There are many challenges for data privacy legislation within a boundary-less cloud computing and World Wide Web environment. Despite its importance, there is limited research around data privacy law gaps and alignment, and the legal side of the security ecosystem seems to constantly be playing catch-up.
This research is supported by STRATUS (Security Technologies Returning Accountability, Trust and User-Centric Services in the Cloud) (https://stratus.org.nz),
Privacy vs. security, security vs. privacy… the debate is ongoing. Why can’t we have both? Good news: by leveraging the appropriate mix of policies, procedures and enabling technologies, it is possible to secure data AND control access to it in a way that ensures proper application of privacy policies.Read more >
After multiple newsworthy data breaches in recent times, IT security and privacy governance has gained importance across the globe. Most organizations have established security and compliance policies and procedures to protect their intellectual property and corporate assets, especially in the IT space. As companies transition their applications and data to the cloud, it is critical for them to maintain, or preferably surpass, the level of security they had in their traditional IT environment. Leaders are also responsible for defining policies to address privacy concerns and raise awareness of data protection within their organization, and for ensuring that their cloud providers adhere to the defined privacy policies. Failure to ensure IT Security when using cloud services could ultimately result in higher costs and potential loss of business, thus eliminating any of the potential benefits of the cloud.
While security and privacy are related, they are also distinct. IT security is primarily concerned with defending against attacks, not all of which are aimed at stealing data, while privacy is specifically related to personal data held by an organization, which may be endangered by negligence or software bugs, not necessarily by malevolent persons. On this webinar our panel of experts will address some of the key distinctions, and discuss some best practices for managing IT security and implementing privacy governance for the cloud.
Personal data of individuals – consumers and employees – is in constant motion across international borders. Nonetheless, existing privacy laws purport to prohibit organizations in many countries from transferring data to another jurisdiction in the absence of adherence to various legal frameworks or contractual mechanisms designed to enhance the protection of personal data.
Those legal frameworks suffered a blow last year when the European Court of Justice struck down the 15 year old Safe Harbor Framework. A year later, the EU-US Privacy Shield Framework has been approved as a replacement, and many companies have begun to certify, but the new Framework remains subject to potential legal challenge. Other European data transfer mechanisms – standard contractual clauses and Binding Corporate Rules – are also subject to legal challenge. And other jurisdictions around the globe in South America, Asia and elsewhere, are imposing restrictions on the transfer or personal data and in some cases even calling for data localization. Yet, data continues to flow in real-time.
What does it mean in the real world? What are the real risks for multinational data owners and for service providers that process data of such data controllers? This presentation will distinguish fact from fiction and provide practical tools for companies that are struggling (understandably) to wrap their virtual arms around the world.
This session will look at some of the recent changes in the regulatory landscape as well as what we can anticipate in the near future. We will try to discern any trends in these developments and discuss how a global company could respond.
Boris joined Accenture in April 2007 and is Responsible for data privacy compliance in the EALA (Europe Africa and Latin America) region. His duties include helping to establish and maintain a progressive Client Data Protection Programme, advising on client and vendor contracts, carrying out privacy impact assessments on new client offerings or new internal systems, managing a network of DPOs, liaising with regulators, promoting Accenture’s BCR application, anticipating regulatory changes and making sure the business stays compliant.
Before moving to Accenture, Boris spent three years at the UK regulator, the Information Commissioner, looking at the world through the eyes of the game keeper, where he advised on data privacy and freedom of information case work and liaised with other European regulators to kick start an unprecedented approvals process known as ‘Binding Corporate Rules’.
His other experience includes six years in private practice as a commercial lawyer specialising in Data Privacy matters and three years in Brussels including spells as press officer of a parliamentary group, an assistant to an MEP, a paralegal at Lovell White Durrant and a stagiaire at the Internal Market Directorate General of the European Commission.
Recent legal debates about the encryption of mobile devices have elevated the topic of enterprise security and its implications on end-user privacy. For example, in the aftermath of the San Bernardino tragedy, we learned that enterprise-managed mobile devices can be remotely unlocked by the IT administrator.
To provide more insight on this complex topic, MobileIron is hosting a panel discussion with mobile security and privacy experts to share what CIOs need to know about mobile security and end-user privacy. Panelists will discuss the implications of the San Bernardino case and how this case helps illustrate best practices for balancing the need for enterprise security with respect for employee privacy.
How can telecoms innovate with data and at the same time ensure the privacy of their customers' sensitive information?
The vast quantities of customer data held by telecoms companies present a largely untapped opportunity for business intelligence, but how can telecoms innovate with data whilst ensuring the privacy of their customers' sensitive information?
