Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Data Privacy Trends in 2021: Compliance with New Regulations

The pandemic has changed the way the world works, shops, and interact; the consequences of this have included an increased reliance on technology for all of these activities and a corresponding increased sharing of personal information through technological mediums. Even before the pandemic, a global push was on to strengthen the protection of personal and health information and the results of these various influences has been an enhancement of privacy legislations globally. Compliance with global security laws is now also a larger concern for organizations everywhere.

The webinar will cover:

Global trends in privacy legislations
Some commonalities between privacy laws
Compliance requirements which can affect your organization

Recorded webinar > https://www.youtube.com/watch?v=BKWf6GTlgAM&feature=youtu.be
-------------------------------------------------------------------------------

Find out more about ISO training and certification services

Training: https://pecb.com/whitepaper/iso-27001...​
https://pecb.com/en/education-and-cer...​

Webinars: https://pecb.com/webinars​

Article: https://pecb.com/article​

Whitepaper: https://pecb.com/whitepaper​

-------------------------------------------------------------------------------

For more information about PECB:
Website: https://pecb.com/​
LinkedIn: https://www.linkedin.com/company/pecb/​
Facebook: https://www.facebook.com/PECBInternat...​
Slideshare: http://www.slideshare.net/PECBCERTIFI...

  • Sé el primero en comentar

  • Sé el primero en recomendar esto

Data Privacy Trends in 2021: Compliance with New Regulations

  1. 1. • Overview Of Privacy & Data Protection (P&DP) • Current Status on P&DP • New and updated Privacy Legislations • Commonalities between legislations • What is the impact? • Global P&DP trends • Q & A Agenda
  2. 2. Introduction
  3. 3. Before we start…
  4. 4. Check the past webinars on the PECB website at • https://pecb.com/past-webinars Find all sessions with Q&A + collaterals (decks, recording) at: http://ffwd2.me/PECB_ISO27001_webinars (short cut to LinkedIN page) Previous sessions
  5. 5. After the session, you can find the presentation and recording at • https://pecb.com/past-webinars Reference information + Q&A of this session: https://www.linkedin.com/pulse/pecb-webinar-data-privacy-trends-2021-compliance- new-peter-geelen-/ This session collaterals
  6. 6. Overview Of Privacy & Data Protection (P&DP) What's in a word…
  7. 7. Data Privacy Definition Information privacy is the relationship between the collection and dissemination of data, technology, the public expectation of privacy, and the legal and political issues surrounding them.* *https://en.wikipedia.org/wiki/Information_privacy
  8. 8. Data Protection GDPR Art. 1.1: "protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data" *https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex:32016R0679
  9. 9. GDPR and privacy GDPR itself does not mention privacy… except a footnote on Directive 2002/58/EC, the eCommunications directive In GDPR, it's about data protection, which means protecting your data. Privacy = "The right to be left alone"
  10. 10. Some Stats – UN Conference on Trade & Development
  11. 11. Privacy, data protection vs. cybersecurity There is No Privacy and data protection Without Cybersecurity But you can have cybersecurity without the need of privacy or data protection.
  12. 12. Privacy & Data Protection vs Enterprise security In many cases • Privacy & data protection is targeted to people, persons and their data • Privacy & data protection is (mostly) not about company or enterprise data (finance, operations, products, services…) BUT Data breaches of company data do have the same impact (so treat and protect them equally)
  13. 13. Current Status on P&DP The battle for your personal data and privacy
  14. 14. North America - Canada PIPEDA - Personal Information Protection and Electronic Documents Act • Federal Legislation managed by the Office of the Privacy Commissioner of Canada • An individual’s consent must be obtained for the collection, use or disclosure of their personal information; individuals have the right to access their personal information and to challenge any inaccuracies in it. • Personal information can inly be used for the purposes for which it was collected otherwise consent must be obtained again. • Personal information must be appropriately protected. • Applies to private sector organizations in Canada. • Is supplemented by privacy laws at the Provincial level in Canada (e.g., laws in Ontario versus Quebec, etc.). • Data that crosses borders, whether within Canada or internationally, is a concern. • Fines: up to $100,000 CAD
  15. 15. North America - Canada Other laws: • CASL – Canada Anti Spam Legislation • Federal law • Requires individual’s expressed or implied consent, depending upon the situation • Requires unsubscribe mechanism • Up to $1 million CAD fine per violation and up to $10 million CAD fine for corporations Each Province/Territory in Canada, has its own privacy and health data protection laws but each aligns with PIPEDA and then augments PIPEDA with regional guidance.
  16. 16. North America - Canada Multiple laws and legislations across Canada at the Provincial level.
  17. 17. North America - Canada Advice: • Become familiar with both the Federal and Provincial laws and legislations before you assume that you are managing personal data correctly Important: better apply this to any privacy & data protection implementation, not only to USA/CA region.
  18. 18. North America - USA E-Sign – Electronic Signatures in Global and National Commerce Act • Describes and validates electronic forms of data including e- signatures HIPAA – Health Insurance Portability and Accountability Act of 1996 • Protects privacy of personal health information • Carries penalties of from $100 USD to $50,000 USD per record violation
  19. 19. North America - USA California Consumer Privacy Act • Applies to any organization that does business in California and which has gross revenues in excess of $25 million USD or that has 50,000 or more personal records or that earns ½+ of its revenue from selling personal information • Penalties of from $2,500 to $7,500 USD per violation NY Shield Act • If you hold any personal or private data of any New York resident, this applies to you • Penalties of $5,000 USD or $20 USD per violation up to $250,000 USD Maximum
  20. 20. Central and South America Mexico - Federal Law on Personal Data Held by Private Parties (FLPPDPP) • Applies to private sector • Oddly, no need to inform any government body should a breach occur Chile- Law No. 19.628 on the Protection of Private Life 1999 • Under development but will align with international privacy laws and standards Brazil – Law No. 13.709 – General Personal Data Protection Law • Into effect in September 2020 but will be enforced beginning August 2021 • Similar to GDPR with DPO’s required, data breach and transfer requirements, and privacy impact assessments • Established history of enforcement WRT privacy Other Countries in Central and South America have currently implemented, draft or in progress privacy laws with only a few countries/locations in Central & South America and the Caribbean with no privacy laws (oddly, Puerto Rico has none).
