SlideShare a Scribd company logo

Data protection & security breakfast briefing master slides 28 june-final

Download as PPTX, PDF
Dr. Donald Macfarlane
Dr. Donald Macfarlane

The document summarizes an IBM breakfast briefing on data protection, security, and regulatory updates. The briefing covered the changing EU General Data Protection Regulations and implications for organizations, including increased fines for noncompliance. It also discussed practical strategies for organizations to build a culture of data protection compliance, including data discovery, classification, retention, and disposal. Speakers included experts from IBM, law firms, and other companies to discuss analytics and best practices to help organizations adhere to new rules and regulations.

Data & Analytics
1 of 40
© 2015 IBM Corporation IBM Data Protection & Security Breakfast Briefing 28th April 2015
© 2015 IBM Corporation2 2 Time Session 08.15 Arrival & Breakfast 08.45 Data Protection: Legal, Security and Regulatory Update EU General Data Protection Regulations are changing - what does this mean for your organisation? Cyber-Protection is high profile - breaches can cost you your business. Not knowing what business know-how and IP you have puts you at a disadvantage. What to do when the regulator or solicitors get involved. Your customers have a right to privacy and a right to protect their personal data, regardless where that data is stored or how it was first collected; this now includes a right to be forgotten. We will cover practical data protection, business data security (sensitive data and IP) and information governance policies/practices enforcement - we will help you build a culture of compliance and corporate protection within your organization Dr Donald Macfarlane, IBM 09.15 Panel Discussion Robert Duggan, Partner - Mourant Ozannes. Gregory Campbell, Case Manager - Clifford Chance Monika Tomczak-Gorlikowska, Data Privacy Counsel - Shell International Limited Mark Callahan, CEO - Gravicus Dr Donald Macfarlane, IBM 10.00 How can Analytics help your organisation adhere to these rules and regulations? Solomon Barron, IBM 10.15 Wrap up and Q&A 10.30 Close & Networking
© 2015 IBM Corporation Data Protection: Legal, Security and Regulatory Update Dr Donald Macfarlane, IBM
© 2015 IBM Corporation4
© 2015 IBM Corporation5 Organizations today face a growing range of adversaries • The number and variety of new adversaries and threats continues to grow • Old threats don’t always disappear – while new threats continue to add to the total landscape • The old way of providing Managed Security Services has grown stale – Still a requirement, but not enough on its own.
© 2015 IBM Corporation6 Information Doubles Every Two Years 1 Zettabye = 1,000 Exabytes = 1,000,000 Petabytes Erroneous delivery of e-mails and documents was the leading threat action among the 47,000+ security incidents we studied from 2012 * 44.8 million70% Percentage of total information retained inside an organization which has no business value and no legal or compliance obligation* 10 Zettabytes Information Under Management in 2014 Estimated number of records that were compromised in 2012 Portion of information unnecessarily retained Hidden in corporate data is vast amounts of data some of which is likely to attract protection under global privacy rules and regulations – key is knowing which Source: Verizon 2013 Data Breach Investigations Report Source: IDC Digital Universe, 2012 Source: CGOC Summit Survey *Indeed much of this data being kept is likely to have privacy obligations that are often failing to be me
© 2015 IBM Corporation7 EU Landscape 3-fold Problem Global Implications 1. Existing Data Protection Directive – local laws 2. Google Spain SL, Google Inc. v Agencia Española de Protección de Datos, Mario Costeja González (2014) 3. Upcoming EU General Data Protection Regulation
© 2015 IBM Corporation8  Within the EU:  Individuals have a right to privacy - “private and family life, his home and his correspondence” (Article 8 ECHR),  Individuals have right to protection of personal data - “Everyone has the right to the protection of personal data concerning him or her” (Article 8 ECFR)  Data protection is somewhat narrower in scope than the concept of privacy as it does not specifically cover the right to a private life, private home, private correspondence, etc.  Specifically grants data subjects with the rights to access, modify, update or ask for deletion of such data e.g. right to know what data is gathered or stored about you, to access this and request modification/deletion  Data protection gives individuals:  The right to know what personal data is collected, on what legal grounds, how it is used, for how long it used and kept, and by whom.  Specifically grants data subjects with the right to access, modify, update or ask for deletion of their data Privacy within the EU
© 2015 IBM Corporation9  Court of Justice of the European Union held that an internet search engine operator is responsible for the processing that it carries out of personal information which appears on web pages published by third parties.  Outcome of the ruling is that an ‘internet search engine’ must remove links to freely accessible web pages resulting from a search on their name e.g inadequate, irrelevant, no longer relevant or excessive (time)  Request from relevant authorities can order removal.  Court did not explicitly grant “right to be forgotten” instead relied upon the data subject's rights deriving from Articles 7 (respect for private and family life) and 8 (protection of personal data) of the Charter of Fundamental Rights of the European Union.  Commentators state that the Google Spain decision aligns with upcoming “right to be forgotten” in the GDPR Google Spain SL, Google Inc. v Agencia Española de Protección de Datos, Mario Costeja González (2014) – Google Spain Case
© 2015 IBM Corporation10  Today’s environment is one of increasing reports of cyber-security attacks  Consumers are wary of data privacy and protections put in place by big business  Cyber-criminals seek new ways to access credit card numbers, expiration dates, account holder names and CBB codes, intellectual property, and other sensitive information.  Reputational management has also become a major consideration – PII breaches are high profile, focus the vulnerability of user data, but more importantly consumers hold YOU responsible.  This provides the backdrop for upcoming data privacy rule changes  The new Regulation introduces greater transparency and greater accountability  Fines for noncompliance have become significant  Rules apply to any non-European company handling EU-specific data What is changing with the GDPR / What is being reported?
© 2015 IBM Corporation11 What is changing with the GDPR / What is being reported?  Single set of rules across EU & EU regulator – covers al EU countries  Regulation now has teeth - up to €100m penalty, or 5% of annual turnover  Includes all EU citizen data on cloud, social media and third parties  Rights of Data Subjects and Obligations on business  "Right to be forgotten" - Can you, as a business, prove it?  "Show me my data" - Do you know what and where it is on your systems?  "Privacy by design"- How are you planning this long-term?  Companies have to proactively certify compliance - Are you confident you can comply?
© 2015 IBM Corporation12 Personally Identifiable Information: Direct and Indirect  “Any information about an individual… including  (1) information that can be used to distinguish or trace an individual‘s identity, such as name, social security number, date and place of birth, mother‘s maiden name, or biometric records; and/or  (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information." e.g. user's IP address as used in a communication exchange is classed as PII regardless of whether it may or may not on its own be able to uniquely identify a person.”*NIST definition.   Email address, unique national identification number, tax, passport or identity card, vehicle registration plate number, driver's license number, biometric data: face, fingerprints, or handwriting, credit card numbers, date of birth an birthplace, gender/race, genetic/medical information, telephone number, login name, screen name, nickname, or handle, IP address (in some cases), geographical data, qualifications, criminal record data, employment details…. Alphanumeric Sequences and/or Training Sets using classification technology * National Institute of Standards and TechnologyDefinition
© 2015 IBM Corporation13 • Article 3 – Scope “…applies to the processing of personal data by a controller not established in the Union…” • Article 15 - Right of Access for Data subject have the right to know “whether or not data relating to the data subject is being processed” • And in addition will be provided with details relating to purpose, categories, recipients, storage periods, significance and how to seek rectification.  Article 17 - Right to Erasure (“to be forgotten”)  Data controller must erase the data if the individual objects to their data collection for a specific reason e.g. no consent for marketing usage and/or if the data is not being processed in accordance with the Regulation, it must be forgotten  Data must be deleted if it is no longer needed, or if “the data subject withdraws consent on which the processing is based…”  Article 19 - Right to Object and Profiling  “data subject shall have right to object…unless the controller demonstrates compelling legitimate grounds for processing which override…” What obligations flow from the GDPR
© 2015 IBM Corporation14  Article 22 – Responsibility of the Controller “The controller shall adopt policies and implement appropriate measures to ensure and be able to demonstrate that the processing of personal data is performed in compliance with this Regulation” • Verification • Effectiveness  Article 23 - Data Protection by Design and by Default  requirement to implement technical and organizational measures to meet Regulation and ensure data protection rights of subject are met  Have regard to state of the art and cost of implementation  Note: 18 month implementation period often discussed Need to take action to avoid issues and ensure able to prove compliance, so what is best practice? Obligations on Controllers & Processes
© 2015 IBM Corporation15 GDPR: Timeline Update  On 28th January 2015, Data Protection Day, European Commission VP Andrus Ansip and commissioner Věra Jourová issued a joint statement to say ongoing negotiations on the GDPR will conclude before the end of this year.  “EU Data Protection reform also includes new rules for police and criminal justice authorities when they exchange data across the EU. This is very timely, not least in light of the recent terrorist attacks in Paris. There is need to continue and to intensify our law enforcement cooperation. Robust data protection rules will foster more effective cooperation based on mutual trust. We must conclude the ongoing negotiations on the data protection reform before the end of this year. By the 10th European Data Protection Day, we are confident that we will be able to say that the EU remains the global gold standard in the protection of personal data” 15
© 2015 IBM Corporation18 Best Practice & Solutions
© 2015 IBM Corporation19 What, Where & How  What are common security breach causes?  1. Sensitive personal data stored behind a corporate firewall inappropriately  e.g. Sony’s stoage of over 47,000 Social Security numbers, employment files including salaries, medical information, and anything else that their employer Sony held, was leaked to the public.  2. Mis-use of sensitive data internally and/or data leakage/loss  e.g. employees repurposing company data stored without sufficient safeguards and/or application of corporate policy leading to loss of HDD  3. Data stored in breach of stated corporate policy/T&C’s agreed with their customers  e.g. MoD, Sony, Google and potentially many others  Where is the data likely to be?  Email, SharePoint, Fileshare(s), Archives, PC/Laptop HDD, Databases, Cloud, USB devices etc.  How do we propose to locate and remediate?  Indexing of unstructured data and policy syndication in archives across the IT Estate.  SIQ – pattern recognition – active intelligence, ICC – automatic classification and Atlas for the storage of local law policies. Business Remediation Processes
© 2015 IBM Corporation20 RIM LEGAL PRIVACY AND SECURITY BUSINESS IT ILG hub AnalyticsDiscovery Disposal ArchivingRetention STEP 1: Identify Sources and Types of Data Information Governance Reference Model • Unified governance • Information stakeholders • Policy integration http://www.edrm.net/projects/igrm
