EU Regulatory Trends in Data Protection & Cybersecurity What should be on the industry s agenda?

Size: px
Start display at page:

Download "EU Regulatory Trends in Data Protection & Cybersecurity What should be on the industry s agenda?"

Transcription

1 EU Regulatory Trends in Data Protection & Cybersecurity What should be on the industry s agenda? Dr. Jörg Hladjk Counsel European Data Protection & Privacy Practice Hunton & Williams, Brussels Cyber Security & Privacy EU Forum 2013 April 19, 2013 Brussels

2 Agenda Current regulatory trends in the EU Data protection Cybersecurity Cloud computing Conclusions 2

3 Data Protection (I) General theme becoming stricter Proposed EU Regulation (January 2012) Harmonization and direct effect - no national implementation Addresses evolving technologies Will apply to Companies processing data within the EU Companies outside the EU that offer goods and services to EU residents or monitor their behavior (online context) 3

4 Data Protection (II) Demand for accountability New requirements, including: documentation about data processing privacy impact assessments privacy-by-design/default appointment of data protection officer Data processors (i.e. IT service providers) will share responsibilities and liabilities 4

5 Data Protection (III) Stricter rules on data security Broad legal definition of data breach Obligations to implement technical and organizational measures Requirement to notify regulators and individuals within 24 hours of discovery of a breach, where feasible Supervision: One-Stop-Shop A company will only be regulated by one data protection authority across the EU Main establishment becomes important 5

6 Data Protection (IV) High sanctions in case of non-compliance up to EUR or 0,5% of annual worldwide turnover for minor breaches up to EUR or 1% of annual worldwide turnover for intermediary level breaches up to EUR or 2% of annual worldwide turnover for serious breaches Regulation will most likely be adopted in 2014 and enter into force in

7 Cybersecurity (I) FBI Director Robert Mueller I am convinced there are only two types of companies: Those that have been hacked and those that will be. March 1,

8 Cybersecurity (II) Proposed EU Cybersecurity Directive (February 2013) Comprehensive regulation of security Introduction of broad legal definitions for network and information systems security risk incident 8

9 Cybersecurity (III) Security requirements and incident notification Obligation to implement appropriate technical and organizational measures Obligation to undergo security audit Notification requirement vis-à-vis regulators in case of incidents Regulator may then inform the public 9

10 Cybersecurity (IV) Market operators explicitly listed as targets: E-commerce platforms Internet payment gateways Social networks Search engines Cloud computing services Application stores Energy suppliers Transport/logistics companies Credit institutions, stock exchanges Health care institutions 10

11 Cybersecurity (V) Sanctions EU Member States required to lay down rules on sanctions Sanctions must be effective, proportionate and dissuasive If personal data is involved, sanctions must be consistent with sanctions of proposed Data Protection Regulation 11

12 Cloud Computing (I) Focused EU Commission Strategy (September 2012) Three main issues: Simplification of cloud computing standards and certification Development of new model contract terms for cloud computing services Initiative for a European Cloud Partnership 12

13 Cloud Computing (II) Standards and Certification Aim to introduce pan-european certification schemes by 2014 Schemes will address data protection, especially data portability, and focus on increased transparency of cloud service providers security practices Participation will be voluntary 13

14 Cloud Computing (III) Model Contract Terms To be drafted by the end of 2013 Will cover range of topics Will incorporate new mechanisms for data processors (i.e. IT service providers) 14

15 Cloud Computing (IV) Review of current EU standard contractual clauses for international data transfers to make them more cloud-friendly Encouragement of national data protection authorities to approve Binding Corporate Rules tailored for cloud services 15

16 Conclusions Data protection framework will change fundamentally and should be high on the risk agenda Cybersecurity will be regulated for the first time and reporting obligations require an emergency plan Cloud computing strategy will overlap with other initiatives and lead to standardization 16

17 Contact & Questions Dr. Jörg Hladjk Counsel Tel Fax Hunton & Williams Park Atrium, Rue des Colonies Brussels, Belgium 17

18 Hunton & Williams Ranked by Computerworld magazine for the fourth consecutive year as the top law firm globally for privacy Ranked in Band 1 for Privacy and Data Security in Chambers Global, Chambers USA and Chambers UK guides Ranked in Tier 1 in The Legal 500 United States for Data Protection and Privacy Ranked in Tier 1 in The Legal 500 EMEA for Belgium: Privacy and Data Protection Received Corporate INTL Magazine Global Award for Data Protection Law, Firm of the Year in China 18