Watch this short video of Privitar Senior Account Director for Telecommunications, James Kenney, in which he talks about the privacy challenges facing telecoms companies today.
GDPR and Beyond: The real Security and Data Life Cycle Management challenges posed and opportunities identified
This webinar covers key topics including:
-GDPR and why it matters
-Best practises framework for data privacy regulations – GDPR and others
-How to get Senior Management “on board”
-How to get started with GDPR infrastructure
-View of befits beyond GDPR
With the advent of Big Data comes not only new ways to optimise business and marketing processes, but also new concerns over the control and privacy of personal data.
These have given rise to local and regional data protection laws and regulations such as the General Data Protection Regulation (GDPR), a modernisation of data protection laws in the European Union, and the Australian data breach notification law, an amendment to the Privacy Act 1988 (Cth) which introduces a mandatory scheme for eligible organisations and federal agencies to report data breaches.
Data breach notifications give individuals greater control over their personal data and promote transparency over information handling practices, fostering consumer trust in businesses. The law requires businesses to prepare and assess risks to maintain brand confidence even if an incident becomes the next data breach headline.
Join this webinar to learn about:
- New challenges introduced by the Australian mandatory data breach notification law
- Key steps in the journey towards data privacy compliance
- How to monitor insider threats
- How to leverage these regulations to gain trust and ensure great customer experiences
We look forward to your participation in this free webinar.
Ensuring a digital presence is essential in Financial Services today. People expect a level of speed, relevance and intelligence from their banks that is unprecedented. But keeping up with the changes driven by leaner, smaller companies in a fast adapting space is a real challenge.
So how does your organization measure up? How can you reach both your retail and corporate customers to provide a seamless, relevant and efficiency experience for them? And how can you innovate with so much red-tape to get through?
Join this presentation and discover how you can:
- Break down silos preventing your digital transformation
- Analyze your security, compliance and privacy issues
- Utilize business intelligence to gain real insights
What are some of the key challenges that organisations face when adopting a Data as a Service (DaaS) approach?
How can Privacy Engineering help?
Here you can find a short video interview with David Roberts, Technical Sales at Privitar, in which he talks about some of the challenges of adopting a Data as a Service (DaaS) approach, and how best to overcome them.
The General Data Protection Regulation (GDPR), a key legislation covering privacy rights, data security, data control, and governance, is going into effect in May 2018. As organizations are scrambling to achieve GDPR compliance before the May 25th deadline, some are still not clear on the exact GDPR requirements.
Join this panel of experts as they discuss:
- The regulatory landscape in 2018
- What GDPR means for you and your organization
- GDPR requirements around data collection and governance, exposure and breach disclosure, identity and privacy
- Evaluating your cyber risk
- Last minute changes your organization needs to make
- Failure to comply & fines
- Recommendations for achieving compliance and other regulation on the horizon.
- Michelle Dennedy, VP & Chief Privacy Officer at Cisco
- Ariel Silverstone, Managing Partner, Data Protectors
- Paul Rosenzweig, Principal at Red Branch Consulting
From admission and discharge to billing and record keeping, today’s hospitals use technology along every point of the care continuum. But challenges remain, especially when so many clinicians and staff access patient records across multiple points, and often on different equipment.
Health IT leaders must safeguard patient data not only on desktop computers, but on hand-held devices, remote monitoring equipment, patient and physician portals, and more.
Watch this webinar and learn how to:
- Use multiple technologies to boost physician access
- Implement new processes to speed up patient experiences
- Ensure data security across every device and equipment
Learn how the EU General Data Protection Regulations affect US based companies.
Join CyberDefenses and Privacy Ref's Bob Siegel to review how the GDPR directly impacts US based corporations. These far-reaching regulations impact any company that stores or transmits identifying information of any individual within the EU.
In this webinar, you will be introduced to the basic elements of the GDPR and you will discuss the requirements that require action for US focused companies.
About Bob Siegel:
President and founder of Privacy Ref, Inc., Bob Siegel, started the company in 2012. After his time as Senior Manager of Worldwide Privacy and Compliance at Staples, Inc., Bob applied his experience and expertise to assisting companies implement and maintain strong privacy programs. Bob has worked with many different organizations, dealing with programs of all sizes and regulatory needs.
Always seeking to improve his own understanding of all things privacy, Bob has earned certifications from the International Association of Privacy Professionals. These include certifications in US private and public sector, European, and Canadian privacy laws. Bob has also earned certifications in Information Technology Privacy and Privacy Program Management. Bob Siegel has also been recognized as a Fellow of Information Privacy by the IAPP for his outstanding dedication to the privacy community. He has also served on the IAPP's Certification Advisory Board for the CIPM program and the IAPP's Publication Advisory Board. Bob also serves on the IAPP’s teaching faculty leading classes in the areas in which he is certified.