© 2015 IBM Corporation21 STEP 2 - Using IGRM/Stakeholders to guide the Solution:  Legal: Identification of Sources and Data types – discovery and indexing to identify key areas of risk, index data and being in a position to take action/remediate. Classification & Archiving of identified sources. Early Data Assessment.  Privacy/Security: compliance with automated governance to corporate policy- adresses secure storage, privacy, audit trails and accountability for personal information.  RIM: Records & Security – automated file level application – addresses "Privacy by design", illustrate follow best practice by aligning private data with the reason for retaining them, and proactively driving timely disposition.  LOB: Business Take advantage of the Privacy Dividend – customers trust you with their data and will spend more with you rather than a competitor.  IT: Funding – storage reduction/cost take out to implement programme.
© 2015 IBM Corporation22 Email ServersECM Cloud “ACTIVE” INTELLIGENCE – address historical and future Identify, Analyze & Act Business Outcome specific filters, actions, local policies, critical reports, audit trails etc DATA SUBJECT ACCESS / DEFENCE Art 7 – consent Art 11 – transparent Art 12 - Procedure Art 17 - erasure Art 28 - documentation Compliance Audit Art 7 – consent Art 11 – Transparent Art 12 procedure Art 22 – controller responsibility Art 30 - security PRIVACY /COMPLIANCE DISCOVERY Art 14 – information Art 15 – right of access Art 23 – design/default Art 30 – notification At 33 – impact assessment Data Manager Business Stakeholder IT Expert Window on to Privacy/ Security/ Confidential/ Compliance Data Business Outcome / Need MediaArchive Platform Forensic Images/Tapes File Servers Desktops/ Mobile SharePoint & Enterprise Collaboration Social Networks CLASSIFICATION AND RETENTION EXECUTION Art 18 - portability Art 19 – right to object Art 21 - restrictions
© 2015 IBM Corporation23 The Data and Data Source Challenge:  Hundreds of threats  Multiple threat actor groups  A wide variety of tactics – From manipulative behaviors to malware  Finding the data that should capture the attention of your organization requires: – Expertise in targeted threat analysis – knowing where and how to collect meaningful data – Technology to manage threat intelligence – Business insight in knowing how to identify the threats most significant to a specific organization, and to provide strategic guidance and tactical solutions to improve security posture KEY - How can organizations make this challenge not only manageable, but cost effective? Analysis of targeting and distillation to most significant threats Threat data, collected from multiple sources worldwide Open Source Intelligence Internal Data Third Party Providers Business Targeted Actionable Findings
© 2015 IBM Corporation24 Use of Active Threat Intelligence: insight into effective action Active Threat Intelligence partner discovers a new targeted threat or technique New Threat Process notes that the threat has a high probability of impact on the client Process communicates threat detail to the client and provides: • Steps to harden defense • Tactics for monitoring threat activity Process delivers detailed insight into • Threat actor • Tactics involved Process may relay additional information to threat intelligence partner, such as • Malware samples • AV signatures • Activity logs Process may analyze additional data to further refine insight into the nature of the threat Process monitors external data for changes in the nature of the threat If evidence of threat activity is detected, Advisor may direct the client to engage: • Incident response • Remediation • Forensic analysis Process continues to monitor threat on an ongoing basis Based on intelligence findings, Process may recommend • Changes to the client’s security posture • Consulting to adapt security strategy Discover and Assess Respond Adapt
© 2015 IBM Corporation25  5 Steps to Comply and THRIVE  Burden of Data Privacy increase due to 3 main factors: increasing data, consumer awareness/media and the continuing evolution of data regulation across the world (including the increased use of civil penalties for breach). Large corporate tendencies “to keep everything” for the “longest legislated period in an operational market” increase risk – internet of everything 1. TRANSITION - Use the transition period between now and 2017 to set strategy. 2. HOUSING - Plan data housing, including data center location and data audit/compliance 3. RIGHTS (Privacy) - Consider data subject rights, and prepare for subject access requests 4. INTERNATIONAL - Establish guidance for international data transfers 5. VARIETY - Consider the variety of data types and sources, including social and mobile 6. EDUCATE & EVANGELIZE - Get stakeholders, especially executives, on board.
© 2015 IBM Corporation Panel Discussion Robert Duggan, Partner - Mourant Ozannes Gregory Campbell, Case Manager - Clifford Chance Monika Tomczak-Gorlikowska, Data Privacy Counsel - Shell International Limited Mark Callahan, CEO – Gravicus Dr Donald Macfarlane, IBM
© 2015 IBM Corporation An Analysis of Analytics Sol Barron sol.barron@uk.ibm.com IBM Analytics Information Governance Specialist
© 2015 IBM Corporation28 Modern day Alchemy?  Definition of alchemy:  noun  The medieval forerunner of chemistry, concerned with the transmutation of matter, in particular with attempts to convert base metals into gold or find a universal elixir big data, digital detritus
© 2015 IBM Corporation29 Or put it another way...
© 2015 IBM Corporation30 Types of data analytics  User-driven, single or limited facet analysis  Large corpus, data at rest, trend spotting • Things you don’t know you don’t know, e.g. factoids!  Large corpus, data at rest, intelligence gathering • Things you know you don’t know, e.g. sentiment analysis  System-driven, multi-faceted, exhaustive analysis  Large corpus, data at rest and in motion – actual business insight • Things you ought to know!  Content analytics...
© 2015 IBM Corporation31 IBM Analytics  Unlimited corpus scope, to answer questions such as...  What is happening? • Descriptive  Why is it happening? • Diagnostic  What could happen next? • Predictive  What should I do? • Prescriptive
© 2015 IBM Corporation32 The sum of the parts ● Not just a set of tools ● ● Beyond business intelligence ● ● Turns intelligence into action ● IBM Analytics allows you to... • Reduce the time between insight and action • Enable decision makers to find their own answers • Empower people at every level to act with confidence
© 2015 IBM Corporation33 But what about content analytics?  Data Protection & Security  ... is not interested in the corpus as a whole • What’s my potential exposure vis-à-vis each individual content object  ... requires document level analysis • What type of documents are in this location?  ... requires business intelligence for multiple document types • How should different document types be handled?  ... requires an understanding of semantic entities in your business • PCI, PII, Account numbers, NINO’s, etc.
© 2015 IBM Corporation34 IBM Content Classification …categorizes and organizes content by combining multiple methods of context- sensitive analysis. It enables workers to focus on higher value activities by consistently and accurately automating content-centric categorization decisions. It is designed to help tame the explosion of unstructured content, delivering better accessibility, usability, compliance and analytics
© 2015 IBM Corporation35 IBM Content Classification
© 2015 IBM Corporation36 Does this scale for your organisation?  How do you address 00’s terabytes or even petabytes of files?  StoredIQ provides a massively scalable delivery vehicle for enterprise-wide content assessment and analysis  Allows you to prioritise and target deep content classification analytics across the entire data estate
© 2015 IBM Corporation37 StoredIQ dashboard
© 2015 IBM Corporation38 Its not just about EU data compliance...  Can you find relevant content, quickly?  “Search, Refine, Repeat” is no longer acceptable  Image Capture, Content Collection, Enterprise Search • Are you uncovering business insight from your content? – Organized content produces better insight – Content Analytics • Is the right content available at the right time? – Business processes require timely access to content – Business Process Management, Case Management • Are you complying with Legal and Business mandates? – Content has a compliance lifecycle that must be enforced – Content Collection, Enterprise Records, eDiscovery
© 2015 IBM Corporation39 Any questions???
© 2015 IBM Corporation40 Backup
© 2015 IBM Corporation42 Legal Disclaimer • © IBM Corporation 2015. All Rights Reserved. • The information contained in this publication is provided for informational purposes only. While efforts were made to verify the completeness and accuracy of the information contained in this publication, it is provided AS IS without warranty of any kind, express or implied. In addition, this information is based on IBM’s current product plans and strategy, which are subject to change by IBM without notice. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this publication or any other materials. Nothing contained in this publication is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. • References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in this presentation may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results. • If the text contains performance statistics or references to benchmarks, insert the following language; otherwise delete: Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the user's job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here. • If the text includes any customer examples, please confirm we have prior written approval from such customer and insert the following language; otherwise delete: All customer examples described are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics may vary by customer. • Please review text for proper trademark attribution of IBM products. At first use, each product name must be the full name and include appropriate trademark symbols (e.g., IBM Lotus® Sametime® Unyte™). Subsequent references can drop “IBM” but should include the proper branding (e.g., Lotus Sametime Gateway, or WebSphere Application Server). Please refer to http://www.ibm.com/legal/copytrade.shtml for guidance on which trademarks require the ® or ™ symbol. Do not use abbreviations for IBM product names in your presentation. All product names must be used as adjectives rather than nouns. Please list all of the trademarks that you use in your presentation as follows; delete any not included in your presentation. IBM, the IBM logo, Lotus, Lotus Notes, Notes, Domino, Quickr, Sametime, WebSphere, UC2, PartnerWorld and Lotusphere are trademarks of International Business Machines Corporation in the United States, other countries, or both. Unyte is a trademark of WebDialogs, Inc., in the United States, other countries, or both. • If you reference Adobe® in the text, please mark the first use and include the following; otherwise delete: Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, and/or other countries. • If you reference Java™ in the text, please mark the first use and include the following; otherwise delete: Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both. • If you reference Microsoft® and/or Windows® in the text, please mark the first use and include the following, as applicable; otherwise delete: Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other countries, or both. • If you reference Intel® and/or any of the following Intel products in the text, please mark the first use and include those that you use as follows; otherwise delete: Intel, Intel Centrino, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. • If you reference UNIX® in the text, please mark the first use and include the following; otherwise delete: UNIX is a registered trademark of The Open Group in the United States and other countries. • If you reference Linux® in your presentation, please mark the first use and include the following; otherwise delete: Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both. Other company, product, or service names may be trademarks or service marks of others. • If the text/graphics include screenshots, no actual IBM employee names may be used (even your own), if your screenshots include fictitious company names (e.g., Renovations, Zeta Bank, Acme) please update and insert the following; otherwise delete: All references to [insert fictitious company name] refer to a fictitious company and are used for illustration purposes only.

