logo

AIIM 2015 - Data Privacy

Download as PPTX, PDF
Alan Pelz-Sharpe
Alan Pelz-Sharpe

Slides from my presentation at AIIM 2015 San Diego on Data Privacy.

Technology
1 of 23
Data Privacy: The Coming Conflict Alan Pelz-Sharpe Research Director Social Business Applications
451 Research is an information technology research & advisory company 2 Founded in 2000 350+ employees, including over 100 analysts 1,000+ clients: Technology & Service providers, corporate advisory, finance, professional services, and IT decision makers 25,000+ senior IT professionals in our research community Over 52 million data points each quarter 4,500+ reports published each year covering 2,000+ innovative technology & service providers Headquartered in New York City with offices in London, Boston, San Francisco, and Washington D.C. 451 Research and its sister company Uptime Institute comprise the two divisions of The 451 Group Research & Data Advisory Services Events
3 451 Research provides unique insight into emerging, disruptive technologies and the companies taking them to market.
4 Research Channels A combination of research & data is delivered across fourteen channels aligned to the prevailing topics and technologies of digital infrastructure… from the datacenter core to the mobile edge.
Why Data Privacy? • Emerging and Invasive Technologies • Data Breaches • Legal and Regulatory Challenges 5
Why Data Privacy? - Emerging and Invasive Technologies 6
Why Data Privacy? Emerging and Invasive Technologies 7 Aliases Private email Address Devices Locations Friends & Associates Work email Address
Why Data Privacy? – Personal Data is broader than you think 8 Social Network Posts IP addresses Photographs
Basics – PII (Personally Identifiable Data) 9 What do I have? • Why do I have it? What am I collecting? • Why am I collecting it? How long should I keep it? • How do I dispose of it?
Basics - Security 10 How have I secured it? • Granular or a blanket approach? Who accesses it? • Should they be accessing it? How do I know if I lose it? • What do I do if I do lose it?
Why Data Privacy? – Data Breaches 11 • Difficult problem. Not if companies will be hacked, but when. • US law is difficult—47 different state laws plus District of Columbia • What is a reasonable legal requirement for data breach notification? • Too many notices, and you have the Boy Who Cried Wolf problem of people ignoring them. • EU is considering data breach notification regulations as part of GDPR.
The Current Conflicts • September 11 and the USA PATRIOT Act • The NSA-Snowden Controversy • Conflict of Cultures, Definitions, and Laws 12
The Current Conflicts September 11 and the USA PATRIOT ACT 13 • Laws in many nations would trigger government data demands in response to a (real or perceived) threat to national security. • “Don’t put your data on US servers” argument is somewhat of a red herring. • September 11 and the PATRIOT ACT perfect illustrations of the ‘Privacy vs. Security’ dilemma.
The Current Conflicts – NSA-Snowden 14 • Like the Patriot Act - the NSA-Snowden Controversy illustrate the ‘Privacy vs. Security’ dilemma. • Was the PATRIOT Act really a red herring? The NSA-Snowden controversy has been a giant ‘We told you so’ for many around the world who argued the USA PATRIOT Act was the manifestation of the Orwellian nightmare.
The Current Conflicts 15 • Freedom of Information versus Right to Privacy • US First Amendment Freedom of Speech
The Current Conflicts Different Definitions • Personally Identifiable Information (PII)—In 2010, the US Government’s Office of Management and Budget (OMB) stated, “The definition of PII is not anchored to any single category of information or technology. Rather, it requires a case-by-case assessment of the specific risk that an individual can be identified. In performing this assessment, it is important for an agency to recognize that non-PII can become PII whenever additional information is made publicly available—in any medium from any source—that, when combined with other available information, could be used to identify an individual.” See also US National Institute for Standards and Technology (NIST) definition. • Personal Information—Mexico has a broad definition, including any information concerning an individual. • Sensitive Personal Information—For instance, in Argentina, it includes ethnic or racial origin, political opinions, union membership, philosophical, while in Finland, it includes criminal sanctions and the receipt of social welfare. 16
Personal Data: 2+2=4 17 Birthdate Address Social Security Number Phone Number eMail Address Twitter Handle Credit Card Number
US-EU Safe Harbor Framework • Although US does not meet the minimum standards required by the 1995 Directive, the Safe Harbor has allowed data transfers between the EU and the US. • Companies self-certify compliance, which has never been popular in Europe. • Negotiations are continuing to safe the Safe Harbor. 18
The Coming Conflicts • EU General Data Protection Regulation (GDPR) • Microsoft Dublin Warrant Controversy 19
The Coming Conflicts EU GDPR • Change from Directive (Directive 95/46/EC) to Regulation (GDPR) • The goal is to harmonize the laws of the 28 EU Member States • Harmonizing the laws would make international business easier, but the GDPR in its current form would create more substantial differences with the US. • Right to be Forgotten/Right of Erasure—a major issue, but in May 2014, the EU Court of Justice held in Google Spain that the Right to be Forgotten exists under the current Directive in certain circumstances. • International Transfer of Personal Data • Data Breach Notification—Change from 24 hours to “without undue delay.” • European Council must still approve. 20
The Coming Conflicts Microsoft Dublin Warrant • In re Warrant to Search a Certain E-Mail Account Controlled and Maintained by Microsoft Corp. (S.D.N.Y. 2014) • US court holds a warrant for email data stored is Dublin is valid under the US Stored Communications Act of 1986 because the data are controlled by Microsoft in the US—despite being stored in Ireland. • Microsoft—supported by tech companies—is appealing to the US Court of Appeals for the Second Circuit, arguing that it does matter where the data are stored and that the US does not have authority to data stored in Ireland. • If upheld, it could be a major blow to US tech companies. 21
Key Takeaways • Take ownership of the issue • Know what data you are collecting and why • The less you collect the more secure you are – the more you collect the richer the data source – get the balance right • Clearly define PII and non PII • Figure out a Data Loss Prevention (DLP) strategy • Know what laws impact your organization – does data travel overseas? • Clear house – don’t just keep data because you can • Take a scenario based approach – what are the scenarios for your organization? 22
alan.pelzsharpe@451research.com Twitter: @socialbizalan

