Data privacy and security in the post-snowden era

Size: px
Start display at page:

Download "Data privacy and security in the post-snowden era"

Transcription

1 Data privacy and security in the post-snowden era Matthew D. Sarrel, CISSP August 22, 2014 This report is underwritten by Verne Global.

2 TABLE OF CONTENTS Executive summary... 3 Situational analysis... 4 Governments protect and threaten customer data privacy... 7 Iceland is a data haven Conclusion and key takeaways Appendix: security checklist for selecting data-center services About the author About Gigaom Research Data Privacy and Security in the Post Snowden Era 2

3 Executive summary Recent revelations of spying by the U.S. National Security Agency (N.S.A.) as well as by the U.K. and French governments indicate that not every cloud is safe and secure. Companies in countries with strict regulations governing sensitive data must find a geographic location that is legally viable for compliance within their data protection laws. Iceland, through the combination of the Icelandic Modern Media Initiative (IMMI) regulations and status as an European Economic Area (E.E.A.) state, is uniquely positioned as a data privacy haven, so E.U. companies that are serious about protecting corporate intellectual property and customer data should evaluate cloud-hosting providers located there. Key takeaways: Legal data exposure as a result of the U.S. PATRIOT Act combined with illegal data exposure as a result of N.S.A. spying has created a legal environment in which E.U. companies can no longer consider hosting customer data and corporate intellectual property at U.S. cloud providers that are located within the U.S. or in other geographies with weak user privacy laws beyond U.S. borders. Countries within the E.U., such as the U.K. and France, are also guilty of unauthorized data access and spying and are therefore inappropriate countries to host data. Companies headquartered in the E.U. are required under Directive 95/46/EU to protect sensitive customer data, which they cannot accomplish in the environments created by the U.S. PATRIOT Act and government spying. Iceland, with its IMMI regulations and status as an E.A.A. state, is one of the few valid choices for hosting cloud-based data in compliance with Directive 95/46/EU. Data Privacy and Security in the Post Snowden Era 3

4 Situational analysis With CIOs enjoying the flexibility, agility, nimbleness, and lower human and capital costs associated with public clouds, cloud computing has entered its mainstream adoption phase. Cloud adoption is fueled by many corporate, cultural, and economic factors such as: Cost cutting in times of economic uncertainty Scaling up or down (resource elasticity) Time savings Data-center simplification A need to use IT resources and personnel efficiently With the hardware procurement times in most organizations upwards of three months, cloud-based infrastructure is an attractive alternative because it is readily available and easy to deploy, thereby saving time and money. Furthermore, IT planners like the control and flexibility of build-it-yourself and do-ityourself (DIY) when they are enabled through the cloud because they require fewer resources. These factors save resources and expensive technical expertise that organizations can better utilize elsewhere. In October 2013, NTT Communications Security published a report based on a survey of 700+ IT decision makers at organizations with 500+ employees in the U.S./Canada, U.K., Germany, Nordics, Singapore, Japan, and Hong Kong. The survey, conducted in May and June 2013, found that more than 87 percent of North American businesses had already moved, or were looking to move, their services and data into the cloud within the next two years. According to the survey, 60 percent of European companies and 34 percent of Nordic companies agreed. Furthermore, 98 percent of those North American businesses using the cloud have been using it for six months or longer versus 79 percent in Europe. Corporate intellectual property (IP) is a key differentiator and value proposition. The 2013 edition of the World Intellectual Property Organization s IP Facts and Figures provides statistics about four types of industrial property: patents, utility models, trademarks, and industrial designs. Each year, the World Intellectual Property Organization conducts a survey of approximately 150 national and regional IP offices around the world. The estimated 2.35 million patent applications filed worldwide in 2012 represent growth of 9.2 percent over This is the highest rate of growth recorded in 18 years. Data Privacy and Security in the Post Snowden Era 4

5 Figure 1. Source: WIPO 2013 Organizations are rightly concerned about any outside source snooping through their data because leaking valuable corporate IP of any kind is detrimental to an enterprise. In the post-snowden era, the importance of data security and data privacy as the key decision criteria in selecting a cloud infrastructure provider has been magnified. Data Privacy and Security in the Post Snowden Era 5

6 Companies think about data security and data privacy very differently today from the way they did a couple of years ago. CIOs are curious to explore geographies and jurisdictions that can provide the greatest protection to their corporate IP. In the post-snowden era, data security and data privacy laws vary across North America and Europe. For example, when compared to many other countries, Swiss and German laws are more favorable to enterprises than to authorities. Data Privacy and Security in the Post Snowden Era 6

7 Governments protect and threaten customer data privacy Directive 95/46/EC, which is the primary data protection law in the E.U., establishes a regulatory framework for the protection of personal data. It attempts to strike a balance between securing and protecting the privacy of individuals and the free movement of personal data within the E.U. It sets strict limits on the collection and use of personal data and demands that each member state establish an independent national body responsible for the protection of that data. Data processed by E.U. entities must be under their control at all times and customers must be notified in the event of a data breach. Data must not be exposed to prying eyes, including those of government bodies. Edward Snowden highlighted this issue when he leaked information to various newspapers about the N.S.A. programs designed to intercept European telephone metadata and the existence of the PRISM and Tempora internet surveillance programs. At the time he gathered the information, he was working as a contractor for Booz Allen Hamilton, as an infrastructure analyst for the N.S.A. Although many in the security community already knew about these programs, Snowden s leaks drew greater public attention to them. The N.S.A. s wholesale data harvesting and spying, as revealed by Snowden, violates the privacy of data subjects and renders the protection of data by processors impossible. For this reason, no company headquartered in the E.U. and subject to E.U. law can satisfy the requirements of Directive 95/46/EC while hosting data in the U.S. The leaks have led the E.U. and many of its member countries to investigate their own data protection laws to determine whether permission was granted for U.S. access to local data. In most cases it was not. E.U. Vice President Neelie Kroes said that she was also concerned about the wider impact on the cloud computing industry given that most cloud providers are U.S. companies. If European cloud customers cannot trust the U.S. government or their assurances, then maybe they won t trust U.S. cloud providers either, Kroes said in July of Spying is not exclusively the purview of the U.S. government. France was also exposed for its data surveillance when newspaper Le Monde reported that the French foreign intelligence service DGSE regularly intercepts data from internet and telephone communications on a large scale. According to Le Monde, the operation is outside the law and beyond any proper supervision. French officials refused to comment on the accusations that the DGSE analyses the metadata of s and other communications Data Privacy and Security in the Post Snowden Era 7

