SlideShare una empresa de Scribd logo

Magazine Feature

D
dchin25
TecnologíaEmpresariales
1 de 6
Descargar para leer sin conexión
ADVERTISING SECTION P R I VA C Y: D ATA S E C U R I T Y B R E A C H E S • A roundtabl e DISCUSSION DATA SECURITY: Managing the risk Photo By: Jason Doiy ata security continues to be a hot topic for general counsel and privacy officers. Breaches have not D abated; organized computer crime makes front-page news. The legal framework continues to grow, both from state regulators, Attorneys General, the FTC and the EU. We’ve asked three top experts in the field for their assistance in laying out what to do. They are Charlene Brownlee, a partner with Davis Wright Tremaine in Seattle; Ruth Boardman, a partner with Bird & Bird in London; and Michelle Dennedy, chief data strategy and privacy officer at Sun Microsystems in Mountain View. This is an abridged transcript of a live event held Sept. 26, 2008, in San Francisco, moderated by freelance legal affairs writer Susan Kostal, and reported for Jan Brown & Associates by Valerie E. Jensen. MODERATOR: Charlene, I want to start with you this morning. negligence. Some 50 percent of data breaches are caused Give us a sense of the continued importance of privacy and by employees leaving laptops at home or in their cars, and data security. I have the distinct feeling, since we did our there’s a break-in. Only 4 percent of data breaches are last panel, that there’s even more heat, light and focus on the caused by hackers, which tells us that, as counsel and as issue. privacy officers and IT professionals, we can do more to bring those numbers down. BROWNLEE: I would agree 100 percent. In terms of statistics, 2008 is half over, and we’re already had the MODERATOR: Let’s go into the growing legal framework that same number of security breaches as for the entire year governs privacy. 2007. Why are we seeing higher statistics? More than 44 states require notification of data breaches resulting DENNEDY: The word “framework” is critical here. When you in the disclosure of personally identifiable information approach this as a global entity—and we do business in (such as Social Security numbers, drivers’ license numbers more than 140 countries around the world--there is no such and financial information). The majority of information thing as localized data, if you’re using any sort of system is digital, processed and stored electronically, and often that interfaces with the Web. As you review the framework, on portable media. The No. 1 cause of data breaches is start by asking where the data is, from an IT perspective. DATA SECURITY BREACHES 25
ADVERTISING SECTION P R I VA C Y: D A TA S E C U R I T Y B R E A C H E S • A r oundtabl e DISCUSSION Who is managing it, leading it, and paying for it? Then look to the various jurisdictions that cover those interactions and come up with a framework that includes laws like PIPEDA, the EU Directive and all of its member states, what’s going on in Asia, Korea, Argentina. Look at the map, and that’s your framework. If it sounds overwhelming, it is. You can get very geeky on this very quickly. But there is hope. A risk-based approach, rather than a black-and-white, find- the-answers approach, will cover you 80 percent of the time. BOARDMAN: The EU has had data privacy legislation since before the 1995 Directive. But when we’re talking about security breach notification, we’re playing catch-up. Although we have general security principles in the EU, we don’t yet have a breach notification law. But that is coming. We have two main data privacy directives in the EU: one general, and one specific to the communications sector. The communications sector directive is being rewritten, as we speak. One of the changes being made to it is to introduce breach notification requirements. That will Jason Doiy then have to be transposed into the law of each member state. In the UK, our regulator has been given increased powers following an enormous data breach by Revenue and Customs. Also recently, Nationwide Building Society lost a laptop, and the society was fined 1 million pounds because “A risk-based approach, rather than a black-and- it didn’t have appropriate procedures in place to know what to do in such situations. They waited three weeks deciding white, find-the-answers approach, will cover you what to do. 80 percent of the time.” BROWNLEE: In the absence of federal legislation, in the U.S. you must take a state-by-state approach. Are people — Michelle Dennedy familiar with the Nevada encryption legislation that went into effect Oct. 1? Sun Microsystems DENNEDY: You’re about to be depressed. ChoicePoint. They were assessed $10 million in fines, had to allow $5 million for consumer redress, and agreed to be BROWNLEE: In addition to the new Nevada law, which audited for 20 years. requires encryption during transmission, Massachusetts has just adopted regulations that require encryption before DENNEDY: We are a big provider for companies in the and after transmission. In addition to a state-by-state financial services sector, so many of our customers are approach, you also need an industry/ sector analysis. Health impacted by the November 1 FACTA deadline. That care information, for example, is covered under HIPPA. The regulation points out the synergy between privacy rules and financial sector is covered by Gramm-Leach-Bliley, and data transfer regulations, which until two years ago could be now, as of November, the red flag rules pursuant to FACTA. managed fairly well by notice and consent. That was really The only federal legislation that deals directly with the where the locus of control and focus and meeting most of collection of information online is the Children’s Online Privacy Protection Act, COPPA. There’s no other generally these regulatory issues came in. What FACTA presents and applicable federal legislation for consumer transactions what the financial services sector is going through right over the Internet. But the FTC has been increasingly now, what HIPPA has foreshadowed, is that the growing aggressive about regulating companies that fail to live framework, on both a federal level and internationally, is up to their posted privacy policies. In 2006, the FTC about to get much more specific about what companies, established a Division of Privacy and Identity Protection, tactically, must do to get out of either a negligence theory which is specifically targeted to investigate data breaches. or a statutory theory for data losses. As of March 2008, the FTC had brought more than 20 cases against businesses for failure to maintain reasonable It’s also important to understand server-based computing. security measures. If you are subject to an investigation Today’s buzzword is “the cloud.” Everything is “in the and settle, usually there will be a fine, and a requirement cloud.” Nothing is in the cloud but rain, folks. It’s all on to conduct independent audits, sometimes for as long a server somewhere, and that server has jurisdiction stuck as 20 years. One of the biggest cases to date involved all over it. It is physically located somewhere. You have to 26 DATA SECURITY BREACHES
ADVERTISINGSECTION ADVERTISING SECTION P R I VA C Y: D A TA S E C U R I T Y B R E A C H E S • A r oundtabl e DISCUSSION crafting your legal memoranda about all these new rules, regulations, cases and fines, you are giving people like me something I can consume. BROWNLEE: The FTC’s position is clear: “Companies that collect sensitive consumer information have a responsibility to keep it secure.” And that responsibility to implement appropriate IT securities and safeguards is also a requirement of approximately half of the 44 state data breach notification laws. So, from a corporate perspective, it is not a gray area. It is clear that companies must deploy appropriate physical safeguards. A company would be well served by looking at the obligations that are imposed upon financial institutions and adopt a similar data breach notification strategy. When these breaches occur, you need a methodical plan, so you are not acting in crisis mode. MODERATOR: It seems redundant at this point to use the word “global,” but tell us about the concerns inherent in data Jason Doiy transfer and outsourcing. BOARDMAN: Movements of data outside the EU are prohibited. So emailing and transferring data to a server outside the EU--even traveling with a laptop outside the EU--engages the prohibition. The only countries that you “FTCʼs position is clear: 'Companies that can transfer data to from the EU are ones that have been collect sensitive consumer information have approved by the European Commission and, so far, that list is limited to Argentina, Switzerland, certain Canadian a responsibility to keep it secure.' And that organizations covered by PIPEDA, the Isle of Man, Jersey, and Guernsey. So it’s a fairly small list. responsibility to implement appropriate IT securities and safeguards is also a requirement There are four main methods to deal with this. If data is being transferred from the EU to an organization in the of approximately half of the 44 state data US that participates in the Safe Harbor scheme, that data transfer is fine. From an EU perspective, Safe Harbor is breach notification laws. So, from a corporate very easy for organizations to deal with. A second option is perspective, it is not a gray area.” freely given consent. That sounds good, but it’s hard to do in practice, especially in the employment context. In many countries in the EU, you have to get a permit from the — Charlene Brownlee data protection authority to export the data, and you have to explain the basis on which you’re asking for the permit. Davis Wright Tremaine In some countries, if you say, “This is employee data, but we’ve got consent,” as a matter of principle, the data be aware of where your data is and make sure that your protection authority will reject your application, because clients know where their data is so that you can provide they’ve taken a paternalistic view toward employees. appropriate legal advice. You may be missing jurisdictions The other alternative is to use European Commission- you haven’t even thought of. Who is the account customer approved contract clauses. These are data export contracts base, the employees? Where are they coming from? Are that oblige the importing organization to offer EU protection they working from home? Where is the data going to and in for data. The idea is great, but they can be bureaucratic. what format? Is it encrypted? Has it been severed from any The clauses require registration in about 18 out of the sort of personal information so it cannot be reconstituted? 27 member states, which is a time-consuming process. You must know the answers to these questions. Lawyers are The other problem is that you have to complete an annex being increasingly dragged into IT and HR, and other areas describing what you’re doing. And with my clients, I’ve you may not have traditionally considered in your area of found that you complete that and then a year or two practice. years later, the client will do something different; they’ll want to implement a different HR system, and then you Be aware of the technological realities, the people, the have to redo the clauses. The last alternative is to adopt processes and the technology synergy, so when you’re “binding corporate rules.” The idea behind these is that DATA SECURITY BREACHES 27
