There are many challenges for data privacy legislation within a boundary-less cloud computing and World Wide Web environment. Despite its importance, there is limited research around data privacy law gaps and alignment, and the legal side of the security ecosystem seems to constantly be playing catch-up.
This research is supported by STRATUS (Security Technologies Returning Accountability, Trust and User-Centric Services in the Cloud) (https://stratus.org.nz),
Do you understand the nuances between data security and data privacy? Have you identified the critical data that should and shouldn’t live in the cloud? Who owns your data if a breach occurs and what impact will that have on your business? NetApp is launching an ongoing webcast series that will dive into issues that everyone needs to consider when using cloud computing.
To kick off the series, we sit down with Sheila FitzPatrick, one of the world’s leading experts in data privacy laws. With over thirty years of experience, she provides expertise and hands-on experience in the areas of global data protection compliance, data sovereignty, cybersecurity regulations and obligations, legal issues associated with cloud computing and big data, data breach compliance and management, and records management.
Join Sheila to learn how to better manage your data privacy over the cloud.
Privacy vs. security, security vs. privacy… the debate is ongoing. Why can’t we have both? Good news: by leveraging the appropriate mix of policies, procedures and enabling technologies, it is possible to secure data AND control access to it in a way that ensures proper application of privacy policies.Read more >
After multiple newsworthy data breaches in recent times, IT security and privacy governance has gained importance across the globe. Most organizations have established security and compliance policies and procedures to protect their intellectual property and corporate assets, especially in the IT space. As companies transition their applications and data to the cloud, it is critical for them to maintain, or preferably surpass, the level of security they had in their traditional IT environment. Leaders are also responsible for defining policies to address privacy concerns and raise awareness of data protection within their organization, and for ensuring that their cloud providers adhere to the defined privacy policies. Failure to ensure IT Security when using cloud services could ultimately result in higher costs and potential loss of business, thus eliminating any of the potential benefits of the cloud.
While security and privacy are related, they are also distinct. IT security is primarily concerned with defending against attacks, not all of which are aimed at stealing data, while privacy is specifically related to personal data held by an organization, which may be endangered by negligence or software bugs, not necessarily by malevolent persons. On this webinar our panel of experts will address some of the key distinctions, and discuss some best practices for managing IT security and implementing privacy governance for the cloud.
Personal data of individuals – consumers and employees – is in constant motion across international borders. Nonetheless, existing privacy laws purport to prohibit organizations in many countries from transferring data to another jurisdiction in the absence of adherence to various legal frameworks or contractual mechanisms designed to enhance the protection of personal data.
Those legal frameworks suffered a blow last year when the European Court of Justice struck down the 15 year old Safe Harbor Framework. A year later, the EU-US Privacy Shield Framework has been approved as a replacement, and many companies have begun to certify, but the new Framework remains subject to potential legal challenge. Other European data transfer mechanisms – standard contractual clauses and Binding Corporate Rules – are also subject to legal challenge. And other jurisdictions around the globe in South America, Asia and elsewhere, are imposing restrictions on the transfer or personal data and in some cases even calling for data localization. Yet, data continues to flow in real-time.
What does it mean in the real world? What are the real risks for multinational data owners and for service providers that process data of such data controllers? This presentation will distinguish fact from fiction and provide practical tools for companies that are struggling (understandably) to wrap their virtual arms around the world.
This session will look at some of the recent changes in the regulatory landscape as well as what we can anticipate in the near future. We will try to discern any trends in these developments and discuss how a global company could respond.
Boris joined Accenture in April 2007 and is Responsible for data privacy compliance in the EALA (Europe Africa and Latin America) region. His duties include helping to establish and maintain a progressive Client Data Protection Programme, advising on client and vendor contracts, carrying out privacy impact assessments on new client offerings or new internal systems, managing a network of DPOs, liaising with regulators, promoting Accenture’s BCR application, anticipating regulatory changes and making sure the business stays compliant.
Before moving to Accenture, Boris spent three years at the UK regulator, the Information Commissioner, looking at the world through the eyes of the game keeper, where he advised on data privacy and freedom of information case work and liaised with other European regulators to kick start an unprecedented approvals process known as ‘Binding Corporate Rules’.
His other experience includes six years in private practice as a commercial lawyer specialising in Data Privacy matters and three years in Brussels including spells as press officer of a parliamentary group, an assistant to an MEP, a paralegal at Lovell White Durrant and a stagiaire at the Internal Market Directorate General of the European Commission.
Recent legal debates about the encryption of mobile devices have elevated the topic of enterprise security and its implications on end-user privacy. For example, in the aftermath of the San Bernardino tragedy, we learned that enterprise-managed mobile devices can be remotely unlocked by the IT administrator.
