DSCI Inputs on TRAI Consultation on Regulatory Framework for OTT services

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "DSCI Inputs on TRAI Consultation on Regulatory Framework for OTT services"

Transcription

1 DSCI Inputs on TRAI Consultation on Regulatory Framework for OTT services April 24, 2015

2 DSCI Inputs on TRAI Consultation on Regulatory Framework for OTT Services 1 Question 6: How should the security concerns be addressed with regard to OTT players providing communication services? What security conditions such as maintaining data records, logs etc. need to be mandated for such OTT players? And, how can compliance with these conditions be ensured if the applications of such OTT players reside outside the country? Please comment with justifications. DSCI Response: 1. Security concerns should be viewed from a risk point of view that should not only cover communication services, but entire gamut of services that run over the Internet. 2. From national security viewpoint, law of the land should be enforceable on all service providers who are providing services in India or to Indian citizens or residents, and be subjected to the territorial jurisdiction of India. But as a general principle, subjecting the private sector to the requirements of data/infrastructure localization in name of national security will prove to be counterproductive for variety of reasons including: Localization requirements prohibits organizations from achieving economies of scale and leveraging global souring hyperspecialization benefits, resulting in increasing cost of services that could be passed on to consumers It threaten major new advances in technology and innovation It threaten open architecture of the Internet If similar policy directions are followed by other countries, it will severely hit established Indian IT-BPM industry sector including the emerging cloud industry which is major contributor to the national GDP 3. Since many OTTs are located outside the country, there are various understandable national concerns such as threat to national security through cyber espionage and spread of social disharmony, difficulty in conducting cybercrime investigations and getting lawful access to data, difficulties in performing cyber forensics, privacy violations by foreign governments and companies, difficulties for intelligence agencies to perform surveillance and interception, among others that are challenging the sovereign rights of the nations. These national concerns esp. those relating to national security are genuine and important, and must be respected by the OTT players. For example, the OTT players should support Law Enforcement Agencies (LEAs) of different countries in crime investigations (access to data records, evidence) and forensics. The support should be transparent and timely, respecting the laws of the country from where request has originated, irrespective of the location of the data storage. While many of these issues and concerns need global discussions and solutions, the knee-jerk reaction of governments which favours data localization / regulation of OTTs is a matter of great concern. 4. To overcome the challenges identified above, governments including India should work with the other nations in plurilateral, multilateral and bilateral forums to discuss and come out with solutions. In the age of Internet, global cooperation is quintessential and therefore India should take leadership in identified forums to ensure that its issues are addressed. For example, India should take up reform of Mutual Legal Assistance Treaty (MLAT) with the U.S. or negotiate a special process for speedy data sharing on crime investigations with the U.S. as presently the Indian LEAs face issues when getting access to data records required from datacenters in the U.S. for investigating crimes that happened in India. India should strengthen bilateral, multilaterals,

3 DSCI Inputs on TRAI Consultation on Regulatory Framework for OTT Services 2 plurilaterals, international treaties and other such mechanisms, and look to improve existing procedures for quick and effective information sharing and getting lawful access to data. Also, Indian LEAs should also be effectively resourced and trained to raise legal requests for gaining lawful access to data from service providers and through the MLAT route. Further, there is also a dire need to improve procedures and frameworks for data sought by LEAs from OTT service providers both in India and abroad. This can be done by establishing institutional frameworks possibly by establishing nodal agencies for seeking such information and standardizing disclosure norms across the service providers. 5. While the Indian legal framework through section 67C of the IT (Amendment) Act, 2008 has provision for mandating timeframe and specified format for retention of data records, logs etc. for intermediaries including the OTT players, no specific requirements have been detailed through the issuance of rules u/s 67C. However, various sectoral regulators have issued regulations/guidelines for data retention for organizations under their purview. Issuing rules under section 67C at the earliest will help standardize industry practices and expectations of LEAs on data retention. 6. The Indian legal framework and the LEAs should take cognizance of the nature of evolving technology architectures such as no storage of data on servers of the OTT service providers, dynamic allocation of encryption keys, etc so as not to scuttle innovation or unnecessarily create hurdles for the OTT players. Question 7: How should the OTT players offering app services ensure security, safety and privacy of the consumer? How should they ensure protection of consumer interest? Please comment with justifications. DSCI Response: 1. India has second largest Internet population, and is home to fourth largest start-up ecosystem in the world, and the reason for this has been minimum government interference in operations and governance. Given majority of users access Internet services through their mobile devices, there is a need to secure the entire ecosystem, to improve resilience. 2. There is no need to create special legal framework for OTTs to govern security, safety and privacy of consumers. The Indian legal & policy framework already has provisions for the same IT Act, National Cyber Security Policy, Consumer Protection Act, among others. Such legal and policy provisions can be surely be strengthened wherever necessary either in content or enforcement. For example, as per section 43A of IT (Amendment) Act, 2008, only Sensitive Personal Data or Information (SPDI) is to be protected using Reasonable Security Practices by Body Corporates. There also exist a patchwork of legislations governing privacy aspects in India. But there is no comprehensive privacy law in India unlike many other countries. India should enact comprehensive privacy law that has been in making for long. Much work has already been done in this regard by development of privacy framework by Justice AP Shah Committee. Similarly, the government is yet to release the encryption policy under section 84A of the IT (Amendment) Act, 2008 to for secure use of the electronic medium and for promotion of e-

