Recent legal debates about the encryption of mobile devices have elevated the topic of enterprise security and its implications on end-user privacy. For example, in the aftermath of the San Bernardino tragedy, we learned that enterprise-managed mobile devices can be remotely unlocked by the IT administrator.
To provide more insight on this complex topic, MobileIron is hosting a panel discussion with mobile security and privacy experts to share what CIOs need to know about mobile security and end-user privacy. Panelists will discuss the implications of the San Bernardino case and how this case helps illustrate best practices for balancing the need for enterprise security with respect for employee privacy.
Fino a poco tempo fa, le leggi europee riguardanti la protezione dei dati erano principalmente focalizzate sul consenso della persona, limitazione delle finalità e trasparenza nei trattamenti, etc. mentre gli aspetti inerenti la sicurezza delle informazioni erano considerati, in linea generale, questioni squisitamente tecniche più che di conformità legale.
Questo quadro ora cambia profondamente con l'entrata in vigore il 25 maggio 2016 del nuovo Regolamento Privacy Europeo (GDPR), e con la prossima direttiva europea sulla sicurezza delle reti e dei sistemi informativi (NIS Directive). Tra le nuove e importanti prescrizioni in tema di sicurezza del GDPR spicca in modo particolare quella della violazione dei dati personali, che richiede alle aziende di tutti i settori di effettuare in tali casi la comunicazione al Garante privacy entro 72 ore e, in particolari condizioni, anche la comunicazione senza indebito ritardo a tutte le persone interessate dalla violazione a meno che i dati non siano stati resi inintellegibili (per esempio per mezzo di crittografia). Inoltre la direttiva NIS, una volta recepita nei Paesi Membri della UE, richiederà tra l'altro agli Operatori dei Servizi Essenziali (Energia, Trasporti, Sanità, etc.) e agli Operatori di Servizi Digitali (e-commerce, motori di ricerca on line, Cloud Computing) di comunicare alle autorità competenti nazionali i casi di incidenti di sicurezza.
L’Unione Europea vuole che la conformità alle nuove normative in materia di protezione dei dati diventi una questione prioritaria e ha così prescritto che queste regole siano soggette a pesanti multe (sono previste sanzioni fino a 20 milioni di euro, e per le imprese fino a 4% del fatturato mondiale, se superiore).
Partecipa al webinar organizzato da Symbolic e Gemalto che si terrà il prossimo 15 giugno alle ore 11:00 per conoscere il quadro normativo applicabile e le misure da predisporre per una corretta gestione dei casi di violazioni dati.
Consumers are ambivalent about online privacy. Some surveys suggest outright hostility to mobile-location tracking; others argue users are happy to share personal information for clear rewards and benefits. Consumers also express a desire for greater personalization of online, mobile and shopping experiences. How can these contradictory positions be reconciled?
The privacy landscape is evolving rapidly with Apple making location privacy changes in iOS 8 and state governments getting involved in regulating privacy in the absence of federal action.
Rather than an “issue that will blow over,” privacy has become a central discussion for marketers and brands. It’s the flipside of “big data.” But timidity, passivity and denial won’t work. Stakeholders must proactively tackle the issue head on.
Join Greg Sterling, Senior Analyst with Opus Research, and Future of Privacy Forum founder Jules Polonetsky for an informative, interactive webinar about the latest developments in location and privacy on Wednesday, July 2, 10 am PDT /1 pm EDT.
This session will look at some of the recent changes in the regulatory landscape as well as what we can anticipate in the near future. We will try to discern any trends in these developments and discuss how a global company could respond.
Boris joined Accenture in April 2007 and is Responsible for data privacy compliance in the EALA (Europe Africa and Latin America) region. His duties include helping to establish and maintain a progressive Client Data Protection Programme, advising on client and vendor contracts, carrying out privacy impact assessments on new client offerings or new internal systems, managing a network of DPOs, liaising with regulators, promoting Accenture’s BCR application, anticipating regulatory changes and making sure the business stays compliant.