Recommended

Sovereignty: the state of data
Sovereignty: the state of dataSovereignty: the state of data
Sovereignty: the state of datadan hyde
 
A Case Study on Issues and Violations on Information Technology
A Case Study on Issues and Violations on Information TechnologyA Case Study on Issues and Violations on Information Technology
A Case Study on Issues and Violations on Information TechnologyLaguna State Polytechnic University
 
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Financial Poise
 
Ohara winchester 21.4.15
Ohara winchester 21.4.15Ohara winchester 21.4.15
Ohara winchester 21.4.15Centre for Information Rights, University of Winchester, UK
 
Data Privacy and Security in the Digital age Ukraine - Patrick Bell
Data Privacy and Security in the Digital age Ukraine - Patrick BellData Privacy and Security in the Digital age Ukraine - Patrick Bell
Data Privacy and Security in the Digital age Ukraine - Patrick BellUBA-komitet
 
Data Sovereignty
Data SovereigntyData Sovereignty
Data SovereigntySadegh Bamohabbat
 
Personal Data Privacy and Information Security
Personal Data Privacy and Information SecurityPersonal Data Privacy and Information Security
Personal Data Privacy and Information SecurityCharles Mok
 
Keeping Information Safe: Privacy and Security Issues
Keeping Information Safe: Privacy and Security IssuesKeeping Information Safe: Privacy and Security Issues
Keeping Information Safe: Privacy and Security Issuesipspat
 

Recommended

Sovereignty: the state of data
Sovereignty: the state of dataSovereignty: the state of data
Sovereignty: the state of datadan hyde
 
A Case Study on Issues and Violations on Information Technology
A Case Study on Issues and Violations on Information TechnologyA Case Study on Issues and Violations on Information Technology
A Case Study on Issues and Violations on Information TechnologyLaguna State Polytechnic University
 
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Financial Poise
 
Ohara winchester 21.4.15
Ohara winchester 21.4.15Ohara winchester 21.4.15
Ohara winchester 21.4.15Centre for Information Rights, University of Winchester, UK
 
Data Privacy and Security in the Digital age Ukraine - Patrick Bell
Data Privacy and Security in the Digital age Ukraine - Patrick BellData Privacy and Security in the Digital age Ukraine - Patrick Bell
Data Privacy and Security in the Digital age Ukraine - Patrick BellUBA-komitet
 
Data Sovereignty
Data SovereigntyData Sovereignty
Data SovereigntySadegh Bamohabbat
 
Personal Data Privacy and Information Security
Personal Data Privacy and Information SecurityPersonal Data Privacy and Information Security
Personal Data Privacy and Information SecurityCharles Mok
 