Proposal for a revised Payment Services Directive

Proposal for a revised Payment Services Directive Proposal for a revised Payment Services Directive BEUC position Contact: Financial Services Team financialservices@beuc.eu Ref.: X/2013/079-27/11/2013 BUREAU EUROPÉEN DES UNIONS DE CONSOMMATEURS AISBL

More information

Insurance Europe key messages on the European Commission's proposed General Data Protection Regulation

Insurance Europe key messages on the European Commission's proposed General Data Protection Regulation Position Paper Insurance Europe key messages on the European Commission's proposed General Data Protection Regulation Our reference: SMC-DAT-12-064 Date: 3 September 2012 Related documents: Proposal for

More information

Information Security Risks when going cloud. How to deal with data security: an EU perspective.

Information Security Risks when going cloud. How to deal with data security: an EU perspective. Separating fact from fiction about new software licensing /SaaS/ cloud computing models: advantages, disadvantages and ethical implications. Information Security Risks when going cloud. How to deal with

More information

IAPP Global Privacy Summit Protecting Privacy Under the Cybersecurity Microscope

IAPP Global Privacy Summit Protecting Privacy Under the Cybersecurity Microscope IAPP Global Privacy Summit Protecting Privacy Under the Cybersecurity Microscope March 6, 2014 Victoria King UPS (404) 828-6550 vking@ups.com Lisa J. Sotto Hunton & Williams LLP (212) 309-1223 lsotto@hunton.com

More information

The era of hacks and cyber regulation

The era of hacks and cyber regulation 6 February 2014 The era of hacks and cyber regulation We trust that you are well versed with the details of the various cyber-attacks that made the headlines towards the end of 2014, and early this year,

More information

OUTSOURCING, HOSTING AND DATA PRIVACY ISSUES

OUTSOURCING, HOSTING AND DATA PRIVACY ISSUES OUTSOURCING, HOSTING AND DATA PRIVACY ISSUES 4 April 2013 James Castro-Edwards Solicitor Monica Salgado Advogada / Portuguese Lawyer OUR TEAM Speechly Bircham is an ambitious, full-service law firm with

More information

Data Protection and Cloud Computing: an Overview of the Legal Issues

Data Protection and Cloud Computing: an Overview of the Legal Issues Data Protection and Cloud Computing: an Overview of the Legal Issues Christopher Kuner Partner, Hunton & Williams, Brussels Research Assistant, University of Copenhagen Nordic IT Law Conference Copenhagen,

More information

The potential legal consequences of a personal data breach

The potential legal consequences of a personal data breach The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.

More information

Role of contracts in Cloud Computing an Overview. Kevin McGillivray Doctoral Candidate (NRCCL)

Role of contracts in Cloud Computing an Overview. Kevin McGillivray Doctoral Candidate (NRCCL) Role of contracts in Cloud Computing an Overview Kevin McGillivray Doctoral Candidate (NRCCL) Barriers/Challenges to Cloud Transparency Compliance Legal Shared infrastructure Subcontractors (and their

More information

Personal data and cloud computing, the cloud now has a standard. by Luca Bolognini

Personal data and cloud computing, the cloud now has a standard. by Luca Bolognini Personal data and cloud computing, the cloud now has a standard by Luca Bolognini Lawyer, President of the Italian Institute for Privacy and Data Valorization, founding partner ICT Legal Consulting Last

More information

EU Cybersecurity Policy & Legislation ENISA s Contribution

EU Cybersecurity Policy & Legislation ENISA s Contribution EU Cybersecurity Policy & Legislation ENISA s Contribution Steve Purser Head of Core Operations Oslo 26 May 2015 European Union Agency for Network and Information Security Agenda 01 Introduction to ENISA

More information

Presentation by: Dr. Nathalie Moreno Partner. Cloud Computing and Data Protection: an Update 4 October 2012

Presentation by: Dr. Nathalie Moreno Partner. Cloud Computing and Data Protection: an Update 4 October 2012 Presentation by: Dr. Nathalie Moreno Partner Cloud Computing and Data Protection: an Update 4 October 2012 Our team Speechly Bircham is an ambitious, international mid-size fullservice law firm head-quartered

More information

Inhouse Masterclass: Data Developments - Cyber Security & the Right to be Forgotten. MHC.ie