Before moving to Accenture, Boris spent three years at the UK regulator, the Information Commissioner, looking at the world through the eyes of the game keeper, where he advised on data privacy and freedom of information case work and liaised with other European regulators to kick start an unprecedented approvals process known as ‘Binding Corporate Rules’.
His other experience includes six years in private practice as a commercial lawyer specialising in Data Privacy matters and three years in Brussels including spells as press officer of a parliamentary group, an assistant to an MEP, a paralegal at Lovell White Durrant and a stagiaire at the Internal Market Directorate General of the European Commission.
This webcast will consist of a short presentation followed by a panel discussion with a range of subject matter experts.
New EU data protection legislation includes some significant changes like defining a data breach to include data destruction, adding the right to be forgotten, adopting the U.S. practice of breach notifications, and many other new elements. Another major change is a shift from a directive to a rule, which means the protections are the same for all 27 countries and includes significant financial penalties for infractions. This webcast will explore the new EU data protection legislation and highlight the elements that could have significant impacts on data handling practices.
Recent controversies such as Apple vs FBI have highlighted that often strong security is a prerequisite for privacy, and that upholding privacy can ensure stronger security is built into software. As consumers become more aware of privacy issues, can the argument still be made that security must be sacrificed in place of privacy? How do new technologies confirm or deny this notion?Read more >
The web browser is arguably the most utilized software on any given endpoint. The browser has evolved into a feature-rich tool used to consume & create content of all kinds, conduct financial transactions, access sensitive health care information -- you name an application and data type and someone has a browser based solution.
Browsers are also the least managed software in the enterprise. Most IT shops have abdicated control of the browser. Bolt-on browser security solutions, like proxies and application firewalls, rest on the enterprise perimeter and, in our mobile BYOD world, ultimately still leave the endpoint, the user, and the user's data exposed.
There is a natural tension between the browser, enterprise IT security, and privacy. The browser exposes the user and the user's data to both security and privacy risks. Security and privacy objectives may overlap; but, they are just as often at odds. For example, most enterprises conduct content inspection and blocking of user browsing activity; few enterprises encourage or allow a user to take advantage of TOR and other anonymization and privacy technologies. Meanwhile, enterprise and user confidential data is the treasure that bad guys are hunting.
Why is Privacy Important? Why is Security Important? Can We have Both?
Some of the topics covered in this panel discussion include:
• Personal responsibility
• The roll of government
• Online Advertising/Tracking
• Law Enforcement
• Location-based tracking
• Bob Carver, Cybersecurity Guru at Verizon Wireless
• Dr. Ann Cavoukian, International Privacy Expert, Professor - Ryerson University - Toronto
• Scott Schober, Cybersecurity Expert and Author of "Hacked Again"
• Dan Lohrmann, Chief Strategist & Chief Security Officer at Security Mentor, Inc.
Privacy and Data Protection have risen to the top of the Information Governance agenda, yet the processes to ensure compliance and proactive risk management are poorly understood by many organisations. This problem is compounded by the explosion in Web 2.0 and cloud computing: it is becoming increasingly difficult to understand what data is under the control of an organisation, let alone where it is or how it is being used. Organisations that fail to address privacy-related issues risk regulatory punishment and media censure, and a privacy compliance strategy is now as important as any traditional security strategy.
In this session Toby Stevens, Director of privacy think-tank the Enterprise Privacy Group, will share his experiences on how, why and when to conduct a Privacy Impact Assessment; what the complications are for cloud computing and Web 2.0; and what traps await organisations when they first tackle privacy problems.
TOBY STEVENS BEng(Hons) FBCS CITP MIoD is an acknowledged identity, privacy and security expert with strong leadership and project management skills. Currently the Founder and Director of the Enterprise Privacy Group, a think-tank for identity-related issues, he has worked in a range of management roles across the financial services and internet sectors. He specialises in facilitating debate about the implications of managing privacy and personal information, but has also worked in security management research, Year 2000, euro implementation and broader IT project management roles. Toby sits on the Department for Transport’s Road Pricing Advisory Forum, and publishes a privacy blog for Computer Weekly. He is a Fellow of the British Computer Society, where he chairs the Information Privacy Expert Panel, and is a CLAS consultant.