4 DSCI Inputs on TRAI Consultation on Regulatory Framework for OTT Services 3 governance and e-commerce. Increasing the encryption standards in the country will enhance security, safety and privacy of consumers. 3. Incorporation of security and privacy aspects should be market driven, with practices and procedures evolved from global best practices. Ensuring consumer security and privacy is in OTT providers best interests, as security and privacy are turning out to be important customer considerations. From security viewpoint, policy initiatives and guidelines should provide direction for securing data, without prescribing technology or standards to be adopted. Organizations should be allowed flexibility to implement the security measures that are most appropriate to mitigating the risks, and reduce vulnerabilities. Technology neutral policies allow OTT players to deploy technology and processes best suited to protect information in their specific case. Cyber threats evolve rapidly and, therefore, OTT players should have the flexibility to change the solutions they use to better protect their customers. 4. Development and adoption of standards, testing and certification mechanisms for security and privacy aspects (e.g. privacy seals or ratings of mobile apps) should be encouraged. For example, lot of work in being undertaken at international standard development organizations (SDOs) to develop standards in the privacy space including in areas of privacy notice and consent. India should participate in such forums to ensure its requirements and concerns are addressed. 5. In addition to steps taken by the government and by businesses, consumers also have an important role to play when it comes to protecting their information. Consumer education is pivotal in ensuring privacy and security.

5 DATA SECURITY COUNCIL OF INDIA Statement of confidentiality This document contains information that is proprietary and confidential to DATA SECURITY COUNCIL OF INDIA (DSCI), and shall not be disclosed outside transmitted, or duplicated, used in whole or in part for any purpose other than its intended purpose. Any use or disclosure in whole or in part of this information without explicit written permission of Data Security Council of India is prohibited DSCI. All rights reserved.

Overview of Cloud Computing in India

Overview of Cloud Computing in India Overview of Cloud Computing in India NIST Standards in Trade Workshop with India Rahul Jain Principal Consultant Data Security Council of India September 17, 2014 Opportunities in the Cloud Cloud Market

More information

Promoting Cross Border Data Flows Priorities for the Business Community

Promoting Cross Border Data Flows Priorities for the Business Community Promoting Cross Border Data Flows Priorities for the Business Community The movement of electronic information across borders is critical to businesses around the world, but the international rules governing

More information

DIGITALEUROPE and European Services Forum (ESF) response to the Draft Supervision Rules on Insurance Institutions Adopting Digitalised Operations

DIGITALEUROPE and European Services Forum (ESF) response to the Draft Supervision Rules on Insurance Institutions Adopting Digitalised Operations DIGITALEUROPE and European Services Forum (ESF) response to the Draft Supervision Rules on Insurance Institutions Adopting Digitalised Operations Brussels, October 2015 INTRODUCTION On behalf of the European

More information

Privacy and Cloud Computing for Australian Government Agencies

Privacy and Cloud Computing for Australian Government Agencies Privacy and Cloud Computing for Australian Government Agencies Better Practice Guide February 2013 Version 1.1 Introduction Despite common perceptions, cloud computing has the potential to enhance privacy

More information

National Cyber Security Policy -2013

National Cyber Security Policy -2013 National Cyber Security Policy -2013 Preamble 1. Cyberspace 1 is a complex environment consisting of interactions between people, software and services, supported by worldwide distribution of information

More information

Security and Privacy in Cloud Computing

Security and Privacy in Cloud Computing Security and Privacy in Cloud Computing - Study Report Sai Lakshmi General Manager Enterprise Security Solutions 2 Agenda Background & Objective Current Scenario & Future of Cloud Computing Challenges

More information

STRATEGIC OBJECTIVE 2.4 OVERCOME GLOBAL SECURITY CHALLENGES THROUGH DIPLOMATIC ENGAGEMENT AND DEVELOPMENT COOPERATION

STRATEGIC OBJECTIVE 2.4 OVERCOME GLOBAL SECURITY CHALLENGES THROUGH DIPLOMATIC ENGAGEMENT AND DEVELOPMENT COOPERATION Performance Goal 2.4.1 By September 30, 2017, achieve key milestones to promote arms control and nonproliferation by implementing the President s Prague Agenda of steps toward a world without nuclear weapons;

More information

Protecting Saskatchewan data the USA Patriot Act

Protecting Saskatchewan data the USA Patriot Act Protecting Saskatchewan data the USA Patriot Act Main points... 404 Introduction... 405 Standing Committee on Public Accounts motion... 405 Our response to the motion... 405 ITO, its service provider,

More information

GLOBAL BUSINESS DIALOGUE ON ELECTRONIC COMMERCE CYBER SECURITY AND CYBER CRIME SEPTEMBER 26, 2000. CEO EDS Corporation

GLOBAL BUSINESS DIALOGUE ON ELECTRONIC COMMERCE CYBER SECURITY AND CYBER CRIME SEPTEMBER 26, 2000. CEO EDS Corporation GLOBAL BUSINESS DIALOGUE ON ELECTRONIC COMMERCE CYBER SECURITY AND CYBER CRIME SEPTEMBER 26, 2000 Issue Chair: Issue Sherpa: Dick Brown CEO EDS Corporation Bill Poulos EDS Corporation Tel: (202) 637-6708

More information

Legislative Language

Legislative Language Legislative Language SECTION 1. DEPARTMENT OF HOMELAND SECURITY CYBERSECURITY AUTHORITY. Title II of the Homeland Security Act of 2002 (6 U.S.C. 121 et seq.) is amended (a) in section 201(c) by striking

