1 HOW SAFE IS YOUR DATA? Are you at risk of making the headlines for all the wrong reasons?
2 What do you need to consider when choosing a cloud service? G-Cloud gives central and local government departments and organisations much more freedom of choice about the IT platforms they use, and the suppliers they work with, to deliver digital services. Policies like Cloud First encourage you to consider cloud before any other option. Because cloud is quicker and less expensive to procure and deploy than other platforms, it helps you reduce development lead times and deliver innovative services more efficiently and cost effectively. It s faster and cheaper But when you re choosing a new cloud service provider or cloud platform, there s more to think about than just how fast or how cheaply you can deliver a new service. Before you sign on the dotted line, you also need to think about the security, privacy and location of the sensitive data that s entrusted to you. You may be happy storing your holiday photos in Dropbox or using Gmail for personal s but would you make similar choices for citizen or government data? It s your responsibility to make sure that the data in your care will be protected at all times. Once you ve got the facts, assess the risks and choose your cloud provider wisely. You don t want to be the next headline in the Daily Mail. 2
3 What s the worst thing that could happen? Security breaches can happen to any IT service whether it s running on traditional infrastructure or the cloud. Statistically, fewer breaches happen on cloud platforms but, when they do, they make the news like the ones that affected icloud, Sony and Moonpig. The consequences go far beyond the high fines. The negative publicity and the loss of trust can be much harder to deal with. It s bad enough for commercial firms, but for government departments and organisations entrusted with sensitive citizen data, the fallout can be much worse. So when you re choosing a cloud platform or provider, you re naturally concerned about how well the citizen data in your care will be protected against viruses, malware and other cyber threats. But there s also another important consideration: assuring the privacy of that data, and knowing where it will be stored and processed. 3
4 Data privacy what PRISM can tell us Edward Snowden s revelations about PRISM a data-collection program authorised by the US Foreign Intelligence Surveillance Act (FISA) raised significant concerns about the reach of foreign surveillance programmes, and their effect on the privacy of data held and processed by US internet and cloud service providers (ISPs and CSPs). PRISM collected foreign intelligence passing through American servers as a counter-terrorism measure without the consent of the data owners or controllers. Many US-based ISPs and CSPs including Microsoft, Yahoo, Google and AOL were implicated. The global nature of many cloud services throws data privacy issues into stark relief. That s because, if a cloud service stores and processes data across geographical borders, it s possible for more than one legal jurisdiction to have an impact on the privacy of that data. What does that mean when you re choosing a cloud provider? If you choose a cloud platform operated by a US-based or other overseas provider, the citizen data you re responsible for could be subject to foreign surveillance without your knowledge compromising its privacy. 4
5 I don t know where my is, I don t know what country it s in, I don t know what laws are regulating it, I don t even know if the vendor knows where my is! That s going to change. You can t just be searching on the internet, using consumer services, doing various things and you don t know what s going on. You re going to have to have complete and total disclosure. Mark Benioff, CEO, salesforce.com, speaking at the 2015 World Economic Forum in Davos during a debate on government s ability to access personal data and the impact on consumer trust 5
6 Five things you need to know The five points that follow will help you understand the data security and privacy issues you need to think about, and how to mitigate them Breaching the UK Data Protection Act can lead to big fines and reputational damage. Make sure you know where your data will be processed and stored, and by whom. You re responsible for validating suppliers statements about security and understanding data jurisdiction. Take that responsibility seriously interrogate your suppliers. Safe Harbor isn t really safe, and doesn t exempt US companies from US law. Ask yourself who you re contracting with, and whether UK or US law prevails. Data disclosure is a global issue. If you contract with an overseas supplier, your data could be subject to foreign surveillance. There s a growing trend towards keeping data sovereign. Most parliamentarians we surveyed believe UK public sector data should be processed in the UK. 6
7 1 Breaching the UK Data Protection Act can lead to big fines and reputational damage Data protection law, such as the UK Data Protection Act, applies whenever a data controller processes personal data. A data controller determines the purposes for which, and the manner in which, personal data is processed. A data processor processes or stores the data. The UK Data Protection Act 1998 (DPA) is based on these principles: 1. Data should be processed fairly and lawfully and may not be processed unless the data controller can satisfy one of the conditions for processing set out in the DPA 2. Data should be obtained only for specified and lawful purposes 3. Data should be adequate, relevant and not excessive 4. Data should be accurate and, where necessary, kept up to date 5. Data should not be kept longer than is necessary for the purposes for which it is processed 6. Data should be processed in accordance with the rights of the data subject under the DPA 7. Appropriate technical and organisational measures should be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data 8. Data should not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data Principle 8 isn t just a technical requirement: it s a legal requirement. You need to be confident that your supplier is providing adequate legal protection for the sensitive personal data about citizens that s under your control. 7