Inhouse Masterclass: Data Developments - Cyber Security & the Right to be Forgotten. MHC.ie Inhouse Masterclass: Data Developments - Cyber Security & the Right to be Forgotten MHC.ie Rewriting the Past Oisin Tobin otobin@mhc.ie Agenda 1. Background 2. Findings and impact: a) Jurisdiction b) A

More information

Hacks, apps and espionage - how protected are you against cyber crime? Top 10 Legal Need-to-Knows

Hacks, apps and espionage - how protected are you against cyber crime? Top 10 Legal Need-to-Knows Hacks, apps and espionage - how protected are you against cyber crime? Top 10 Legal Need-to-Knows 24 February 2015 Callum Sinclair Faith Jayne Agenda Top 10 legal need-to-knows, including: What is cyber

More information

Data Protection in Clinical Studies Implications of the New EU General Data Protection Regulation

Data Protection in Clinical Studies Implications of the New EU General Data Protection Regulation June 19, 2012 Practice Group(s): Health Care Life Sciences Data Protection in Clinical Studies Implications of the New EU General Data Protection Regulation By Mathias Schulze Steinen and Daniela Bohn

More information

MANAGING CYBERSECURITY INVESTIGATIONS

MANAGING CYBERSECURITY INVESTIGATIONS MANAGING CYBERSECURITY INVESTIGATIONS Tara Swaminatha, Of Counsel, Washington, DC Sam Millar, Partner, London May 12, 2016 If you cannot hear us speaking, please make sure you have called into the teleconference

More information

New EU Data Protection legislation comes into force today. What does this mean for your business?

New EU Data Protection legislation comes into force today. What does this mean for your business? 24 th May 2016 New EU Data Protection legislation comes into force today. What does this mean for your business? After years of discussion and proposals, the General Data Protection Regulation ( GDPR )

More information

DSM Communication of May 6, 2015 (http://ec.europa.eu/priorities/digital-single-market/docs/dsmcommunication_en.pdf)

DSM Communication of May 6, 2015 (http://ec.europa.eu/priorities/digital-single-market/docs/dsmcommunication_en.pdf) Mr Andrus Ansip, Vice-President Mr Günther Oettinger, Commissioner for Digital Economy & Society European Commission B-1049 Brussels Belgium Brussels, 29 September 2015 Subject: EFR letter on the Digital

More information

Important aspects of the new Regulation third country data transfers

Important aspects of the new Regulation third country data transfers Important aspects of the new Regulation third country data transfers Dr. Christopher Kuner Senior Of Counsel Wilson Sonsini Goodrich & Rosati, Brussels 3 rd European Data Protection Days Berlin, 14 May

More information

The Data Protection Landscape. Before and after GDPR: General Data Protection Regulation

The Data Protection Landscape. Before and after GDPR: General Data Protection Regulation The Data Protection Landscape Before and after GDPR: General Data Protection Regulation Data Protection regulations across Europe Current regulations & guidance European Directives 95/46/EC (Data Protection)

More information

Mitigating and managing cyber risk: ten issues to consider

Mitigating and managing cyber risk: ten issues to consider Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed

More information

Demystifying Cyber Insurance. Jamie Monck-Mason & Andrew Hill. Introduction. What is cyber? Nomenclature

Demystifying Cyber Insurance. Jamie Monck-Mason & Andrew Hill. Introduction. What is cyber? Nomenclature Demystifying Cyber Insurance Jamie Monck-Mason & Andrew Hill Introduction What is cyber? Nomenclature 1 What specific risks does cyber insurance cover? First party risks - losses arising from a data breach

More information

HOW WILL FRANCHISORS IN EUROPE MEET THE CHALLENGES EU PROPOSED CYBERCRIME DIRECTIVE

HOW WILL FRANCHISORS IN EUROPE MEET THE CHALLENGES EU PROPOSED CYBERCRIME DIRECTIVE HOW WILL FRANCHISORS IN EUROPE MEET THE CHALLENGES OF THE PROPOSED CYBERCRIME DIRECTIVE? Dr Mark Abell, Graeme Payne and Joseph Jackson, Bird & Bird, London, UK Cybersecurity is arguably receiving more