8 revealing who is speaking to whom, when, and where. Le Monde reported that connections inside France and between France and other countries are all monitored and that while the operation is designed to uncover terrorist cells, its scale implies that anyone can be spied on at any time. BBC coverage of the Le Monde article added the U.K. spy agency GCHQ is reported to run a similarly vast data collection operation, co-operating closely with the N.S.A. Figure 2. Source: NTT Communications Largely as a response to the information leaked by Snowden, countries in Europe (both in and out of the E.U.), Asia, Australia, New Zealand, Russia, Saudi Arabia, and Brazil have initiated legislation requiring that data generated within their borders stays within their borders. When the data of one country s citizens leaves its borders, the country loses the ability to regulate the use of that data. Consequently, many countries are concerned that data privacy laws in other countries, particularly those in the U.S., don t offer the protections their citizens expect or that national leadership wants to guarantee. Data Privacy and Security in the Post Snowden Era 8

9 Many enterprises use the cloud to ensure they will have a data-center presence in all the locations where they do business as well as for geographic diversity that can aid disaster recovery (DR). But if data generated in one country is required to stay in that country, then the cloud provider must be able to provide a guarantee that such data does in fact never leave that country. This points to a solution that involves multiple clouds in multiple countries, which is not the easiest system to build and maintain. Additionally, due diligence can be difficult from the other side of the planet, and the data custody practices of cloud providers in emerging markets like Eastern Europe and Latin America are not very easy to assess. Assessing the interaction between the data-center provider and the local government is crucial. If a government issues subpoenas or warrants for data, will the service provider hand it over? If not, will the service provider adhere to the idea that while they house the data, they are not in custody of it, so the enterprise must comply? In the U.S., cloud providers are not required by law to notify their customers if they allow access to the authorities responding to a subpoena. Therefore most don t. The Information Technology and Innovation Foundation (ITIF), a technology think tank, projected in August 2013 that U.S. cloud-computing providers would eventually lose 20 percent of the foreign market to competitors. In dollar terms, it projected losses as high as $35 billion by Apprehension over the security of the sensitive data stored in the cloud has caused many businesses to avoid storing data in cloud services within the U.S. In a survey of 300 U.K. and Canadian businesses commissioned by PEER 1 Hosting and published in January 2014, twenty-five percent of those surveyed stated that they would move their company data outside of the U.S. due to N.S.A.-related privacy and security concerns. In addition, 82 percent indicated that privacy laws are a top concern when choosing where to host their data and 81 percent want to know exactly where their data is being hosted. Nearly 70 percent of respondents agree they would sacrifice performance to ensure data sovereignty. Clearly, data privacy and security concerns were heightened following the revelation of data spying programs by the N.S.A. and other organizations around the world. Customers are now demanding that hosting and cloud providers offer them control over the locations where they store their customer data, ensuring that they can guarantee security and privacy over data while maintaining regulatory compliance. Data Privacy and Security in the Post Snowden Era 9

10 Iceland is a data haven Over the past five years, due to the Icelandic Modern Media Initiative (IMMI), which is currently a project of the International Modern Media Institute, Iceland has become a data haven with the most progressive internet laws in the world. The origins of the IMMI go back to 2009 and an incident involving Wikileaks: In August 2009, Kaupþing Bank succeeded in obtaining a court order gagging Iceland s national broadcaster, RÚV, from broadcasting a risk analysis report showing the bank's substantial exposure to debt default risk. This information had been leaked by a whistleblower to WikiLeaks and remained available on the WikiLeaks site; faced with an injunction minutes before broadcast the channel ran with a screen grab of the WikiLeaks site instead of the scheduled piece on the bank. Citizens of Iceland felt outraged that RÚV was prevented from broadcasting news of relevance. Therefore, WikiLeaks has been credited with inspiring the Icelandic Modern Media Initiative, a bill meant to reclaim Iceland's 2007 Reporters Without Borders (Reporters sans frontières) ranking as first in the world for free speech. It aims to enact a range of protections for sources, journalists, and publishers. Birgitta Jónsdóttir, a former volunteer for WikiLeaks and member of the Icelandic parliament, is the chief sponsor of the proposal. It is particularly important that the IMMI protects intermediaries such as ISPs and telecommunications carriers from prosecution. In addition, the law provides protections from foreign judgments that violate Icelandic freedom of expression protection. This legislation means that no company in Iceland is required by Icelandic law to disclose information for legal reasons alone. One of the explicit aims of this legislation is to prevent the misuse of data by foreign intelligence services such as the N.S.A. In addition, the PATRIOT Act is only applicable to American companies housing data in Iceland. The PATRIOT Act allows U.S. intelligence and investigation services to access cloud data stored by U.S. companies wherever it is hosted regardless of geographic location. The law also includes a gag order to prevent target companies from learning and disclosing that their data has been accessed. This means that a U.S.-based or U.S.-controlled cloud provider is required to turn over a company s data and cannot tell them that they did so. This violates both the IMMI and Directive 95/46/EU. Data Privacy and Security in the Post Snowden Era 10

11 Furthermore, Iceland benefits from an E.U. status as a commissioned data processor, which means that the usual requirement when carrying out cross-border data transfers to check that the country in which the data processor is located ensures an adequate level of protection is no longer applicable. Companies located in Iceland seeking to process E.U. possessed data must undergo an audit of their technical and organization security measures and provide appropriate security guarantees. As part of the E.A.A., Iceland, along with Liechtenstein and Norway, is guaranteed free movement of goods, services, capital, and labor including data. Directive 95/46/EU applies to E.U. data housed in Iceland and regulations there are consistent with the data-protection legislation in E.U. member countries. The IMMI is comparable to data protection laws throughout the E.U., so data housed in Iceland must be treated no differently from data housed in any country within the E.U. Data Privacy and Security in the Post Snowden Era 11