8 Data controllers must put written contracts in place with their data processors which set out what the data processor may or may not do with the personal data, including what security measures should be taken to safeguard the data. In particular, your G-Cloud suppliers must not pass the data you control to third parties, including sub-contractors, without your written consent. Your G-Cloud suppliers must also put in place technical and organisational measures to protect your data. Failure to do so would breach both the DPA and the terms of the G-Cloud framework and its call-off contracts. What could happen if you breach the DPA? Apart from causing significant reputational damage, breaching the DPA can lead to fines of up to 500,000 from the Information Commissioner. Make sure you know where your data will be processed and stored, and by whom. 8
9 2 You re responsible for validating suppliers statements about security and understanding data jurisdiction The introduction of the Government Security Classifications Policy (GSCP) means you can no longer rely on the assurance previously provided by CESG Pan Government Accreditation (PGA) to understand whether a supplier s systems will protect your data appropriately. Over to you Now it s up to you to determine whether suppliers comply with the government s 14 Cloud Security Principles. You must validate their statements of compliance ranging from their own assertions to formal assurance by an independent third party and decide whether you re satisfied with the security and integrity of their services. You also have to be sure you know where in which country a supplier will process and store your data, in order to understand: The legal implications of data jurisdiction and the circumstances in which your data could be accessed without your consent How a supplier s data-handling controls relate to the UK DPA What you should look for in a supplier To avoid any nasty surprises, you ll want to look for suppliers who: Have independent third-party accreditation of their compliance with the 14 Cloud Security Principles Use security-cleared personnel for data processing activities Are UK-registered companies that keep data in the UK only Process data in accordance with the DPA and the lawful instructions of the data controller (your organisation) 9
10 3 Safe Harbor isn t really safe, and doesn t exempt US companies from US law The EU US Safe Harbor agreement is a voluntary arrangement by which US companies comply with EU data processing regulations. It s long been regarded as a way of de-risking exposure to the US Patriot Act, a counter-terrorism measure which can force US companies to disclose information to the US government. Why can Safe Harbor no longer be considered safe? In 2014 the Center for Digital Democracy, a US consumer protection and privacy organisation, lodged a complaint against 30 US companies which weren t complying with Safe Harbor In 2014, in the wake of Edward Snowden s PRISM revelations, the European Parliament called for the suspension of Safe Harbor In 2015 German data protection authorities filed proceedings against US companies that allegedly don t comply with Safe Harbor, sending US companies the message that they need to pull their data protection socks up or find themselves designated an unsafe harbor 10
11 FISA effectively makes Safe Harbor irrelevant, as it allows the US government to oblige any US company to hand over data on request, without informing the people affected. So Microsoft, a US company, is having to fight the US federal government in the courts to prevent the handover of customer s which reside on Microsoft servers in Dublin, Ireland. Caspar Bowden, Microsoft s former Chief Privacy Advisor, went on record with the statement: If you are not American, you cannot trust U.S. software services. He went on to say that non-compliance with the US government could lead to an espionage charge and up to 20 years in prison. Plainly, Safe Harbor doesn t exempt US companies from US law. If you are not American, you cannot trust U.S. software services. Caspar Bowden, Microsoft s former Chief Privacy Advisor 11
12 Ask yourself who you re contracting with To protect citizen and other sensitive data from programmes like PRISM and overseas legislation like FISA, you ll want to work with suppliers who can prove they: Are registered in the UK Are not subsidiaries of overseas companies Have their physical premises in the UK Keep data in the UK only The UK government clearly recognises the potential risks of working with overseas cloud providers, as any central government department wishing to offshore data, or make use of a cloud service with data storage, processing or management offshore, needs agreement from the Cabinet Office OGSIRO (Office of the Government Senior Information Risk Officer). 12
13 Whether you re an enterprise vendor or a consumer vendor we need to all open up a lot more to be able to say exactly where is the data, what s going on with the data, who has the data and if there s a problem with the data whether it s a security problem or some other issue there is immediate disclosure and complete and total transparency. Mark Benioff, CEO of salesforce.com, speaking at the World Economic Forum, Davos 2015 Edward Snowden did more to create a future with many clouds in many locations than any tech company has done. Steve Herrod, former CTO of VMware 13