More information

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 The following consists of the joint explanatory statement to accompany the Cybersecurity Act of 2015. This joint explanatory statement

More information

Section by Section DEPARTMENT OF HOMELAND SECURITY CYBERSECURITY AUTHORITY AND INFORMATION SHARING

Section by Section DEPARTMENT OF HOMELAND SECURITY CYBERSECURITY AUTHORITY AND INFORMATION SHARING Section by Section DEPARTMENT OF HOMELAND SECURITY CYBERSECURITY AUTHORITY AND INFORMATION SHARING Sec. 1. Department of Homeland Security Cybersecurity Authority Section 1(a) amends Title II of the Homeland

More information

Policy Views UPDATING THE ELECTRONIC COMMUNICATIONS PRIVACY ACT: AN ESSENTIAL LEGISLATIVE GOAL FOR MEDIA COMPANIES AND THE PUBLIC THEY SERVE

Policy Views UPDATING THE ELECTRONIC COMMUNICATIONS PRIVACY ACT: AN ESSENTIAL LEGISLATIVE GOAL FOR MEDIA COMPANIES AND THE PUBLIC THEY SERVE Policy Views UPDATING THE ELECTRONIC COMMUNICATIONS PRIVACY ACT: AN ESSENTIAL LEGISLATIVE GOAL FOR MEDIA COMPANIES AND THE PUBLIC THEY SERVE Kurt Wimmer I. The Need for Reform: A 1986 Act Doesn t Fit the

More information

Drawing Lines in the Cloud: Jurisdictional Access to Data. Nancy Libin Mary Ellen Callahan

Drawing Lines in the Cloud: Jurisdictional Access to Data. Nancy Libin Mary Ellen Callahan Drawing Lines in the Cloud: Jurisdictional Access to Data Nancy Libin Mary Ellen Callahan OVERVIEW Introduction to Cloud Computing Definition Benefits and Risks How does the physical location of data or

More information

Using AWS in the context of Australian Privacy Considerations October 2015

Using AWS in the context of Australian Privacy Considerations October 2015 Using AWS in the context of Australian Privacy Considerations October 2015 (Please consult https://aws.amazon.com/compliance/aws-whitepapers/for the latest version of this paper) Page 1 of 13 Overview

More information

CYBERCRIME AND THE LAW

CYBERCRIME AND THE LAW CYBERCRIME AND THE LAW INTERNATIONAL LAW CYBERCRIME CONVENTION Convention on Cybercrime / Budapest Convention first international treaty seeking to address Internet and computer crime by harmonizing national

More information

EU Cybersecurity Policy & Legislation ENISA s Contribution

EU Cybersecurity Policy & Legislation ENISA s Contribution EU Cybersecurity Policy & Legislation ENISA s Contribution Steve Purser Head of Core Operations Oslo 26 May 2015 European Union Agency for Network and Information Security Agenda 01 Introduction to ENISA

More information

Vijay Pal Dalmia, Advocate Delhi High Court & Supreme Court of India

Vijay Pal Dalmia, Advocate Delhi High Court & Supreme Court of India Intellectual Property & Information Technology Laws Division Flat No 903, Indra Prakash Building, 21, Barakhamba Road, New Delhi 110001 (India) Phone: +91 11 42492532 (Direct) Phone: +91 11 42492525 Ext

More information

Preservation of longstanding, roles and missions of civilian and intelligence agencies

Preservation of longstanding, roles and missions of civilian and intelligence agencies Safeguards for privacy and civil liberties Preservation of longstanding, respective roles and missions of civilian and sharing with targeted liability Why it matters The White House has pledged to veto

More information

Cyber Security Recommendations October 29, 2002

Cyber Security Recommendations October 29, 2002 Cyber Security Recommendations October 29, 2002 Leading Co-Chair (Asia/Oceania) Co-Chair (Americas) Co-Chair (Europe/Africa) Dr. Hiroki Arakawa Executive Vice President NTT Data Corporation Richard Brown

More information

Internet Safety and Security: Strategies for Building an Internet Safety Wall

Internet Safety and Security: Strategies for Building an Internet Safety Wall Internet Safety and Security: Strategies for Building an Internet Safety Wall Sylvanus A. EHIKIOYA, PhD Director, New Media & Information Security Nigerian Communications Commission Abuja, NIGERIA Internet

More information

Committee on Civil Liberties, Justice and Home Affairs - The Secretariat - Background Note on

Committee on Civil Liberties, Justice and Home Affairs - The Secretariat - Background Note on Committee on Civil Liberties, Justice and Home Affairs - The Secretariat - Background Note on US Legal Instruments for Access and Electronic Surveillance of EU Citizens Introduction This note presents

More information

The United States Federal Trade Commission ("FTC") and the Office of the Data Protection Commissioner of Ireland (collectively, "the Participants"),

The United States Federal Trade Commission (FTC) and the Office of the Data Protection Commissioner of Ireland (collectively, the Participants), MEMORANDUM OF UNDERSTANDING BETWEEN THE UNITED STATES FEDERAL TRADE COMMISSION AND THE OFFICE OF THE DATA PROTECTION COMMISSIONER OF IRELAND ON MUTUAL ASSISTANCE IN THE ENFORCEMENT OF LAWS PROTECTING PERSONAL

More information

European priorities in information security

European priorities in information security European priorities in information security Graeme Cooper Head of Public Affairs Unit, ENISA 12th International InfoSec and Data Storage Conference, 26th September 2013, Sheraton Hotel, Sofia, Bulgaria