Edna Kusitor advises on Global Data privacy matters as part of the Data Privacy Compliance Team within Accenture. Her global remit includes countries as diverse as Argentina, the Philippines, India, China and Australia. Edna has 5 years experience in data privacy and was previously responsible for data privacy within Centrica Telecommunications Ltd. a large telecommunications provider. She is an expert in UK Data Protection Law and data privacy in relation to electronic communications. Edna holds the ISEB in data protection and has a 2.1in Law LLB. She studied the Legal Practice Course at the College of Law, London. Her previous experience includes company and commercial law matters for Nexen, a Canadian oil and gas exploration and production company.
Edna also has a passion for charitable work and in addition to mentoring young adults, she currently leads one of the corporate citizenship activites for her workforce at Accenture. In the past she has acted at a trustee for a London Community Development Charity.
The EU's General Data Protection Regulation (GDPR) was adopted on April 14, 2016 and threw infosecurity and privacy teams into chaos. While teams were trying to get their arms around the new regulations and rules, the UK voted to leave the EU, throwing another big wrinkle into the mix. What does all of this mean to you and your compliance and regulation efforts? What does the Brexit vote mean for the GDPR and for the UK's infosecurity and privacy rules? Imperva sponsors an (ISC)2 From the Trenches webinar discussion on this and answers questions from the audience on July 28, 2016 at 1:00PM Eastern.Read more >
Governments across the globe are proposing and enacting strong data privacy and data protection regulations by mandating frameworks that include noteworthy changes like defining a data breach to include data destruction, adding the right to be forgotten, mandating the practice of breach notifications, and many other new elements. The implications of this and other proposed legislation on how the cloud can be utilized for storing data are significant. Join this live Webcast to hear:
•EU “directives” vs. “regulation”
•General data protection regulation summary
•How personal data has been redefined
•Substantial financial penalties for non-compliance
•Impact on data protection in the cloud
•How to prepare now for impending changes
We caught up with F-Secure's Mikko Hypponen to get his thoughts on the ever-relevant Privacy vs. Security debate.
Mikko discussed the sensitive equilibrium required to protect data and ensure it's privacy; the influence that the EU's Safe Harbour ruling will have and how security should be the responsibility of all, not just the government.
He also gave his one key piece of advice for keeping your data private and secure.
When you’re the Chief Privacy Officer of a company as large as Unilever and the EU is threatening fines of up to 5% of turnover if you don’t meet the rules of the new General Data Protection Regulation then you need to make it your business to understand the rules inside and out! Needless to say Steve has spent over a year getting to know the implications of the regulation on a company the size of Unilever and will impart his pearls of wisdom in this webinar so that CISO/CIOs and other IT security experts can understand how the regulation will impact on their business when it’s introduced next year and will offer 5 key actions that need to be taken to make sure you are complying with the new privacy laws.
Steve believes that big data (governance), cyber security and privacy are all inextricably linked as they share common objectives and principles, and therefore, require satisfactory safeguards and assurances. From a business perspective, this can be achieved by building ‘data trust and assurance’ programmes based on the fundamental principles of transparency, accountability, protection, integrity, confidentially and availability, accompanied by clear policies and delivered through comprehensive training, integrated procedures and a robust compliance regime.
This is where Steve’s role as Chief Privacy Officer at Unilever is particularly relevant because Unilever’s digital ambition, to connect with one billion consumers around the world, pushes the boundaries of functionality, connectivity and personalisation. Steve’s role is to work collaboratively and integrally with the business, to help steer and shape the digital conversation and leverage the power of data analytics, while also ensuring that the business remains compliant with laws around the world but still competitive, and acts in a moral and ethical way in relation to the rights of the individual.