12 Conclusion and key takeaways While cloud computing is on the rise in North America and Europe, serious threats to data privacy and the security of corporate intellectual property exist. These threats are not only the result of illegal activities engaged in by hackers. Perhaps the greatest threats to customer data and corporate IP are those posed by governments and their warrants, subpoenas, and espionage. Trust in the U.S. government has been deeply eroded as a result of the Snowden revelations of N.S.A. spying. Companies that must avoid potential exposure to government spying and adhere to E.U. data privacy regulations can neither consider hosting sensitive data within the geographic boundaries of the U.S. nor can they host it at U.S.-owned cloud providers located outside U.S. borders. For these businesses, IMMI regulations and Iceland s status as an E.E.A. state make it an ideal location for hosting customer data and corporate IP. The combination of legal data exposure as a result of the U.S. PATRIOT Act and illegal data exposure as a result of N.S.A. spying has created an environment where E.U. companies can no longer consider hosting customer data and corporate intellectual property at U.S. cloud providers located within and beyond the borders of the U.S. Countries within the E.U., such as the U.K. and France, are also guilty of unauthorized data access and spying and are therefore also inappropriate countries to host data. Iceland, with the IMMI regulations and status as an EAA state, is one of the few valid choices for hosting cloud-based data in compliance with E.U. Directive 95/46/EU. Data Privacy and Security in the Post Snowden Era 12

13 Appendix: security checklist for selecting datacenter services Here is a checklist that organizations can use when they are selecting data-center services and testing data security and privacy. Is your company headquartered in the E.U. or otherwise subject to Data Protection Directive 95/46/EC? Is your company legally required to store data in the country or region in which it was generated? Is the service provider located in or owned by a U.S.-based company, and therefore subject to the PATRIOT act? Is the service provider located in a country that is known to have engaged in data intercepts or to have cooperated with U.S. PATRIOT Act surveillance? If it operates in or with E.U. countries, has the service provider earned the status of commissioned data processor?" If a government issues a subpoena or warrant for company data, will the service provider hand it over without permission of the company? If a service provider turns over company data to a government, will it notify the company that such a transfer has occurred? What level of detail will they provide? Data Privacy and Security in the Post Snowden Era 13

14 About Matt Sarrel Matthew David Sarrel is currently Executive Director of Sarrel Group, an editorial services, product test lab, and information technology consulting company with offices in New York City and San Francisco. He is a Contributing Editor for PC Magazine as well as a Frequent Contributor for the Internet.com family of sites. He is also a technical writer and game/product reviewer. Previously, he was a technical director for PC Magazine Labs. Prior to joining PC Magazine, he served as Vice President of Engineering and IS Manager at two internet startups and almost 10 years providing IT solutions in medical research settings, beginning his career as a network administrator and ultimately serving as Director of IT for the New Jersey Medical School National Tuberculosis Center and CIO for the HIV Educational Exchange for Healthcare Workers in Vietnam project. About Gigaom Research Gigaom Research gives you insider access to expert industry insights on emerging markets. Focused on delivering highly relevant and timely research to the people who need it most, our analysis, reports, and original research come from the most respected voices in the industry. Whether you re beginning to learn about a new market or are an industry insider, Gigaom Research addresses the need for relevant, illuminating insights into the industry s most dynamic markets. VisitU.S.at:research.gigaom.com Giga Omni Media, Inc. All Rights Reserved. This publication may be used only as expressly permitted by license from Gigaom and may not be accessed, used, copied, distributed, published, sold, publicly displayed, or otherwise exploited without the express prior written permission of Gigaom. For licensing information, please contact us. Data Privacy and Security in the Post Snowden Era 14

CSA Survey Results. Government Access to Information

CSA Survey Results. Government Access to Information CSA Survey Results Government Access to Information July 2013 EXECUTIVE OVERVIEW During June and July of 2013, news of a whistleblower, US government contractor Edward Snowden, dominated global headlines.

More information

NSA After-shocks. How Snowden has changed ICT decision-makers approach to the Cloud

NSA After-shocks. How Snowden has changed ICT decision-makers approach to the Cloud NSA After-shocks How Snowden has changed ICT decision-makers approach to the Cloud FOREWORD 2013 was a game-changing year for cloud service providers across the globe. Edward Snowden s revelations of covert

More information

Government Surveillance, Hacking, and Network Security: What Can and Should Carriers Do? Kent Bressie PITA AGM, Tonga April 2015

Government Surveillance, Hacking, and Network Security: What Can and Should Carriers Do? Kent Bressie PITA AGM, Tonga April 2015 Government Surveillance, Hacking, and Network Security: What Can and Should Carriers Do? Kent Bressie PITA AGM, Tonga April 2015 1 Network and cybersecurity vs. access Fundamental tension exists between:

More information

INTELLECTUAL ASSET MANAGEMENT DATA SECURITY IN THE CLOUD. Protecting the assets that protect your business

INTELLECTUAL ASSET MANAGEMENT DATA SECURITY IN THE CLOUD. Protecting the assets that protect your business INTELLECTUAL ASSET MANAGEMENT DATA SECURITY IN THE CLOUD Protecting the assets that protect your business Data privacy and security is a huge issue that even precedes Big Data; we at Thomson Reuters have

More information

Privacy in the Cloud A Microsoft Perspective

Privacy in the Cloud A Microsoft Perspective A Microsoft Perspective November 2010 The information contained in this document represents the current view of Microsoft Corp. on the issues discussed as of the date of publication. Because Microsoft

More information

Privacy in the Cloud Computing Era. A Microsoft Perspective

Privacy in the Cloud Computing Era. A Microsoft Perspective Privacy in the Cloud Computing Era A Microsoft Perspective November 2009 The information contained in this document represents the current view of Microsoft Corp. on the issues discussed as of the date

More information

Implications for Cloud Computing & Data Privacy

Implications for Cloud Computing & Data Privacy Implications for Cloud Computing & Data Privacy Diane Mueller Cloud Evangelist, ActiveState dianem@activestate.com http://www.activestate.com/stackato Founded 1997 2 million developers, 97% of Fortune

More information

2014 NETWORK SECURITY & CYBER RISK MANAGEMENT: A SURVEY OF ENTERPRISE-WIDE CYBER RISK MANAGEMENT PRACTICES IN THE ASIA-PACIFIC REGION

2014 NETWORK SECURITY & CYBER RISK MANAGEMENT: A SURVEY OF ENTERPRISE-WIDE CYBER RISK MANAGEMENT PRACTICES IN THE ASIA-PACIFIC REGION 2014 NETWORK SECURITY & CYBER RISK MANAGEMENT: A SURVEY OF ENTERPRISE-WIDE CYBER RISK MANAGEMENT PRACTICES IN THE ASIA-PACIFIC REGION April 2014 Sponsored by: 2014 Network Security & Cyber Risk Management:

More information

What s Holding Back the Cloud?