More information

Cloud Computing: Legal Risks and Best Practices

Cloud Computing: Legal Risks and Best Practices Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent

More information

005ASubmission to the Serious Data Breach Notification Consultation

005ASubmission to the Serious Data Breach Notification Consultation 005ASubmission to the Serious Data Breach Notification Consultation (Consultation closes 4 March 2016 please send electronic submissions to privacy.consultation@ag.gov.au) Your details Name/organisation

More information

CYBER SECURITY INFORMATION SHARING & COLLABORATION

CYBER SECURITY INFORMATION SHARING & COLLABORATION Corporate Information Security CYBER SECURITY INFORMATION SHARING & COLLABORATION David N. Saul Senior Vice President & Chief Scientist 28 June 2013 Discussion Flow The Evolving Threat Environment Drivers

More information

AmCham EU position on Industrial Policy for the Security Industry

AmCham EU position on Industrial Policy for the Security Industry AmCham EU position on Industrial Policy for the Security Industry Page 1 of 5 13 February 2012 AmCham EU position on Industrial Policy for the Security Industry The American Chamber of Commerce to the

More information

Internet Governance Forum Baku 2012

Internet Governance Forum Baku 2012 Internet Governance Forum Baku 2012 Workshop Cloudy Jurisdiction: Addressing the Thirst for Cloud Data in Domestic Legal Processes Workshop organized by Tamir Israel, Staff Lawyer, Samuelson- Glushko Canadian

More information

CPNI VIEWPOINT 01/2010 CLOUD COMPUTING

CPNI VIEWPOINT 01/2010 CLOUD COMPUTING CPNI VIEWPOINT 01/2010 CLOUD COMPUTING MARCH 2010 Acknowledgements This viewpoint is based upon a research document compiled on behalf of CPNI by Deloitte. The findings presented here have been subjected

More information

Ensuring today s highly connected world is safe and secure

Ensuring today s highly connected world is safe and secure Ensuring today s highly connected world is safe and secure R Chandrashekhar President, NASSCOM 8 th March, 2016, Canberra Digital Space: Opportunities and Concerns Digitalization of society, businesses

More information

RECOGNISING that the FTC, the OFT, and the Secretary of State want to build upon the mutual enforcement assistance provided for in the MEMORANDUM OF

RECOGNISING that the FTC, the OFT, and the Secretary of State want to build upon the mutual enforcement assistance provided for in the MEMORANDUM OF MEMORANDUM OF UNDERSTANDING ON MUTUAL ENFORCEMENT ASSISTANCE IN COMMERCIAL EMAIL MATTERS AMONG THE FOLLOWING AGENCIES OF THE UNITED STATES, THE UNITED KINGDOM, AND AUSTRALIA: THE UNITED STATES FEDERAL

More information

CIHI Submission: 2011 Prescribed Entity Review

CIHI Submission: 2011 Prescribed Entity Review pic pic CIHI Submission: 2011 Prescribed Entity Review October 2011 Who We Are Established in 1994, CIHI is an independent, not-for-profit corporation that provides essential information on Canada s health

More information

Cyber Security Strategy of Georgia

Cyber Security Strategy of Georgia Cyber Security Strategy of Georgia 1 1. Introduction The Government of Georgia publishes its Cyber Security Strategy for the first time. Large-scale cyber attacks launched by Russia against Georgia in

More information

Privacy in the Cloud A Microsoft Perspective

Privacy in the Cloud A Microsoft Perspective A Microsoft Perspective November 2010 The information contained in this document represents the current view of Microsoft Corp. on the issues discussed as of the date of publication. Because Microsoft

More information

engagement will not only ensure the best possible law, but will also promote the law s successful implementation.

engagement will not only ensure the best possible law, but will also promote the law s successful implementation. US-China Business Council Comments on The Draft Cybersecurity Law On behalf of the approximately 210 members of the US-China Business Council (USCBC), we appreciate the opportunity to provide comments

More information

FACEBOOK STATEMENT RICHARD ALLAN NOVEMBER 11, 2013. My name is Richard Allan, and I am the Director of Public Policy

FACEBOOK STATEMENT RICHARD ALLAN NOVEMBER 11, 2013. My name is Richard Allan, and I am the Director of Public Policy FACEBOOK STATEMENT RICHARD ALLAN NOVEMBER 11, 2013 [I. INTRODUCTION] My name is Richard Allan, and I am the Director of Public Policy for Facebook in Europe, the Middle East and Africa. I have been with

More information

Some laws and standards in India are not technology neutral (e.g., electronic signatures), and these may be a barrier to interoperability.

Some laws and standards in India are not technology neutral (e.g., electronic signatures), and these may be a barrier to interoperability. Country Report: India India is an important regional economy, with a strong interest in ICT services development. The law in India has not entirely kept pace with developments in cloud computing, and some

More information

Article 29 Working Party Issues Opinion on Cloud Computing

Article 29 Working Party Issues Opinion on Cloud Computing Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,

More information

H. R. 5005 11 SEC. 201. DIRECTORATE FOR INFORMATION ANALYSIS AND INFRA STRUCTURE PROTECTION.

H. R. 5005 11 SEC. 201. DIRECTORATE FOR INFORMATION ANALYSIS AND INFRA STRUCTURE PROTECTION. H. R. 5005 11 (d) OTHER OFFICERS. To assist the Secretary in the performance of the Secretary s functions, there are the following officers, appointed by the President: (1) A Director of the Secret Service.