Recommended

"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...
"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz..."Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...
"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...Cédric Laurant
 
Research on Legal Protection of Data Rights of E Commerce Platform Operators
Research on Legal Protection of Data Rights of E Commerce Platform OperatorsResearch on Legal Protection of Data Rights of E Commerce Platform Operators
Research on Legal Protection of Data Rights of E Commerce Platform OperatorsYogeshIJTSRD
 
GDPR: how IT works
GDPR: how IT worksGDPR: how IT works
GDPR: how IT worksMorris Dorfer
 
Cybersecurity and Data Privacy
Cybersecurity and Data PrivacyCybersecurity and Data Privacy
Cybersecurity and Data PrivacyWilmerHale
 
Privacy through Anonymisation in Large-scale Socio-technical Systems: The BIS...
Privacy through Anonymisation in Large-scale Socio-technical Systems: The BIS...Privacy through Anonymisation in Large-scale Socio-technical Systems: The BIS...
Privacy through Anonymisation in Large-scale Socio-technical Systems: The BIS...Andrea Omicini
 
Legal issues in technology
Legal issues in technologyLegal issues in technology
Legal issues in technologyEzraGray1
 
Data Protection in India
Data Protection in IndiaData Protection in India
Data Protection in IndiaHome
 
Relationship between data protection and m&a (1)
Relationship between data protection and m&a (1)Relationship between data protection and m&a (1)
Relationship between data protection and m&a (1)Ashish vishal
 

Recommended

"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...
"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz..."Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...
"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...Cédric Laurant
 
Research on Legal Protection of Data Rights of E Commerce Platform Operators
Research on Legal Protection of Data Rights of E Commerce Platform OperatorsResearch on Legal Protection of Data Rights of E Commerce Platform Operators
Research on Legal Protection of Data Rights of E Commerce Platform OperatorsYogeshIJTSRD
 
GDPR: how IT works
GDPR: how IT worksGDPR: how IT works
GDPR: how IT worksMorris Dorfer
 
Cybersecurity and Data Privacy
Cybersecurity and Data PrivacyCybersecurity and Data Privacy
Cybersecurity and Data PrivacyWilmerHale
 
Privacy through Anonymisation in Large-scale Socio-technical Systems: The BIS...
Privacy through Anonymisation in Large-scale Socio-technical Systems: The BIS...Privacy through Anonymisation in Large-scale Socio-technical Systems: The BIS...
Privacy through Anonymisation in Large-scale Socio-technical Systems: The BIS...Andrea Omicini
 
Legal issues in technology
Legal issues in technologyLegal issues in technology
Legal issues in technologyEzraGray1
 
Data Protection in India
Data Protection in IndiaData Protection in India
Data Protection in IndiaHome
 
Relationship between data protection and m&a (1)
Relationship between data protection and m&a (1)Relationship between data protection and m&a (1)
Relationship between data protection and m&a (1)Ashish vishal
 
Cybersecurity and Data Privacy Update
Cybersecurity and Data Privacy UpdateCybersecurity and Data Privacy Update
Cybersecurity and Data Privacy UpdateWilmerHale
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy IntroductionG Prachi
 
Information governance a_necessity_in_to
Information governance a_necessity_in_toInformation governance a_necessity_in_to
Information governance a_necessity_in_toAnne ndolo
 
delphix-wp-gdpr-for-data-masking
delphix-wp-gdpr-for-data-maskingdelphix-wp-gdpr-for-data-masking
delphix-wp-gdpr-for-data-maskingJes Breslaw
 
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Financial Poise
 
Data Privacy
Data PrivacyData Privacy
Data Privacycliff_rudolph
 
Explain your algorithmic decisions for gdpr
Explain your algorithmic decisions for gdprExplain your algorithmic decisions for gdpr
Explain your algorithmic decisions for gdprPierre Feillet
 
Technology’s role in data protection – the missing link in GDPR transformation
Technology’s role in data protection – the missing link in GDPR transformationTechnology’s role in data protection – the missing link in GDPR transformation
Technology’s role in data protection – the missing link in GDPR transformationat MicroFocus Italy ❖✔
 
Customers in the cloud pulse final
Customers in the cloud pulse finalCustomers in the cloud pulse final
Customers in the cloud pulse finalFLUZO
 
How to Protect Your Data
How to Protect Your DataHow to Protect Your Data
How to Protect Your DataNeopost Mailing Solutions, Digital Communications and Shipping Services
 
Data Privacy
Data PrivacyData Privacy
Data PrivacyHome
 
Get you and your business GDPR ready
Get you and your business GDPR readyGet you and your business GDPR ready
Get you and your business GDPR readyHarrison Clark Rickerbys
 
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...Symantec
 
Protecting Patient Health Information in the HITECH Era
Protecting Patient Health Information in the HITECH EraProtecting Patient Health Information in the HITECH Era
Protecting Patient Health Information in the HITECH EraRapid7
 
GDPR (En) JM Tyszka
GDPR (En) JM TyszkaGDPR (En) JM Tyszka
GDPR (En) JM TyszkaJean-Michel Tyszka
 