More information

The Impact of EU Data Protection Legislation. Thomas Rivera Hitachi Data Systems

The Impact of EU Data Protection Legislation. Thomas Rivera Hitachi Data Systems Privacy PRESENTATION vs Data TITLE Protection: GOES HERE The Impact of EU Data Protection Legislation Thomas Rivera Hitachi Data Systems SNIA Legal Notice The material contained in this tutorial is copyrighted

More information

WHITE PAPER Meeting European Data Protection and Security Requirements with CipherCloud Solutions

WHITE PAPER Meeting European Data Protection and Security Requirements with CipherCloud Solutions WHITE PAPER Meeting European Data Protection and Security Requirements with CipherCloud Solutions Meeting European Data Protection and Security Requirements with CipherCloud Solutions 2015 1 TABLE OF CONTENTS

More information

EU Data Protection Reforms Challenges for Business

EU Data Protection Reforms Challenges for Business www.pwc.com Contents EU Data Protection Reforms Challenges for Business July 2014 1. Introduction 2. The need for change 3. Changes and challenges 4. Recommendations 5. Conclusion 6. For a deeper conversation

More information

Cyber Security : preventing and mitigating incidents. Alexander Brown Robert Allen

Cyber Security : preventing and mitigating incidents. Alexander Brown Robert Allen Cyber Security : preventing and mitigating incidents Alexander Brown Robert Allen 07 & 08 October 2015 Cyber Security context of the threat The magnitude and tempo of [cyber security attacks], basic or

More information

Prof. Udo Helmbrecht

Prof. Udo Helmbrecht Prof. Udo Helmbrecht Guiding EU Cybersecurity from Policy to Implementation Udo Helmbrecht Executive Director Information Security for the Public Sector 2015 Stockholm 02/09/15 European Union Agency for

More information

EU Data Protection and Information Security for Banking & Financial Service sectors 4 th December 2014

EU Data Protection and Information Security for Banking & Financial Service sectors 4 th December 2014 EU Data Protection and Information Security for Banking & Financial Service sectors 4 th December 2014 Janine Regan, Associate George Willis, Associate charlesrussellspeechlys.com Janine Regan Associate

More information

Third European Cyber Security Awareness Day BSA, European Parliament, 13 April 2010. Panel IV: Privacy and Cloud Computing

Third European Cyber Security Awareness Day BSA, European Parliament, 13 April 2010. Panel IV: Privacy and Cloud Computing Third European Cyber Security Awareness Day BSA, European Parliament, 13 April 2010 Panel IV: Privacy and Cloud Computing Data Protection and Cloud Computing under EU law Peter Hustinx European Data Protection

More information

BYOD Privacy and Security in Europe

BYOD Privacy and Security in Europe BYOD Privacy and Security in Europe BYOD: Overview 2 BYOD Overview 38% of companies expect to stop providing electronic devices to their employees by 2016 (1) According to a 2013 survey conducted by Cisco,

More information

Cloud and Critical Information Infrastructures

Cloud and Critical Information Infrastructures Cloud and Critical Information Infrastructures Cloud computing in ENISA Dr. Evangelos Ouzounis Head of Infrastructure & Services Unit www.enisa.europa.eu About ENISA The European Union Network and Information

More information

Unleashing the Potential of Cloud Computing in Europe - What is it and what does it mean for me?

Unleashing the Potential of Cloud Computing in Europe - What is it and what does it mean for me? EUROPEAN COMMISSION MEMO Brussels, 27 September 2012 Unleashing the Potential of Cloud Computing in Europe - What is it and what does it mean for me? See also IP/12/1025 What is Cloud Computing? Cloud

More information

DIGITALEUROPE and European Services Forum (ESF) response to the Draft Supervision Rules on Insurance Institutions Adopting Digitalised Operations

DIGITALEUROPE and European Services Forum (ESF) response to the Draft Supervision Rules on Insurance Institutions Adopting Digitalised Operations DIGITALEUROPE and European Services Forum (ESF) response to the Draft Supervision Rules on Insurance Institutions Adopting Digitalised Operations Brussels, October 2015 INTRODUCTION On behalf of the European

More information

Ethical hotlines and whistleblowing ensuring businesses are not in conflict with local laws

Ethical hotlines and whistleblowing ensuring businesses are not in conflict with local laws Ethical hotlines and whistleblowing ensuring businesses are not in conflict with local laws 16 January 2014 Robert Bond, CCEP Partner and Notary Public Our Team Speechly Bircham is an ambitious, full-service