More information

CLOUD COMPUTING & THE PATRIOT ACT: A RED HERRING?

CLOUD COMPUTING & THE PATRIOT ACT: A RED HERRING? CLOUD COMPUTING & THE PATRIOT ACT: A RED HERRING? Lindsey Finch Senior Global Privacy Counsel Salesforce.com lfinch@salesforce.com David T.S. Fraser Partner McInnes Cooper David.fraser@mcinnescooper.com

More information

Consultation Paper on Regulatory Framework for Over-the-top (OTT) services

Consultation Paper on Regulatory Framework for Over-the-top (OTT) services Consultation Paper No.: 2/2015; dated 27 th March 2015 Consultation Paper on Regulatory Framework for Over-the-top (OTT) services Q.1. Is it too early to establish a regulatory framework for OTT services,

More information

INFORMATION SECURITY GUIDE. Cloud Computing Outsourcing. Information Security Unit. Information Technology Services (ITS) July 2013

INFORMATION SECURITY GUIDE. Cloud Computing Outsourcing. Information Security Unit. Information Technology Services (ITS) July 2013 INFORMATION SECURITY GUIDE Cloud Computing Outsourcing Information Security Unit Information Technology Services (ITS) July 2013 CONTENTS 1. Background...2 2. Legislative and Policy Requirements...3 3.

More information

Just Net Coalition statement on Internet governance

Just Net Coalition statement on Internet governance Just Net Coalition statement on Internet governance (Just Net Coalition is a global coalition of civil society actors working on Internet governance issues) All states should work together to provide a

More information

Declaration of Internet Rights Preamble

Declaration of Internet Rights Preamble Declaration of Internet Rights Preamble The Internet has played a decisive role in redefining public and private space, structuring relationships between people and between people and institutions. It

More information

RE: Comments on Vietnam s Draft Law on Information Security, version 2.22

RE: Comments on Vietnam s Draft Law on Information Security, version 2.22 July 10, 2013 Ministry of Information and Communications 18 Nguyen Du Hanoi, Vietnam RE: Comments on Vietnam s Draft Law on Information Security, version 2.22 Dear Sir/Madam: The Information Technology

More information

A COMPREHENSIVE INTER-AMERICAN CYBERSECURITY STRATEGY: A MULTIDIMENSIONAL AND MULTIDISCIPLINARY APPROACH TO CREATING A CULTURE OF CYBERSECURITY

A COMPREHENSIVE INTER-AMERICAN CYBERSECURITY STRATEGY: A MULTIDIMENSIONAL AND MULTIDISCIPLINARY APPROACH TO CREATING A CULTURE OF CYBERSECURITY APPENDIX A A COMPREHENSIVE INTER-AMERICAN CYBERSECURITY STRATEGY: A MULTIDIMENSIONAL AND MULTIDISCIPLINARY APPROACH TO CREATING A CULTURE OF CYBERSECURITY INTRODUCTION The Internet and related networks

More information

Electronic Transactions Act and Digital Signature Act: Background, Major Provisions and Implication

Electronic Transactions Act and Digital Signature Act: Background, Major Provisions and Implication Electronic Transactions Act and Digital Signature Act: Background, Major Provisions and Implication OECD Forum on Electronic Commerce, 12~13 October 1999, Paris October 1999 Ministry of Information and

More information

(U) Appendix E: Case for Developing an International Cybersecurity Policy Framework

(U) Appendix E: Case for Developing an International Cybersecurity Policy Framework (U) Appendix E: Case for Developing an International Cybersecurity Policy Framework (U//FOUO) The United States lacks a comprehensive strategic international policy framework and coordinated engagement

More information

Cloud Security Trust Cisco to Protect Your Data

Cloud Security Trust Cisco to Protect Your Data Trust Cisco to Protect Your Data As cloud adoption accelerates, organizations are increasingly placing their trust in third-party cloud service providers (CSPs). But can you fully trust your most sensitive

More information

Data Protection Act 1998. Guidance on the use of cloud computing

Data Protection Act 1998. Guidance on the use of cloud computing Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered

More information

Mutual legal recognition of electronic communications and electronic signatures and paperless trade facilitation: challenges and opportunities

Mutual legal recognition of electronic communications and electronic signatures and paperless trade facilitation: challenges and opportunities Mutual legal recognition of electronic communications and electronic signatures and paperless trade facilitation: challenges and opportunities Luca Castellani Secretary, Working Group IV (Electronic Commerce)

More information

Cybersecurity Information Sharing Legislation Protecting Cyber Networks Act (PCNA) National Cybersecurity Protection Advancement (NCPA) Act

Cybersecurity Information Sharing Legislation Protecting Cyber Networks Act (PCNA) National Cybersecurity Protection Advancement (NCPA) Act In a flurry of activity, the U.S. House of Representatives last week passed two cybersecurity information sharing bills. Both the House Intelligence Committee and the House Homeland Security Committee

More information

Security & privacy in the cloud; an easy road?