14 4 Data disclosure is a global issue It would be unfair to claim that issues around data disclosure law relate only to the US, or only to US ISPs and CSPs. Many countries, including the UK, have similar legislation. Between January and June 2014: Microsoft Received more than 34,000 law enforcement requests They came from 68 countries They related to over 58,000 accounts Microsoft released at least some data in response to over 75% of the requests Google Received over 31,000 law enforcement requests They came from 68 countries They related to over 48,000 accounts Google released at least some data for 65% of the requests 14
15 Can a foreign government request your data? To understand the legal circumstances in which the citizen data entrusted to you could be accessed without your consent, you need to know the geographical location in which a supplier will store and process it. Here s an example: a US government body could instruct Microsoft to release data to it that belongs to a UK organisation. Microsoft wouldn t have to ask a UK court or the UK government for permission to do so, nor even make them aware it was releasing the data. What would the UK public think if they thought data about them could be released to other countries without their knowledge? How can you minimise the risk? If your supplier is a UK company which keeps data in the UK only, your data won t be exposed to data disclosure requests from other countries, unless a UK court explicitly instructs the supplier to release it. 15
16 5 There s a growing trend towards keeping data sovereign When Skyscape Cloud Services asked the House of Commons and the House of Lords about their attitudes to data location and jurisdiction, a clear majority said that UK public sector data should be securely processed in the UK, by security-cleared personnel. The European General Data Protection Regulation (GDPR), which becomes law in 2017 and will replace the UK DPA, aims to harmonise European data protection regulation and make Europe as a whole a much safer place to store and process data. It will put more emphasis on individual rights and increase transparency. It will also increase the penalties for breaching the regulation to up to 5% of an organisation s global turnover or 100 million, whichever is the greater. A voluntary Data Protection Code of Conduct for European CSPs is being developed and embedded in the draft regulation. Skyscape and other CSPs are working hard to make sure the code strikes the right balance between keeping data safe and facilitating digital growth in Europe. 16
17 How can you assess the risks? To make an informed risk assessment about which cloud services will provide appropriate protection for your data, you need to: Be sure you know where in which country your data will be processed and stored Clearly understand the legal implications Over 80% of the MPs and almost 100% of the peers we surveyed agreed that the UK provides adequate protection for processing public sector data. 17
18 Keep out of the headlines by making the right decisions about cloud Data privacy concerns and the global nature of many cloud services create legal and regulatory ambiguities for public sector cloud buyers. These are compounded by the introduction of the GSCP, which means public sector cloud buyers can no longer rely on the assurance provided by PGA. Instead, it s up to the buying organisation to: Validate the statements made by G-Cloud suppliers about the security and integrity of their services Identify the geographical location where their data will be processed and stored Understand how data-handling controls will be managed in relation to prevailing UK legislation As the SIRO or civil servant responsible for the security and privacy of the citizen data entrusted to your organisation, you have to decide whether the risk of exposing your data to non- UK authorities is acceptable. Keeping data securely in the UK, with a UK-sovereign data processor, is the best mitigation you can have. Skyscape is a UK company, with UK data centres run by UK-based, security-cleared staff. By hosting your services on our assured UK-sovereign cloud platform, you can realise the benefits of cloud and deliver better public services safe in the knowledge that your data will be securely stored and processed exclusively in the UK. 18
19 About Skyscape Skyscape s assured cloud solutions are designed to meet the exclusive needs of the UK public sector. We deliver UK-sovereign services that are easy to adopt, easy to use and easy to leave, and offer genuine pay-by-the-hour consumption models. A UK SME, we ve won high-profile contracts via the G-Cloud framework and by working with our many channel partners who embed the Skyscape cloud platform in their solutions. All our services are Pan Government Accredited (PGA) up to IL3, so suitable for all data at OFFICIAL (including OFFICIAL-SENSITIVE). The Skyscape cloud platform is connected to government networks including the Public Services Network (PSN) and the N3 health network. We offer IaaS, PaaS and SaaS services: IaaS compute and storage on demand SaaS services providing messaging and document management capability PaaS based on Cloud Foundry and Hadoop All our services are hosted in one or both of our highly resilient Tier 3 UK data centres in Farnborough and Corsham. We deliver them using leading technologies from our Cloud Alliance partners: QinetiQ, VMware, Cisco, EMC and Ark Continuity. The Cloud Alliance provides a collaborative resource which drives innovation and technical product development, helping to continually improve our offering to meet the needs of the UK public sector. Skyscape provides cloud services in an agile, secure and costeffective manner. We strive to deliver solutions that harness technology as a way to facilitate the changes needed to streamline processes and reduce costs to support the UK public sector and, ultimately, UK citizens and taxpayers. 19
20 Skyscape Cloud Services Limited A8 Cody Technology Park Ively Road Farnborough Hampshire GU14 0LX +44 (0) SC-GEN /2015 Skyscape Cloud Services Limited All Rights Reserved.
