Social Media: Impact and Implications for Corporate PrivacyRead more >
After multiple newsworthy data breaches in recent times, IT security and privacy governance has gained importance across the globe. Most organizations have established security and compliance policies and procedures to protect their intellectual property and corporate assets, especially in the IT space. As companies transition their applications and data to the cloud, it is critical for them to maintain, or preferably surpass, the level of security they had in their traditional IT environment. Leaders are also responsible for defining policies to address privacy concerns and raise awareness of data protection within their organization, and for ensuring that their cloud providers adhere to the defined privacy policies. Failure to ensure IT Security when using cloud services could ultimately result in higher costs and potential loss of business, thus eliminating any of the potential benefits of the cloud.
While security and privacy are related, they are also distinct. IT security is primarily concerned with defending against attacks, not all of which are aimed at stealing data, while privacy is specifically related to personal data held by an organization, which may be endangered by negligence or software bugs, not necessarily by malevolent persons. On this webinar our panel of experts will address some of the key distinctions, and discuss some best practices for managing IT security and implementing privacy governance for the cloud.
Personal data of individuals – consumers and employees – is in constant motion across international borders. Nonetheless, existing privacy laws purport to prohibit organizations in many countries from transferring data to another jurisdiction in the absence of adherence to various legal frameworks or contractual mechanisms designed to enhance the protection of personal data.
Those legal frameworks suffered a blow last year when the European Court of Justice struck down the 15 year old Safe Harbor Framework. A year later, the EU-US Privacy Shield Framework has been approved as a replacement, and many companies have begun to certify, but the new Framework remains subject to potential legal challenge. Other European data transfer mechanisms – standard contractual clauses and Binding Corporate Rules – are also subject to legal challenge. And other jurisdictions around the globe in South America, Asia and elsewhere, are imposing restrictions on the transfer or personal data and in some cases even calling for data localization. Yet, data continues to flow in real-time.
What does it mean in the real world? What are the real risks for multinational data owners and for service providers that process data of such data controllers? This presentation will distinguish fact from fiction and provide practical tools for companies that are struggling (understandably) to wrap their virtual arms around the world.
Employees leave organizations each year, but did your sensitive data leave with them? Osterman Research found that 39% of companies are not sure that they have recovered all corporate data assets, posing a significant risk in terms of data breach, regulatory and compliance implications, while leaving IT trying to locate and contain sensitive information.
This presentation with Michael Osterman, president of Osterman Research, as he shares new research, and Drew Nielsen, Director of Enterprise Security, Druva. Key learnings include:
* Understanding your organization's data vulnerabilities for data exfiltration
* Recommended technologies, policies, and procedures to protect critical information
* Preparation that can save IT time from potential audits, investigations or litigation
In the age of the customer and data hacks a brand’s reputation can come down to their ability to protect customer data. The transparency that will develop between brand and consumer with the upcoming General Data Protection Regulation (GDPR) will provide organizations with an opportunity to empower and build trust with their customer.
Armed with a unified and single view of the customer, brands will be able to truly personalize the customer journey while maintaining compliance and securing customer data.
Hear from Lewis Barr and David Fowler as they discuss how to turn the GDPR into business opportunity while focusing on the following topics:
- Heightened consent requirements and consent lifecycle management
- Expanded privacy notice requirements
- Data subject access rights (SARs) and fulfillment requirements
- Business exposure and liability for failing to meet these GDPR requirements
- Practical next steps to achieve operational readiness
About the Presenters:
Lewis manages Janrain’s legal compliance and privacy functions as the company continues its international expansion. He brings more than 15 years of leadership in a wide range of legal and privacy-related matters for growing technology companies. Lewis also utilizes his diverse background as a litigator in private practice, federal appeals court staff attorney, and teacher.
David is the Head of Digital Compliance at Act-On Software and is responsible for all issues pertaining to digital compliance, including email deliverability, privacy compliance, and industry stewardship in regard to our customers and our corporate objectives. David has over 20 years’ experience providing senior leadership in the marketing industry. In the last nine years, he has been strictly focused on issues associated with email marketing, deliverability, digital marketing, and privacy compliance.
Data privacy isn’t an easy task, you need to ensure the security of sensitive information while complying with a variety of regulations. But data privacy never ends and the laws are constantly changing. The answer? A data-centric security strategy covers all corporate data, so you can connect everyone to everything while staying in complete control. The challenge? Knowing where all your mainframe data is located, how it’s being used, who has access to it, and whether it’s compliant with industry regulations.