Security & privacy in the cloud; an easy road? Security & privacy in the cloud; an easy road? A journey to the trusted cloud Martin Vliem CISSP, CISA National Security Officer Microsoft The Netherlands mvliem@microsoft.com THE SHIFT O L D W O R L D

More information

Protecting Official Records as Evidence in the Cloud Environment. Anne Thurston

Protecting Official Records as Evidence in the Cloud Environment. Anne Thurston Protecting Official Records as Evidence in the Cloud Environment Anne Thurston Introduction In a cloud computing environment, government records are held in virtual storage. A service provider looks after

More information

LEGISLATION ON CYBERCRIME IN NIGERIA: IMPERATIVES AND CHALLENGES

LEGISLATION ON CYBERCRIME IN NIGERIA: IMPERATIVES AND CHALLENGES LEGISLATION ON CYBERCRIME IN NIGERIA: IMPERATIVES AND CHALLENGES T.G. George-Maria Tyendezwa, Head, Computer Crime Prosecution Unit, Federal Ministry of Justice, OUTLINE Interconnected world The Nigerian

More information

Cloud and surveillance

Cloud and surveillance Cloud and surveillance (These notes formed the basis of Neil Brown s panel session at Broad Group s Cloud Law European Summit on 25th November 2014. CC BY 2.0) Ladies and gentleman, I am delighted to be

More information

Privacy in the Cloud Computing Era. A Microsoft Perspective

Privacy in the Cloud Computing Era. A Microsoft Perspective Privacy in the Cloud Computing Era A Microsoft Perspective November 2009 The information contained in this document represents the current view of Microsoft Corp. on the issues discussed as of the date

More information

Information Security in Telecom Sector. kpmg.com/in

Information Security in Telecom Sector. kpmg.com/in Information Security in Telecom Sector kpmg.com/in Foreword Telecom industry has gone through significant expansion phase and industry is committed to remain on growth path exploring new avenues. Data

More information

Patrick Fair Partner, ITC and Data Security Specialist Baker & McKenzie. Developments in Security Regulation

Patrick Fair Partner, ITC and Data Security Specialist Baker & McKenzie. Developments in Security Regulation Patrick Fair Partner, ITC and Data Security Specialist Baker & McKenzie Developments in Security Regulation Agenda Introduction PM & C Cybersecurity Review Mandatory Data Retention Legislation Overview

More information

Billing Code: 4810-25. Guidance Concerning the National Security Review Conducted by the Committee

Billing Code: 4810-25. Guidance Concerning the National Security Review Conducted by the Committee This document has been submitted to the Office of the Federal Register (OFR) for publication and is currently pending placement on public display at the OFR and publication in the Federal Register. The

More information

The USA Patriot Act Government Briefing. Kirsten Tisdale, Chris Norman, Sharon Plater & Alexandra (Gina) Henley September 30, 2004

The USA Patriot Act Government Briefing. Kirsten Tisdale, Chris Norman, Sharon Plater & Alexandra (Gina) Henley September 30, 2004 The USA Patriot Act Government Briefing Kirsten Tisdale, Chris Norman, Sharon Plater & Alexandra (Gina) Henley September 30, 2004 Agenda Background Overview of Government Responses and Approach Mitigation

More information

Commonwealth Approach to Cybergovernance and Cybersecurity. By the Commonwealth Telecommunications Organisation

Commonwealth Approach to Cybergovernance and Cybersecurity. By the Commonwealth Telecommunications Organisation Commonwealth Approach to Cybergovernance and Cybersecurity By the Commonwealth Telecommunications Organisation Trends in Cyberspace Cyberspace provides access to ICT Bridging the digital divide and influencing

More information

Cyber Defense & Breach Response Privacy Issues

Cyber Defense & Breach Response Privacy Issues Cyber Defense & Breach Response Privacy Issues Kevin Boyle Partner 17 November 2014 Latham & Watkins is the business name of Latham & Watkins (London) LLP, a registered limited liability partnership organised

More information

U.S. Department of Justice FY 2016 Budget Request NATIONAL SECURITY. +$106.8 Million in Program Increases. FY 2016 Overview

U.S. Department of Justice FY 2016 Budget Request NATIONAL SECURITY. +$106.8 Million in Program Increases. FY 2016 Overview U.S. Department of Justice FY 2016 Budget Request NATIONAL SECURITY +$106.8 Million in Program Increases FY 2016 Overview Defending U.S. citizens from both internal and external threats remains the Department

More information

Strategic Priorities for the Cooperation against Cybercrime in the Eastern Partnership Region

Strategic Priorities for the Cooperation against Cybercrime in the Eastern Partnership Region CyberCrime@EAP EU/COE Eastern Partnership Council of Europe Facility: Cooperation against Cybercrime Strategic Priorities for the Cooperation against Cybercrime in the Eastern Partnership Region Adopted

More information

Solving data residency and privacy compliance challenges Delivering business agility, regulatory compliance and risk reduction

Solving data residency and privacy compliance challenges Delivering business agility, regulatory compliance and risk reduction Solving data residency and privacy compliance challenges Delivering business agility, regulatory compliance and risk reduction Introduction In today s dynamic business environment, corporation s intangible

More information

Microsoft Cloud Computing Research Centre

Microsoft Cloud Computing Research Centre Microsoft Cloud Computing Research Centre 1 st Annual Symposium, Cambridge 2014 : Legal frameworks Ian Walden i.n.walden@qmul.ac.uk 1 Introductory remarks From organised crime to law enforcement The Snowden

More information

NATIONAL CYBERSECURITY STRATEGIES: AUSTRALIA AND CANADA

NATIONAL CYBERSECURITY STRATEGIES: AUSTRALIA AND CANADA NATIONAL CYBERSECURITY STRATEGIES: AUSTRALIA AND CANADA JOÃO MANUEL ASSIS BARBAS Coronel de Artilharia. Assessor de Estudos do IDN INTRODUCTION Globalization and information and communication technologies