What s Holding Back the Cloud? MAY 2012 Peer Research What s Holding Back the Cloud? Intel Survey on Increasing IT Professionals Confidence in Cloud Security Why You Should Read This Document This report captures key findings from a

More information

AskAvanade: Answering the Burning Questions around Cloud Computing

AskAvanade: Answering the Burning Questions around Cloud Computing AskAvanade: Answering the Burning Questions around Cloud Computing There is a great deal of interest in better leveraging the benefits of cloud computing. While there is a lot of excitement about the cloud,

More information

How enterprises will use the cloud for big data analytics

How enterprises will use the cloud for big data analytics How enterprises will use the cloud for big data analytics Lynn Langit November 10, 2014 This report is underwritten by Cazena. TABLE OF CONTENTS Executive summary... 3 A majority of enterprises are interested

More information

Big Data for Law Firms DAMIAN BLACKBURN

Big Data for Law Firms DAMIAN BLACKBURN Big Data for Law Firms DAMIAN BLACKBURN PUBLISHED BY IN ASSOCIATION WITH Big data means big business By Simon Briskman, partner, technology & outsourcing group, Field Fisher Waterhouse LLP BIG DATA is

More information

Continuous Third-Party Security Monitoring Powers Business Objectives And Vendor Accountability

Continuous Third-Party Security Monitoring Powers Business Objectives And Vendor Accountability A Custom Technology Adoption Profile Commissioned By BitSight Technologies Continuous Third-Party Security Monitoring Powers Business Objectives And Vendor Accountability Introduction As concerns around

More information

THE PERSPECSYS KNOWLEDGE SERIES. Solving Privacy, Residency and Security in the Cloud. PerpecSys Inc. 2012. All rights reserved.

THE PERSPECSYS KNOWLEDGE SERIES. Solving Privacy, Residency and Security in the Cloud. PerpecSys Inc. 2012. All rights reserved. THE PERSPECSYS KNOWLEDGE SERIES Solving Privacy, Residency and Security in the Cloud Data Compliance and the Enterprise Cloud Computing is generating an incredible amount of excitement and interest from

More information

Just Net Coalition statement on Internet governance

Just Net Coalition statement on Internet governance Just Net Coalition statement on Internet governance (Just Net Coalition is a global coalition of civil society actors working on Internet governance issues) All states should work together to provide a

More information

Data Privacy: Where Should I House My Data?

Data Privacy: Where Should I House My Data? Data Privacy: Where Should I House My Data? intralinks.com Data Privacy: Where Should I House My Data? As enterprise file sharing and collaboration tools become more widely used, it becomes increasingly

More information

A clearer view. Security, compliance, and the cloud

A clearer view. Security, compliance, and the cloud A clearer view Security, compliance, and the cloud 2 A Clearer View ecurñ This document examines the current regulatory climate around the cloud and explains what to look for from a security standpoint

More information

CLOUD COMPUTING & THE PATRIOT ACT: A RED HERRING?

CLOUD COMPUTING & THE PATRIOT ACT: A RED HERRING? CLOUD COMPUTING & THE PATRIOT ACT: A RED HERRING? Lindsey Finch Senior Global Privacy Counsel Salesforce.com lfinch@salesforce.com David T.S. Fraser Partner McInnes Cooper David.fraser@mcinnescooper.com

More information

Privacy and data protection in a post-snowden world. Carly Nyst Head of International Advocacy

Privacy and data protection in a post-snowden world. Carly Nyst Head of International Advocacy Privacy and data protection in a post-snowden world Carly Nyst Head of International Advocacy The great irony is that we re the only ones not spying on the American people. - Keith Alexander, head of the

More information

Global Privacy and Data Security in the Cloud September 14, 2011 Miriam Wugmeister

Global Privacy and Data Security in the Cloud September 14, 2011 Miriam Wugmeister 2011 Morrison & Foerster LLP All Rights Reserved mofo.com Global Privacy and Data Security in the Cloud September 14, 2011 Miriam Wugmeister Presenter Miriam Wugmeister Morrison & Foerster LLP New York

More information

Using AWS in the context of Australian Privacy Considerations October 2015

Using AWS in the context of Australian Privacy Considerations October 2015 Using AWS in the context of Australian Privacy Considerations October 2015 (Please consult https://aws.amazon.com/compliance/aws-whitepapers/for the latest version of this paper) Page 1 of 13 Overview

More information

As the US debates email privacy a Berlin start up surges with...

As the US debates email privacy a Berlin start up surges with... TOP STORIES / SCI-TECH DATA PROTECTION As the US debates email privacy a Berlin start up surges with 'anonymous post' No matter how much we say we're angry about the NSA scandal, we still use all the services

More information

2014 NETWORK SECURITY & CYBER RISK MANAGEMENT: THE THIRD ANNUAL SURVEY OF ENTERPRISE-WIDE CYBER RISK MANAGEMENT PRACTICES IN EUROPE

2014 NETWORK SECURITY & CYBER RISK MANAGEMENT: THE THIRD ANNUAL SURVEY OF ENTERPRISE-WIDE CYBER RISK MANAGEMENT PRACTICES IN EUROPE 2014 NETWORK SECURITY & CYBER RISK MANAGEMENT: THE THIRD ANNUAL SURVEY OF ENTERPRISE-WIDE CYBER RISK MANAGEMENT PRACTICES IN EUROPE February 2014 Sponsored by: 2014 Network Security & Cyber Risk Management:

More information

Marist College. Information Security Policy

Marist College. Information Security Policy Marist College Information Security Policy February 2005 INTRODUCTION... 3 PURPOSE OF INFORMATION SECURITY POLICY... 3 INFORMATION SECURITY - DEFINITION... 4 APPLICABILITY... 4 ROLES AND RESPONSIBILITIES...