An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill Komal Gadia
 
Biometric Personal Data, Legal and Technological Utilization Issues
Biometric Personal Data, Legal and Technological Utilization IssuesBiometric Personal Data, Legal and Technological Utilization Issues
Biometric Personal Data, Legal and Technological Utilization IssuesGiannisBasa
 
GDPR, what you need to know and how to prepare for it e book
GDPR, what you need to know and how to prepare for it e bookGDPR, what you need to know and how to prepare for it e book
GDPR, what you need to know and how to prepare for it e bookPlr-Printables
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
 
Deloitte the case for disruptive technology in the legal profession 2017
Deloitte the case for disruptive technology in the legal profession 2017 Deloitte the case for disruptive technology in the legal profession 2017
Deloitte the case for disruptive technology in the legal profession 2017 Ian Beckett
 
El con de les perdius - Adaptación con infantil
El con de les perdius - Adaptación con infantilEl con de les perdius - Adaptación con infantil
El con de les perdius - Adaptación con infantilepc-florida
 
Transform Unstructured Data Into Relevant Data with IBM StoredIQ
Transform Unstructured Data Into Relevant Data with IBM StoredIQTransform Unstructured Data Into Relevant Data with IBM StoredIQ
Transform Unstructured Data Into Relevant Data with IBM StoredIQPerficient, Inc.
 

More Related Content

What's hot

Cybersecurity and Data Privacy Update
Cybersecurity and Data Privacy UpdateCybersecurity and Data Privacy Update
Cybersecurity and Data Privacy UpdateWilmerHale
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy IntroductionG Prachi
 
Information governance a_necessity_in_to
Information governance a_necessity_in_toInformation governance a_necessity_in_to
Information governance a_necessity_in_toAnne ndolo
 
delphix-wp-gdpr-for-data-masking
delphix-wp-gdpr-for-data-maskingdelphix-wp-gdpr-for-data-masking
delphix-wp-gdpr-for-data-maskingJes Breslaw
 
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Financial Poise
 
Explain your algorithmic decisions for gdpr
Explain your algorithmic decisions for gdprExplain your algorithmic decisions for gdpr
Explain your algorithmic decisions for gdprPierre Feillet
 
Technology’s role in data protection – the missing link in GDPR transformation
Technology’s role in data protection – the missing link in GDPR transformationTechnology’s role in data protection – the missing link in GDPR transformation
Technology’s role in data protection – the missing link in GDPR transformationat MicroFocus Italy ❖✔
 
Customers in the cloud pulse final
Customers in the cloud pulse finalCustomers in the cloud pulse final
Customers in the cloud pulse finalFLUZO
 
Data Privacy
Data PrivacyData Privacy
Data PrivacyHome
 
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...Symantec
 
Protecting Patient Health Information in the HITECH Era
Protecting Patient Health Information in the HITECH EraProtecting Patient Health Information in the HITECH Era
Protecting Patient Health Information in the HITECH EraRapid7
 
An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill Komal Gadia
 
Biometric Personal Data, Legal and Technological Utilization Issues
Biometric Personal Data, Legal and Technological Utilization IssuesBiometric Personal Data, Legal and Technological Utilization Issues
Biometric Personal Data, Legal and Technological Utilization IssuesGiannisBasa
 
GDPR, what you need to know and how to prepare for it e book
GDPR, what you need to know and how to prepare for it e bookGDPR, what you need to know and how to prepare for it e book
GDPR, what you need to know and how to prepare for it e bookPlr-Printables
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
 
Deloitte the case for disruptive technology in the legal profession 2017
Deloitte the case for disruptive technology in the legal profession 2017 Deloitte the case for disruptive technology in the legal profession 2017
Deloitte the case for disruptive technology in the legal profession 2017 Ian Beckett
 

What's hot (20)

Cybersecurity and Data Privacy Update
Cybersecurity and Data Privacy UpdateCybersecurity and Data Privacy Update
Cybersecurity and Data Privacy Update
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy Introduction
 
Information governance a_necessity_in_to
Information governance a_necessity_in_toInformation governance a_necessity_in_to
Information governance a_necessity_in_to
 
delphix-wp-gdpr-for-data-masking
delphix-wp-gdpr-for-data-maskingdelphix-wp-gdpr-for-data-masking
delphix-wp-gdpr-for-data-masking
 
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
 
Data Privacy
Data PrivacyData Privacy
Data Privacy
 
Explain your algorithmic decisions for gdpr
Explain your algorithmic decisions for gdprExplain your algorithmic decisions for gdpr
Explain your algorithmic decisions for gdpr
 
Technology’s role in data protection – the missing link in GDPR transformation
Technology’s role in data protection – the missing link in GDPR transformationTechnology’s role in data protection – the missing link in GDPR transformation
Technology’s role in data protection – the missing link in GDPR transformation
 
Customers in the cloud pulse final
Customers in the cloud pulse finalCustomers in the cloud pulse final
Customers in the cloud pulse final
 
How to Protect Your Data
How to Protect Your DataHow to Protect Your Data
How to Protect Your Data
 
Data Privacy
Data PrivacyData Privacy
Data Privacy
 
Get you and your business GDPR ready
Get you and your business GDPR readyGet you and your business GDPR ready
Get you and your business GDPR ready
 
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
 
Protecting Patient Health Information in the HITECH Era
Protecting Patient Health Information in the HITECH EraProtecting Patient Health Information in the HITECH Era
Protecting Patient Health Information in the HITECH Era
 
GDPR (En) JM Tyszka
GDPR (En) JM TyszkaGDPR (En) JM Tyszka
GDPR (En) JM Tyszka
 
An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill
 
Biometric Personal Data, Legal and Technological Utilization Issues
Biometric Personal Data, Legal and Technological Utilization IssuesBiometric Personal Data, Legal and Technological Utilization Issues
Biometric Personal Data, Legal and Technological Utilization Issues
 
GDPR, what you need to know and how to prepare for it e book
GDPR, what you need to know and how to prepare for it e bookGDPR, what you need to know and how to prepare for it e book
GDPR, what you need to know and how to prepare for it e book
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hr
 
Deloitte the case for disruptive technology in the legal profession 2017
Deloitte the case for disruptive technology in the legal profession 2017 Deloitte the case for disruptive technology in the legal profession 2017
Deloitte the case for disruptive technology in the legal profession 2017
 

Viewers also liked

El con de les perdius - Adaptación con infantil
El con de les perdius - Adaptación con infantilEl con de les perdius - Adaptación con infantil
El con de les perdius - Adaptación con infantilepc-florida
 
Transform Unstructured Data Into Relevant Data with IBM StoredIQ
Transform Unstructured Data Into Relevant Data with IBM StoredIQTransform Unstructured Data Into Relevant Data with IBM StoredIQ
Transform Unstructured Data Into Relevant Data with IBM StoredIQPerficient, Inc.
 
Introduction to data protection
Introduction to data protectionIntroduction to data protection
Introduction to data protectionRachel Aldighieri
 
My life project
My life projectMy life project
My life project89746
 
JSIS 484_Article 9 project_Final version
JSIS 484_Article 9 project_Final versionJSIS 484_Article 9 project_Final version
JSIS 484_Article 9 project_Final versionQiannan Zhang
 
pro_gradu_jussi_väistö_v2_tulostus
pro_gradu_jussi_väistö_v2_tulostuspro_gradu_jussi_väistö_v2_tulostus
pro_gradu_jussi_väistö_v2_tulostusJussi V
 
EL CARTERO GUILLOT
EL CARTERO GUILLOTEL CARTERO GUILLOT
EL CARTERO GUILLOTepc-florida
 
Pediatric Nurse Practitioner
Pediatric Nurse PractitionerPediatric Nurse Practitioner
Pediatric Nurse Practitionersantanaarcher15
 
20100708015917 pabyq
20100708015917 pabyq20100708015917 pabyq
20100708015917 pabyqkiyammalittle
 
Activitat inicial
Activitat inicialActivitat inicial
Activitat inicialepc-florida
 
MOOCs and open practices PGDip presentation
MOOCs and open practices PGDip presentationMOOCs and open practices PGDip presentation
MOOCs and open practices PGDip presentationmichaelgloveresearch
 
EEN DOORDACHTE MIX VAN WERKVORMEN
EEN DOORDACHTE MIX VAN WERKVORMENEEN DOORDACHTE MIX VAN WERKVORMEN
EEN DOORDACHTE MIX VAN WERKVORMENMarja Bakker
 

Viewers also liked (16)

El con de les perdius - Adaptación con infantil
El con de les perdius - Adaptación con infantilEl con de les perdius - Adaptación con infantil
El con de les perdius - Adaptación con infantil
 