More information

Re: Request for Comment: Big Data and Consumer Privacy in the Internet Economy

Re: Request for Comment: Big Data and Consumer Privacy in the Internet Economy Microsoft Corporation Tel 425 882 8080 One Microsoft Way Fax 425 936 7329 Redmond, WA 98052-6399 http://www.microsoft.com/ August 5, 2014 Mr. John Morris National Telecommunications and Information Administration

More information

4.10 Information Management Policy

4.10 Information Management Policy Policy Statement Information is a strategic business resource that the must manage as a public trust on behalf of Nova Scotians. Effective information management makes program and service delivery more

More information

DEALERSHIP S COMPLIANCE WITH THE USA PATRIOT ACT, ITS IMPLEMENTING REGULATIONS AND OTHER ANTI-TERRORISM MEASURES

DEALERSHIP S COMPLIANCE WITH THE USA PATRIOT ACT, ITS IMPLEMENTING REGULATIONS AND OTHER ANTI-TERRORISM MEASURES DEALERSHIP S COMPLIANCE WITH THE USA PATRIOT ACT, ITS IMPLEMENTING REGULATIONS AND OTHER ANTI-TERRORISM MEASURES By: Keith E. Whann Deanna L. Stockamp Whann & Associates On September 11, 2001, terrorists

More information

To improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes.

To improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes. BAG15121 Discussion Draft S.L.C. 114TH CONGRESS 1ST SESSION S. XXXX To improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes.

More information

RUSSIA CHINA NEXUS IN CYBER SPACE

RUSSIA CHINA NEXUS IN CYBER SPACE RUSSIA CHINA NEXUS IN CYBER SPACE E. Dilipraj Associate Fellow, CAPS On May 08, 2015 Russia and China inked an important agreement in the field of cyber security. This bilateral agreement is the latest

More information

Privacy and Access 20/20 Conference. Data Sovereignty and Data Localization. Does it matter?

Privacy and Access 20/20 Conference. Data Sovereignty and Data Localization. Does it matter? Privacy and Access 20/20 Conference Data Sovereignty and Data Localization Does it matter? 13 November 2015 1 Overview To focus the mind: Microsoft vs. USA 2015 Stepping back to leap forward: The basic

More information

DIVISION N CYBERSECURITY ACT OF 2015

DIVISION N CYBERSECURITY ACT OF 2015 H. R. 2029 694 DIVISION N CYBERSECURITY ACT OF 2015 SEC. 1. SHORT TITLE; TABLE OF CONTENTS. (a) SHORT TITLE. This division may be cited as the Cybersecurity Act of 2015. (b) TABLE OF CONTENTS. The table

More information

Cloud Computing Security Considerations

Cloud Computing Security Considerations Cloud Computing Security Considerations Roger Halbheer, Chief Security Advisor, Public Sector, EMEA Doug Cavit, Principal Security Strategist Lead, Trustworthy Computing, USA January 2010 1 Introduction

More information

Principles and Guidelines on Confidentiality Aspects of Data Integration Undertaken for Statistical or Related Research Purposes

Principles and Guidelines on Confidentiality Aspects of Data Integration Undertaken for Statistical or Related Research Purposes Principles and Guidelines on Confidentiality Aspects of Data Integration Undertaken for Statistical or Related Research Purposes These Principles and Guidelines were endorsed by the Conference of European

More information

LAW OF MONGOLIA ON CONCESSIONS CHAPTER ONE. GENERAL PROVISIONS

LAW OF MONGOLIA ON CONCESSIONS CHAPTER ONE. GENERAL PROVISIONS LAW OF MONGOLIA 28 January 2010 State Palace, Ulaanbaatar city Article 1. Purpose of the law ON CONCESSIONS CHAPTER ONE. GENERAL PROVISIONS 1.1. The purpose of this law is to regulate matters related to

More information

Cybercrime: risks, penalties and prevention

Cybercrime: risks, penalties and prevention Cybercrime: risks, penalties and prevention Cyber attacks have been appearing in the news with increased frequency and recent victims of cybercrime have included well-known companies such as Sony, LinkedIn,

More information

MULTILATERAL MEMORANDUM OF UNDERSTANDING CONCERNING CO-OPERATION IN THE EXCHANGE OF INFORMATION FOR AUDIT OVERSIGHT

MULTILATERAL MEMORANDUM OF UNDERSTANDING CONCERNING CO-OPERATION IN THE EXCHANGE OF INFORMATION FOR AUDIT OVERSIGHT MULTILATERAL MEMORANDUM OF UNDERSTANDING CONCERNING CO-OPERATION IN THE EXCHANGE OF INFORMATION FOR AUDIT OVERSIGHT INTERNATIONAL FORUM OF INDEPENDENT AUDIT REGULATORS Adopted on June 30, 2015 1 Table

More information

Top 5 Cloud Security Tips For Canadian Organizations. The Smarter Everyday project is owned and operated by CTE Solutions Inc.