Keeping Information Safe: Privacy and Security Issues
Keeping Information Safe: Privacy and Security IssuesKeeping Information Safe: Privacy and Security Issues
Keeping Information Safe: Privacy and Security Issuesipspat
 
Information Security and GDPR
Information Security and GDPRInformation Security and GDPR
Information Security and GDPRLondon School of Hygiene and Tropical Medicine
 
Ethics in Technology - Privacy
Ethics in Technology - PrivacyEthics in Technology - Privacy
Ethics in Technology - PrivacyFrances Coronel
 
The Patriot Act and Cloud Security - Busting the European FUD
The Patriot Act and Cloud Security - Busting the European FUDThe Patriot Act and Cloud Security - Busting the European FUD
The Patriot Act and Cloud Security - Busting the European FUDResilient Systems
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy IntroductionG Prachi
 
Information Assurance And Security - Chapter 3 - Lesson 2
Information Assurance And Security - Chapter 3 - Lesson 2Information Assurance And Security - Chapter 3 - Lesson 2
Information Assurance And Security - Chapter 3 - Lesson 2MLG College of Learning, Inc
 
Virtru: Trends in Federal Surveillance Law Q2 2014
Virtru: Trends in Federal Surveillance Law Q2 2014Virtru: Trends in Federal Surveillance Law Q2 2014
Virtru: Trends in Federal Surveillance Law Q2 2014virtruprivacy
 
Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1Dione McBride, CISSP, CIPP/E
 
Draft data protection regn 2012
Draft data protection regn 2012Draft data protection regn 2012
Draft data protection regn 2012lilianedwards
 
E. Bryan - E-Governance and Personal Privacy
E. Bryan - E-Governance and Personal PrivacyE. Bryan - E-Governance and Personal Privacy
E. Bryan - E-Governance and Personal PrivacyEmerson Bryan
 
33rd TWNIC IP OPM: Legal cooperation to overcome jurisdictional and territori...
33rd TWNIC IP OPM: Legal cooperation to overcome jurisdictional and territori...33rd TWNIC IP OPM: Legal cooperation to overcome jurisdictional and territori...
33rd TWNIC IP OPM: Legal cooperation to overcome jurisdictional and territori...APNIC
 
Revision Data Protection Act (Eduardo And Salvador)
Revision Data Protection Act (Eduardo And Salvador)Revision Data Protection Act (Eduardo And Salvador)
Revision Data Protection Act (Eduardo And Salvador)itgsabc
 
Maeve mis presentation
Maeve mis presentationMaeve mis presentation
Maeve mis presentationmisecho
 
Chapter 10, part 3
Chapter 10, part 3Chapter 10, part 3
Chapter 10, part 3misecho
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information PrivacyPerry Slack
 
Fourth Amendment as a Service - Workshop - 2-21-17
Fourth Amendment as a Service - Workshop - 2-21-17Fourth Amendment as a Service - Workshop - 2-21-17
Fourth Amendment as a Service - Workshop - 2-21-17FourthAsAService
 
Chapter2
Chapter2Chapter2
Chapter2Pibi Lu
 
Privacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
Privacy Practice Fundamentals: Understanding Compliance Regimes and RequirementsPrivacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
Privacy Practice Fundamentals: Understanding Compliance Regimes and RequirementsAnitafin
 
Privacy and missing persons
Privacy and missing personsPrivacy and missing persons
Privacy and missing personsmpcislides
 
Privacy in the Information Age [Q3 2015 version]
Privacy in the Information Age [Q3 2015 version]Privacy in the Information Age [Q3 2015 version]
Privacy in the Information Age [Q3 2015 version]Jordan Peacock
 
NSA Snooping Scandal
NSA Snooping ScandalNSA Snooping Scandal
NSA Snooping ScandalArun Prasaath
 
Web Meets World: Privacy and the Future of the Cloud
Web Meets World: Privacy and the Future of the CloudWeb Meets World: Privacy and the Future of the Cloud
Web Meets World: Privacy and the Future of the Cloudgnat
 
Is Snowden A Hero Or A Traitor?
Is Snowden A Hero Or A Traitor?Is Snowden A Hero Or A Traitor?
Is Snowden A Hero Or A Traitor?Maps of World
 

More Related Content

What's hot

Ethics in Technology - Privacy
Ethics in Technology - PrivacyEthics in Technology - Privacy
Ethics in Technology - PrivacyFrances Coronel
 