ADVERTISING SECTION P R I VA C Y: D A TA S E C U R I T Y B R E A C H E S • A r oundtabl e DISCUSSION you embed data privacy in the organization’s culture. So, for example, with employee data, you might develop a workforce data privacy policy. If you can show that that is binding and really enforceable within the organization, then you can take these rules and procedures to EU data protection authorities and get them approved, which then allows you to transfer data freely within the organization, without additional consent, or registering standard contract clauses. You have to keep the data protection authorities up to date if new members of the group come on board or if you change your processing significantly, but it should be a much-lighter-touch approach than the registration process. BROWNLEE: Binding corporate rules (BCRs) are a bit controversial, because they’re very expensive to develop and implement, and they only protect the flow of data among those corporate entities. For example, BCRs do not address the flow of information from an EU member state to a country that is deemed to have inadequate safeguards. Jason Doiy So it’s not a one-stop-shopping solution; you still have to layer BCRs with other privacy mechanisms, such as Safe Harbor certification. BOARDMAN: You make several good points. It is a pioneering effort. It started in 2003, and by 2005, we only had one “The idea behind binding corporate rules is that application that had been authorized. But there’s a real sense that it’s starting to become more manageable. The you embed data privacy in the organization's reason for the initial cost is you need to go and negotiate culture. With employee data, for example, you with the protection authorities, many of which have little expertise or familiarity with how organizations work. But might develop a workforce data privacy policy. If we’re starting to see a critical mass of applications come t hrough. you can show that that is binding and enforceable within the organization, you can have them My clients have been able to leverage existing privacy policies and procedures. And in some instances, once there approved by EU data protection authorities, which is a UK authorization, other data protection authorities are happy with that, and granted authorization on that basis then allows you to transfer data freely within alone. The advantage is once you have a BCR, there are the organization, without additional consent or registering standard contract clauses. “ fewer bureaucratic restrictions to them. If you have data that is going from the EU to a U.S. entity, which will then be transferred to a third party in the U.S., you would need separate contract terms to deal with that. But you would, in any event, under EU commission clauses or Safe Harbor. — Ruth Boardman MODERATOR: So how do companies best mitigate the risk? Bird & Bird BROWNLEE: Let’s use, as an example, the lawsuit filed against Accenture in 2007. The Connecticut Attorney provide that the vendor retains ownership/control at all General hired Accenture to transfer some taxpayer and other personally identifiable information into a PeopleSoft times, does not subcontract without your permission, uses database. A backup tape containing the information reasonable safeguards, and agrees to indemnify you in the was stolen. The state had a contract with Accenture event of a data breach. that included provisions requiring Accenture to employ reasonable safeguards. Accenture was subject to a Your agreement should include a clause requiring your negligence claim, and also breach of contract. The take- vendor to allow you to have a third party come in and audit away here is that you must have a written agreement with all third parties transferring or processing your data, your service provider’s information systems and ensure that whether an information destruction/storage vendor or your service provider notifies you within a very short period an electronic discovery provider. The agreement should of time if there is any sort of breach or suspected breach. 28 DATA SECURITY BREACHES
ADVERTISING SECTION ADVERTISING SECTION P R I VA C Y: D ATA S E C U R I T Y B R E A C H E S • A r oundtabl e DISCUSSION DENNEDY: My favorite phrase in contract negotiations is it. When you appoint a third party to hold the information “from time to time.” Every now and again we get this or to do anything with the information on your behalf, then clause in an outsourcing context or some context that you are responsible for what that third party does. So, if is a data-intensive relationship. It will say, “reasonable there is a security breach, then you are still on the hook to security as may change from time to time.” “Reasonable” individuals, even though it might be the third party who was five years ago did not include comprehensive encryption. responsible. Again, there are a couple of nice examples of “Reasonable” five years ago did not require background this in the UK involving lost laptops that weren’t encrypted. checks for every single worker in every single facility. That In each case, it was the client organization that ended up clause is going to screw you later. The most important on the receiving end of an enforcement notice from the element of mitigating legal risk in the contracting context Information Commissioner, which required the client to roll is to really understand the deal. You need to really out encryption and caused the organization and contractor understand the scope and the shape and the possibility of to report back on a regular basis to the commissioner. data transfer, either from individual contractors that come in, or people who are able to somehow carry your data out. So I reinforce the point that having appropriate contract Really do your homework. As a lawyer, you need to become terms is vital. You want to be checking your contract and a much bigger player in the decision-making process. In looking at that indemnity. the statement of work, you need to understand what kind of information needs to be transferred from organization to BROWNLEE: There are four practical ways to mitigate or organization and to various downstream processing, and in prevent data breaches. The first one is obvious: don’t what context. You have to be very careful in the indemnity collect what you don’t need. Secondly, destroy or redact section. It plays both ways. Auditing is one of hottest what you don’t need. Follow the federal laws, such as negotiation topics right now because, inherently, by having FACTA, on secure disposal of personally identifiable a third-party auditor in my data center, I am compromising the security of my other customers or I’m possibly exposing information. Thirdly, ensure that any laptops you recycle, them to third-party distribution, under law, by allowing donate to charity or send back to a vendor are scrubbed. them in. In laying out the deal, look at what people really Lastly, conduct a conduct a privacy impact assessment need access to the data, not based on any hierarchy or prior to the launch of any new product or service. Encourage organization chart, but by what role they really perform. your teams—marketing, IT, product development, legal—to review what information can be collected from the product, BOARDMAN: I would completely agree with everything that and what the legal ramifications are. Michelle and Charlene have said about risk, and would add two additional points. One is there are specific obligations DENNEDY: There are technical solutions out there. I won’t in the EU when you appoint the kind of third party that make a company pitch. I agree with Ruth and Charlene, Charlene mentioned; in EU terms, this agent is called though—don’t collect more than you need, and don’t travel a processor. But if you do due diligence and take the with more than you need. There are various strategies approach that’s been described, then you will do what is where you can take advantage of server-based computing required in the EU. The other point to note is that in the to keep your crown jewels in a place where IT professionals EU, under the Data Protection Directive, if you are the are surrounding them with, truly, not just “the reasonable organization that controls the data, you’re responsible for security from time to time” but actual security. DATA SECURITY BREACHES 29
ADVERTISING SECTION P R I VA C Y: D A TA S E C U R I T Y B R E A C H E S • A r oundtabl e DISCUSSION CHARLENE A. BROWNLEE is a partner with the law firm Davis Wright Tremaine LLP. She advises clients on global privacy and data security matters, development of records management programs, e-discovery best practices and technology transactions. She co-authored the legal treatise Privacy Law (Law Journal Press). Charlene has lectured and published widely on privacy, records management and e-discovery. She is a US delegate for the APEC Privacy Data Security Working Group and serves on the University of Washington's Advisory Board for its EDiscovery Certification Program launching in 2009. DAVIS WRIGHT TREMAINE LLP The regulation of privacy and data security continues to expand at both a state and federal level. We can assist your organization in determining what policies, procedures and technology are required to comply and ensure proactive information governance. From developing record retention schedules and litigation hold policies, to advising on responding to a data breach, we have the experience and business oriented perspective that clients value. RUTH BOARDMAN is a partner in the London office of Bird & Bird. Ruth advises on all aspects of European information law, including data protection, freedom of information, database rights and confidentiality, with a specific emphasis on IT, e-commerce and public procurement. She is the co-author of Data Protection Strategy, published by Sweet & Maxwell. She also edits the Encyclopedia of Data Protection, from the same publisher, and is on the editorial board of Data Protection Law & Policy. BIRD & BIRD is a leading European and Asian law firm, with offices in Belgium, Czech Republic, Finland, France, Germany, Hungary, Italy, Poland, PRC, Slovakia, Spain, Sweden, The Netherlands and The UK. We are ranked as a leading firm for data privacy advice, where we advise a wide range of international companies as well as companies for whom personal data is a key asset. We provide a full range of legal services: commercial, corporate, corporate restructuring & insolvency, dispute resolution, employment, EU & competition law, finance, intellectual property, outsourcing, public procurement, real estate and regulatory & administrative tax. MICHELLE DENNEDY is Chief Privacy Officer for SUN MICROSYSTEMS, INC. Michelle is responsible for the continued development and implementation of Sun’s data privacy policies and practices, working across Sun’s business groups to drive the company’s continued data privacy excellence. Data privacy is a cornerstone of Sun’s approach to compliance with complex, demanding regulations including Sarbanes-Oxley, the EU Directive, California State Senate Bills, as well as escalating policy and process-oriented requirements being imposed globally. Michelle also works with Sun’s product development teams and partners to deliver best-practice privacy enabling products and services. She is the co-founder of Sun’s internal Privacy Council, an organization that includes and engages with stakeholders from across the company and is dedicated to promoting and promulgating a cohesive practice throughout the organization to protect Sun’s relationships with its customers. JAN BROWN & ASSOCIATES is a worldwide deposition reporting and legal video company. We offer the latest in technical expertise and the highest quality in the rendition of these services. Our services include realtime depositions, video conferencing, full service legal videography, document scanning, on-line repository, DVD or CD-ROM, case management services for large complex cases. We are Certified Livenote Providers and offer conference rooms. Our services are utilized by the top firms in the country and we are the court reporters and videographers of choice. www.janbrownassociates.com 800.522.7096 30 DATA SECURITY BREACHES