Join Stuart McIrvine, Vice President of Mainframe Security Product Management to cover the foundation of building data-centric security strategies that cover all corporate data, simplify regulatory compliance, and outline how to leverage security as a competitive advantage, from mobile to mainframe.
Nicola Franchetto will discuss in a practical and business oriented way, the new provisions of the GDPR and how the PLA Code of Conduct supports compliance with the forthcoming EU Data Protection Legislation. More precisely, Franchetto will highlight the true privacy compliance “game changers” introduced by the GDPR and offer the audience practical inputs on how to set up a sound and effective corporate Data Protection Compliance Programme, which will also include having a PLA in place with Cloud Service Providers.Read more >
This session will look at some of the recent changes in the regulatory landscape as well as what we can anticipate in the near future. We will try to discern any trends in these developments and discuss how a global company could respond.
Boris joined Accenture in April 2007 and is Responsible for data privacy compliance in the EALA (Europe Africa and Latin America) region. His duties include helping to establish and maintain a progressive Client Data Protection Programme, advising on client and vendor contracts, carrying out privacy impact assessments on new client offerings or new internal systems, managing a network of DPOs, liaising with regulators, promoting Accenture’s BCR application, anticipating regulatory changes and making sure the business stays compliant.
Before moving to Accenture, Boris spent three years at the UK regulator, the Information Commissioner, looking at the world through the eyes of the game keeper, where he advised on data privacy and freedom of information case work and liaised with other European regulators to kick start an unprecedented approvals process known as ‘Binding Corporate Rules’.
His other experience includes six years in private practice as a commercial lawyer specialising in Data Privacy matters and three years in Brussels including spells as press officer of a parliamentary group, an assistant to an MEP, a paralegal at Lovell White Durrant and a stagiaire at the Internal Market Directorate General of the European Commission.
Digital Transformation is a trend and topic of conversation transcending technology and business professionals; but what is it, and where do you get started? Join Julia White, Corporate Vice President, as she discusses the principles of digital transformation and provides examples of how companies are embracing the potential for change and evolution today.Read more >
Join Bret Arsenault, Worldwide Corporate Vice President and Chief Information Security Officer, Microsoft for a technical deep dive into why security should be at the core of your digital transformation strategy.
Digital transformation presents a host of security challenges for the modern enterprise, from increasingly sophisticated external threats to the internal challenges of new technology adoption and changing business strategies. In this 30-minute presentation, Bret Arsenault, Microsoft CVP and CISO, will discuss how security is at the center of Microsoft’s digital transformation. Sharing the learnings and lessons gleaned from his unique role within Microsoft, from dealing with demanding executive leadership to keeping the enterprise secure in an ever-evolving landscape, Arsenault will touch on the security issues that need be top-of-mind for every C-level executive.
Corporate breaches continue to succeed because attackers can steal the legitimate identities of your employees and use those identities to attack your infrastructure. Far deadlier than malware based attacks, identity based attacks can go undetected for months or years because perpetrators impersonate the methods used by your various privileged accounts as if they were that user. Attackers have changed their methods from the now outdated malware based attacks to the evolved identity based attacks. Learn how analytics, deception, and data streams are saving the security industry, or would have at least saved the Democratic National Committee.
Robert Johnston, CISSP
Behavior Analytics, Active Defense, President & CEO Adlumin.com, Technology Entrepreneur
Previously Mr. Johnston worked in the private sector as a principal consultant at CrowdStrike, Inc as an incident response expert conducting engagements against nation state, criminal, and hacktivist organizations across a variety of industry sectors.
Previously Mr. Johnston served as an officer in the United States Marine Corps. As a Marine Officer he was the Team Lead of 81 National Cyber Protection Team, Cyber National Mission Force and the Director of the Marine Corps Red Team. He is an accomplished leader and technical expert within the cyber security community. Mr. Johnston is a 2008 United States Naval Academy graduate with a degree in Information Technology.
He has published multiple projects and articles in industry relevant magazines and peer reviewed journals. An avid speaker within the cyber security community (ISC)2 awarded him runner up for the best up-and-coming cyber security professional in North, Central, and South America and the winner of the 2015 Community Awareness Government Information Security Leadership Award. Mr. Johnston can be followed on Twitter at @dvgsecurity.
Join us for this timely discussion with privacy and data security experts. With ever looming environmental threats such as of ransomware, data theft, denial-of- service attacks, every organization and every industry must be focused on IT security. However, there is a delicate balance and frequent conflicts between the idea of information privacy and security.