The Patriot Act and Cloud Security - Busting the European FUD
The Patriot Act and Cloud Security - Busting the European FUDThe Patriot Act and Cloud Security - Busting the European FUD
The Patriot Act and Cloud Security - Busting the European FUDResilient Systems
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy IntroductionG Prachi
 
Information Assurance And Security - Chapter 3 - Lesson 2
Information Assurance And Security - Chapter 3 - Lesson 2Information Assurance And Security - Chapter 3 - Lesson 2
Information Assurance And Security - Chapter 3 - Lesson 2MLG College of Learning, Inc
 
Virtru: Trends in Federal Surveillance Law Q2 2014
Virtru: Trends in Federal Surveillance Law Q2 2014Virtru: Trends in Federal Surveillance Law Q2 2014
Virtru: Trends in Federal Surveillance Law Q2 2014virtruprivacy
 
Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1Dione McBride, CISSP, CIPP/E
 
Draft data protection regn 2012
Draft data protection regn 2012Draft data protection regn 2012
Draft data protection regn 2012lilianedwards
 
E. Bryan - E-Governance and Personal Privacy
E. Bryan - E-Governance and Personal PrivacyE. Bryan - E-Governance and Personal Privacy
E. Bryan - E-Governance and Personal PrivacyEmerson Bryan
 
33rd TWNIC IP OPM: Legal cooperation to overcome jurisdictional and territori...
33rd TWNIC IP OPM: Legal cooperation to overcome jurisdictional and territori...33rd TWNIC IP OPM: Legal cooperation to overcome jurisdictional and territori...
33rd TWNIC IP OPM: Legal cooperation to overcome jurisdictional and territori...APNIC
 
Revision Data Protection Act (Eduardo And Salvador)
Revision Data Protection Act (Eduardo And Salvador)Revision Data Protection Act (Eduardo And Salvador)
Revision Data Protection Act (Eduardo And Salvador)itgsabc
 
Maeve mis presentation
Maeve mis presentationMaeve mis presentation
Maeve mis presentationmisecho
 
Chapter 10, part 3
Chapter 10, part 3Chapter 10, part 3
Chapter 10, part 3misecho
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information PrivacyPerry Slack
 
Fourth Amendment as a Service - Workshop - 2-21-17
Fourth Amendment as a Service - Workshop - 2-21-17Fourth Amendment as a Service - Workshop - 2-21-17
Fourth Amendment as a Service - Workshop - 2-21-17FourthAsAService
 
Chapter2
Chapter2Chapter2
Chapter2Pibi Lu
 
Privacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
Privacy Practice Fundamentals: Understanding Compliance Regimes and RequirementsPrivacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
Privacy Practice Fundamentals: Understanding Compliance Regimes and RequirementsAnitafin
 
Privacy and missing persons
Privacy and missing personsPrivacy and missing persons
Privacy and missing personsmpcislides
 

What's hot (18)

Information Security and GDPR
Information Security and GDPRInformation Security and GDPR
Information Security and GDPR
 
Ethics in Technology - Privacy
Ethics in Technology - PrivacyEthics in Technology - Privacy
Ethics in Technology - Privacy
 
The Patriot Act and Cloud Security - Busting the European FUD
The Patriot Act and Cloud Security - Busting the European FUDThe Patriot Act and Cloud Security - Busting the European FUD
The Patriot Act and Cloud Security - Busting the European FUD
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy Introduction
 
Information Assurance And Security - Chapter 3 - Lesson 2
Information Assurance And Security - Chapter 3 - Lesson 2Information Assurance And Security - Chapter 3 - Lesson 2
Information Assurance And Security - Chapter 3 - Lesson 2
 
Virtru: Trends in Federal Surveillance Law Q2 2014
Virtru: Trends in Federal Surveillance Law Q2 2014Virtru: Trends in Federal Surveillance Law Q2 2014
Virtru: Trends in Federal Surveillance Law Q2 2014
 
Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1
 
Draft data protection regn 2012
Draft data protection regn 2012Draft data protection regn 2012
Draft data protection regn 2012
 
E. Bryan - E-Governance and Personal Privacy
E. Bryan - E-Governance and Personal PrivacyE. Bryan - E-Governance and Personal Privacy
E. Bryan - E-Governance and Personal Privacy
 
33rd TWNIC IP OPM: Legal cooperation to overcome jurisdictional and territori...
33rd TWNIC IP OPM: Legal cooperation to overcome jurisdictional and territori...33rd TWNIC IP OPM: Legal cooperation to overcome jurisdictional and territori...
33rd TWNIC IP OPM: Legal cooperation to overcome jurisdictional and territori...
 