Recomendados

20140317eyinformationsupp
20140317eyinformationsupp20140317eyinformationsupp
20140317eyinformationsuppNicola Hermansson
 
MA Privacy Law
MA Privacy LawMA Privacy Law
MA Privacy Lawtravismd
 
Forecast cybersecurity regulation v3
Forecast cybersecurity regulation v3Forecast cybersecurity regulation v3
Forecast cybersecurity regulation v3Joe Orlando
 
GDPR - A practical guide
GDPR - A practical guideGDPR - A practical guide
GDPR - A practical guideAngad Dayal
 
A Breach Carol: 2013 Review, 2014 Predictions
A Breach Carol: 2013 Review, 2014 PredictionsA Breach Carol: 2013 Review, 2014 Predictions
A Breach Carol: 2013 Review, 2014 PredictionsResilient Systems
 
Privacy And Security Laws For Sm And Lbs (110120)
Privacy And Security Laws For Sm And Lbs (110120)Privacy And Security Laws For Sm And Lbs (110120)
Privacy And Security Laws For Sm And Lbs (110120)JNicholson
 
John Nicholson Presentation
John Nicholson PresentationJohn Nicholson Presentation
John Nicholson PresentationMediabistro
 
Blog Wars at New Media Expo
Blog Wars at New Media ExpoBlog Wars at New Media Expo
Blog Wars at New Media ExpoInternet Law Center
 

Recomendados

20140317eyinformationsupp
20140317eyinformationsupp20140317eyinformationsupp
20140317eyinformationsuppNicola Hermansson
 
MA Privacy Law
MA Privacy LawMA Privacy Law
MA Privacy Lawtravismd
 
Forecast cybersecurity regulation v3
Forecast cybersecurity regulation v3Forecast cybersecurity regulation v3
Forecast cybersecurity regulation v3Joe Orlando
 
GDPR - A practical guide
GDPR - A practical guideGDPR - A practical guide
GDPR - A practical guideAngad Dayal
 
A Breach Carol: 2013 Review, 2014 Predictions
A Breach Carol: 2013 Review, 2014 PredictionsA Breach Carol: 2013 Review, 2014 Predictions
A Breach Carol: 2013 Review, 2014 PredictionsResilient Systems
 
Privacy And Security Laws For Sm And Lbs (110120)
Privacy And Security Laws For Sm And Lbs (110120)Privacy And Security Laws For Sm And Lbs (110120)
Privacy And Security Laws For Sm And Lbs (110120)JNicholson
 
John Nicholson Presentation
John Nicholson PresentationJohn Nicholson Presentation
John Nicholson PresentationMediabistro
 
Blog Wars at New Media Expo
Blog Wars at New Media ExpoBlog Wars at New Media Expo
Blog Wars at New Media ExpoInternet Law Center
 
IT_Cutter_Publication
IT_Cutter_PublicationIT_Cutter_Publication
IT_Cutter_PublicationWesley J. Meier, CISM, CIP
 
Presentatie dma boston 2011: Welke impact heeft us privacyregulering op uw bu...
Presentatie dma boston 2011: Welke impact heeft us privacyregulering op uw bu...Presentatie dma boston 2011: Welke impact heeft us privacyregulering op uw bu...
Presentatie dma boston 2011: Welke impact heeft us privacyregulering op uw bu...DDMA
 
Cnil 35th activity report 2014
Cnil 35th activity report 2014Cnil 35th activity report 2014
Cnil 35th activity report 2014Market iT
 
Fsi Consumer Compliance Dbriefs 102808 Show
Fsi Consumer Compliance Dbriefs 102808 ShowFsi Consumer Compliance Dbriefs 102808 Show
Fsi Consumer Compliance Dbriefs 102808 ShowStefan Afendoulis
 
Legal Perspective on Information Management “New Social Media – The New Recor...
Legal Perspective on Information Management “New Social Media – The New Recor...Legal Perspective on Information Management “New Social Media – The New Recor...
Legal Perspective on Information Management “New Social Media – The New Recor...anthonywong
 
How Will Privacy Regulation Impact Your Business in 2012
How Will Privacy Regulation Impact Your Business in 2012How Will Privacy Regulation Impact Your Business in 2012
How Will Privacy Regulation Impact Your Business in 2012Vivastream
 
Personal Data Privacy and Information Security
Personal Data Privacy and Information SecurityPersonal Data Privacy and Information Security
Personal Data Privacy and Information SecurityCharles Mok
 
Cybercrime
CybercrimeCybercrime
Cybercrimeneelima27
 
Cyber exploitation-law-enforcement-bulletin
Cyber exploitation-law-enforcement-bulletinCyber exploitation-law-enforcement-bulletin
Cyber exploitation-law-enforcement-bulletinInternet Law Center
 