More information

Cloud Computing Risks in Financial Services Companies: How Attorneys Can Best Help In An Increasingly SaaS-ified World

Cloud Computing Risks in Financial Services Companies: How Attorneys Can Best Help In An Increasingly SaaS-ified World Cloud Computing Risks in Financial Services Companies: How Attorneys Can Best Help In An Increasingly SaaS-ified World July 30, 2015 Sutherland Webinar Michael Steinig 202.383.0804 Michael.Steinig@sutherland.com

More information

Article 29 Working Party Issues Opinion on Cloud Computing

Article 29 Working Party Issues Opinion on Cloud Computing Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,

More information

Data and Cyber Laws Up-date 9 July 2015

Data and Cyber Laws Up-date 9 July 2015 Data and Cyber Laws Up-date 9 July 2015 Janine Regan Alexia Zuber Viktoria Protokova Simon Holdsworth charlesrussellspeechlys.com Topics Updates on the key aspects of, and commentary on, the proposed GDPR

More information

Data Security Council of India (DSCI) Response to

Data Security Council of India (DSCI) Response to Data Security Council of India (DSCI) Response to A Comprehensive Approach on Personal Data Protection in the European Union Communication from the Commission to the European Parliament, The Council, The

More information

A Flexible and Comprehensive Approach to a Cloud Compliance Program

A Flexible and Comprehensive Approach to a Cloud Compliance Program A Flexible and Comprehensive Approach to a Cloud Compliance Program Stuart Aston Microsoft UK Session ID: SPO-201 Session Classification: General Interest Compliance in the cloud Transparency Responsibility

More information

Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re

Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re Cyber Risk: Global Warning? by Cinzia Altomare, Gen Re Global Warning It is a matter of time before there is a major cyber attackon the global financial system and the public needs to invest heavily in

More information

Big Data for Mutuals. Marc Dautlich 25 November 2013

Big Data for Mutuals. Marc Dautlich 25 November 2013 Big Data for Mutuals Marc Dautlich 25 November 2013 Agenda BIG DATA What is it? OPPORTUNITIES What are they? LEGAL CHALLENGES How do we overcome them? LEGAL REFORM What can we do now to minimise impact?

More information

Data Protection Ensuring high level of privacy while promoting business innovation and competition

Data Protection Ensuring high level of privacy while promoting business innovation and competition Data Protection Ensuring high level of privacy while promoting business innovation and competition Tele2 AB, Skeppsbron 18 P.O Box 2094, SE-103 13 STOCKHOLM, SWEDEN Tel +46 8 5620 0000, Fax +46 8 5620

More information

engagement will not only ensure the best possible law, but will also promote the law s successful implementation.

engagement will not only ensure the best possible law, but will also promote the law s successful implementation. US-China Business Council Comments on The Draft Cybersecurity Law On behalf of the approximately 210 members of the US-China Business Council (USCBC), we appreciate the opportunity to provide comments

More information

Privacy vs Data Protection. PRESENTATION TITLE GOES HERE Eric A. Hibbard, CISSP, CISA Hitachi Data Systems

Privacy vs Data Protection. PRESENTATION TITLE GOES HERE Eric A. Hibbard, CISSP, CISA Hitachi Data Systems Privacy vs Data Protection PRESENTATION TITLE GOES HERE Eric A. Hibbard, CISSP, CISA Hitachi Data Systems Introduction The terms privacy and data protection are often used interchangeable In reality they

More information

Data Breach Notification Duty. Dr. Elisabeth Thole 31 October 2015 UIA Valencia

Data Breach Notification Duty. Dr. Elisabeth Thole 31 October 2015 UIA Valencia Data Breach Notification Duty Dr. Elisabeth Thole 31 October 2015 UIA Valencia Van Doorne 2 How is your cyber crime awareness? Either you have been data breached or you just do not know that you have been

More information

Privacy and Transparency for Consumer Trust and Consumer Centrality

Privacy and Transparency for Consumer Trust and Consumer Centrality 1 1 2 2 Ecommerce Europe is the association representing around 5000+ companies selling products and/or services online to consumers in Europe. Ecommerce Europe is a major stakeholder in policy issues

More information

Cybersecurity and the Threat to Your Company

Cybersecurity and the Threat to Your Company Why is BIG Data Important? March 2012 1 Cybersecurity and the Threat to Your Company A Navint Partners White Paper September 2014 www.navint.com Cyber Security and the threat to your company September