white paper HOW TO BUY FROM G-CLOUD AND CLOUDSTORE A GUIDE FOR BUYING ORGANISATIONS EXECUTIVE SUMMARY There has been much talk of cloud services, G-Cloud and Cloud First in recent months, but what does
blueprint IL3 CONNECTIVITY FROM SECURE END-USER DEVICES INTRODUCTION Skyscape is one of very few cloud providers that has achieved Pan Government Accreditation (PGA) and PSN Accreditation for our IL3 Compute,
white paper CLOUD SERVICES AND THE GOVERNMENT SECURITY CLASSIFICATIONS POLICY SECURITY EXECUTIVE SUMMARY The UK government has increasingly been encouraging the use of cloud services instead of traditional
Trust Cisco to Protect Your Data As cloud adoption accelerates, organizations are increasingly placing their trust in third-party cloud service providers (CSPs). But can you fully trust your most sensitive
BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS Mat Wright www.britishcouncil.org CONTENTS Purpose of the code 1 Scope of the code 1 The British Council s data protection commitment and
August 2011 Report on Cloud Computing and the Law for UK FE and HE (An Overview) Please Note: This guidance is for information only and is not intended to replace legal advice when faced with a risk decision.
Cloud Computing Introduction This information leaflet aims to advise organisations which are considering engaging cloud computing on the factors they should consider. It explains the relationship between
Corporate Information Security Policy. A guide to the Council s approach to safeguarding information resources. September 2015 Contents Page 1. Introduction 1 2. Information Security Framework 2 3. Objectives
Cyber Security and Privacy Services Working in partnership with you to protect your organisation from cyber security threats and data theft 2 Cyber Security and Privacy Services What drives your security
Attitudes to Use of Social Networks in the Workplace and Protection of Personal Data David Haynes, City University, School of Informatics, Department of Information Science August 2011 Background Two surveys
white paper CLOUD: THE TOTAL COST OF OPERATION BUILDING THE BUSINESS CASE FOR CHANGE EXECUTIVE SUMMARY Cloud computing is now an integral part of the government s ICT Strategy offering the potential to
Cloud Computing This information leaflet aims to advise organisations on the factors they should take into account in considering engaging cloud computing. It explains the relevance of the Personal Data
Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered
CPNI VIEWPOINT 01/2010 CLOUD COMPUTING MARCH 2010 Acknowledgements This viewpoint is based upon a research document compiled on behalf of CPNI by Deloitte. The findings presented here have been subjected
Jisc Safe Harbour NOTE ON THE COURT OF JUSTICE OF THE EUROPEAN UNION'S JUDGMENT ON 'SAFE HARBOUR' ARRANGEMENTS FOR THE TRANSFER OF PERSONAL DATA FROM THE EEA TO THE USA KEY POINTS Safe Harbour Agreement
Hacks, apps and espionage - how protected are you against cyber crime? Top 10 Legal Need-to-Knows 24 February 2015 Callum Sinclair Faith Jayne Agenda Top 10 legal need-to-knows, including: What is cyber
Thales Definition for PSN Secure Email Gateway Thales Definition for PSN Secure Email Gateway for Cloud s April 2014 Page 1 of 12 Thales Definition for PSN Secure Email Gateway CONTENT Page No. Introduction...