Transform Unstructured Data Into Relevant Data with IBM StoredIQ
Transform Unstructured Data Into Relevant Data with IBM StoredIQTransform Unstructured Data Into Relevant Data with IBM StoredIQ
Transform Unstructured Data Into Relevant Data with IBM StoredIQ
 
Introduction to data protection
Introduction to data protectionIntroduction to data protection
Introduction to data protection
 
My life project
My life projectMy life project
My life project
 
JSIS 484_Article 9 project_Final version
JSIS 484_Article 9 project_Final versionJSIS 484_Article 9 project_Final version
JSIS 484_Article 9 project_Final version
 
pro_gradu_jussi_väistö_v2_tulostus
pro_gradu_jussi_väistö_v2_tulostuspro_gradu_jussi_väistö_v2_tulostus
pro_gradu_jussi_väistö_v2_tulostus
 
Banff presentation mg final
Banff presentation mg finalBanff presentation mg final
Banff presentation mg final
 
EL CARTERO GUILLOT
EL CARTERO GUILLOTEL CARTERO GUILLOT
EL CARTERO GUILLOT
 
Pediatric Nurse Practitioner
Pediatric Nurse PractitionerPediatric Nurse Practitioner
Pediatric Nurse Practitioner
 
L&W IW-HW report F14
L&W IW-HW report F14L&W IW-HW report F14
L&W IW-HW report F14
 
20100708015917 pabyq
20100708015917 pabyq20100708015917 pabyq
20100708015917 pabyq
 
Activitat inicial
Activitat inicialActivitat inicial
Activitat inicial
 
20161116_Hanzo Archives_overview
20161116_Hanzo Archives_overview20161116_Hanzo Archives_overview
20161116_Hanzo Archives_overview
 
MOOCs and open practices PGDip presentation
MOOCs and open practices PGDip presentationMOOCs and open practices PGDip presentation
MOOCs and open practices PGDip presentation
 
EEN DOORDACHTE MIX VAN WERKVORMEN
EEN DOORDACHTE MIX VAN WERKVORMENEEN DOORDACHTE MIX VAN WERKVORMEN
EEN DOORDACHTE MIX VAN WERKVORMEN
 
All That Jazz
All That JazzAll That Jazz
All That Jazz
 

Similar to Data protection & security breakfast briefing master slides 28 june-final

The Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t knowThe Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t knowSymantec
 
Board Priorities for GDPR Implementation
Board Priorities for GDPR ImplementationBoard Priorities for GDPR Implementation
Board Priorities for GDPR ImplementationJoseph V. Moreno
 
Smart Data Module 5 d drive_legislation
Smart Data Module 5 d drive_legislationSmart Data Module 5 d drive_legislation
Smart Data Module 5 d drive_legislationcaniceconsulting
 
The Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To ConsiderThe Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To ConsiderSymantec
 
The Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPRThe Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPRCase IQ
 
Privacy by design for peerlyst meetup
Privacy by design for peerlyst meetupPrivacy by design for peerlyst meetup
Privacy by design for peerlyst meetupIshay Tentser
 
GDPR A Practical Guide with Varonis
GDPR A Practical Guide with VaronisGDPR A Practical Guide with Varonis
GDPR A Practical Guide with VaronisAngad Dayal
 
Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?Lumension
 
GDPR Is Coming – Are Emailers Ready?
GDPR Is Coming – Are Emailers Ready?GDPR Is Coming – Are Emailers Ready?
GDPR Is Coming – Are Emailers Ready?MediaPost
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? SecurityScorecard
 
GDPR in the Healthcare Industry
GDPR in the Healthcare IndustryGDPR in the Healthcare Industry
GDPR in the Healthcare IndustryEMMAIntl
 
Why GDPR Must Be an Integral Part of Your GRC Framework
Why GDPR Must Be an Integral Part of Your GRC FrameworkWhy GDPR Must Be an Integral Part of Your GRC Framework
Why GDPR Must Be an Integral Part of Your GRC FrameworkPECB
 
Data privacy Legislation in India
Data privacy Legislation in IndiaData privacy Legislation in India
Data privacy Legislation in IndiaLATHA H C
 
Associates quick guide to gdpr v 1.0
Associates quick guide to gdpr v 1.0Associates quick guide to gdpr v 1.0
Associates quick guide to gdpr v 1.0Aaron Banham
 
GDPR: the legal aspects. By Matthias of theJurists Europe.
GDPR: the legal aspects. By Matthias of theJurists Europe.GDPR: the legal aspects. By Matthias of theJurists Europe.
GDPR: the legal aspects. By Matthias of theJurists Europe.Matthias Dobbelaere-Welvaert
 
An Overview of GDPR by Pathway Group
An Overview of GDPR by Pathway GroupAn Overview of GDPR by Pathway Group
An Overview of GDPR by Pathway GroupThe Pathway Group
 

Similar to Data protection & security breakfast briefing master slides 28 june-final (20)

The Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t knowThe Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t know
 
Board Priorities for GDPR Implementation
Board Priorities for GDPR ImplementationBoard Priorities for GDPR Implementation
Board Priorities for GDPR Implementation
 
Smart Data Module 5 d drive_legislation
Smart Data Module 5 d drive_legislationSmart Data Module 5 d drive_legislation
Smart Data Module 5 d drive_legislation
 
GPDR_Get-Data-Protection-Right
GPDR_Get-Data-Protection-RightGPDR_Get-Data-Protection-Right
GPDR_Get-Data-Protection-Right
 
The Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To ConsiderThe Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To Consider
 
GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for Dummies
 
Data protection
Data protectionData protection
Data protection
 
The Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPRThe Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPR
 
Privacy by design for peerlyst meetup
Privacy by design for peerlyst meetupPrivacy by design for peerlyst meetup
Privacy by design for peerlyst meetup
 
GDPR A Practical Guide with Varonis
GDPR A Practical Guide with VaronisGDPR A Practical Guide with Varonis
GDPR A Practical Guide with Varonis
 
Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?Data Protection Rules are Changing: What Can You Do to Prepare?
Data Protection Rules are Changing: What Can You Do to Prepare?
 
GDPR Is Coming – Are Emailers Ready?
GDPR Is Coming – Are Emailers Ready?GDPR Is Coming – Are Emailers Ready?
GDPR Is Coming – Are Emailers Ready?
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready?
 
GDPR in the Healthcare Industry
GDPR in the Healthcare IndustryGDPR in the Healthcare Industry
GDPR in the Healthcare Industry
 
Why GDPR Must Be an Integral Part of Your GRC Framework
Why GDPR Must Be an Integral Part of Your GRC FrameworkWhy GDPR Must Be an Integral Part of Your GRC Framework
Why GDPR Must Be an Integral Part of Your GRC Framework
 
Data privacy Legislation in India
Data privacy Legislation in IndiaData privacy Legislation in India
Data privacy Legislation in India
 
Associates quick guide to gdpr v 1.0
Associates quick guide to gdpr v 1.0Associates quick guide to gdpr v 1.0
Associates quick guide to gdpr v 1.0
 
GDPR: the legal aspects. By Matthias of theJurists Europe.
GDPR: the legal aspects. By Matthias of theJurists Europe.GDPR: the legal aspects. By Matthias of theJurists Europe.
GDPR: the legal aspects. By Matthias of theJurists Europe.
 