More information

Expert Meeting on CYBERLAWS AND REGULATIONS FOR ENHANCING E-COMMERCE: INCLUDING CASE STUDIES AND LESSONS LEARNED. 25-27 March 2015

Expert Meeting on CYBERLAWS AND REGULATIONS FOR ENHANCING E-COMMERCE: INCLUDING CASE STUDIES AND LESSONS LEARNED. 25-27 March 2015 Expert Meeting on CYBERLAWS AND REGULATIONS FOR ENHANCING E-COMMERCE: INCLUDING CASE STUDIES AND LESSONS LEARNED 25-27 March 2015 Cybersecurity and Data Protection - First Principles By Chris Connolly

More information

Position of the retail and wholesale sector on the Draft Data Protection Regulation in view of the trilogue 2015

Position of the retail and wholesale sector on the Draft Data Protection Regulation in view of the trilogue 2015 2 September 2015 Position of the retail and wholesale sector on the Draft Data Protection Regulation in view of the trilogue 2015 We support the efforts of EU legislators to create a harmonised data protection

More information

Current Developments Concerning Cybersecurity. ICI General Membership Meeting Legal Forum Jillian Bosmann and Nancy O Hara Thursday, May 19, 2016

Current Developments Concerning Cybersecurity. ICI General Membership Meeting Legal Forum Jillian Bosmann and Nancy O Hara Thursday, May 19, 2016 Current Developments Concerning Cybersecurity ICI General Membership Meeting Legal Forum Jillian Bosmann and Nancy O Hara Thursday, May 19, 2016 AGENDA Why is Cybersecurity Important? Top Cybersecurity

More information

EU Priorities in Cybersecurity. Steve Purser Head of Core Operations Department June 2013

EU Priorities in Cybersecurity. Steve Purser Head of Core Operations Department June 2013 EU Priorities in Cybersecurity Steve Purser Head of Core Operations Department June 2013 Agenda About ENISA The EU Cyber Security Strategy Protecting Critical Information Infrastructure National & EU Cyber

More information

CHANGES IN THE WORLD OF CLAIMS MANAGEMENT FROM DEBTORS TO CUSTOMERS

CHANGES IN THE WORLD OF CLAIMS MANAGEMENT FROM DEBTORS TO CUSTOMERS CHANGES IN THE WORLD OF CLAIMS MANAGEMENT FROM DEBTORS TO CUSTOMERS Andreas Aumüller, President of FENCA Federation of European National Collection Associations CONSUMER CREDIT INDUSTRY Annual Convention

More information

Ethical hotlines and whistleblowing ensuring businesses are not in conflict. with EU laws 10 May 2012. James Castro-Edwards, solicitor.

Ethical hotlines and whistleblowing ensuring businesses are not in conflict. with EU laws 10 May 2012. James Castro-Edwards, solicitor. James Castro-Edwards, solicitor and Alexia Zuber, solicitor Data Protection & Information Law Group Ethical hotlines and whistleblowing ensuring businesses are not in conflict with EU laws 10 May 2012

More information

Application of Data Protection Concepts to Cloud Computing

Application of Data Protection Concepts to Cloud Computing Application of Data Protection Concepts to Cloud Computing By Denitza Toptchiyska Abstract: The fast technological development and growing use of cloud computing services require implementation of effective

More information

slaughter and may The new EU Data Protection Regulation revolution or evolution?

slaughter and may The new EU Data Protection Regulation revolution or evolution? slaughter and may The new EU Data Protection Regulation revolution or evolution? BRIEFING April 2012 Reform of Europe s data protection regime moved one step closer this January with the publication of

More information

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft Cyber Security and Privacy Services Working in partnership with you to protect your organisation from cyber security threats and data theft 2 Cyber Security and Privacy Services What drives your security

More information

CYBER-ATTACKS THE GLOBAL RESPONSE

CYBER-ATTACKS THE GLOBAL RESPONSE R E P R I N T CYBER-ATTACKS THE GLOBAL RESPONSE REPRINTED FROM: Risk, Governance & Compliance for Financial Institutions 2015 RISK GOVERNANCE & COMPLIANCE for F I N A N C I A L INSTITUTIONS 2 0 1 5 Visit

More information

Forthcoming EU Data Protection Law

Forthcoming EU Data Protection Law Forthcoming EU Data Protection Law How Oracle can Help Patrick McLaughlin Security Architect & Oracle Fellow EMEA Technology Solutions 22 October 2015, Riga Copyright 2014 Oracle and/or its affiliates.