More information

Response to the European Commission consultation on. European Data Protection Legal Framework

Response to the European Commission consultation on. European Data Protection Legal Framework Response to the European Commission consultation on European Data Protection Legal Framework A submission by Acxiom (ID number 02737212854-67) Correspondence Address: Martin-Behaim-Straße 12, 63263 Neu-Isenburg,

More information

Cloud Computing: Privacy and Other Risks

Cloud Computing: Privacy and Other Risks December 2013 Cloud Computing: Privacy and Other Risks by George Waggott, Michael Reid and Mitch Koczerginski, McMillan LLP Introduction While the benefits of outsourcing organizational data storage to

More information

Government Worker Privacy Survey. Improper Exposure of Official Use, Sensitive, and Classified Materials

Government Worker Privacy Survey. Improper Exposure of Official Use, Sensitive, and Classified Materials Government Worker Privacy Survey Improper Exposure of Official Use, Sensitive, and Classified Materials 1 Introduction Data privacy is a growing concern for the US government as employees conduct business

More information

Responsible Administrative Unit: Computing, Communications & Information Technologies. Information Technology Appropriate Use Policy

Responsible Administrative Unit: Computing, Communications & Information Technologies. Information Technology Appropriate Use Policy 1.0 BACKGROUND AND PURPOSE Information Technology ( IT ) includes a vast and growing array of computing, electronic and voice communications facilities and services. At the Colorado School of Mines ( Mines

More information

PIPEDA and Online Backup White Paper

PIPEDA and Online Backup White Paper PIPEDA and Online Backup White Paper The cloud computing era has seen a phenomenal growth of the data backup service industry. Backup service providers, by nature of their business, are compelled to collect

More information

Presentation by: Dr. Nathalie Moreno Partner. Cloud Computing and Data Protection: an Update 4 October 2012

Presentation by: Dr. Nathalie Moreno Partner. Cloud Computing and Data Protection: an Update 4 October 2012 Presentation by: Dr. Nathalie Moreno Partner Cloud Computing and Data Protection: an Update 4 October 2012 Our team Speechly Bircham is an ambitious, international mid-size fullservice law firm head-quartered

More information

About the Survey Respondents

About the Survey Respondents SPECIAL REPORT Information Security & Cyber Liability Risk Management The Second Annual Survey of Enterprise-wide Cyber Risk Management Practices in Europe February 2013 SPECIAL REPORT Information Security

More information

Asia Emerging Risks Report

Asia Emerging Risks Report CORPORATE INTEGRITY PRACTICE AUDIT DIRECTOR ROUNDTABLE Asia Emerging Risks Report Q2 2012 A FRAMEWORK FOR MEMBER CONVERSATIONS The mission of The Corporate Executive Board Company is to create revolutionary

More information

A Nielsen Report Global Trust in Advertising and Brand Messages. April 2012

A Nielsen Report Global Trust in Advertising and Brand Messages. April 2012 A Nielsen Report Global Trust in Advertising and Brand Messages April 2012 CONSUMER TRUST IN EARNED ADVERTISING GROWS IN IMPORTANCE Earned media sources remain most credible Trust in traditional paid advertising

More information

OUTSOURCING, HOSTING AND DATA PRIVACY ISSUES

OUTSOURCING, HOSTING AND DATA PRIVACY ISSUES OUTSOURCING, HOSTING AND DATA PRIVACY ISSUES 4 April 2013 James Castro-Edwards Solicitor Monica Salgado Advogada / Portuguese Lawyer OUR TEAM Speechly Bircham is an ambitious, full-service law firm with

More information

Summary of responses to the public consultation on Cloud computing run by CNIL from October to December 2011 and analysis by CNIL

Summary of responses to the public consultation on Cloud computing run by CNIL from October to December 2011 and analysis by CNIL Summary of responses to the public consultation on Cloud computing run by CNIL from October to December 2011 and analysis by CNIL 1. Definition of Cloud Computing In the public consultation, CNIL defined

More information

LOOKING AT CLOUDS FROM BOTH SIDES NOW

LOOKING AT CLOUDS FROM BOTH SIDES NOW ANALYSIS, ADVANCED KEY POINTS OF THE ARTICLE: LOOKING AT CLOUDS FROM BOTH SIDES NOW WRITTEN BY W. KUAN HON, CHRISTOPHER MILLARD & IAN WALDEN 1/12 SUMMARY 1. Analysis history...3 2. Context...4 3. The evolution

More information

Data Privacy in the Cloud: A Dozen Myths & Facts

Data Privacy in the Cloud: A Dozen Myths & Facts Data Privacy in the Cloud: A Dozen Myths & Facts March 7-9 Washington DC Presented by: Barbara Cosgrove, Chief Security Officer, Workday, Inc. Lothar Determann, Partner, Baker & McKenzie LLP We re taking

More information

GLOBAL CONSTRUCTION: INTERNATIONAL OPPORTUNITIES, LOCAL RISKS

GLOBAL CONSTRUCTION: INTERNATIONAL OPPORTUNITIES, LOCAL RISKS GLOBAL CONSTRUCTION: INTERNATIONAL OPPORTUNITIES, LOCAL RISKS BUILDING A MULTINATIONAL INSURANCE PROGRAM FOR CONTRACTORS Geoffrey Hall, William Hazelton and Bryan Tedford GLOBAL CONSTRUCTION: INTERNATIONAL

More information

Security and Control of Data in the Cloud with BitTitan Data Encryption

Security and Control of Data in the Cloud with BitTitan Data Encryption Security and Control of Data in the Cloud with BitTitan Data Encryption Contents Ownership and Control of Data in the Cloud... 3 Unstructured Sensitive Information in Email/Calendars... 3 How Can Email

More information

SELECTING AN ENTERPRISE-READY CLOUD SERVICE

SELECTING AN ENTERPRISE-READY CLOUD SERVICE 21 Point Checklist for SELECTING AN ENTERPRISE-READY CLOUD SERVICE Brought to you by Introduction The journey to the cloud is well underway, and it s easy to see why when 84% of CIOs report cutting application

More information

The threats which were perceivable 20 years ago differ greatly from our ever increasing

The threats which were perceivable 20 years ago differ greatly from our ever increasing 1 Introduction The threats which were perceivable 20 years ago differ greatly from our ever increasing interconnected world of the present. With these new found risks there becomes the need for a different

More information

Privacy, the Cloud and Data Breaches

Privacy, the Cloud and Data Breaches Privacy, the Cloud and Data Breaches Annelies Moens Head of Sales and Operations, Information Integrity Solutions Legalwise Seminars Sydney, 20 March 2013 About IIS Building trust and privacy through global

More information

R345, Information Technology Resource Security 1

R345, Information Technology Resource Security 1 R345, Information Technology Resource Security 1 R345-1. Purpose: To provide policy to secure the private sensitive information of faculty, staff, patients, students, and others affiliated with USHE institutions,

More information

Who Controls Your Information in the Cloud?