An Overview of GDPR
An Overview of GDPR An Overview of GDPR
An Overview of GDPR
 
An Overview of GDPR by Pathway Group
An Overview of GDPR by Pathway GroupAn Overview of GDPR by Pathway Group
An Overview of GDPR by Pathway Group
 

Recently uploaded

Call Girls In Doddaballapur Road ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Doddaballapur Road ☎ 7737669865 🥵 Book Your One night StandCall Girls In Doddaballapur Road ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Doddaballapur Road ☎ 7737669865 🥵 Book Your One night Standamitlee9823
 
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...amitlee9823
 
➥🔝 7737669865 🔝▻ malwa Call-girls in Women Seeking Men 🔝malwa🔝 Escorts Ser...
➥🔝 7737669865 🔝▻ malwa Call-girls in Women Seeking Men 🔝malwa🔝 Escorts Ser...➥🔝 7737669865 🔝▻ malwa Call-girls in Women Seeking Men 🔝malwa🔝 Escorts Ser...
➥🔝 7737669865 🔝▻ malwa Call-girls in Women Seeking Men 🔝malwa🔝 Escorts Ser...amitlee9823
 
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...amitlee9823
 
Mature dropshipping via API with DroFx.pptx
Mature dropshipping via API with DroFx.pptxMature dropshipping via API with DroFx.pptx
Mature dropshipping via API with DroFx.pptxolyaivanovalion
 
Mg Road Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Banga...
Mg Road Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Banga...Mg Road Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Banga...
Mg Road Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Banga...amitlee9823
 
CebaBaby dropshipping via API with DroFX.pptx
CebaBaby dropshipping via API with DroFX.pptxCebaBaby dropshipping via API with DroFX.pptx
CebaBaby dropshipping via API with DroFX.pptxolyaivanovalion
 
Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...amitlee9823
 
VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...
VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...
VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...SUHANI PANDEY
 
Discover Why Less is More in B2B Research
Discover Why Less is More in B2B ResearchDiscover Why Less is More in B2B Research
Discover Why Less is More in B2B Researchmichael115558
 
Call Girls Jalahalli Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
Call Girls Jalahalli Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...Call Girls Jalahalli Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
Call Girls Jalahalli Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...amitlee9823
 
Accredited-Transport-Cooperatives-Jan-2021-Web.pdf
Accredited-Transport-Cooperatives-Jan-2021-Web.pdfAccredited-Transport-Cooperatives-Jan-2021-Web.pdf
Accredited-Transport-Cooperatives-Jan-2021-Web.pdfadriantubila
 
FESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdfFESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdfMarinCaroMartnezBerg
 
5CL-ADBA,5cladba, Chinese supplier, safety is guaranteed
5CL-ADBA,5cladba, Chinese supplier, safety is guaranteed5CL-ADBA,5cladba, Chinese supplier, safety is guaranteed
5CL-ADBA,5cladba, Chinese supplier, safety is guaranteedamy56318795
 
Midocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFxMidocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFxolyaivanovalion
 
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...Delhi Call girls
 
Halmar dropshipping via API with DroFx
Halmar dropshipping via API with DroFxHalmar dropshipping via API with DroFx
Halmar dropshipping via API with DroFxolyaivanovalion
 

Recently uploaded (20)

Call Girls In Doddaballapur Road ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Doddaballapur Road ☎ 7737669865 🥵 Book Your One night StandCall Girls In Doddaballapur Road ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Doddaballapur Road ☎ 7737669865 🥵 Book Your One night Stand
 
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
Call Girls Indiranagar Just Call 👗 7737669865 👗 Top Class Call Girl Service B...
 
➥🔝 7737669865 🔝▻ malwa Call-girls in Women Seeking Men 🔝malwa🔝 Escorts Ser...
➥🔝 7737669865 🔝▻ malwa Call-girls in Women Seeking Men 🔝malwa🔝 Escorts Ser...➥🔝 7737669865 🔝▻ malwa Call-girls in Women Seeking Men 🔝malwa🔝 Escorts Ser...
➥🔝 7737669865 🔝▻ malwa Call-girls in Women Seeking Men 🔝malwa🔝 Escorts Ser...
 
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
 
Mature dropshipping via API with DroFx.pptx
Mature dropshipping via API with DroFx.pptxMature dropshipping via API with DroFx.pptx
Mature dropshipping via API with DroFx.pptx
 
CHEAP Call Girls in Saket (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Saket (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Saket (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Saket (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Mg Road Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Banga...
Mg Road Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Banga...Mg Road Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Banga...
Mg Road Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Banga...
 
Call Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts Service
Call Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts ServiceCall Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts Service
Call Girls In Shalimar Bagh ( Delhi) 9953330565 Escorts Service
 
CebaBaby dropshipping via API with DroFX.pptx
CebaBaby dropshipping via API with DroFX.pptxCebaBaby dropshipping via API with DroFX.pptx
CebaBaby dropshipping via API with DroFX.pptx
 
Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...
 
VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...
VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...
VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...
 
Discover Why Less is More in B2B Research
Discover Why Less is More in B2B ResearchDiscover Why Less is More in B2B Research
Discover Why Less is More in B2B Research
 
Call Girls Jalahalli Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
Call Girls Jalahalli Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...Call Girls Jalahalli Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
Call Girls Jalahalli Just Call 👗 7737669865 👗 Top Class Call Girl Service Ban...
 
Accredited-Transport-Cooperatives-Jan-2021-Web.pdf
Accredited-Transport-Cooperatives-Jan-2021-Web.pdfAccredited-Transport-Cooperatives-Jan-2021-Web.pdf
Accredited-Transport-Cooperatives-Jan-2021-Web.pdf
 
Anomaly detection and data imputation within time series
Anomaly detection and data imputation within time seriesAnomaly detection and data imputation within time series
Anomaly detection and data imputation within time series
 
FESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdfFESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdf
 
5CL-ADBA,5cladba, Chinese supplier, safety is guaranteed
5CL-ADBA,5cladba, Chinese supplier, safety is guaranteed5CL-ADBA,5cladba, Chinese supplier, safety is guaranteed
5CL-ADBA,5cladba, Chinese supplier, safety is guaranteed
 
Midocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFxMidocean dropshipping via API with DroFx
Midocean dropshipping via API with DroFx
 
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
 
Halmar dropshipping via API with DroFx
Halmar dropshipping via API with DroFxHalmar dropshipping via API with DroFx
Halmar dropshipping via API with DroFx
 