More information

ICC RESOURCE GUIDE FOR SELF-REGULATION OF ONLINE BEHAVIOURAL ADVERTISING (OBA)

ICC RESOURCE GUIDE FOR SELF-REGULATION OF ONLINE BEHAVIOURAL ADVERTISING (OBA) ICC RESOURCE GUIDE FOR SELF-REGULATION OF ONLINE BEHAVIOURAL ADVERTISING (OBA) Highlights Explanation of global framework available for OBA self-regulation Checklist from existing OBA self-regulatory mechanisms

More information

Cyber Security: Compliance and Protection 2012 A Complimentary LexisNexis Webinar December 11, 2012

Cyber Security: Compliance and Protection 2012 A Complimentary LexisNexis Webinar December 11, 2012 Cyber Security: Compliance and Protection 2012 A Complimentary LexisNexis Webinar December 11, 2012 David Chatfield, Vice President, Cyber Security Services, NetDiligence Linda Clark, Esq., U.S. Senior

More information

What you need to know and what you can t afford to ignore!

What you need to know and what you can t afford to ignore! Cyber Risk: What you need to know and what you can t afford to ignore! James Johnston Directors' and Officers' Insurance Underwriter Daniel Fletcher Cyber Insurance Underwriter Financial & Specialty Markets

More information

The Legal Pitfalls of Failing to Develop Secure Cloud Services

The Legal Pitfalls of Failing to Develop Secure Cloud Services SESSION ID: CSV-R03 The Legal Pitfalls of Failing to Develop Secure Cloud Services Cristin Goodwin Senior Attorney, Trustworthy Computing & Regulatory Affairs Microsoft Corporation Edward McNicholas Global

More information

How Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner ross.buntrock@agg.com 202.669.0495

How Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner ross.buntrock@agg.com 202.669.0495 How Cybersecurity Initiatives May Impact Operators Ross A. Buntrock, Partner ross.buntrock@agg.com 202.669.0495 Agenda! Rise in Data Breaches! Effects of Increase in Cybersecurity Threats! Cybersecurity

More information

I. Background information

I. Background information A clean and open Internet: Public consultation on procedures for notifying and acting on illegal content hosted by online intermediaries I. Background information 1. Please indicate your role for the purpose

More information

Privacy Risk Assessments

Privacy Risk Assessments Privacy Risk Assessments Michael Hulet Principal November 8, 2012 Agenda Privacy Review Definition Trends Privacy Program Considerations Privacy Risk Assessment Risk Assessment Tools Generally Accepted

More information

European Privacy Reporter

European Privacy Reporter Is this email not displaying correctly? Try the web version or print version. ISSUE 02 European Privacy Reporter An Update on Legal Developments in European Privacy and Data Protection November 2012 In

More information

Summary of responses to the public consultation on Cloud computing run by CNIL from October to December 2011 and analysis by CNIL

Summary of responses to the public consultation on Cloud computing run by CNIL from October to December 2011 and analysis by CNIL Summary of responses to the public consultation on Cloud computing run by CNIL from October to December 2011 and analysis by CNIL 1. Definition of Cloud Computing In the public consultation, CNIL defined

More information

Cloud Security Standardisation & Certification. Arjan de Jong Policy Advisor Information Security

Cloud Security Standardisation & Certification. Arjan de Jong Policy Advisor Information Security Cloud Security Standardisation & Certification Arjan de Jong Policy Advisor Information Security Overview Economics of standardization and certification (EU) Legal requirements for (cloud) security International

More information

Corporate Compliance: A Global Perspective

Corporate Compliance: A Global Perspective Corporate Compliance: A Global Perspective 6/27/2012 37 Offices in 18 Countries Current Compliance Environment Ever-intensifying regulatory burden new areas of regulation existing regulations becoming

More information

Cloud computing Alessandro Galtieri Pavel Klimov Severin Loeffler

Cloud computing Alessandro Galtieri Pavel Klimov Severin Loeffler Cloud computing Alessandro Galtieri, Senior Lawyer, Colt Technology Services, London, UK Pavel Klimov, General Counsel EMEA, Unisys, London, UK Severin Loeffler, Assistant General Counsel, Central Eastern