Session B: Handout 3
Session B: Handout 3Session B: Handout 3
Session B: Handout 3feitwincities
 
FINAL REPORT
FINAL REPORTFINAL REPORT
FINAL REPORTMartina Lindblad
 
Internet Law 2014 - Presentation at CalBar IP Institute
Internet Law 2014 - Presentation at CalBar IP InstituteInternet Law 2014 - Presentation at CalBar IP Institute
Internet Law 2014 - Presentation at CalBar IP InstituteInternet Law Center
 
Privacy trends 2011
Privacy trends 2011Privacy trends 2011
Privacy trends 2011Vladimir Matviychuk
 
SM Chamber of Commerce TechTalk: 5 Rules of Reputation Management
SM Chamber of Commerce TechTalk: 5 Rules of Reputation ManagementSM Chamber of Commerce TechTalk: 5 Rules of Reputation Management
SM Chamber of Commerce TechTalk: 5 Rules of Reputation ManagementInternet Law Center
 
Mozilla privacy policy
Mozilla privacy policyMozilla privacy policy
Mozilla privacy policyMichael Santos
 
scce-cep-2015-06-Dhont-1-04
scce-cep-2015-06-Dhont-1-04scce-cep-2015-06-Dhont-1-04
scce-cep-2015-06-Dhont-1-04Jan Dhont
 
CAN-SPAM at 5
CAN-SPAM at 5CAN-SPAM at 5
CAN-SPAM at 5Internet Law Center
 
Cyber Harassment
Cyber HarassmentCyber Harassment
Cyber HarassmentBennet Kelley
 
FTC Privacy Roundtable Background And Summary
FTC Privacy Roundtable Background And SummaryFTC Privacy Roundtable Background And Summary
FTC Privacy Roundtable Background And SummaryInternet Law Center
 
m-Learning: Εκπαίδευση με τη χρήση φορητών συσκευών
m-Learning: Εκπαίδευση με τη χρήση φορητών συσκευώνm-Learning: Εκπαίδευση με τη χρήση φορητών συσκευών
m-Learning: Εκπαίδευση με τη χρήση φορητών συσκευώνfotaras7
 
Learning to be me
Learning to be meLearning to be me
Learning to be meHearts of Freedom Ministries, Inc.
 
Near real time automatic modis fire information
Near real time automatic modis fire informationNear real time automatic modis fire information
Near real time automatic modis fire informationInstitute of Space Knowledge Development
 

Más contenido relacionado

La actualidad más candente

Presentatie dma boston 2011: Welke impact heeft us privacyregulering op uw bu...
Presentatie dma boston 2011: Welke impact heeft us privacyregulering op uw bu...Presentatie dma boston 2011: Welke impact heeft us privacyregulering op uw bu...
Presentatie dma boston 2011: Welke impact heeft us privacyregulering op uw bu...DDMA
 
Cnil 35th activity report 2014
Cnil 35th activity report 2014Cnil 35th activity report 2014
Cnil 35th activity report 2014Market iT
 
Fsi Consumer Compliance Dbriefs 102808 Show
Fsi Consumer Compliance Dbriefs 102808 ShowFsi Consumer Compliance Dbriefs 102808 Show
Fsi Consumer Compliance Dbriefs 102808 ShowStefan Afendoulis
 
Legal Perspective on Information Management “New Social Media – The New Recor...
Legal Perspective on Information Management “New Social Media – The New Recor...Legal Perspective on Information Management “New Social Media – The New Recor...
Legal Perspective on Information Management “New Social Media – The New Recor...anthonywong
 
How Will Privacy Regulation Impact Your Business in 2012
How Will Privacy Regulation Impact Your Business in 2012How Will Privacy Regulation Impact Your Business in 2012
How Will Privacy Regulation Impact Your Business in 2012Vivastream
 
Personal Data Privacy and Information Security
Personal Data Privacy and Information SecurityPersonal Data Privacy and Information Security
Personal Data Privacy and Information SecurityCharles Mok
 
Cyber exploitation-law-enforcement-bulletin
Cyber exploitation-law-enforcement-bulletinCyber exploitation-law-enforcement-bulletin
Cyber exploitation-law-enforcement-bulletinInternet Law Center
 
Session B: Handout 3
Session B: Handout 3Session B: Handout 3
Session B: Handout 3feitwincities
 
Internet Law 2014 - Presentation at CalBar IP Institute
Internet Law 2014 - Presentation at CalBar IP InstituteInternet Law 2014 - Presentation at CalBar IP Institute
Internet Law 2014 - Presentation at CalBar IP InstituteInternet Law Center
 
SM Chamber of Commerce TechTalk: 5 Rules of Reputation Management
SM Chamber of Commerce TechTalk: 5 Rules of Reputation ManagementSM Chamber of Commerce TechTalk: 5 Rules of Reputation Management
SM Chamber of Commerce TechTalk: 5 Rules of Reputation ManagementInternet Law Center
 
Mozilla privacy policy
Mozilla privacy policyMozilla privacy policy
Mozilla privacy policyMichael Santos
 
scce-cep-2015-06-Dhont-1-04
scce-cep-2015-06-Dhont-1-04scce-cep-2015-06-Dhont-1-04
scce-cep-2015-06-Dhont-1-04Jan Dhont
 
FTC Privacy Roundtable Background And Summary
FTC Privacy Roundtable Background And SummaryFTC Privacy Roundtable Background And Summary
FTC Privacy Roundtable Background And SummaryInternet Law Center
 

La actualidad más candente (19)

IT_Cutter_Publication
IT_Cutter_PublicationIT_Cutter_Publication
IT_Cutter_Publication
 
Presentatie dma boston 2011: Welke impact heeft us privacyregulering op uw bu...
Presentatie dma boston 2011: Welke impact heeft us privacyregulering op uw bu...Presentatie dma boston 2011: Welke impact heeft us privacyregulering op uw bu...
Presentatie dma boston 2011: Welke impact heeft us privacyregulering op uw bu...
 
Cnil 35th activity report 2014
Cnil 35th activity report 2014Cnil 35th activity report 2014
Cnil 35th activity report 2014
 
Fsi Consumer Compliance Dbriefs 102808 Show
Fsi Consumer Compliance Dbriefs 102808 ShowFsi Consumer Compliance Dbriefs 102808 Show
Fsi Consumer Compliance Dbriefs 102808 Show
 
Legal Perspective on Information Management “New Social Media – The New Recor...
Legal Perspective on Information Management “New Social Media – The New Recor...Legal Perspective on Information Management “New Social Media – The New Recor...
Legal Perspective on Information Management “New Social Media – The New Recor...
 
How Will Privacy Regulation Impact Your Business in 2012
How Will Privacy Regulation Impact Your Business in 2012How Will Privacy Regulation Impact Your Business in 2012
How Will Privacy Regulation Impact Your Business in 2012
 
Personal Data Privacy and Information Security
Personal Data Privacy and Information SecurityPersonal Data Privacy and Information Security
Personal Data Privacy and Information Security
 
Cybercrime
CybercrimeCybercrime
Cybercrime
 
Cyber exploitation-law-enforcement-bulletin
Cyber exploitation-law-enforcement-bulletinCyber exploitation-law-enforcement-bulletin
Cyber exploitation-law-enforcement-bulletin
 
Session B: Handout 3
Session B: Handout 3Session B: Handout 3
Session B: Handout 3
 
FINAL REPORT
FINAL REPORTFINAL REPORT
FINAL REPORT
 
Internet Law 2014 - Presentation at CalBar IP Institute
Internet Law 2014 - Presentation at CalBar IP InstituteInternet Law 2014 - Presentation at CalBar IP Institute
Internet Law 2014 - Presentation at CalBar IP Institute
 