BHCC Policy Summary 1 Policy Name Data Protection Policy. 2 Purpose of Policy To define the standards expected of all Brighton & Hove City Council employees, and any third parties, when processing information
Dean Bank Primary and Nursery School Secure Storage of Data and Cloud Storage January 2015 All school e-mail is disclosable under Freedom of Information and Data Protection legislation. Be aware that anything
The HR Skinny: Effectively managing international employee data flows Topics we will cover today Laws affecting HR data flows HR international data protection challenges and strategic solutions Case study
Data protection issues on an EU outsourcing Saam Golshani, Alastair Gorrie and Diego Rigatti, Orrick Herrington & Sutcliffe www.practicallaw.com/8-380-8496 Outsourcing can mean subcontracting a process
Nine Steps to Smart Security for Small Businesses by David Lacey Co-Founder, Jericho Forum Courtesy of TABLE OF CONTENTS INTRODUCTION... 1 WHY SHOULD I BOTHER?... 1 AREN T FIREWALLS AND ANTI-VIRUS ENOUGH?...
GOVERNMENT HOSTING Cloud Service Security Principles Memset Statement Summary - March 2014 The Cabinet Office has produced a set of fourteen Cloud Service Security Principles to be considered when purchasers
Security & privacy in the cloud; an easy road? A journey to the trusted cloud Martin Vliem CISSP, CISA National Security Officer Microsoft The Netherlands email@example.com THE SHIFT O L D W O R L D
White Paper Security Data Protection and Security in School Management Systems This paper clarifies the roles and responsibilities of those dealing with the data that is central to school management systems.
To cloud or not to cloud, that is a very serious question EEMA / TrustCore Legal challenges in a post Safe Harbour and pre GDPR cloud world 18 November 2015 firstname.lastname@example.org Context Major cloud providers
HMG Security Policy Framework Security Policy Framework 3 Foreword Sir Jeremy Heywood, Cabinet Secretary Chair of the Official Committee on Security (SO) As Cabinet Secretary, I have a good overview of
Thales Service Definition for PSN Secure Web Gateway Service for Cloud Services April 2014 Page 1 of 12 CONTENT Page No. Introduction... 3 Overview of Service... 3 Key Features... 4 The Thales SaaS Cloud
INFORMATION SECURITY GUIDE Cloud Computing Outsourcing Information Security Unit Information Technology Services (ITS) July 2013 CONTENTS 1. Background...2 2. Legislative and Policy Requirements...3 3.
Guidelines This guideline offers an overview of what the Data Protection Act requires in terms of information security and aims to help you decide how to manage the security of the personal data you hold.
Financial institutions Energy Infrastructure, mining and commodities Transport Technology and innovation Life sciences and healthcare Pensions Data protection and pensions Briefing January 2016 Trustees
Privacy and Cloud Computing for Australian Government Agencies Better Practice Guide February 2013 Version 1.1 Introduction Despite common perceptions, cloud computing has the potential to enhance privacy
CSA Survey Results Government Access to Information July 2013 EXECUTIVE OVERVIEW During June and July of 2013, news of a whistleblower, US government contractor Edward Snowden, dominated global headlines.
In-House Counsel Day Priorities for 2012 Cloud Computing the benefits, potential risks and security for the future Presented by Anthony Willis Group Head IP and Technology Thursday 1 March 2012 WIN: What
DATA PROTECTION ACT 1998 COUNCIL POLICY Page 1 of 5 POLICY STATEMENT Blackpool Council recognises the need to fully comply with the requirements of the Data Protection Act 1998 (DPA) and the obligations
Inhouse Masterclass: Data Developments - Cyber Security & the Right to be Forgotten MHC.ie Rewriting the Past Oisin Tobin email@example.com Agenda 1. Background 2. Findings and impact: a) Jurisdiction b) A
How to ensure control and security when moving to SaaS/cloud applications Stéphane Hurtaud Partner Information & Technology Risk Deloitte Laurent de la Vaissière Directeur Information & Technology Risk
Delivering Government Cloud in 2012 Andy Tait VMware UK VMware Copyright 2009 VMware, Inc. All rights reserved. Agenda A Brief History The UK Commitment to Cloud Latest Progress Update The CloudStore The