To provide more insight on this complex topic, MobileIron is hosting a panel discussion with mobile security and privacy experts to share what CIOs need to know about mobile security and end-user privacy. Panelists will discuss the implications of the San Bernardino case and how this case helps illustrate best practices for balancing the need for enterprise security with respect for employee privacy.
GDPR and Beyond: The real Security and Data Life Cycle Management challenges posed and opportunities identified
This webinar covers key topics including:
-GDPR and why it matters
-Best practises framework for data privacy regulations – GDPR and others
-How to get Senior Management “on board”
-How to get started with GDPR infrastructure
-View of befits beyond GDPR
With the advent of Big Data comes not only new ways to optimise business and marketing processes, but also new concerns over the control and privacy of personal data.
These have given rise to local and regional data protection laws and regulations such as the General Data Protection Regulation (GDPR), a modernisation of data protection laws in the European Union, and the Australian data breach notification law, an amendment to the Privacy Act 1988 (Cth) which introduces a mandatory scheme for eligible organisations and federal agencies to report data breaches.
Data breach notifications give individuals greater control over their personal data and promote transparency over information handling practices, fostering consumer trust in businesses. The law requires businesses to prepare and assess risks to maintain brand confidence even if an incident becomes the next data breach headline.
Join this webinar to learn about:
- New challenges introduced by the Australian mandatory data breach notification law
- Key steps in the journey towards data privacy compliance
- How to monitor insider threats
- How to leverage these regulations to gain trust and ensure great customer experiences
We look forward to your participation in this free webinar.
Ensuring a digital presence is essential in Financial Services today. People expect a level of speed, relevance and intelligence from their banks that is unprecedented. But keeping up with the changes driven by leaner, smaller companies in a fast adapting space is a real challenge.
So how does your organization measure up? How can you reach both your retail and corporate customers to provide a seamless, relevant and efficiency experience for them? And how can you innovate with so much red-tape to get through?
Join this presentation and discover how you can:
- Break down silos preventing your digital transformation
- Analyze your security, compliance and privacy issues
- Utilize business intelligence to gain real insights
Patient data is one of the greatest assets that healthcare organizations have. But it can also be their greatest challenge, especially with the rapidly expanding data privacy and sovereignty laws around the world.
Whether you operate in the United States, Canada, Europe, Asia, the Pacific Rim, Latin America, or any other jurisdiction, your ability to embrace new technology is being affected by legal obligations. You are now obligated to address data privacy compliance and localization as part of your planning process, particularly as they relate to personal health information.
These issues are even more important as we see new regulations for patient data and electronic health records, especially with the upcoming enforcement of the new EU General Data Protection Regulation (GDPR). This regulation will affect healthcare providers, pharmaceutical companies, and even biomedical research organizations everywhere in the world—even if they do not have operations in Europe. U.S.-based healthcare organizations can no longer look at just HIPAA/HITECH as the sole regulation that requires compliance.
Join us for part four in this webcast series as Sheila FitzPatrick discusses the rapidly expanding privacy laws that affect personal health information and the extraterritorial nature of some of these laws, including GDPR. Sheila will also talk about the importance of building a legal privacy compliance framework as the foundation to meet your obligations under data privacy laws, including GDPR, and the difference between privacy and security. She will explain how such a framework is also important to help your organization embrace new technology such as the cloud and the Internet of Things (IoT).
Specifically, Shelia will cover:
•The changing legal landscape
•The importance of privacy due diligence
•The challenges with new technology
•Data privacy versus data security
Using sensitive data for advanced analytics and machine learning is an effective mechanism for increasing revenue and building customer loyalty - among other benefits - but it comes with a set of considerations around utility and privacy, all of which need addressing:
- How can you extract value from your sensitive data sets?
- What privacy concerns should you consider?
- Is encryption enough to protect your data when it is shared?
Many organisations are sitting on vast amounts of sensitive, yet highly valuable data and are currently unable to maximise its value. That data could be shared with internal teams and third parties, but privacy concerns and compliance restrictions prevent the data from being utilised effectively.
Unlocking the data’s true value is a challenge, but there are a range of tools and techniques that can help. This live discussion will focus on the data analytics landscape; compliance considerations and opportunities for improving data utility in 2018 and beyond.
- A view of the data protection landscape
- Tools and techniques to unlock the value of your sensitive data
- Considerations for moving data to the cloud and sharing it with internal teams and third parties
- Opportunities for maximising data utility in 2018
Learn how the EU General Data Protection Regulations affect US based companies.
Join CyberDefenses and Privacy Ref's Bob Siegel to review how the GDPR directly impacts US based corporations. These far-reaching regulations impact any company that stores or transmits identifying information of any individual within the EU.