Who Controls Your Information in the Cloud? Who Controls Your Information in the Cloud? threat protection compliance archiving & governance secure communication Contents Who Controls Your Information in the Cloud?...3 How Common Are Information

More information

Why Join BSA? A Vital Resource for Software Companies. The many reasons why software companies join BSA OUR VALUE PROPOSITION

Why Join BSA? A Vital Resource for Software Companies. The many reasons why software companies join BSA OUR VALUE PROPOSITION Why Join BSA? The many reasons why software companies join BSA OUR VALUE PROPOSITION A membership in BSA The Software Alliance provides you a seat at the table with the world s leading software companies.

More information

The Advanced Cyber Attack Landscape

The Advanced Cyber Attack Landscape The Advanced Cyber Attack Landscape FireEye, Inc. The Advanced Cyber Attack Landscape 1 Contents Executive Summary 3 Introduction 4 The Data Source for this Report 5 Finding 1 5 Malware has become a multinational

More information

Report on Government Information Requests

Report on Government Information Requests Report on Government Information Requests November, We believe that our customers have a right to understand how their personal information is handled, and we consider it our responsibility to provide

More information

Cloud Security Trust Cisco to Protect Your Data

Cloud Security Trust Cisco to Protect Your Data Trust Cisco to Protect Your Data As cloud adoption accelerates, organizations are increasingly placing their trust in third-party cloud service providers (CSPs). But can you fully trust your most sensitive

More information

International Education Index comparative perspective from 21 countries. Janet Ilieva, PhD EDUCATION INTELLIGENCE

International Education Index comparative perspective from 21 countries. Janet Ilieva, PhD EDUCATION INTELLIGENCE International Education Index comparative perspective from 21 countries Janet Ilieva, PhD Background Rapid growth in participation in tertiary education across the world, in the number of students pursuing

More information

Global Client Group The Gateway to AWM

Global Client Group The Gateway to AWM Global Client Group The Gateway to AWM January 2013 For professional investors only Content 1 2 3 Deutsche Bank and Asset Global Client Group Our product and service offering 1 Deutsche Bank A global partner

More information

INFORMATION SECURITY GUIDE. Cloud Computing Outsourcing. Information Security Unit. Information Technology Services (ITS) July 2013

INFORMATION SECURITY GUIDE. Cloud Computing Outsourcing. Information Security Unit. Information Technology Services (ITS) July 2013 INFORMATION SECURITY GUIDE Cloud Computing Outsourcing Information Security Unit Information Technology Services (ITS) July 2013 CONTENTS 1. Background...2 2. Legislative and Policy Requirements...3 3.

More information

Privacy in the cloud. DNB has indicated that it considers cloud computing a form of outsourcing.

Privacy in the cloud. DNB has indicated that it considers cloud computing a form of outsourcing. Privacy in the cloud computing, and the company concerned is required to submit a risk analysis to DNB. 3 Cloud computing entails the saving, processing and using of company data on the servers of a cloud

More information

NSA Surveillance, National Security and Privacy

NSA Surveillance, National Security and Privacy NSA Surveillance, National Security and Privacy Ir Roy Ko Former HKCERT Manager 20 August 2014 HKIE Veneree Club 1 Agenda Background Edward Snowden National Security Agency (NSA) What NSA has done PRISM

More information

Brief on Did GCHQ Spy on You Illegally?

Brief on Did GCHQ Spy on You Illegally? Brief on Did GCHQ Spy on You Illegally? Privacy International on Monday launched a campaign and platform allowing people to ask the UK s surveillance court, the Investigatory Powers Tribunal, if GCHQ spied

More information

VMware Cloud Adoption Study

VMware Cloud Adoption Study VMware Cloud Adoption Study Executive Summary May 2012 Contents About the research 3 Objectives 4 Overview 4 Key Findings 5 European enterprises to spend a third of IT budgets this year on cloud computing,

More information

Report on Government Information Requests

Report on Government Information Requests Report on Government Information July 1 - December 31, 2014 apple Apple takes our commitment to protecting your data very seriously and we work incredibly hard to deliver the most secure hardware, software

More information

Healthcare Security and HIPAA Compliance with A10

Healthcare Security and HIPAA Compliance with A10 WHITE PAPER Healthcare Security and HIPAA Compliance with A10 Contents Moving Medicine to the Cloud: the HIPAA Challenge...3 HIPAA History and Standards...3 HIPAA Compliance and the A10 Solution...4 164.308

More information

H. R. 5005 11 SEC. 201. DIRECTORATE FOR INFORMATION ANALYSIS AND INFRA STRUCTURE PROTECTION.

H. R. 5005 11 SEC. 201. DIRECTORATE FOR INFORMATION ANALYSIS AND INFRA STRUCTURE PROTECTION. H. R. 5005 11 (d) OTHER OFFICERS. To assist the Secretary in the performance of the Secretary s functions, there are the following officers, appointed by the President: (1) A Director of the Secret Service.

More information

Security and Data Protection for Online Document Management Software

Security and Data Protection for Online Document Management Software Security and Data Protection for Online Document Management Software Overview As organizations transition documents and company information to Software as a Service (SaaS) applications that are no longer

More information

The potential legal consequences of a personal data breach

The potential legal consequences of a personal data breach The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.