  21. 21. Europe Type of law (Source: EC) • Regulation • Regulations are legal acts that apply automatically and uniformly to all EU countries as soon as they enter into force, • without needing to be transposed into national law. • They are binding in their entirety on all EU countries. • Directive • Directives require EU countries to achieve a certain result, but leave them free to choose how to do so. EU countries must adopt measures to incorporate them into national law (transpose) in order to achieve the objectives set by the directive.
  22. 22. Europe GDPR • Data protection (not privacy) • Regulation • Tuned with national legislation
  23. 23. Europe Other legislation that impact privacy & data protection • eCommunications & eCommerce • ePrivacy directive (in review/update) But also • NIS (cybersecurity for public & critical infrastructure) • NIS v2 coming up • CyberAct
  24. 24. New and updated Privacy Legislations Keep an eye on…
  25. 25. North America - Canada CCPA – Consumer Privacy Protection Act • Enhancement to PIPEDA • Privacy and Data Protection Tribunal is established. • Same acronym as the California Consumer Protection Act (also, CCPA) but aims to be even stronger. • Organizations must maintain a privacy management program; meaningful consent must be obtained; deidentified data is covered; right to erasure; enhanced enforcement. • Private lawsuits for violations are permitted. • Third-party service providers are in scope. • Penalties for non-compliance: up to 3% of global revenue or $10 million CAD OR up to 5% of global revenue or $25 million CAD for serious breaches.
  26. 26. Europe GDPR Processing principles • eCommunications & eCommerce • High impact on direct marketing • ePrivacy directive (in review/update) • Aligned with GDPR • High impact on direct marketing • NIS (cybersecurity for public & critical infrastructure) • NIS v2 coming up • CyberAct (Cyber certification, PPT, …)
  27. 27. Commonalities between legislations Comparing and understanding the context of the legislations
  28. 28. Some Common Features • Privacy officer : Like the GDPR requirement, many privacy laws across the world are looking to have a personal appointed in your organization who is accountable for privacy. • Penalties : As we have seen with GDPR and with HIPAA in the USA, financial penalties for violations of privacy legislation or even for improper breach handling can be costly both in terms of monetary cost as well as reputational impact. • Privacy Program : Privacy legislations are increasingly looking for organizations to have a privacy program in place (e.g., privacy policy(ies), breach management plan, privacy awareness training for staff, etc.). • Breach Management and Notification : It is critical to have a documented data breach management plan that also includes a breach notification process. • Consent : Consent for the collection of personal data that includes a precise description of the planned use for the data is critical. • Note that many privacy or data protection laws include the publishing of data breaches or infractions of the privacy legislation. (“Name and Shame”)
  29. 29. North America - Canada CCPA – Consumer Privacy Protection Act • Enhancement to PIPEDA • Privacy and Data Protection Tribunal is established. • Same acronym as the California Consumer Protection Act (also, CCPA) but aims to be even stronger. • Organizations must maintain a privacy management program; meaningful consent must be obtained; deidentified data is covered; right to erasure; enhanced enforcement. • Private lawsuits for violations are permitted. • Third-party service providers are in scope. • Penalties for non-compliance: up to 3% of global revenue or $10 million CAD OR up to 5% of global revenue or $25 million CAD for serious breaches.
  30. 30. Europe GDPR Processing principles • Principles (Art. 5) (lawful, fairly, transparent, …) • Lawfulness of processing Art. 6 consent, Contract, legal oblication, vital interest, public interest, legitimate interest
  31. 31. Europe GDPR Subject Rights • Conditions for consent (incl. minors/children) • Special categories of data • Rights Right of access Right to rectification Right to be forgotten Right to restrict processing Right to notification Right to data portability Right to object
  32. 32. Europe GDPR Obligations - Data controllers & data processors • Data protection by default • Data protection by design • Joint controllers • Record of processing (processing register) • Data breach management (incl. notifications) • Security of processing • DPIA
  33. 33. Europe GDPR Obligations - Data controllers & data processors • DPO (data protection officer) Designation (public authoriticy, large scale, sensitive data) Position (independent, advisory, …) Tasks Inform & advice Monitor compliance Cooperate with DPA SoD: NOT responsible/accountable for DC/DP tasks
  34. 34. Europe GDPR Fines • Purpose: in each individual case , to be effective, proportionate and dissuasive • Depending the nature, gravity and duration of the infringement infringement 2% or €10M 4% or €20M
  35. 35. What is the impact?
  36. 36. Europe Data protection authorities in action… a trend. There are various sites that follow up on the GDPR fines For example: • https://www.enforcementtracker.com/ • https://www.coreview.com/blog/alpin-gdpr-fines-list/ • https://www.privacyaffairs.com/gdpr-fines/ • …
  37. 37. In general • Powerful subject • Data controllers balancing between • Subject rights • Government • Commercial interest • Cross border impact of legislation GDPR is not only for EU companies or EU citizens
  38. 38. P&DP new trends
  39. 39. Privacy & Data protection is HOT • Driver: Cybercrime/breach impact grows • Commercial impact vs subjects • Existing Social media platforms have difficulties to find the new way of working aligned with regulations • New platforms don't get it always right • Take back privacy Very low level of protection of internet data Free flow of data, now issue…
  40. 40. Privacy & Data protection is HOT • Cookies management • Dark patterns ("Accept All", before you find the "configure button") • Cookie psychology • Direct marketing Data brokers position Collection of data vs obligations of transparency Public data vs purpose definitions • Cross border, international impact Data brokers out of reach
  41. 41. Privacy & Data protection is HOT And also… • IoT Security impact on P&DP • Camera's • Cars • Toys • …
  42. 42. References Interesting information sources
  43. 43. Reference material Collateral references and additional info posted on • https://www.linkedin.com/pulse/pecb-webinar-data-privacy-trends- 2021-compliance-new-peter-geelen-/
  44. 44. ISO/IEC 27701 Training Courses • ISO/IEC 27701 Foundation 2 Day Course • ISO/IEC 27701 Lead Implementer 5Days Course Exam and certification fees are included in the training price. https://pecb.com/en/education-and-certification-for-individuals/iso- 27701 www.pecb.com/events
  45. 45. Appendix
  46. 46. Ramping up… Relevant PECB Training courses
  47. 47. Relevant Training PIMS • PECB ISO 27701 Foundation • PECB ISO 27701 LI • PECB ISO 27701 LA Information Security • PECB ISO 27001 LI • PECB ISO 27001 LA • PECB ISO 27002 LM
  48. 48. Relevant Training Data protection • PECB Certified Data protection Officer (GDPR) Privacy • PECB ISO29100 LI
  49. 49. Other Relevant Training Incident Management • PECB ISO 27035 LI Risk Management • PECB ISO 27005 LI
  50. 50. Check the PECB agenda, select the ISO/IEC 27701 Lead Implementer https://pecb.com/en/partnerEvent/event_schedule_list Training Events For full detailed information about an event click on the ‘View’ button on the right hand side under ‘View full details’. Note: Before applying for any training courses listed below, please make sure you are registered to PECB Training Agenda
  51. 51. THANK YOU ? info@cyberminute.com CyberMinute asenglish@hotmail.com BOT Security Solutions