Privacy trends 2011
Privacy trends 2011Privacy trends 2011
Privacy trends 2011
 
SM Chamber of Commerce TechTalk: 5 Rules of Reputation Management
SM Chamber of Commerce TechTalk: 5 Rules of Reputation ManagementSM Chamber of Commerce TechTalk: 5 Rules of Reputation Management
SM Chamber of Commerce TechTalk: 5 Rules of Reputation Management
 
Mozilla privacy policy
Mozilla privacy policyMozilla privacy policy
Mozilla privacy policy
 
scce-cep-2015-06-Dhont-1-04
scce-cep-2015-06-Dhont-1-04scce-cep-2015-06-Dhont-1-04
scce-cep-2015-06-Dhont-1-04
 
CAN-SPAM at 5
CAN-SPAM at 5CAN-SPAM at 5
CAN-SPAM at 5
 
Cyber Harassment
Cyber HarassmentCyber Harassment
Cyber Harassment
 
FTC Privacy Roundtable Background And Summary
FTC Privacy Roundtable Background And SummaryFTC Privacy Roundtable Background And Summary
FTC Privacy Roundtable Background And Summary
 

Destacado

m-Learning: Εκπαίδευση με τη χρήση φορητών συσκευών
m-Learning: Εκπαίδευση με τη χρήση φορητών συσκευώνm-Learning: Εκπαίδευση με τη χρήση φορητών συσκευών
m-Learning: Εκπαίδευση με τη χρήση φορητών συσκευώνfotaras7
 
M-Learning: Εκπαίδευση με τη χρήση φορητών συσκευών
M-Learning: Εκπαίδευση με τη χρήση φορητών συσκευώνM-Learning: Εκπαίδευση με τη χρήση φορητών συσκευών
M-Learning: Εκπαίδευση με τη χρήση φορητών συσκευώνfotaras7
 
An application of theos data for the encroachment of agriculture on forest re...
An application of theos data for the encroachment of agriculture on forest re...An application of theos data for the encroachment of agriculture on forest re...
An application of theos data for the encroachment of agriculture on forest re...Institute of Space Knowledge Development
 
m-Learning: Εκπαίδευση με τη χρήση φορητών συσκευών
m-Learning: Εκπαίδευση με τη χρήση φορητών συσκευώνm-Learning: Εκπαίδευση με τη χρήση φορητών συσκευών
m-Learning: Εκπαίδευση με τη χρήση φορητών συσκευώνfotaras7
 
Progress of land ecosystem studies with geo information and space technology ...
Progress of land ecosystem studies with geo information and space technology ...Progress of land ecosystem studies with geo information and space technology ...
Progress of land ecosystem studies with geo information and space technology ...Institute of Space Knowledge Development
 

Destacado (19)

m-Learning: Εκπαίδευση με τη χρήση φορητών συσκευών
m-Learning: Εκπαίδευση με τη χρήση φορητών συσκευώνm-Learning: Εκπαίδευση με τη χρήση φορητών συσκευών
m-Learning: Εκπαίδευση με τη χρήση φορητών συσκευών
 
Learning to be me
Learning to be meLearning to be me
Learning to be me
 
Near real time automatic modis fire information
Near real time automatic modis fire informationNear real time automatic modis fire information
Near real time automatic modis fire information
 
Drought risk and crisis management cambodia
Drought risk and crisis management cambodiaDrought risk and crisis management cambodia
Drought risk and crisis management cambodia
 
Become a Member
Become a MemberBecome a Member
Become a Member
 
M-Learning: Εκπαίδευση με τη χρήση φορητών συσκευών
M-Learning: Εκπαίδευση με τη χρήση φορητών συσκευώνM-Learning: Εκπαίδευση με τη χρήση φορητών συσκευών
M-Learning: Εκπαίδευση με τη χρήση φορητών συσκευών
 
An application of theos data for the encroachment of agriculture on forest re...
An application of theos data for the encroachment of agriculture on forest re...An application of theos data for the encroachment of agriculture on forest re...
An application of theos data for the encroachment of agriculture on forest re...
 
Rain triggered landslide hazard analysis
Rain triggered landslide hazard analysisRain triggered landslide hazard analysis
Rain triggered landslide hazard analysis
 
Current trends of disasters in the asia pacific region
Current trends of disasters in the asia pacific regionCurrent trends of disasters in the asia pacific region
Current trends of disasters in the asia pacific region
 
Summery of project outcome
Summery of project outcomeSummery of project outcome
Summery of project outcome
 
The potential use of theos satellite image for land use survey
The potential use of theos satellite image for land use surveyThe potential use of theos satellite image for land use survey
The potential use of theos satellite image for land use survey
 
Theos applications
Theos applicationsTheos applications
Theos applications
 
m-Learning: Εκπαίδευση με τη χρήση φορητών συσκευών
m-Learning: Εκπαίδευση με τη χρήση φορητών συσκευώνm-Learning: Εκπαίδευση με τη χρήση φορητών συσκευών
m-Learning: Εκπαίδευση με τη χρήση φορητών συσκευών
 
Progress of land ecosystem studies with geo information and space technology ...
Progress of land ecosystem studies with geo information and space technology ...Progress of land ecosystem studies with geo information and space technology ...
Progress of land ecosystem studies with geo information and space technology ...
 
Flood hazard mapping four provinces of cambodia
Flood hazard mapping four provinces of cambodiaFlood hazard mapping four provinces of cambodia
Flood hazard mapping four provinces of cambodia
 
Spce technologies for disaster in thailand
Spce technologies for disaster in thailandSpce technologies for disaster in thailand
Spce technologies for disaster in thailand
 
Application of satellite imagery
Application of satellite imageryApplication of satellite imagery
Application of satellite imagery
 
Accurate satellite mapping for government agricultural management
Accurate satellite mapping for government agricultural managementAccurate satellite mapping for government agricultural management
Accurate satellite mapping for government agricultural management
 
Agriculture drought with remote sensing
Agriculture drought with remote sensingAgriculture drought with remote sensing
Agriculture drought with remote sensing
 

Similar a Magazine Feature

Gdpr and usa data privacy issues
Gdpr and usa data privacy issuesGdpr and usa data privacy issues
Gdpr and usa data privacy issuesStefan Schippers
 
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...Symantec
 
Data Security Regulatory Lansdcape
Data Security Regulatory LansdcapeData Security Regulatory Lansdcape
Data Security Regulatory LansdcapeBrian Bauer
 
DATA SAFEGUARD INC.- WHITE PAPER
DATA SAFEGUARD INC.- WHITE PAPERDATA SAFEGUARD INC.- WHITE PAPER
DATA SAFEGUARD INC.- WHITE PAPERYashiVaidya
 
Cyber Security Agenda for 45th President
Cyber Security Agenda for 45th PresidentCyber Security Agenda for 45th President
Cyber Security Agenda for 45th PresidentInternet Law Center
 
Managing Consumer Data Privacy
Managing Consumer Data PrivacyManaging Consumer Data Privacy
Managing Consumer Data PrivacyGigya
 
Running Head PRIVACY AND CYBERSECURITY1PRIVACY AND CYBERSECU.docx
Running Head PRIVACY AND CYBERSECURITY1PRIVACY AND CYBERSECU.docxRunning Head PRIVACY AND CYBERSECURITY1PRIVACY AND CYBERSECU.docx
Running Head PRIVACY AND CYBERSECURITY1PRIVACY AND CYBERSECU.docxtodd581
 
Running Head PRIVACY AND CYBERSECURITY1PRIVACY AND CYBERSECU.docx
Running Head PRIVACY AND CYBERSECURITY1PRIVACY AND CYBERSECU.docxRunning Head PRIVACY AND CYBERSECURITY1PRIVACY AND CYBERSECU.docx
Running Head PRIVACY AND CYBERSECURITY1PRIVACY AND CYBERSECU.docxglendar3
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White PaperTodd Ruback
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White Paperspencerharry
 