Revision Data Protection Act (Eduardo And Salvador)
Revision Data Protection Act (Eduardo And Salvador)Revision Data Protection Act (Eduardo And Salvador)
Revision Data Protection Act (Eduardo And Salvador)
 
Maeve mis presentation
Maeve mis presentationMaeve mis presentation
Maeve mis presentation
 
Chapter 10, part 3
Chapter 10, part 3Chapter 10, part 3
Chapter 10, part 3
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information Privacy
 
Fourth Amendment as a Service - Workshop - 2-21-17
Fourth Amendment as a Service - Workshop - 2-21-17Fourth Amendment as a Service - Workshop - 2-21-17
Fourth Amendment as a Service - Workshop - 2-21-17
 
Chapter2
Chapter2Chapter2
Chapter2
 
Privacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
Privacy Practice Fundamentals: Understanding Compliance Regimes and RequirementsPrivacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
Privacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
 
Privacy and missing persons
Privacy and missing personsPrivacy and missing persons
Privacy and missing persons
 

Viewers also liked

Privacy in the Information Age [Q3 2015 version]
Privacy in the Information Age [Q3 2015 version]Privacy in the Information Age [Q3 2015 version]
Privacy in the Information Age [Q3 2015 version]Jordan Peacock
 
NSA Snooping Scandal
NSA Snooping ScandalNSA Snooping Scandal
NSA Snooping ScandalArun Prasaath
 
Web Meets World: Privacy and the Future of the Cloud
Web Meets World: Privacy and the Future of the CloudWeb Meets World: Privacy and the Future of the Cloud
Web Meets World: Privacy and the Future of the Cloudgnat
 
Is Snowden A Hero Or A Traitor?
Is Snowden A Hero Or A Traitor?Is Snowden A Hero Or A Traitor?
Is Snowden A Hero Or A Traitor?Maps of World
 
Introduction to Data Protection and Information Security
Introduction to Data Protection and Information SecurityIntroduction to Data Protection and Information Security
Introduction to Data Protection and Information SecurityJisc Scotland
 
Data Privacy and Protection Presentation
Data Privacy and Protection PresentationData Privacy and Protection Presentation
Data Privacy and Protection Presentationmlw32785
 
Internet Privacy
Internet PrivacyInternet Privacy
Internet Privacyrealpeterz
 
Internet privacy ethics and online security
Internet privacy ethics and online securityInternet privacy ethics and online security
Internet privacy ethics and online securityPaul Berryman
 
Privacy , Security and Ethics Presentation
Privacy , Security and Ethics PresentationPrivacy , Security and Ethics Presentation
Privacy , Security and Ethics PresentationHajarul Cikyen
 
Security and Privacy on the Web in 2015
Security and Privacy on the Web in 2015Security and Privacy on the Web in 2015
Security and Privacy on the Web in 2015Francois Marier
 
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013Cain Ransbottyn
 

Viewers also liked (12)

Privacy in the Information Age [Q3 2015 version]
Privacy in the Information Age [Q3 2015 version]Privacy in the Information Age [Q3 2015 version]
Privacy in the Information Age [Q3 2015 version]
 
NSA Snooping Scandal
NSA Snooping ScandalNSA Snooping Scandal
NSA Snooping Scandal
 
Web Meets World: Privacy and the Future of the Cloud
Web Meets World: Privacy and the Future of the CloudWeb Meets World: Privacy and the Future of the Cloud
Web Meets World: Privacy and the Future of the Cloud
 
Is Snowden A Hero Or A Traitor?
Is Snowden A Hero Or A Traitor?Is Snowden A Hero Or A Traitor?
Is Snowden A Hero Or A Traitor?
 