    Sé el primero en comentar

The pandemic has changed the way the world works, shops, and interact; the consequences of this have included an increased reliance on technology for all of these activities and a corresponding increased sharing of personal information through technological mediums. Even before the pandemic, a global push was on to strengthen the protection of personal and health information and the results of these various influences has been an enhancement of privacy legislations globally. Compliance with global security laws is now also a larger concern for organizations everywhere. The webinar will cover: Global trends in privacy legislations Some commonalities between privacy laws Compliance requirements which can affect your organization Recorded webinar > https://www.youtube.com/watch?v=BKWf6GTlgAM&feature=youtu.be ------------------------------------------------------------------------------- Find out more about ISO training and certification services Training: https://pecb.com/whitepaper/iso-27001...​ https://pecb.com/en/education-and-cer...​ Webinars: https://pecb.com/webinars​ Article: https://pecb.com/article​ Whitepaper: https://pecb.com/whitepaper​ ------------------------------------------------------------------------------- For more information about PECB: Website: https://pecb.com/​ LinkedIn: https://www.linkedin.com/company/pecb/​ Facebook: https://www.facebook.com/PECBInternat...​ Slideshare: http://www.slideshare.net/PECBCERTIFI...

Vistas

Total de vistas

1.326

En Slideshare

0

De embebidos

0

Número de embebidos

783

Acciones

Descargas

47

Compartidos

0

Comentarios

0

Me gusta

0

×