CyberDefenses is a premiere cyber security services organization, providing advanced security services to the commercial and federal sectors. CyberDefenses Academy provides advanced training the IT, security and privacy professionals that wish to be at the top of their field.
Relying on third parties is how business gets done, however, third-party risk management is not without challenges. Using third parties increases risks associated with compliance, data security, and privacy. What are these risks? How would a third-party data breach impact your organization? Are they behind the curve on privacy? Should you be concerned about fourth parties?
In this webinar, LockPath and SecurityScorecard discuss the risks vendors and third parties can bring to your company and strategies for managing them, including:
• The impact of increased regulatory oversight for vendors and third parties
• The potential and peril of third-party data breaches
• How third-party risk is being viewed as enterprise-wide risk
• The role of technology on the third-party and vendor risk management lifecycle
The Equifax breach provided a unique look into “how” many breaches occur. In Equifax’s case, hackers exploited an unpatched Apache Struts component, resulting in the exposure of over 140 million consumer records. The exploit of this vulnerability highlights the need for visibility to open source in custom applications and just how ineffective traditional security solutions are when it comes to open source vulnerabilities.
Further, while class action lawsuits have already begun, Equifax faces other regulatory challenges as well. The US Federal Trade Commission started investigations into the company’s security policies and controls that will likely result in financial penalties. Since the exposed data included non-US citizens, foreign data protection and data privacy regulations also come into play.
Join Mike Pittenger and Bob Canaway as they discuss how organizations can more effectively manage open source, the strengths and weaknesses of testing methodologies in identifying vulnerable open source components, and how data privacy standards such as PCI, Section 5 of the FTC Act, and GDPR necessitate a change in how organizations address vulnerabilities in their code.
GDPR compliance designed to protect personal information of EU citizens will be a complex and time-consuming undertaking for most organizations. The challenge is interpreting the regulation and incorporating the appropriate processes and technologies to protect personal data of EU employees. The discussions will start with establishing a Privacy program to support data strategy and drive a compliance roadmap. In this webinar, Templar Shield’s Ilanko Subramaniam and LockPath’s Shane Westrup will discuss the basic tenets of the General Data Protection Regulation, building out a data privacy and security program, and utilizing tools to help your organization establish the necessary framework to comply with this regulation.
Disclaimer/No Attorney-Client Relationship/No Legal Advice
The information presented is not legal advice or a legal opinion, and it may not necessarily reflect the most current legal developments. You should seek the advice of legal counsel of your choice before acting upon any of the information presented
The GDPR is the most significant change in data privacy regulation in more than 20 years. It comes into force on 25 May 2018 and will impact all businesses that process personal data or businesses that process personal data of EU citizens even if they are not in the EU. Obligations for compliance will affect both controller and processors and regulators will get increased enforcement powers and the right to impose fines of up to 4% of global turnover for both data breaches and infringements of the law.
Attend this CPE accredited educational webinar with our panel of experts to learn what you need to know about the GDPR and how to remain compliant.
- Learn how to prepare for GDPR implementation
- Identify the real life challenges of compliance
- Learn about prioritizing plans and actions to effectively prepare for data protection
- Discover some of the benefits, approaches, and tools to comply with the GDPR
Privacy Shield has replaced Safe Harbor as the standard for to regulate software when dealing with the European Union. Over 4000 US companies are said to be impacted. Privacy Compliance by Design is at the forefront in assisting companies with rethinking their software strategy to reduce risks to security and compliance. Join special guests Emerald de Leeuw, CEO Eurocomply and Don Cox, former CISO for this update on the latest around Privacy Shield and Implementing policies to enable security and compliance as part of your Cloud Center of Excellence.Read more >
There's no such thing as bad publicity? In the era of data breaches, that's not really true. Time and again in recent years, the mighty have fallen. And as sensitive data reaches the hands of bad guys the world over, so go the fates of customers and companies alike. That's why security is the fastest growing sector of enterprise IT today, with privacy issues front and center.
Register for this episode of The Briefing Room to hear veteran Analyst Dr. Robin Bloor explain why companies need to pay serious attention to the ever-growing importance of privacy, not just security. He'll be briefed by Jay Irwin of Teradata and Carole Murphy of HPE Security, who will demonstrate how their technologies can be combined to create a robust privacy infrastructure that allows organizations to avoid data breaches, or at least keep the data encrypted, thus avoiding the damage of a breach.