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxhttpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxadampcarr67227
 
"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...
"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz..."Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...
"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...Cédric Laurant
 
2016 02-23 Is it time for a Security and Compliance Assessment?
2016 02-23 Is it time for a Security and Compliance Assessment?2016 02-23 Is it time for a Security and Compliance Assessment?
2016 02-23 Is it time for a Security and Compliance Assessment?Raffa Learning Community
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Financial Poise
 
2014 Data Breach Industry Forecast
2014 Data Breach Industry Forecast2014 Data Breach Industry Forecast
2014 Data Breach Industry Forecast- Mark - Fullbright
 
2018 01-25 Introduction to PCI and HIPAA Compliance
2018 01-25 Introduction to PCI and HIPAA Compliance 2018 01-25 Introduction to PCI and HIPAA Compliance
2018 01-25 Introduction to PCI and HIPAA Compliance Raffa Learning Community
 
2017-01-24 Introduction of PCI and HIPAA Compliance
2017-01-24 Introduction of PCI and HIPAA Compliance2017-01-24 Introduction of PCI and HIPAA Compliance
2017-01-24 Introduction of PCI and HIPAA ComplianceRaffa Learning Community
 

Similar a Magazine Feature (20)

Data breaches at home and abroad
Data breaches at home and abroad Data breaches at home and abroad
Data breaches at home and abroad
 
Gdpr and usa data privacy issues
Gdpr and usa data privacy issuesGdpr and usa data privacy issues
Gdpr and usa data privacy issues
 
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
 
Data Security Regulatory Lansdcape
Data Security Regulatory LansdcapeData Security Regulatory Lansdcape
Data Security Regulatory Lansdcape
 
DATA SAFEGUARD INC.- WHITE PAPER
DATA SAFEGUARD INC.- WHITE PAPERDATA SAFEGUARD INC.- WHITE PAPER
DATA SAFEGUARD INC.- WHITE PAPER
 
Cyber Security Agenda for 45th President
Cyber Security Agenda for 45th PresidentCyber Security Agenda for 45th President
Cyber Security Agenda for 45th President
 
Managing Consumer Data Privacy
Managing Consumer Data PrivacyManaging Consumer Data Privacy
Managing Consumer Data Privacy
 
Running Head PRIVACY AND CYBERSECURITY1PRIVACY AND CYBERSECU.docx
Running Head PRIVACY AND CYBERSECURITY1PRIVACY AND CYBERSECU.docxRunning Head PRIVACY AND CYBERSECURITY1PRIVACY AND CYBERSECU.docx
Running Head PRIVACY AND CYBERSECURITY1PRIVACY AND CYBERSECU.docx
 
Running Head PRIVACY AND CYBERSECURITY1PRIVACY AND CYBERSECU.docx
Running Head PRIVACY AND CYBERSECURITY1PRIVACY AND CYBERSECU.docxRunning Head PRIVACY AND CYBERSECURITY1PRIVACY AND CYBERSECU.docx
Running Head PRIVACY AND CYBERSECURITY1PRIVACY AND CYBERSECU.docx
 
Privacy Year In Preview
Privacy Year In PreviewPrivacy Year In Preview
Privacy Year In Preview
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White Paper
 
Data Breach White Paper
Data Breach White PaperData Breach White Paper
Data Breach White Paper
 
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docxhttpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
httpsdigitalguardian.comblogsocial-engineering-attacks-common.docx
 
"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...
"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz..."Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...
"Data Breaches & the Upcoming Data Protection Legal Framework: What’s the Buz...
 
2016 02-23 Is it time for a Security and Compliance Assessment?
2016 02-23 Is it time for a Security and Compliance Assessment?2016 02-23 Is it time for a Security and Compliance Assessment?
2016 02-23 Is it time for a Security and Compliance Assessment?
 
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
Data Privacy Compliance (Series: Corporate & Regulatory Compliance Boot Camp)
 
IDC on 10 myths regarding GDPR
IDC on 10 myths regarding GDPRIDC on 10 myths regarding GDPR
IDC on 10 myths regarding GDPR
 
2014 Data Breach Industry Forecast
2014 Data Breach Industry Forecast2014 Data Breach Industry Forecast
2014 Data Breach Industry Forecast
 
2018 01-25 Introduction to PCI and HIPAA Compliance
2018 01-25 Introduction to PCI and HIPAA Compliance 2018 01-25 Introduction to PCI and HIPAA Compliance
2018 01-25 Introduction to PCI and HIPAA Compliance
 
2017-01-24 Introduction of PCI and HIPAA Compliance
2017-01-24 Introduction of PCI and HIPAA Compliance2017-01-24 Introduction of PCI and HIPAA Compliance
2017-01-24 Introduction of PCI and HIPAA Compliance
 

Último

Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 

Último (20)

Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 

Magazine Feature

  • 1. ADVERTISING SECTION P R I VA C Y: D ATA S E C U R I T Y B R E A C H E S • A roundtabl e DISCUSSION DATA SECURITY: Managing the risk Photo By: Jason Doiy ata security continues to be a hot topic for general counsel and privacy officers. Breaches have not D abated; organized computer crime makes front-page news. The legal framework continues to grow, both from state regulators, Attorneys General, the FTC and the EU. We’ve asked three top experts in the field for their assistance in laying out what to do. They are Charlene Brownlee, a partner with Davis Wright Tremaine in Seattle; Ruth Boardman, a partner with Bird & Bird in London; and Michelle Dennedy, chief data strategy and privacy officer at Sun Microsystems in Mountain View. This is an abridged transcript of a live event held Sept. 26, 2008, in San Francisco, moderated by freelance legal affairs writer Susan Kostal, and reported for Jan Brown & Associates by Valerie E. Jensen. MODERATOR: Charlene, I want to start with you this morning. negligence. Some 50 percent of data breaches are caused Give us a sense of the continued importance of privacy and by employees leaving laptops at home or in their cars, and data security. I have the distinct feeling, since we did our there’s a break-in. Only 4 percent of data breaches are last panel, that there’s even more heat, light and focus on the caused by hackers, which tells us that, as counsel and as issue. privacy officers and IT professionals, we can do more to bring those numbers down. BROWNLEE: I would agree 100 percent. In terms of statistics, 2008 is half over, and we’re already had the MODERATOR: Let’s go into the growing legal framework that same number of security breaches as for the entire year governs privacy. 2007. Why are we seeing higher statistics? More than 44 states require notification of data breaches resulting DENNEDY: The word “framework” is critical here. When you in the disclosure of personally identifiable information approach this as a global entity—and we do business in (such as Social Security numbers, drivers’ license numbers more than 140 countries around the world--there is no such and financial information). The majority of information thing as localized data, if you’re using any sort of system is digital, processed and stored electronically, and often that interfaces with the Web. As you review the framework, on portable media. The No. 1 cause of data breaches is start by asking where the data is, from an IT perspective. DATA SECURITY BREACHES 25
  • 2. ADVERTISING SECTION P R I VA C Y: D A TA S E C U R I T Y B R E A C H E S • A r oundtabl e DISCUSSION Who is managing it, leading it, and paying for it? Then look to the various jurisdictions that cover those interactions and come up with a framework that includes laws like PIPEDA, the EU Directive and all of its member states, what’s going on in Asia, Korea, Argentina. Look at the map, and that’s your framework. If it sounds overwhelming, it is. You can get very geeky on this very quickly. But there is hope. A risk-based approach, rather than a black-and-white, find- the-answers approach, will cover you 80 percent of the time. BOARDMAN: The EU has had data privacy legislation since before the 1995 Directive. But when we’re talking about security breach notification, we’re playing catch-up. Although we have general security principles in the EU, we don’t yet have a breach notification law. But that is coming. We have two main data privacy directives in the EU: one general, and one specific to the communications sector. The communications sector directive is being rewritten, as we speak. One of the changes being made to it is to introduce breach notification requirements. That will Jason Doiy then have to be transposed into the law of each member state. In the UK, our regulator has been given increased powers following an enormous data breach by Revenue and Customs. Also recently, Nationwide Building Society lost a laptop, and the society was fined 1 million pounds because “A risk-based approach, rather than a black-and- it didn’t have appropriate procedures in place to know what to do in such situations. They waited three weeks deciding white, find-the-answers approach, will cover you what to do. 80 percent of the time.” BROWNLEE: In the absence of federal legislation, in the U.S. you must take a state-by-state approach. Are people — Michelle Dennedy familiar with the Nevada encryption legislation that went into effect Oct. 1? Sun Microsystems DENNEDY: You’re about to be depressed. ChoicePoint. They were assessed $10 million in fines, had to allow $5 million for consumer redress, and agreed to be BROWNLEE: In addition to the new Nevada law, which audited for 20 years. requires encryption during transmission, Massachusetts has just adopted regulations that require encryption before DENNEDY: We are a big provider for companies in the and after transmission. In addition to a state-by-state financial services sector, so many of our customers are approach, you also need an industry/ sector analysis. Health impacted by the November 1 FACTA deadline. That care information, for example, is covered under HIPPA. The regulation points out the synergy between privacy rules and financial sector is covered by Gramm-Leach-Bliley, and data transfer regulations, which until two years ago could be now, as of November, the red flag rules pursuant to FACTA. managed fairly well by notice and consent. That was really The only federal legislation that deals directly with the where the locus of control and focus and meeting most of collection of information online is the Children’s Online Privacy Protection Act, COPPA. There’s no other generally these regulatory issues came in. What FACTA presents and applicable federal legislation for consumer transactions what the financial services sector is going through right over the Internet. But the FTC has been increasingly now, what HIPPA has foreshadowed, is that the growing aggressive about regulating companies that fail to live framework, on both a federal level and internationally, is up to their posted privacy policies. In 2006, the FTC about to get much more specific about what companies, established a Division of Privacy and Identity Protection, tactically, must do to get out of either a negligence theory which is specifically targeted to investigate data breaches. or a statutory theory for data losses. As of March 2008, the FTC had brought more than 20 cases against businesses for failure to maintain reasonable It’s also important to understand server-based computing. security measures. If you are subject to an investigation Today’s buzzword is “the cloud.” Everything is “in the and settle, usually there will be a fine, and a requirement cloud.” Nothing is in the cloud but rain, folks. It’s all on to conduct independent audits, sometimes for as long a server somewhere, and that server has jurisdiction stuck as 20 years. One of the biggest cases to date involved all over it. It is physically located somewhere. You have to 26 DATA SECURITY BREACHES
  • 3. ADVERTISINGSECTION ADVERTISING SECTION P R I VA C Y: D A TA S E C U R I T Y B R E A C H E S • A r oundtabl e DISCUSSION crafting your legal memoranda about all these new rules, regulations, cases and fines, you are giving people like me something I can consume. BROWNLEE: The FTC’s position is clear: “Companies that collect sensitive consumer information have a responsibility to keep it secure.” And that responsibility to implement appropriate IT securities and safeguards is also a requirement of approximately half of the 44 state data breach notification laws. So, from a corporate perspective, it is not a gray area. It is clear that companies must deploy appropriate physical safeguards. A company would be well served by looking at the obligations that are imposed upon financial institutions and adopt a similar data breach notification strategy. When these breaches occur, you need a methodical plan, so you are not acting in crisis mode. MODERATOR: It seems redundant at this point to use the word “global,” but tell us about the concerns inherent in data Jason Doiy transfer and outsourcing. BOARDMAN: Movements of data outside the EU are prohibited. So emailing and transferring data to a server outside the EU--even traveling with a laptop outside the EU--engages the prohibition. The only countries that you “FTCʼs position is clear: 'Companies that can transfer data to from the EU are ones that have been collect sensitive consumer information have approved by the European Commission and, so far, that list is limited to Argentina, Switzerland, certain Canadian a responsibility to keep it secure.' And that organizations covered by PIPEDA, the Isle of Man, Jersey, and Guernsey. So it’s a fairly small list. responsibility to implement appropriate IT securities and safeguards is also a requirement There are four main methods to deal with this. If data is being transferred from the EU to an organization in the of approximately half of the 44 state data US that participates in the Safe Harbor scheme, that data transfer is fine. From an EU perspective, Safe Harbor is breach notification laws. So, from a corporate very easy for organizations to deal with. A second option is perspective, it is not a gray area.” freely given consent. That sounds good, but it’s hard to do in practice, especially in the employment context. In many countries in the EU, you have to get a permit from the — Charlene Brownlee data protection authority to export the data, and you have to explain the basis on which you’re asking for the permit. Davis Wright Tremaine In some countries, if you say, “This is employee data, but we’ve got consent,” as a matter of principle, the data be aware of where your data is and make sure that your protection authority will reject your application, because clients know where their data is so that you can provide they’ve taken a paternalistic view toward employees. appropriate legal advice. You may be missing jurisdictions The other alternative is to use European Commission- you haven’t even thought of. Who is the account customer approved contract clauses. These are data export contracts base, the employees? Where are they coming from? Are that oblige the importing organization to offer EU protection they working from home? Where is the data going to and in for data. The idea is great, but they can be bureaucratic. what format? Is it encrypted? Has it been severed from any The clauses require registration in about 18 out of the sort of personal information so it cannot be reconstituted? 27 member states, which is a time-consuming process. You must know the answers to these questions. Lawyers are The other problem is that you have to complete an annex being increasingly dragged into IT and HR, and other areas describing what you’re doing. And with my clients, I’ve you may not have traditionally considered in your area of found that you complete that and then a year or two practice. years later, the client will do something different; they’ll want to implement a different HR system, and then you Be aware of the technological realities, the people, the have to redo the clauses. The last alternative is to adopt processes and the technology synergy, so when you’re “binding corporate rules.” The idea behind these is that DATA SECURITY BREACHES 27