Introduction to Data Protection and Information Security
Introduction to Data Protection and Information SecurityIntroduction to Data Protection and Information Security
Introduction to Data Protection and Information Security
 
Data Privacy and Protection Presentation
Data Privacy and Protection PresentationData Privacy and Protection Presentation
Data Privacy and Protection Presentation
 
Privacy in the Digital Age
Privacy in the Digital AgePrivacy in the Digital Age
Privacy in the Digital Age
 
Internet Privacy
Internet PrivacyInternet Privacy
Internet Privacy
 
Internet privacy ethics and online security
Internet privacy ethics and online securityInternet privacy ethics and online security
Internet privacy ethics and online security
 
Privacy , Security and Ethics Presentation
Privacy , Security and Ethics PresentationPrivacy , Security and Ethics Presentation
Privacy , Security and Ethics Presentation
 
Security and Privacy on the Web in 2015
Security and Privacy on the Web in 2015Security and Privacy on the Web in 2015
Security and Privacy on the Web in 2015
 
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
Privacy is an Illusion and you’re all losers! - Cryptocow - Infosecurity 2013
 

Similar to AIIM 2015 - Data Privacy

How your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacyHow your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacyTechSoup Canada
 
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...Diana Maier
 
E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course T...
E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course T...E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course T...
E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course T...Cengage Learning
 
The Sedona Canada Panel on Privacy and E-Discovery
The Sedona Canada Panel on Privacy and E-DiscoveryThe Sedona Canada Panel on Privacy and E-Discovery
The Sedona Canada Panel on Privacy and E-DiscoveryDan Michaluk
 
Gdpr and usa data privacy issues
Gdpr and usa data privacy issuesGdpr and usa data privacy issues
Gdpr and usa data privacy issuesStefan Schippers
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Financial Poise
 
Cybersecurity Strategies - time for the next generation
Cybersecurity Strategies - time for the next generationCybersecurity Strategies - time for the next generation
Cybersecurity Strategies - time for the next generationHinne Hettema
 
Corporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy ComplianceCorporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy ComplianceFinancial Poise
 
Privacy Security Data Breach - Regulatory Compliance for Financial Institutio...
Privacy Security Data Breach - Regulatory Compliance for Financial Institutio...Privacy Security Data Breach - Regulatory Compliance for Financial Institutio...
Privacy Security Data Breach - Regulatory Compliance for Financial Institutio...Lisa Abe-Oldenburg, B.Comm., JD.
 
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Shawn Tuma
 
Amcto presentation final
Amcto presentation finalAmcto presentation final
Amcto presentation finalDan Michaluk
 
ACEDS-Kroll Ontrack 2-24-15 Webcast
ACEDS-Kroll Ontrack 2-24-15 WebcastACEDS-Kroll Ontrack 2-24-15 Webcast
ACEDS-Kroll Ontrack 2-24-15 WebcastLogikcull.com
 
Clash of Compliance: Global Anti-Corruption Considerations When Foreign Laws ...
Clash of Compliance: Global Anti-Corruption Considerations When Foreign Laws ...Clash of Compliance: Global Anti-Corruption Considerations When Foreign Laws ...
Clash of Compliance: Global Anti-Corruption Considerations When Foreign Laws ...Ethisphere
 
Data breach protection from a DB2 perspective
Data breach protection from a DB2 perspectiveData breach protection from a DB2 perspective
Data breach protection from a DB2 perspectiveCraig Mullins
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Financial Poise
 
CSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentCSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentDonald E. Hester
 
IoT & Big Data - A privacy-oriented view of the future
IoT & Big Data - A privacy-oriented view of the futureIoT & Big Data - A privacy-oriented view of the future
IoT & Big Data - A privacy-oriented view of the futureFacundo Mauricio
 
NumaanHuq_Hackfest2015
NumaanHuq_Hackfest2015NumaanHuq_Hackfest2015
NumaanHuq_Hackfest2015Numaan Huq
 

Similar to AIIM 2015 - Data Privacy (20)

How your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacyHow your nonprofit can avoid data breaches and ensure privacy
How your nonprofit can avoid data breaches and ensure privacy
 
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
 
E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course T...
E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course T...E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course T...
E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course T...
 
The Sedona Canada Panel on Privacy and E-Discovery
The Sedona Canada Panel on Privacy and E-DiscoveryThe Sedona Canada Panel on Privacy and E-Discovery
The Sedona Canada Panel on Privacy and E-Discovery
 
Data Privacy Compliance
Data Privacy ComplianceData Privacy Compliance
Data Privacy Compliance
 
Gdpr and usa data privacy issues
Gdpr and usa data privacy issuesGdpr and usa data privacy issues
Gdpr and usa data privacy issues
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
 
Cybersecurity Strategies - time for the next generation
Cybersecurity Strategies - time for the next generationCybersecurity Strategies - time for the next generation
Cybersecurity Strategies - time for the next generation
 
Corporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy ComplianceCorporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
Corporate & Regulatory Compliance Boot Camp - Data Privacy Compliance
 
Privacy Security Data Breach - Regulatory Compliance for Financial Institutio...
Privacy Security Data Breach - Regulatory Compliance for Financial Institutio...Privacy Security Data Breach - Regulatory Compliance for Financial Institutio...
Privacy Security Data Breach - Regulatory Compliance for Financial Institutio...
 