101010 100101 1010 101 Factsheet on the Right to be 100 Forgotten ruling (C-131/12) 101 101 1) What is the case about and what did 100 the Court rule? 10 In 2010 a Spanish citizen lodged a complaint against
Information Governance and Assurance Framework Version 1.0 Page 1 of 19 Document Control Title: Original Author(s): Owner: Reviewed by: Quality Assured by: Meridio Location: Approval Body: Policy and Guidance
The Cadence Partnership Service Definition About Cadence The Cadence Partnership is an independent management consultancy, specialising in working with a wide range of organisations, solving complex issues
005ASubmission to the Serious Data Breach Notification Consultation (Consultation closes 4 March 2016 please send electronic submissions to firstname.lastname@example.org) Your details Name/organisation
Regulation of Investigatory Powers Act 2000 Consultation: Equipment Interference and Interception of Communications Codes of Practice 6 February 2015 Ministerial Foreword The abilities to read or listen
THE TRANSFER OF PERSONAL DATA ABROAD MARCH 2014 THIS NOTE CONSIDERS THE SITUATION OF AN IRISH ORGANISATION OR BUSINESS SEEKING TO TRANSFER PERSONAL DATA ABROAD FOR STORAGE OR PROCESSING, IN LIGHT OF THE
Webinar Questions Local Government Data Security Help Improve Your Compliance, 30 July 2015 Here are the answers to the questions we were asked during the webinar. There are a few questions we are still
Protective Monitoring as a Service Version: 2.1, Issue Date: 05/02/201405/02/2014 Classification: Open Classification: Open ii MDS Technologies Ltd 201416/12/2014. Other than for the sole purpose of evaluating
90 Corporate ICT & Data Management Data Protection Policy Classification: Unclassified Date Created: January 2012 Date Reviewed January Version: 2.0 Author: Owner: Data Protection Policy V2 1 Version Control
The Data Protection Landscape Before and after GDPR: General Data Protection Regulation Data Protection regulations across Europe Current regulations & guidance European Directives 95/46/EC (Data Protection)
TOP STORIES / SCI-TECH DATA PROTECTION As the US debates email privacy a Berlin start up surges with 'anonymous post' No matter how much we say we're angry about the NSA scandal, we still use all the services
24 th May 2016 New EU Data Protection legislation comes into force today. What does this mean for your business? After years of discussion and proposals, the General Data Protection Regulation ( GDPR )
Data Protection Act 1998 Bring your own device (BYOD) Contents Introduction... 3 Overview... 3 What the DPA says... 3 What is BYOD?... 4 What are the risks?... 4 What are the benefits?... 5 What to consider?...
Top 10 Tips and Tools for Meeting Regulatory Requirements and Managing Cloud Computing Providers in the United States and Around the World Web Hull Privacy, Data Protection, & Compliance Advisor Society
WEST LOTHIAN COUNCIL DATA PROTECTION ACT 1998 POLICY Version 3.0 DATA PROTECTION ACT 1998 POLICY CONTENTS 1. INTRODUCTION... 3 2. PROVISIONS OF THE ACT... 4 3. SCOPE... 4 4. GENERAL POLICY STATEMENT...
www.corrs.com.au OFFSHORING Data the new privacy laws OFFSHORING DATA THE NEW PRIVACY LAWS Transfer of data by Australian organisations to other jurisdictions is increasingly common. This is a result of
Cloudscape VII 9 March 2015 GDPR & Cloud Providers Keynote Presentation Kuan Hon Research Consultant, Cloud Legal Project & MCCRC Centre for Commercial Law Studies Queen Mary, University of London email@example.com
Data Protection for Charities CFG 15 May 2014 Overview Overview and key definitions The data protection principles Fair and lawful processing Data security and outsourcing Rights of data subjects Recent
Legal Issues in the Cloud: A Case Study Jason Epstein Outline Overview of Cloud Computing Service Models (SaaS, PaaS, IaaS) Deployment Models (Private, Community, Public, Hybrid) Adoption Different types
Cloud Computing in the Victorian Public Sector AIIA response July 2015 39 Torrens St Braddon ACT 2612 Australia T 61 2 6281 9400 E firstname.lastname@example.org W www.aiia.comau Page 1 of 9 17 July 2015 Contents 1.