More information

. Intro r duct c ion

. Intro r duct c ion Study Group on International Enforcement of Competition Law Points of Report June 2008 Ministry of Economy, Trade and Industry .. Introduction In recent years, competition authorities worldwide have been

More information

Audit Director Roundtable Asia Emerging Risks Report

Audit Director Roundtable Asia Emerging Risks Report Audit Director Roundtable Asia Emerging Risks Report Q3 2012 A FRAMEWORK FOR MEMBER CONVERSATIONS The mission of The Corporate Executive Board Company and its affiliates (CEB) is to unlock the potential

More information

Privacy in the Cloud: Data Protection and Security in Cloud Computing

Privacy in the Cloud: Data Protection and Security in Cloud Computing SPEECH/11/859 Viviane REDING Vice-President of the European Commission, EU Justice Commissioner Privacy in the Cloud: Data Protection and Security in Cloud Computing Round-table High Level conference on

More information

Cloud Computing Requires National Policy Leadership

Cloud Computing Requires National Policy Leadership Cloud Computing Requires National Policy Leadership BY DANIEL CASTRO AUGUST 2010 Policymakers should work both to ensure that the right policies are in place to enable widespread use of cloud computing

More information

Shadow IT: data protection and cloud security

Shadow IT: data protection and cloud security Shadow IT: data protection and cloud security George Crump November 17, 2014 This report is underwritten by CipherCloud. TABLE OF CONTENTS Executive summary... 3 Views on shadow IT and data security from

More information

Foreign Corrupt Practices Act (FCPA)/Bribery Act Integrity Due-Diligence & Investigations

Foreign Corrupt Practices Act (FCPA)/Bribery Act Integrity Due-Diligence & Investigations Foreign Corrupt Practices Act (FCPA)/Bribery Act Integrity Due-Diligence & Investigations Clarity in a complex world www.mintzgroup.com How We Work: Because the reputations of companies and individuals

More information

Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) 2014: 245 incidents reported

Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) 2014: 245 incidents reported Protecting What Matters Most Christian Fahlke, Regional Sales Manager ALPS March 2015 Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) 2014: 245 incidents reported (Source: https://ics-cert.us-cert.gov/sites/default/files/monitors/ics-cert_monitor_sep2014-feb2015.pdf)

More information

IF YOU HAVE ANY QUESTIONS ABOUT THIS NOTICE OR IF YOU NEED MORE INFORMATION, PLEASE CONTACT OUR PRIVACY OFFICER:

IF YOU HAVE ANY QUESTIONS ABOUT THIS NOTICE OR IF YOU NEED MORE INFORMATION, PLEASE CONTACT OUR PRIVACY OFFICER: NOTICE OF PRIVACY PRACTICES COMPLETE EYE CARE THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED OR DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

More information

Cloud Computing and Records Management

Cloud Computing and Records Management GPO Box 2343 Adelaide SA 5001 Tel (+61 8) 8204 8773 Fax (+61 8) 8204 8777 DX:336 srsarecordsmanagement@sa.gov.au www.archives.sa.gov.au Cloud Computing and Records Management June 2015 Version 1 Version

More information

The Business Value of e-invoicing

The Business Value of e-invoicing STERLING COMMERCE WHITE PAPER The Business Value of e-invoicing A new look at the challenges, trends and opportunities in the global marketplace Table of Contents 3 Executive summary 4 Situation overview

More information

Second Cyber Security Summit, November 11, 2013 in Bonn Final communique

Second Cyber Security Summit, November 11, 2013 in Bonn Final communique Second Cyber Security Summit, November 11, 2013 in Bonn Final communique On November 11, the Cyber Security Summit was held for the second time in Bonn at the invitation of the Munich Security Conference

More information

The USA Patriot Act Government Briefing. Kirsten Tisdale, Chris Norman, Sharon Plater & Alexandra (Gina) Henley September 30, 2004

The USA Patriot Act Government Briefing. Kirsten Tisdale, Chris Norman, Sharon Plater & Alexandra (Gina) Henley September 30, 2004 The USA Patriot Act Government Briefing Kirsten Tisdale, Chris Norman, Sharon Plater & Alexandra (Gina) Henley September 30, 2004 Agenda Background Overview of Government Responses and Approach Mitigation

More information

Strategically Source Your Next Data Centre Data Centre Purchasing Drivers, Priorities, and Barriers for Asia-Pacific Firms

Strategically Source Your Next Data Centre Data Centre Purchasing Drivers, Priorities, and Barriers for Asia-Pacific Firms A Forrester Consulting Thought Leadership Paper Commissioned By Digital Realty July 2014 Strategically Source Your Next Data Centre Data Centre Purchasing Drivers, Priorities, and Barriers for Asia-Pacific

More information

Disaster Recovery and Online Backup as a Service

Disaster Recovery and Online Backup as a Service Disaster Recovery and Online Backup as a Service Global Overview & Outlook AMI-Partners 546 Fifth Avenue, New York, NY 10036 212-944-5100 www.ami-partners.com Source: AMI-Partners (www.ami-partners.com)

More information

White Paper on Financial Institution Vendor Management

White Paper on Financial Institution Vendor Management White Paper on Financial Institution Vendor Management Virtually every organization in the modern economy relies to some extent on third-party vendors that facilitate business operations in a wide variety

More information

FREEDOM OF INFORMATION REQUEST

FREEDOM OF INFORMATION REQUEST FREEDOM OF INFORMATION REQUEST Request Number: F-2013-05371 Keyword: Operational Policing Subject: Unmanned Aerial Systems (UAS) Purchased By PSNI 2012-2013 Request and Answer: Question 1 The number of

More information

Fujitsu Cloud IaaS Trusted Public S5. shaping tomorrow with you

Fujitsu Cloud IaaS Trusted Public S5. shaping tomorrow with you Fujitsu Cloud IaaS Trusted Public S5 shaping tomorrow with you Realizing the cloud opportunity: Fujitsu Cloud iaas trusted Public s5 All the benefits of the public cloud, with enterprise-grade performance

More information

ZURICH MULTINATIONAL INSURANCE APPLICATION

ZURICH MULTINATIONAL INSURANCE APPLICATION ZURICH MULTINATIONAL INSURANCE APPLICATION Helping you take control in a constantly changing regulatory world Corporate Customer ZURICH MIA BROADENING HORIZONS Zurich Multinational Insurance Application