In this webinar, you will be introduced to the basic elements of the GDPR and you will discuss the requirements that require action for US focused companies.
About Bob Siegel:
President and founder of Privacy Ref, Inc., Bob Siegel, started the company in 2012. After his time as Senior Manager of Worldwide Privacy and Compliance at Staples, Inc., Bob applied his experience and expertise to assisting companies implement and maintain strong privacy programs. Bob has worked with many different organizations, dealing with programs of all sizes and regulatory needs.
Always seeking to improve his own understanding of all things privacy, Bob has earned certifications from the International Association of Privacy Professionals. These include certifications in US private and public sector, European, and Canadian privacy laws. Bob has also earned certifications in Information Technology Privacy and Privacy Program Management. Bob Siegel has also been recognized as a Fellow of Information Privacy by the IAPP for his outstanding dedication to the privacy community. He has also served on the IAPP's Certification Advisory Board for the CIPM program and the IAPP's Publication Advisory Board. Bob also serves on the IAPP’s teaching faculty leading classes in the areas in which he is certified.
CyberDefenses is a premiere cyber security services organization, providing advanced security services to the commercial and federal sectors. CyberDefenses Academy provides advanced training the IT, security and privacy professionals that wish to be at the top of their field.
Relying on third parties is how business gets done, however, third-party risk management is not without challenges. Using third parties increases risks associated with compliance, data security, and privacy. What are these risks? How would a third-party data breach impact your organization? Are they behind the curve on privacy? Should you be concerned about fourth parties?
In this webinar, LockPath and SecurityScorecard discuss the risks vendors and third parties can bring to your company and strategies for managing them, including:
• The impact of increased regulatory oversight for vendors and third parties
• The potential and peril of third-party data breaches
• How third-party risk is being viewed as enterprise-wide risk
• The role of technology on the third-party and vendor risk management lifecycle
The Equifax breach provided a unique look into “how” many breaches occur. In Equifax’s case, hackers exploited an unpatched Apache Struts component, resulting in the exposure of over 140 million consumer records. The exploit of this vulnerability highlights the need for visibility to open source in custom applications and just how ineffective traditional security solutions are when it comes to open source vulnerabilities.
Further, while class action lawsuits have already begun, Equifax faces other regulatory challenges as well. The US Federal Trade Commission started investigations into the company’s security policies and controls that will likely result in financial penalties. Since the exposed data included non-US citizens, foreign data protection and data privacy regulations also come into play.
Join Mike Pittenger and Bob Canaway as they discuss how organizations can more effectively manage open source, the strengths and weaknesses of testing methodologies in identifying vulnerable open source components, and how data privacy standards such as PCI, Section 5 of the FTC Act, and GDPR necessitate a change in how organizations address vulnerabilities in their code.
GDPR compliance designed to protect personal information of EU citizens will be a complex and time-consuming undertaking for most organizations. The challenge is interpreting the regulation and incorporating the appropriate processes and technologies to protect personal data of EU employees. The discussions will start with establishing a Privacy program to support data strategy and drive a compliance roadmap. In this webinar, Templar Shield’s Ilanko Subramaniam and LockPath’s Shane Westrup will discuss the basic tenets of the General Data Protection Regulation, building out a data privacy and security program, and utilizing tools to help your organization establish the necessary framework to comply with this regulation.
Disclaimer/No Attorney-Client Relationship/No Legal Advice
The information presented is not legal advice or a legal opinion, and it may not necessarily reflect the most current legal developments. You should seek the advice of legal counsel of your choice before acting upon any of the information presented
Privacy Shield has replaced Safe Harbor as the standard for to regulate software when dealing with the European Union. Over 4000 US companies are said to be impacted. Privacy Compliance by Design is at the forefront in assisting companies with rethinking their software strategy to reduce risks to security and compliance. Join special guests Emerald de Leeuw, CEO Eurocomply and Don Cox, former CISO for this update on the latest around Privacy Shield and Implementing policies to enable security and compliance as part of your Cloud Center of Excellence.Read more >
There's no such thing as bad publicity? In the era of data breaches, that's not really true. Time and again in recent years, the mighty have fallen. And as sensitive data reaches the hands of bad guys the world over, so go the fates of customers and companies alike. That's why security is the fastest growing sector of enterprise IT today, with privacy issues front and center.
Register for this episode of The Briefing Room to hear veteran Analyst Dr. Robin Bloor explain why companies need to pay serious attention to the ever-growing importance of privacy, not just security. He'll be briefed by Jay Irwin of Teradata and Carole Murphy of HPE Security, who will demonstrate how their technologies can be combined to create a robust privacy infrastructure that allows organizations to avoid data breaches, or at least keep the data encrypted, thus avoiding the damage of a breach.