The legal and commercial risks and issues to consider when managing emails Change Harbour, October 2012 About Change Harbour Change Harbour Ltd is a consultancy organisation that delivers innovative strategic,
AlixPartners, LLP General Data Protection Statement GENERAL DATA PROTECTION STATEMENT 1. INTRODUCTION 1.1 AlixPartners, LLP ( AlixPartners ) is committed to fulfilling its obligations under the data protection
EU Data Protection and Information Security for Banking & Financial Service sectors 4 th December 2014 Janine Regan, Associate George Willis, Associate charlesrussellspeechlys.com Janine Regan Associate
Cloud computing and personal data protection Gwendal LE GRAND Director of technology and innovation CNIL 1 Data protection in Europe Directive 95/46/EC Loi 78-17 du 6 janvier 1978 amended in 2004 (France)
ICO SME data protection workshop 25 September, NEC Information security & working with government Amanda Hillman Data Sharing & Data Protection Manager Claire Francis Supply Chain Information Assurance
Patriot Act Impact on Canadian Organizations Using Cloud Services November 8, 2013 By Scott Wright The Streetwise Security Coach http://www.securityperspectives.com 1 PRESENTATION TITLE Why do nation-states
Protective Monitoring as a Service Version: 1.0, Issue Date: 05/02/201405/02/2014 Classification: Open Classification: Open ii MDS Technologies Ltd 2014. Other than for the sole purpose of evaluating this
Third European Cyber Security Awareness Day BSA, European Parliament, 13 April 2010 Panel IV: Privacy and Cloud Computing Data Protection and Cloud Computing under EU law Peter Hustinx European Data Protection
Chapter XX FRANCE Merav Griguer 1 I OVERVIEW France has an omnibus privacy, data protection and cybersecurity framework law. As a member of the European Union, France has implemented the EU Data Protection
(Draft for consultation) Please note that this draft is under consultation with stakeholders in colleges and university services, before refinement and approval by the appropriate University Committee.
Cybercrime: risks, penalties and prevention Cyber attacks have been appearing in the news with increased frequency and recent victims of cybercrime have included well-known companies such as Sony, LinkedIn,
Information Commissioner s Office Information governance strategy 2014-16 Page 1 of 16 Contents 1.0 Executive summary 2.0 Introduction 3.0 ICO s corporate plan 2014-17 4.0 Regulatory environment 5.0 Scope
[Standard data protection [agreement/clauses] for the transfer of Personal Data from the University of Edinburgh (as Data Controller) to a Data Processor within the European Economic Area ] In this Agreement:-
1 Summary Report of the Directors Round Table on Information Governance, 1600-1800, 24 th November 2008, The Boothroyd Room, Portcullis House, Westminster Chair: Stephen Darvill (Logica) Raporteur: Edward
Considerations for Outsourcing Records Storage to the Cloud 2 Table of Contents PART I: Identifying the Challenges 1.0 Are we even allowed to move the records? 2.0 Maintaining Legal Control 3.0 From Storage
Quick guide: Using the Cloud to support your business This Quick Guide is one of a series of information products targeted at small to medium sized enterprises (SMEs). It is designed to help businesses
Data and Cyber Laws Up-date 9 July 2015 Janine Regan Alexia Zuber Viktoria Protokova Simon Holdsworth charlesrussellspeechlys.com Topics Updates on the key aspects of, and commentary on, the proposed GDPR
Private Cloud Expected to Grow at Twice the Rate of Public Cloud In This Paper Security, privacy concerns about the cloud remain SaaS is the most popular cloud service model in use today Microsoft, Google
What You Need to Know About CLOUD INFORMATION PROTECTION SOLUTIONS Table of Contents Cloud Adoption Drivers Key Capabilities and Technologies Usability and User Experience Security Technology Architecture
DIGITALEUROPE and European Services Forum (ESF) response to the Draft Supervision Rules on Insurance Institutions Adopting Digitalised Operations Brussels, October 2015 INTRODUCTION On behalf of the European
IT Services Capita Private Cloud Cloud potential unleashed Cloud computing at its best Cloud is fast becoming an integral part of every IT strategy. It reduces cost and complexity, whilst bringing freedom,
2014 NETWORK SECURITY & CYBER RISK MANAGEMENT: THE THIRD ANNUAL SURVEY OF ENTERPRISE-WIDE CYBER RISK MANAGEMENT PRACTICES IN EUROPE February 2014 Sponsored by: 2014 Network Security & Cyber Risk Management:
BHF Southern African Conference Navigating the complexities of the new legislative framework Peter Hill, Director: IT Governance Network TOPICS TO BE COVERED The practical implementation of the PPI Act
GPO Box 2343 Adelaide SA 5001 Tel (+61 8) 8204 8773 Fax (+61 8) 8204 8777 DX:336 email@example.com www.archives.sa.gov.au Cloud Computing and Records Management June 2015 Version 1 Version
Information Governance Policy Implementation date: 30 September 2014 Control schedule Approved by Corporate Policy and Strategy Committee Approval date 30 September 2014 Senior Responsible Officer Kirsty-Louise