  • 4. ADVERTISING SECTION P R I VA C Y: D A TA S E C U R I T Y B R E A C H E S • A r oundtabl e DISCUSSION you embed data privacy in the organization’s culture. So, for example, with employee data, you might develop a workforce data privacy policy. If you can show that that is binding and really enforceable within the organization, then you can take these rules and procedures to EU data protection authorities and get them approved, which then allows you to transfer data freely within the organization, without additional consent, or registering standard contract clauses. You have to keep the data protection authorities up to date if new members of the group come on board or if you change your processing significantly, but it should be a much-lighter-touch approach than the registration process. BROWNLEE: Binding corporate rules (BCRs) are a bit controversial, because they’re very expensive to develop and implement, and they only protect the flow of data among those corporate entities. For example, BCRs do not address the flow of information from an EU member state to a country that is deemed to have inadequate safeguards. Jason Doiy So it’s not a one-stop-shopping solution; you still have to layer BCRs with other privacy mechanisms, such as Safe Harbor certification. BOARDMAN: You make several good points. It is a pioneering effort. It started in 2003, and by 2005, we only had one “The idea behind binding corporate rules is that application that had been authorized. But there’s a real sense that it’s starting to become more manageable. The you embed data privacy in the organization's reason for the initial cost is you need to go and negotiate culture. With employee data, for example, you with the protection authorities, many of which have little expertise or familiarity with how organizations work. But might develop a workforce data privacy policy. If we’re starting to see a critical mass of applications come t hrough. you can show that that is binding and enforceable within the organization, you can have them My clients have been able to leverage existing privacy policies and procedures. And in some instances, once there approved by EU data protection authorities, which is a UK authorization, other data protection authorities are happy with that, and granted authorization on that basis then allows you to transfer data freely within alone. The advantage is once you have a BCR, there are the organization, without additional consent or registering standard contract clauses. “ fewer bureaucratic restrictions to them. If you have data that is going from the EU to a U.S. entity, which will then be transferred to a third party in the U.S., you would need separate contract terms to deal with that. But you would, in any event, under EU commission clauses or Safe Harbor. — Ruth Boardman MODERATOR: So how do companies best mitigate the risk? Bird & Bird BROWNLEE: Let’s use, as an example, the lawsuit filed against Accenture in 2007. The Connecticut Attorney provide that the vendor retains ownership/control at all General hired Accenture to transfer some taxpayer and other personally identifiable information into a PeopleSoft times, does not subcontract without your permission, uses database. A backup tape containing the information reasonable safeguards, and agrees to indemnify you in the was stolen. The state had a contract with Accenture event of a data breach. that included provisions requiring Accenture to employ reasonable safeguards. Accenture was subject to a Your agreement should include a clause requiring your negligence claim, and also breach of contract. The take- vendor to allow you to have a third party come in and audit away here is that you must have a written agreement with all third parties transferring or processing your data, your service provider’s information systems and ensure that whether an information destruction/storage vendor or your service provider notifies you within a very short period an electronic discovery provider. The agreement should of time if there is any sort of breach or suspected breach. 28 DATA SECURITY BREACHES
  • 5. ADVERTISING SECTION ADVERTISING SECTION P R I VA C Y: D ATA S E C U R I T Y B R E A C H E S • A r oundtabl e DISCUSSION DENNEDY: My favorite phrase in contract negotiations is it. When you appoint a third party to hold the information “from time to time.” Every now and again we get this or to do anything with the information on your behalf, then clause in an outsourcing context or some context that you are responsible for what that third party does. So, if is a data-intensive relationship. It will say, “reasonable there is a security breach, then you are still on the hook to security as may change from time to time.” “Reasonable” individuals, even though it might be the third party who was five years ago did not include comprehensive encryption. responsible. Again, there are a couple of nice examples of “Reasonable” five years ago did not require background this in the UK involving lost laptops that weren’t encrypted. checks for every single worker in every single facility. That In each case, it was the client organization that ended up clause is going to screw you later. The most important on the receiving end of an enforcement notice from the element of mitigating legal risk in the contracting context Information Commissioner, which required the client to roll is to really understand the deal. You need to really out encryption and caused the organization and contractor understand the scope and the shape and the possibility of to report back on a regular basis to the commissioner. data transfer, either from individual contractors that come in, or people who are able to somehow carry your data out. So I reinforce the point that having appropriate contract Really do your homework. As a lawyer, you need to become terms is vital. You want to be checking your contract and a much bigger player in the decision-making process. In looking at that indemnity. the statement of work, you need to understand what kind of information needs to be transferred from organization to BROWNLEE: There are four practical ways to mitigate or organization and to various downstream processing, and in prevent data breaches. The first one is obvious: don’t what context. You have to be very careful in the indemnity collect what you don’t need. Secondly, destroy or redact section. It plays both ways. Auditing is one of hottest what you don’t need. Follow the federal laws, such as negotiation topics right now because, inherently, by having FACTA, on secure disposal of personally identifiable a third-party auditor in my data center, I am compromising the security of my other customers or I’m possibly exposing information. Thirdly, ensure that any laptops you recycle, them to third-party distribution, under law, by allowing donate to charity or send back to a vendor are scrubbed. them in. In laying out the deal, look at what people really Lastly, conduct a conduct a privacy impact assessment need access to the data, not based on any hierarchy or prior to the launch of any new product or service. Encourage organization chart, but by what role they really perform. your teams—marketing, IT, product development, legal—to review what information can be collected from the product, BOARDMAN: I would completely agree with everything that and what the legal ramifications are. Michelle and Charlene have said about risk, and would add two additional points. One is there are specific obligations DENNEDY: There are technical solutions out there. I won’t in the EU when you appoint the kind of third party that make a company pitch. I agree with Ruth and Charlene, Charlene mentioned; in EU terms, this agent is called though—don’t collect more than you need, and don’t travel a processor. But if you do due diligence and take the with more than you need. There are various strategies approach that’s been described, then you will do what is where you can take advantage of server-based computing required in the EU. The other point to note is that in the to keep your crown jewels in a place where IT professionals EU, under the Data Protection Directive, if you are the are surrounding them with, truly, not just “the reasonable organization that controls the data, you’re responsible for security from time to time” but actual security. DATA SECURITY BREACHES 29
  • 6. ADVERTISING SECTION P R I VA C Y: D A TA S E C U R I T Y B R E A C H E S • A r oundtabl e DISCUSSION CHARLENE A. BROWNLEE is a partner with the law firm Davis Wright Tremaine LLP. She advises clients on global privacy and data security matters, development of records management programs, e-discovery best practices and technology transactions. She co-authored the legal treatise Privacy Law (Law Journal Press). Charlene has lectured and published widely on privacy, records management and e-discovery. She is a US delegate for the APEC Privacy Data Security Working Group and serves on the University of Washington's Advisory Board for its EDiscovery Certification Program launching in 2009. DAVIS WRIGHT TREMAINE LLP The regulation of privacy and data security continues to expand at both a state and federal level. We can assist your organization in determining what policies, procedures and technology are required to comply and ensure proactive information governance. From developing record retention schedules and litigation hold policies, to advising on responding to a data breach, we have the experience and business oriented perspective that clients value. RUTH BOARDMAN is a partner in the London office of Bird & Bird. Ruth advises on all aspects of European information law, including data protection, freedom of information, database rights and confidentiality, with a specific emphasis on IT, e-commerce and public procurement. She is the co-author of Data Protection Strategy, published by Sweet & Maxwell. She also edits the Encyclopedia of Data Protection, from the same publisher, and is on the editorial board of Data Protection Law & Policy. BIRD & BIRD is a leading European and Asian law firm, with offices in Belgium, Czech Republic, Finland, France, Germany, Hungary, Italy, Poland, PRC, Slovakia, Spain, Sweden, The Netherlands and The UK. We are ranked as a leading firm for data privacy advice, where we advise a wide range of international companies as well as companies for whom personal data is a key asset. We provide a full range of legal services: commercial, corporate, corporate restructuring & insolvency, dispute resolution, employment, EU & competition law, finance, intellectual property, outsourcing, public procurement, real estate and regulatory & administrative tax. MICHELLE DENNEDY is Chief Privacy Officer for SUN MICROSYSTEMS, INC. Michelle is responsible for the continued development and implementation of Sun’s data privacy policies and practices, working across Sun’s business groups to drive the company’s continued data privacy excellence. Data privacy is a cornerstone of Sun’s approach to compliance with complex, demanding regulations including Sarbanes-Oxley, the EU Directive, California State Senate Bills, as well as escalating policy and process-oriented requirements being imposed globally. Michelle also works with Sun’s product development teams and partners to deliver best-practice privacy enabling products and services. She is the co-founder of Sun’s internal Privacy Council, an organization that includes and engages with stakeholders from across the company and is dedicated to promoting and promulgating a cohesive practice throughout the organization to protect Sun’s relationships with its customers. JAN BROWN & ASSOCIATES is a worldwide deposition reporting and legal video company. We offer the latest in technical expertise and the highest quality in the rendition of these services. Our services include realtime depositions, video conferencing, full service legal videography, document scanning, on-line repository, DVD or CD-ROM, case management services for large complex cases. We are Certified Livenote Providers and offer conference rooms. Our services are utilized by the top firms in the country and we are the court reporters and videographers of choice. www.janbrownassociates.com 800.522.7096 30 DATA SECURITY BREACHES