Top 5 Cloud Security Tips For Canadian Organizations. The Smarter Everyday project is owned and operated by CTE Solutions Inc. Top 5 Cloud Security Tips For Canadian Organizations The Smarter Everyday project is owned and operated by CTE Solutions Inc. Session Topics Cloud Benefits Canadian Approach To Cloud Geolocation Concerns

More information

BALEFIRE GLOBAL OPEN DATA STRATEGIC SERVICES

BALEFIRE GLOBAL OPEN DATA STRATEGIC SERVICES 1 BALEFIRE GLOBAL OPEN DATA STRATEGIC SERVICES TWO SIDED SUSTAINABLE DATA MARKETPLACES Governments around the world cite many different reasons for starting open data initiatives, including increasing

More information

S. ll IN THE SENATE OF THE UNITED STATES A BILL

S. ll IN THE SENATE OF THE UNITED STATES A BILL TH CONGRESS ST SESSION S. ll To codify mechanisms for enabling cybersecurity threat indicator sharing between private and government entities, as well as among private entities, to better protect information

More information

NASSCOM Cyber Security Task Force Working Group Discussion Slides. June 10, 2015

NASSCOM Cyber Security Task Force Working Group Discussion Slides. June 10, 2015 NASSCOM Cyber Security Task Force Working Group Discussion Slides June 10, 2015 CSTF Working Plan NASSCOM Cyber Security Task Force Scope / Charter Recommendations Four Working Groups Industry Development

More information

DATA SOVEREIGNTY & THE CLOUD. Whitepaper

DATA SOVEREIGNTY & THE CLOUD. Whitepaper DATA SOVEREIGNTY & THE CLOUD Whitepaper Data Sovereignty & The Cloud Organizations looking to benefit from the scalability, agility, and capital cost savings of cloud computing inevitably encounter the

More information

7.0 Information Security Protections The aggregation and analysis of large collections of data and the development

7.0 Information Security Protections The aggregation and analysis of large collections of data and the development 7.0 Information Security Protections The aggregation and analysis of large collections of data and the development of interconnected information systems designed to facilitate information sharing is revolutionizing

More information

Computing and Communication Policy on Acceptable Use of Electronic Resources

Computing and Communication Policy on Acceptable Use of Electronic Resources Computing and Communication Policy on Acceptable Use of Electronic Resources Summary This policy defines the boundaries of "acceptable use" of electronic resources, including computers, networks, electronic

More information

An Overview of Cybersecurity and Cybercrime in Taiwan

An Overview of Cybersecurity and Cybercrime in Taiwan An Overview of Cybersecurity and Cybercrime in Taiwan I. Introduction To strengthen Taiwan's capability to deal with information and communication security issues, the National Information and Communication

More information

DATA PROTECTION LAWS OF THE WORLD. India

DATA PROTECTION LAWS OF THE WORLD. India DATA PROTECTION LAWS OF THE WORLD India Date of Download: 6 February 2016 INDIA Last modified 27 January 2016 LAW IN INDIA There is no specific legislation on privacy and data protection in India. However,

More information

Regulation of Investigatory Powers Act 2000

Regulation of Investigatory Powers Act 2000 Regulation of Investigatory Powers Act 2000 Consultation: Equipment Interference and Interception of Communications Codes of Practice 6 February 2015 Ministerial Foreword The abilities to read or listen

More information

INTERNATIONAL FINANCIAL INSTITUTIONS ANTI-CORRUPTION TASK FORCE

INTERNATIONAL FINANCIAL INSTITUTIONS ANTI-CORRUPTION TASK FORCE The World Bank Group INTERNATIONAL FINANCIAL INSTITUTIONS ANTI-CORRUPTION TASK FORCE September 2006 African Development Bank Group Asian Development Bank European Bank for Reconstruction and Development

More information

State Governments at Risk: The Data Breach Reality

State Governments at Risk: The Data Breach Reality State Governments at Risk: The Data Breach Reality NCSL Legislative Summit August 5, 2015 Doug Robinson, Executive Director National Association of State Chief Information Officers (NASCIO) About NASCIO

More information

MEMORANDUM OF UNDERSTANDING

MEMORANDUM OF UNDERSTANDING MEMORANDUM OF UNDERSTANDING» J975 * N Australian Securities & Investments Commission United States Commodity Futures Trading Commission Australian Securities and Investments Commission COOPERATION AND

More information

Template for Automatic Number Plate Recognition (ANPR) Infrastructure Development Privacy Impact Assessment

Template for Automatic Number Plate Recognition (ANPR) Infrastructure Development Privacy Impact Assessment Template for Automatic Number Plate Recognition (ANPR) Infrastructure Development Privacy Impact Assessment This template is provided to support the police service and other law enforcement agencies (LEA)

More information

Data Privacy in the Cloud: A Dozen Myths & Facts

Data Privacy in the Cloud: A Dozen Myths & Facts Data Privacy in the Cloud: A Dozen Myths & Facts March 7-9 Washington DC Presented by: Barbara Cosgrove, Chief Security Officer, Workday, Inc. Lothar Determann, Partner, Baker & McKenzie LLP We re taking

More information

Response of the German Medical Association

Response of the German Medical Association Response of the German Medical Association To the Green Paper on mobile Health ( mhealth ) of the European Commission Berlin, 3 July 2014 Bundesärztekammer Herbert-Lewin-Platz 1 10623 Berlin We are grateful

More information

Testimony of. Before the United States House of Representatives Committee on Oversight and Government Reform And the Committee on Homeland Security

Testimony of. Before the United States House of Representatives Committee on Oversight and Government Reform And the Committee on Homeland Security Testimony of Dr. Phyllis Schneck Deputy Under Secretary for Cybersecurity and Communications National Protection and Programs Directorate United States Department of Homeland Security Before the United

More information

HMG Security Policy Framework

HMG Security Policy Framework HMG Security Policy Framework Security Policy Framework 3 Foreword Sir Jeremy Heywood, Cabinet Secretary Chair of the Official Committee on Security (SO) As Cabinet Secretary, I have a good overview of

More information