Data protection & security breakfast briefing master slides 28 june-final

  • 1. © 2015 IBM Corporation IBM Data Protection & Security Breakfast Briefing 28th April 2015
  • 2. © 2015 IBM Corporation2 2 Time Session 08.15 Arrival & Breakfast 08.45 Data Protection: Legal, Security and Regulatory Update EU General Data Protection Regulations are changing - what does this mean for your organisation? Cyber-Protection is high profile - breaches can cost you your business. Not knowing what business know-how and IP you have puts you at a disadvantage. What to do when the regulator or solicitors get involved. Your customers have a right to privacy and a right to protect their personal data, regardless where that data is stored or how it was first collected; this now includes a right to be forgotten. We will cover practical data protection, business data security (sensitive data and IP) and information governance policies/practices enforcement - we will help you build a culture of compliance and corporate protection within your organization Dr Donald Macfarlane, IBM 09.15 Panel Discussion Robert Duggan, Partner - Mourant Ozannes. Gregory Campbell, Case Manager - Clifford Chance Monika Tomczak-Gorlikowska, Data Privacy Counsel - Shell International Limited Mark Callahan, CEO - Gravicus Dr Donald Macfarlane, IBM 10.00 How can Analytics help your organisation adhere to these rules and regulations? Solomon Barron, IBM 10.15 Wrap up and Q&A 10.30 Close & Networking
  • 3. © 2015 IBM Corporation Data Protection: Legal, Security and Regulatory Update Dr Donald Macfarlane, IBM
  • 4. © 2015 IBM Corporation4
  • 5. © 2015 IBM Corporation5 Organizations today face a growing range of adversaries • The number and variety of new adversaries and threats continues to grow • Old threats don’t always disappear – while new threats continue to add to the total landscape • The old way of providing Managed Security Services has grown stale – Still a requirement, but not enough on its own.
  • 6. © 2015 IBM Corporation6 Information Doubles Every Two Years 1 Zettabye = 1,000 Exabytes = 1,000,000 Petabytes Erroneous delivery of e-mails and documents was the leading threat action among the 47,000+ security incidents we studied from 2012 * 44.8 million70% Percentage of total information retained inside an organization which has no business value and no legal or compliance obligation* 10 Zettabytes Information Under Management in 2014 Estimated number of records that were compromised in 2012 Portion of information unnecessarily retained Hidden in corporate data is vast amounts of data some of which is likely to attract protection under global privacy rules and regulations – key is knowing which Source: Verizon 2013 Data Breach Investigations Report Source: IDC Digital Universe, 2012 Source: CGOC Summit Survey *Indeed much of this data being kept is likely to have privacy obligations that are often failing to be me
  • 7. © 2015 IBM Corporation7 EU Landscape 3-fold Problem Global Implications 1. Existing Data Protection Directive – local laws 2. Google Spain SL, Google Inc. v Agencia Española de Protección de Datos, Mario Costeja González (2014) 3. Upcoming EU General Data Protection Regulation
  • 8. © 2015 IBM Corporation8  Within the EU:  Individuals have a right to privacy - “private and family life, his home and his correspondence” (Article 8 ECHR),  Individuals have right to protection of personal data - “Everyone has the right to the protection of personal data concerning him or her” (Article 8 ECFR)  Data protection is somewhat narrower in scope than the concept of privacy as it does not specifically cover the right to a private life, private home, private correspondence, etc.  Specifically grants data subjects with the rights to access, modify, update or ask for deletion of such data e.g. right to know what data is gathered or stored about you, to access this and request modification/deletion  Data protection gives individuals:  The right to know what personal data is collected, on what legal grounds, how it is used, for how long it used and kept, and by whom.  Specifically grants data subjects with the right to access, modify, update or ask for deletion of their data Privacy within the EU
  • 9. © 2015 IBM Corporation9  Court of Justice of the European Union held that an internet search engine operator is responsible for the processing that it carries out of personal information which appears on web pages published by third parties.  Outcome of the ruling is that an ‘internet search engine’ must remove links to freely accessible web pages resulting from a search on their name e.g inadequate, irrelevant, no longer relevant or excessive (time)  Request from relevant authorities can order removal.  Court did not explicitly grant “right to be forgotten” instead relied upon the data subject's rights deriving from Articles 7 (respect for private and family life) and 8 (protection of personal data) of the Charter of Fundamental Rights of the European Union.  Commentators state that the Google Spain decision aligns with upcoming “right to be forgotten” in the GDPR Google Spain SL, Google Inc. v Agencia Española de Protección de Datos, Mario Costeja González (2014) – Google Spain Case
  • 10. © 2015 IBM Corporation10  Today’s environment is one of increasing reports of cyber-security attacks  Consumers are wary of data privacy and protections put in place by big business  Cyber-criminals seek new ways to access credit card numbers, expiration dates, account holder names and CBB codes, intellectual property, and other sensitive information.  Reputational management has also become a major consideration – PII breaches are high profile, focus the vulnerability of user data, but more importantly consumers hold YOU responsible.  This provides the backdrop for upcoming data privacy rule changes  The new Regulation introduces greater transparency and greater accountability  Fines for noncompliance have become significant  Rules apply to any non-European company handling EU-specific data What is changing with the GDPR / What is being reported?
  • 11. © 2015 IBM Corporation11 What is changing with the GDPR / What is being reported?  Single set of rules across EU & EU regulator – covers al EU countries  Regulation now has teeth - up to €100m penalty, or 5% of annual turnover  Includes all EU citizen data on cloud, social media and third parties  Rights of Data Subjects and Obligations on business  "Right to be forgotten" - Can you, as a business, prove it?  "Show me my data" - Do you know what and where it is on your systems?  "Privacy by design"- How are you planning this long-term?  Companies have to proactively certify compliance - Are you confident you can comply?
  • 12. © 2015 IBM Corporation12 Personally Identifiable Information: Direct and Indirect  “Any information about an individual… including  (1) information that can be used to distinguish or trace an individual‘s identity, such as name, social security number, date and place of birth, mother‘s maiden name, or biometric records; and/or  (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information." e.g. user's IP address as used in a communication exchange is classed as PII regardless of whether it may or may not on its own be able to uniquely identify a person.”*NIST definition.   Email address, unique national identification number, tax, passport or identity card, vehicle registration plate number, driver's license number, biometric data: face, fingerprints, or handwriting, credit card numbers, date of birth an birthplace, gender/race, genetic/medical information, telephone number, login name, screen name, nickname, or handle, IP address (in some cases), geographical data, qualifications, criminal record data, employment details…. Alphanumeric Sequences and/or Training Sets using classification technology * National Institute of Standards and TechnologyDefinition
  • 13. © 2015 IBM Corporation13 • Article 3 – Scope “…applies to the processing of personal data by a controller not established in the Union…” • Article 15 - Right of Access for Data subject have the right to know “whether or not data relating to the data subject is being processed” • And in addition will be provided with details relating to purpose, categories, recipients, storage periods, significance and how to seek rectification.  Article 17 - Right to Erasure (“to be forgotten”)  Data controller must erase the data if the individual objects to their data collection for a specific reason e.g. no consent for marketing usage and/or if the data is not being processed in accordance with the Regulation, it must be forgotten  Data must be deleted if it is no longer needed, or if “the data subject withdraws consent on which the processing is based…”  Article 19 - Right to Object and Profiling  “data subject shall have right to object…unless the controller demonstrates compelling legitimate grounds for processing which override…” What obligations flow from the GDPR
  • 14. © 2015 IBM Corporation14  Article 22 – Responsibility of the Controller “The controller shall adopt policies and implement appropriate measures to ensure and be able to demonstrate that the processing of personal data is performed in compliance with this Regulation” • Verification • Effectiveness  Article 23 - Data Protection by Design and by Default  requirement to implement technical and organizational measures to meet Regulation and ensure data protection rights of subject are met  Have regard to state of the art and cost of implementation  Note: 18 month implementation period often discussed Need to take action to avoid issues and ensure able to prove compliance, so what is best practice? Obligations on Controllers & Processes
  • 15. © 2015 IBM Corporation15 GDPR: Timeline Update  On 28th January 2015, Data Protection Day, European Commission VP Andrus Ansip and commissioner Věra Jourová issued a joint statement to say ongoing negotiations on the GDPR will conclude before the end of this year.  “EU Data Protection reform also includes new rules for police and criminal justice authorities when they exchange data across the EU. This is very timely, not least in light of the recent terrorist attacks in Paris. There is need to continue and to intensify our law enforcement cooperation. Robust data protection rules will foster more effective cooperation based on mutual trust. We must conclude the ongoing negotiations on the data protection reform before the end of this year. By the 10th European Data Protection Day, we are confident that we will be able to say that the EU remains the global gold standard in the protection of personal data” 15
  • 16. © 2015 IBM Corporation18 Best Practice & Solutions
  • 17. © 2015 IBM Corporation19 What, Where & How  What are common security breach causes?  1. Sensitive personal data stored behind a corporate firewall inappropriately  e.g. Sony’s stoage of over 47,000 Social Security numbers, employment files including salaries, medical information, and anything else that their employer Sony held, was leaked to the public.  2. Mis-use of sensitive data internally and/or data leakage/loss  e.g. employees repurposing company data stored without sufficient safeguards and/or application of corporate policy leading to loss of HDD  3. Data stored in breach of stated corporate policy/T&C’s agreed with their customers  e.g. MoD, Sony, Google and potentially many others  Where is the data likely to be?  Email, SharePoint, Fileshare(s), Archives, PC/Laptop HDD, Databases, Cloud, USB devices etc.  How do we propose to locate and remediate?  Indexing of unstructured data and policy syndication in archives across the IT Estate.  SIQ – pattern recognition – active intelligence, ICC – automatic classification and Atlas for the storage of local law policies. Business Remediation Processes
  • 18. © 2015 IBM Corporation20 RIM LEGAL PRIVACY AND SECURITY BUSINESS IT ILG hub AnalyticsDiscovery Disposal ArchivingRetention STEP 1: Identify Sources and Types of Data Information Governance Reference Model • Unified governance • Information stakeholders • Policy integration http://www.edrm.net/projects/igrm