How much individual privacy can be expected in an inter-connected world? How much should be sacrificed for the sake of maximizing corporate security? And where (if anywhere) can the lines between personal and corporate be drawn? How do these issue impact policies, training and security surrounding even the most simple of business communication tools: email.
This presentation will provide an overview of the privacy vs. security challenges and explore specifically how these issues are impacting the issue of user email credentials and email vulnerabilities. This is especially critical given that emails are the number one contributor to data breaches. In fact, 63% of breaches in the US last year were the result of a compromised email credential.
We will then a) discuss common misperceptions and security holes that can lead to ransomware and other malware vulnerabilities, b) compare the various alternatives for proactively addressing these vulnerabilities, and c) discuss strategies for preventing and responding to cyberattacks.
From whistle blower allegations, government inquiries and subpoenas, to corporate due diligence, Foreign Corrupt Practices Act (“FCPA”) violations, and financial fraud – corporate counsel must collect and produce greater amounts of data from around the globe. Besides basic logistical issues, various tiers of data privacy restrictions complicate the process, requiring an in-depth knowledge of data storage technology and practices, multinational data transfer regulations, and general e-discovery best practices. For example, if data is required in response to a regulatory request in the United States, yet the custodians are based in France and Germany, how can the data be collected and reviewed in a defensible manner in compliance with EU as well as French and German data privacy laws? This program will outline the key considerations and best practices for collecting and assessing data in a defensible and secure manner.Read more >
Not a day seems to go by without an announcement of a brand and a recent data compromise. Will yours be next?
In this session, David Fowler, Chief Privacy & Deliverability Officer, Act-On Software will discuss ways to protect your brand, provide a “State of the State” of commercial email and provide information on tools you can use to protect your reputation.
David is responsible for all issues pertaining to Email Deliverability and Privacy compliance pertaining to our clients and corporate objectives alike.
David brings over 20 years of experience of senior leadership in the marketing industry including the last nine years strictly focused on the issues associated with email marketing, deliverability, digital marketing and privacy compliance.
Prior to joining Act-On, David held US and European based Senior Management positions focused on Deliverability, Digital Privacy, Sales, Marketing, Business Development and Product Management with such companies as: Marketfish, Lyris Technologies, Blue Hornet / Digital River and Yesmail.
David graduated from Marlyhurst College, Portland Oregon.
With the increased complexity of today’s cybersecurity threats and the need to meet regulatory compliance, organizations are looking to internal controls, employing monitoring and analytics to meet these challenges. But for many, addressing the misconceptions of employee monitoring versus managing data protection, data governance and meeting new regulatory requirements requires a new approach.
Join Hogan Lovells' corporate data privacy and cybersecurity experts, Harriet Pearson and James Denvil, and Forcepoint Deputy CISO Neil Thacker, as they analyse the goals, requirements and considerations for undertaking security programs that involve both device and employee monitoring.
They will discuss:
• How device and employee monitoring can identify insider threats from accidental, malicious and compromised activities
• Review key regional privacy regulations from 15 countries including US and EU (France, Germany, UK etc)
• Considerations on monitoring communication channels including email, web usage, BYOD and privileged access
• Review laws on screen video capture and keylogging
• Approaches to behavioural monitoring to understand intent
Harriet Pearson, Partner, Hogan Lovells
Internationally recognized as a corporate data privacy and cybersecurity pioneer, Harriet has acquired decades of leading-edge experience advising companies.
Neil Thacker, Deputy CISO, Forcepoint
Neil has over 20 years’ experience within the IT and Information Security industry. As Deputy CISO for Forcepoint, Neil offers advice to the security community around their security posture, business processes and the application of security technologies.
James Denvil, Senior Associate, Hogan Lovells
James regularly advises clients on a range of technology issues, including implementing Big Data technologies, incident response, privacy risk assessments and mitigation, and employee monitoring.
Mobile technology is driving a massive shift in the IT department’s ability to support the way people want to work and collaborate. In this era of enterprise mobility management (EMM), modern enterprises must deliver native mobile experiences that are available to users anywhere and anytime while ensuring that IT can secure corporate information everywhere.
In this webinar, MobileIron and FireEye experts will speak to:
- What trends we're seeing in the updated mobile security landscape
- How joint customers are leveraging their integrated solution in their corporate environments
- An overview of MobileIron and FireEye's combined solution
This session will also include a preview of what’s coming with FireEye Security Orchestrator and MobileIron’s integration with FireEye’s newest product.