More information

COUNTERINTELLIGENCE. Protecting Key Assets: A Corporate Counterintelligence Guide

COUNTERINTELLIGENCE. Protecting Key Assets: A Corporate Counterintelligence Guide COUNTERINTELLIGENCE O F F I C E O F T H E N A T I O N A L C O U N T E R I N T E L L I G E N C E Protecting Key Assets: A Corporate Counterintelligence Guide E X E C U T I V E Counterintelligence for the

More information

FACEBOOK STATEMENT RICHARD ALLAN NOVEMBER 11, 2013. My name is Richard Allan, and I am the Director of Public Policy

FACEBOOK STATEMENT RICHARD ALLAN NOVEMBER 11, 2013. My name is Richard Allan, and I am the Director of Public Policy FACEBOOK STATEMENT RICHARD ALLAN NOVEMBER 11, 2013 [I. INTRODUCTION] My name is Richard Allan, and I am the Director of Public Policy for Facebook in Europe, the Middle East and Africa. I have been with

More information

Considerations for Outsourcing Records Storage to the Cloud

Considerations for Outsourcing Records Storage to the Cloud Considerations for Outsourcing Records Storage to the Cloud 2 Table of Contents PART I: Identifying the Challenges 1.0 Are we even allowed to move the records? 2.0 Maintaining Legal Control 3.0 From Storage

More information

ADRI. Advice on managing the recordkeeping risks associated with cloud computing. ADRI-2010-1-v1.0

ADRI. Advice on managing the recordkeeping risks associated with cloud computing. ADRI-2010-1-v1.0 ADRI Advice on managing the recordkeeping risks associated with cloud computing ADRI-2010-1-v1.0 Version 1.0 29 July 2010 Advice on managing the recordkeeping risks associated with cloud computing 2 Copyright

More information

Why Competency-based Talent Management?

Why Competency-based Talent Management? Why Competency-based Talent Management? Author: Andy Andrews, Managing Director, Lexonis Ltd. Copyright Information in this document is subject to change without notice. Complying with all applicable copyright

More information

ZURICH MULTINATIONAL INSURANCE APPLICATION

ZURICH MULTINATIONAL INSURANCE APPLICATION ZURICH MULTINATIONAL INSURANCE APPLICATION Helping you take control in a constantly changing regulatory world Broker ZURICH MIA BROADENING HORIZONS Zurich Multinational Insurance Application (Zurich MIA)

More information

Can we maintain Human Rights in Our Cyber Empire?

Can we maintain Human Rights in Our Cyber Empire? Can we maintain Human Rights in Our Cyber Empire? Yvo Desmedt Univ. of Texas at Dallas USA and University College London UK December 11, 2014 c Yvo Desmedt 1. THE INDUSTRIAL EMPIRES The industrial empires

More information

Information Technology - Switzerland

Information Technology - Switzerland Newsletters Law Directory Deals News Subscribe Home Information Technology - Switzerland Data Protection - Key Issues Contributed by Homburger December 2 2003 Introduction No Free Flow of Data within a

More information

DATA SOVEREIGNTY & THE CLOUD. Whitepaper

DATA SOVEREIGNTY & THE CLOUD. Whitepaper DATA SOVEREIGNTY & THE CLOUD Whitepaper Data Sovereignty & The Cloud Organizations looking to benefit from the scalability, agility, and capital cost savings of cloud computing inevitably encounter the

More information

Challenges of Cloud Information

Challenges of Cloud Information The Challenges of Cloud Information Governance: A Global Data Security Study Sponsored by SafeNet Independently conducted by Ponemon Institute LLC Publication Date: October 2014 Ponemon Institute Research

More information

Mitigating and managing cyber risk: ten issues to consider

Mitigating and managing cyber risk: ten issues to consider Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed

More information

Exposing the Cybersecurity Cracks: A Global Perspective

Exposing the Cybersecurity Cracks: A Global Perspective Exposing the Cybersecurity Cracks: A Global Perspective Part I: Deficient, Disconnected & in the Dark Sponsored by Websense, Inc. Independently conducted by Ponemon Institute LLC Publication Date: April

More information

The Software-defined Data Center in the Enterprise

The Software-defined Data Center in the Enterprise The Software-defined Data Center in the Enterprise A Cloud Report by Ben Kepes This report underwitten by: NIMBOXX The Software-defined Data Center in the Enterprise 02/12/2015 Table of Contents 1. Executive

More information

NOTICE OF PRIVACY PRACTICES

NOTICE OF PRIVACY PRACTICES NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY. IF YOU HAVE ANY

More information

Thought leadership from

Thought leadership from Thought leadership from In Clouds We Trust? National Security Disrupts the Cloud Computing Risk Landscape June, 2013 Nelson M. Nones CPIM Chairman and CEO, Geoprise Technologies Corporation A SUDDEN COLLAPSE

More information

Honourable members of the National Parliaments of the EU member states and candidate countries,

Honourable members of the National Parliaments of the EU member states and candidate countries, Speech by Mr Rudolf Peter ROY, Head of division for Security Policy and Sanctions of the European External Action Service, at the L COSAC Meeting 29 October 2013, Vilnius Honourable members of the National

More information

Managing SSL Certificates with Ease

Managing SSL Certificates with Ease WHITE PAPER: MANAGING SSL CERTIFICATES WITH EASE White Paper Managing SSL Certificates with Ease Best Practices for Maintaining the Security of Sensitive Enterprise Transactions Managing SSL Certificates

More information

A BUSINESS CASE FOR BEHAVIORAL ANALYTICS. White Paper

A BUSINESS CASE FOR BEHAVIORAL ANALYTICS. White Paper A BUSINESS CASE FOR BEHAVIORAL ANALYTICS White Paper Introduction What is Behavioral 1 In a world in which web applications and websites are becoming ever more diverse and complicated, running them effectively

More information

Enterprise Collaboration: Avoiding the Productivity and Control Trade-Off

Enterprise Collaboration: Avoiding the Productivity and Control Trade-Off Enterprise Collaboration: Avoiding the Productivity and Control Trade-Off Marcia Kaufman COO and Principal Analyst Daniel Kirsch Senior Analyst Sponsored by Intralinks Enterprise Collaboration: Avoiding

More information