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
 
Amcto presentation final
Amcto presentation finalAmcto presentation final
Amcto presentation final
 
ACEDS-Kroll Ontrack 2-24-15 Webcast
ACEDS-Kroll Ontrack 2-24-15 WebcastACEDS-Kroll Ontrack 2-24-15 Webcast
ACEDS-Kroll Ontrack 2-24-15 Webcast
 
Clash of Compliance: Global Anti-Corruption Considerations When Foreign Laws ...
Clash of Compliance: Global Anti-Corruption Considerations When Foreign Laws ...Clash of Compliance: Global Anti-Corruption Considerations When Foreign Laws ...
Clash of Compliance: Global Anti-Corruption Considerations When Foreign Laws ...
 
Data breach protection from a DB2 perspective
Data breach protection from a DB2 perspectiveData breach protection from a DB2 perspective
Data breach protection from a DB2 perspective
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
 
CSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local GovernmentCSMFO 2012 Data Privacy in Local Government
CSMFO 2012 Data Privacy in Local Government
 
When not if
When not ifWhen not if
When not if
 
IoT & Big Data - A privacy-oriented view of the future
IoT & Big Data - A privacy-oriented view of the futureIoT & Big Data - A privacy-oriented view of the future
IoT & Big Data - A privacy-oriented view of the future
 
NumaanHuq_Hackfest2015
NumaanHuq_Hackfest2015NumaanHuq_Hackfest2015
NumaanHuq_Hackfest2015
 

Recently uploaded

TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 

Recently uploaded (20)

TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 

AIIM 2015 - Data Privacy

  • 1. Data Privacy: The Coming Conflict Alan Pelz-Sharpe Research Director Social Business Applications
  • 2. 451 Research is an information technology research & advisory company 2 Founded in 2000 350+ employees, including over 100 analysts 1,000+ clients: Technology & Service providers, corporate advisory, finance, professional services, and IT decision makers 25,000+ senior IT professionals in our research community Over 52 million data points each quarter 4,500+ reports published each year covering 2,000+ innovative technology & service providers Headquartered in New York City with offices in London, Boston, San Francisco, and Washington D.C. 451 Research and its sister company Uptime Institute comprise the two divisions of The 451 Group Research & Data Advisory Services Events
  • 3. 3 451 Research provides unique insight into emerging, disruptive technologies and the companies taking them to market.
  • 4. 4 Research Channels A combination of research & data is delivered across fourteen channels aligned to the prevailing topics and technologies of digital infrastructure… from the datacenter core to the mobile edge.
  • 5. Why Data Privacy? • Emerging and Invasive Technologies • Data Breaches • Legal and Regulatory Challenges 5
  • 6. Why Data Privacy? - Emerging and Invasive Technologies 6
  • 7. Why Data Privacy? Emerging and Invasive Technologies 7 Aliases Private email Address Devices Locations Friends & Associates Work email Address
  • 8. Why Data Privacy? – Personal Data is broader than you think 8 Social Network Posts IP addresses Photographs
  • 9. Basics – PII (Personally Identifiable Data) 9 What do I have? • Why do I have it? What am I collecting? • Why am I collecting it? How long should I keep it? • How do I dispose of it?
  • 10. Basics - Security 10 How have I secured it? • Granular or a blanket approach? Who accesses it? • Should they be accessing it? How do I know if I lose it? • What do I do if I do lose it?
  • 11. Why Data Privacy? – Data Breaches 11 • Difficult problem. Not if companies will be hacked, but when. • US law is difficult—47 different state laws plus District of Columbia • What is a reasonable legal requirement for data breach notification? • Too many notices, and you have the Boy Who Cried Wolf problem of people ignoring them. • EU is considering data breach notification regulations as part of GDPR.
  • 12. The Current Conflicts • September 11 and the USA PATRIOT Act • The NSA-Snowden Controversy • Conflict of Cultures, Definitions, and Laws 12
  • 13. The Current Conflicts September 11 and the USA PATRIOT ACT 13 • Laws in many nations would trigger government data demands in response to a (real or perceived) threat to national security. • “Don’t put your data on US servers” argument is somewhat of a red herring. • September 11 and the PATRIOT ACT perfect illustrations of the ‘Privacy vs. Security’ dilemma.
  • 14. The Current Conflicts – NSA-Snowden 14 • Like the Patriot Act - the NSA-Snowden Controversy illustrate the ‘Privacy vs. Security’ dilemma. • Was the PATRIOT Act really a red herring? The NSA-Snowden controversy has been a giant ‘We told you so’ for many around the world who argued the USA PATRIOT Act was the manifestation of the Orwellian nightmare.
  • 15. The Current Conflicts 15 • Freedom of Information versus Right to Privacy • US First Amendment Freedom of Speech
  • 16. The Current Conflicts Different Definitions • Personally Identifiable Information (PII)—In 2010, the US Government’s Office of Management and Budget (OMB) stated, “The definition of PII is not anchored to any single category of information or technology. Rather, it requires a case-by-case assessment of the specific risk that an individual can be identified. In performing this assessment, it is important for an agency to recognize that non-PII can become PII whenever additional information is made publicly available—in any medium from any source—that, when combined with other available information, could be used to identify an individual.” See also US National Institute for Standards and Technology (NIST) definition. • Personal Information—Mexico has a broad definition, including any information concerning an individual. • Sensitive Personal Information—For instance, in Argentina, it includes ethnic or racial origin, political opinions, union membership, philosophical, while in Finland, it includes criminal sanctions and the receipt of social welfare. 16
  • 18. US-EU Safe Harbor Framework • Although US does not meet the minimum standards required by the 1995 Directive, the Safe Harbor has allowed data transfers between the EU and the US. • Companies self-certify compliance, which has never been popular in Europe. • Negotiations are continuing to safe the Safe Harbor. 18
  • 19. The Coming Conflicts • EU General Data Protection Regulation (GDPR) • Microsoft Dublin Warrant Controversy 19
  • 20. The Coming Conflicts EU GDPR • Change from Directive (Directive 95/46/EC) to Regulation (GDPR) • The goal is to harmonize the laws of the 28 EU Member States • Harmonizing the laws would make international business easier, but the GDPR in its current form would create more substantial differences with the US. • Right to be Forgotten/Right of Erasure—a major issue, but in May 2014, the EU Court of Justice held in Google Spain that the Right to be Forgotten exists under the current Directive in certain circumstances. • International Transfer of Personal Data • Data Breach Notification—Change from 24 hours to “without undue delay.” • European Council must still approve. 20
  • 21. The Coming Conflicts Microsoft Dublin Warrant • In re Warrant to Search a Certain E-Mail Account Controlled and Maintained by Microsoft Corp. (S.D.N.Y. 2014) • US court holds a warrant for email data stored is Dublin is valid under the US Stored Communications Act of 1986 because the data are controlled by Microsoft in the US—despite being stored in Ireland. • Microsoft—supported by tech companies—is appealing to the US Court of Appeals for the Second Circuit, arguing that it does matter where the data are stored and that the US does not have authority to data stored in Ireland. • If upheld, it could be a major blow to US tech companies. 21
  • 22. Key Takeaways • Take ownership of the issue • Know what data you are collecting and why • The less you collect the more secure you are – the more you collect the richer the data source – get the balance right • Clearly define PII and non PII • Figure out a Data Loss Prevention (DLP) strategy • Know what laws impact your organization – does data travel overseas? • Clear house – don’t just keep data because you can • Take a scenario based approach – what are the scenarios for your organization? 22

Editor's Notes

  1. instant gratification > depth, hard hitting > depth, speed, cofee break > ride home, 10 minutes/30 minutes/ one hour, speak up in a meeting > run the meeting
  2. ----- Meeting Notes (3/19/15 07:13) ----- --These technologies change the way people communicate and thus, the way personal information is transmitted. --Social Media have changed people’s sensitivities about what is private, and research shows many people don’t realize how much personal data they share. --Additional inadvertent disclosure of information, e.g., ‘fat finger syndrome’ --If you want to throw in a legal case, you could mention the US Supreme Court’s mobile phone decision from last year in Riley v. California, which illustrates how technology has changed how the law has changed the law handles private data (and you’ve got the link to my report.)