  • 19. © 2015 IBM Corporation21 STEP 2 - Using IGRM/Stakeholders to guide the Solution:  Legal: Identification of Sources and Data types – discovery and indexing to identify key areas of risk, index data and being in a position to take action/remediate. Classification & Archiving of identified sources. Early Data Assessment.  Privacy/Security: compliance with automated governance to corporate policy- adresses secure storage, privacy, audit trails and accountability for personal information.  RIM: Records & Security – automated file level application – addresses "Privacy by design", illustrate follow best practice by aligning private data with the reason for retaining them, and proactively driving timely disposition.  LOB: Business Take advantage of the Privacy Dividend – customers trust you with their data and will spend more with you rather than a competitor.  IT: Funding – storage reduction/cost take out to implement programme.
  • 20. © 2015 IBM Corporation22 Email ServersECM Cloud “ACTIVE” INTELLIGENCE – address historical and future Identify, Analyze & Act Business Outcome specific filters, actions, local policies, critical reports, audit trails etc DATA SUBJECT ACCESS / DEFENCE Art 7 – consent Art 11 – transparent Art 12 - Procedure Art 17 - erasure Art 28 - documentation Compliance Audit Art 7 – consent Art 11 – Transparent Art 12 procedure Art 22 – controller responsibility Art 30 - security PRIVACY /COMPLIANCE DISCOVERY Art 14 – information Art 15 – right of access Art 23 – design/default Art 30 – notification At 33 – impact assessment Data Manager Business Stakeholder IT Expert Window on to Privacy/ Security/ Confidential/ Compliance Data Business Outcome / Need MediaArchive Platform Forensic Images/Tapes File Servers Desktops/ Mobile SharePoint & Enterprise Collaboration Social Networks CLASSIFICATION AND RETENTION EXECUTION Art 18 - portability Art 19 – right to object Art 21 - restrictions
  • 21. © 2015 IBM Corporation23 The Data and Data Source Challenge:  Hundreds of threats  Multiple threat actor groups  A wide variety of tactics – From manipulative behaviors to malware  Finding the data that should capture the attention of your organization requires: – Expertise in targeted threat analysis – knowing where and how to collect meaningful data – Technology to manage threat intelligence – Business insight in knowing how to identify the threats most significant to a specific organization, and to provide strategic guidance and tactical solutions to improve security posture KEY - How can organizations make this challenge not only manageable, but cost effective? Analysis of targeting and distillation to most significant threats Threat data, collected from multiple sources worldwide Open Source Intelligence Internal Data Third Party Providers Business Targeted Actionable Findings
  • 22. © 2015 IBM Corporation24 Use of Active Threat Intelligence: insight into effective action Active Threat Intelligence partner discovers a new targeted threat or technique New Threat Process notes that the threat has a high probability of impact on the client Process communicates threat detail to the client and provides: • Steps to harden defense • Tactics for monitoring threat activity Process delivers detailed insight into • Threat actor • Tactics involved Process may relay additional information to threat intelligence partner, such as • Malware samples • AV signatures • Activity logs Process may analyze additional data to further refine insight into the nature of the threat Process monitors external data for changes in the nature of the threat If evidence of threat activity is detected, Advisor may direct the client to engage: • Incident response • Remediation • Forensic analysis Process continues to monitor threat on an ongoing basis Based on intelligence findings, Process may recommend • Changes to the client’s security posture • Consulting to adapt security strategy Discover and Assess Respond Adapt
  • 23. © 2015 IBM Corporation25  5 Steps to Comply and THRIVE  Burden of Data Privacy increase due to 3 main factors: increasing data, consumer awareness/media and the continuing evolution of data regulation across the world (including the increased use of civil penalties for breach). Large corporate tendencies “to keep everything” for the “longest legislated period in an operational market” increase risk – internet of everything 1. TRANSITION - Use the transition period between now and 2017 to set strategy. 2. HOUSING - Plan data housing, including data center location and data audit/compliance 3. RIGHTS (Privacy) - Consider data subject rights, and prepare for subject access requests 4. INTERNATIONAL - Establish guidance for international data transfers 5. VARIETY - Consider the variety of data types and sources, including social and mobile 6. EDUCATE & EVANGELIZE - Get stakeholders, especially executives, on board.
  • 24. © 2015 IBM Corporation Panel Discussion Robert Duggan, Partner - Mourant Ozannes Gregory Campbell, Case Manager - Clifford Chance Monika Tomczak-Gorlikowska, Data Privacy Counsel - Shell International Limited Mark Callahan, CEO – Gravicus Dr Donald Macfarlane, IBM
  • 25. © 2015 IBM Corporation An Analysis of Analytics Sol Barron sol.barron@uk.ibm.com IBM Analytics Information Governance Specialist
  • 26. © 2015 IBM Corporation28 Modern day Alchemy?  Definition of alchemy:  noun  The medieval forerunner of chemistry, concerned with the transmutation of matter, in particular with attempts to convert base metals into gold or find a universal elixir big data, digital detritus
  • 27. © 2015 IBM Corporation29 Or put it another way...
  • 28. © 2015 IBM Corporation30 Types of data analytics  User-driven, single or limited facet analysis  Large corpus, data at rest, trend spotting • Things you don’t know you don’t know, e.g. factoids!  Large corpus, data at rest, intelligence gathering • Things you know you don’t know, e.g. sentiment analysis  System-driven, multi-faceted, exhaustive analysis  Large corpus, data at rest and in motion – actual business insight • Things you ought to know!  Content analytics...
  • 29. © 2015 IBM Corporation31 IBM Analytics  Unlimited corpus scope, to answer questions such as...  What is happening? • Descriptive  Why is it happening? • Diagnostic  What could happen next? • Predictive  What should I do? • Prescriptive
  • 30. © 2015 IBM Corporation32 The sum of the parts ● Not just a set of tools ● ● Beyond business intelligence ● ● Turns intelligence into action ● IBM Analytics allows you to... • Reduce the time between insight and action • Enable decision makers to find their own answers • Empower people at every level to act with confidence
  • 31. © 2015 IBM Corporation33 But what about content analytics?  Data Protection & Security  ... is not interested in the corpus as a whole • What’s my potential exposure vis-à-vis each individual content object  ... requires document level analysis • What type of documents are in this location?  ... requires business intelligence for multiple document types • How should different document types be handled?  ... requires an understanding of semantic entities in your business • PCI, PII, Account numbers, NINO’s, etc.
  • 32. © 2015 IBM Corporation34 IBM Content Classification …categorizes and organizes content by combining multiple methods of context- sensitive analysis. It enables workers to focus on higher value activities by consistently and accurately automating content-centric categorization decisions. It is designed to help tame the explosion of unstructured content, delivering better accessibility, usability, compliance and analytics
  • 33. © 2015 IBM Corporation35 IBM Content Classification
  • 34. © 2015 IBM Corporation36 Does this scale for your organisation?  How do you address 00’s terabytes or even petabytes of files?  StoredIQ provides a massively scalable delivery vehicle for enterprise-wide content assessment and analysis  Allows you to prioritise and target deep content classification analytics across the entire data estate
  • 35. © 2015 IBM Corporation37 StoredIQ dashboard
  • 36. © 2015 IBM Corporation38 Its not just about EU data compliance...  Can you find relevant content, quickly?  “Search, Refine, Repeat” is no longer acceptable  Image Capture, Content Collection, Enterprise Search • Are you uncovering business insight from your content? – Organized content produces better insight – Content Analytics • Is the right content available at the right time? – Business processes require timely access to content – Business Process Management, Case Management • Are you complying with Legal and Business mandates? – Content has a compliance lifecycle that must be enforced – Content Collection, Enterprise Records, eDiscovery
  • 37. © 2015 IBM Corporation39 Any questions???
  • 38. © 2015 IBM Corporation40 Backup
  • 39.
  • 40. © 2015 IBM Corporation42 Legal Disclaimer • © IBM Corporation 2015. All Rights Reserved. • The information contained in this publication is provided for informational purposes only. While efforts were made to verify the completeness and accuracy of the information contained in this publication, it is provided AS IS without warranty of any kind, express or implied. In addition, this information is based on IBM’s current product plans and strategy, which are subject to change by IBM without notice. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this publication or any other materials. Nothing contained in this publication is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. • References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in this presentation may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results. • If the text contains performance statistics or references to benchmarks, insert the following language; otherwise delete: Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the user's job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here. • If the text includes any customer examples, please confirm we have prior written approval from such customer and insert the following language; otherwise delete: All customer examples described are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics may vary by customer. • Please review text for proper trademark attribution of IBM products. At first use, each product name must be the full name and include appropriate trademark symbols (e.g., IBM Lotus® Sametime® Unyte™). Subsequent references can drop “IBM” but should include the proper branding (e.g., Lotus Sametime Gateway, or WebSphere Application Server). Please refer to http://www.ibm.com/legal/copytrade.shtml for guidance on which trademarks require the ® or ™ symbol. Do not use abbreviations for IBM product names in your presentation. All product names must be used as adjectives rather than nouns. Please list all of the trademarks that you use in your presentation as follows; delete any not included in your presentation. IBM, the IBM logo, Lotus, Lotus Notes, Notes, Domino, Quickr, Sametime, WebSphere, UC2, PartnerWorld and Lotusphere are trademarks of International Business Machines Corporation in the United States, other countries, or both. Unyte is a trademark of WebDialogs, Inc., in the United States, other countries, or both. • If you reference Adobe® in the text, please mark the first use and include the following; otherwise delete: Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, and/or other countries. • If you reference Java™ in the text, please mark the first use and include the following; otherwise delete: Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both. • If you reference Microsoft® and/or Windows® in the text, please mark the first use and include the following, as applicable; otherwise delete: Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other countries, or both. • If you reference Intel® and/or any of the following Intel products in the text, please mark the first use and include those that you use as follows; otherwise delete: Intel, Intel Centrino, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. • If you reference UNIX® in the text, please mark the first use and include the following; otherwise delete: UNIX is a registered trademark of The Open Group in the United States and other countries. • If you reference Linux® in your presentation, please mark the first use and include the following; otherwise delete: Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both. Other company, product, or service names may be trademarks or service marks of others. • If the text/graphics include screenshots, no actual IBM employee names may be used (even your own), if your screenshots include fictitious company names (e.g., Renovations, Zeta Bank, Acme) please update and insert the following; otherwise delete: All references to [insert fictitious company name] refer to a fictitious company and are used for illustration purposes only.