More information

Canvassing the Cloud. An Eversheds LLP and PA Consulting Group study into the adoption of Cloud technologies

Canvassing the Cloud. An Eversheds LLP and PA Consulting Group study into the adoption of Cloud technologies Canvassing the Cloud An Eversheds LLP and PA Consulting Group study into the adoption of Cloud technologies Contents Foreword 1 Insights from the study 2 Defining the Cloud 3 Study results 4 General 4

More information

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS Mat Wright www.britishcouncil.org CONTENTS Purpose of the code 1 Scope of the code 1 The British Council s data protection commitment and

More information

HIPAA Privacy Rule Policies

HIPAA Privacy Rule Policies DRAFT - Policies and Procedures PRIVACY OFFICE ASSIGNMENT AND RESPONSIBILITIES APPROVED BY: SUPERCEDES POLICY: Policy #1 ADOPTED: REVISED: REVIEWED: Purpose This policy is designed to assure the establishment

More information

CPM. Esurance CPM Application Form INSURANCE FOR CYBER, PRIVACY & MEDIA RISKS

CPM. Esurance CPM Application Form INSURANCE FOR CYBER, PRIVACY & MEDIA RISKS CPM INSURANCE FOR CYBER, PRIVACY & MEDIA RISKS Esurance CPM Application Form This is an application for a cyber, privacy and media liability package policy aimed at a wide range of companies and professionals.

More information

New York State Department of Financial Services. Update on Cyber Security in the Banking Sector: Third Party Service Providers

New York State Department of Financial Services. Update on Cyber Security in the Banking Sector: Third Party Service Providers New York State Department of Financial Services Update on Cyber Security in the Banking Sector: Third Party Service Providers April 2015 Update on Cyber Security in Banking Sector: Third-Party Service

More information

Cyber Security - What Would a Breach Really Mean for your Business?

Cyber Security - What Would a Breach Really Mean for your Business? Cyber Security - What Would a Breach Really Mean for your Business? August 2014 v1.0 As the internet has become increasingly important across every aspect of business, the risks posed by breaches to cyber

More information

ARTICLE 29 DATA PROTECTION WORKING PARTY

ARTICLE 29 DATA PROTECTION WORKING PARTY ARTICLE 29 DATA PROTECTION WORKING PARTY 2588/15/EN WP 232 Opinion 02/2015 on C-SIG Code of Conduct on Cloud Computing Adopted on 22 September 2015 This Working Party was set up under Article 29 of Directive

More information

Data Protection and Information Security: The top 5 risks for 2013 1 November 2012

Data Protection and Information Security: The top 5 risks for 2013 1 November 2012 Robert Bond Head of Data Protection & Information Law Group Data Protection and Information Security: The top 5 risks for 2013 1 November 2012 Our team Speechly Bircham is an ambitious, full-service law

More information

2015 NETWORK SECURITY & CYBER RISK MANAGEMENT: THE FOURTH ANNUAL SURVEY OF ENTERPRISE-WIDE CYBER RISK MANAGEMENT PRACTICES IN EUROPE

2015 NETWORK SECURITY & CYBER RISK MANAGEMENT: THE FOURTH ANNUAL SURVEY OF ENTERPRISE-WIDE CYBER RISK MANAGEMENT PRACTICES IN EUROPE 2015 NETWORK SECURITY & CYBER RISK MANAGEMENT: THE FOURTH ANNUAL SURVEY OF ENTERPRISE-WIDE CYBER RISK MANAGEMENT PRACTICES IN EUROPE February 2015 2015 Network Security & Cyber Risk Management: The FOURTH

More information

VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium

VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium 1 VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium 2 Agenda Introduction Vendor Management what is? Available Guidance Vendor Management

More information

Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) 2014: 245 incidents reported

Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) 2014: 245 incidents reported Protecting What Matters Most Christian Fahlke, Regional Sales Manager ALPS March 2015 Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) 2014: 245 incidents reported (Source: https://ics-cert.us-cert.gov/sites/default/files/monitors/ics-cert_monitor_sep2014-feb2015.pdf)

More information

Digital Agenda for Europe Cartagena de Indias, September 1, 2015

Digital Agenda for Europe Cartagena de Indias, September 1, 2015 Digital Agenda for Europe Cartagena de Indias, September 1, 2015 Javier Huerta Bravo From the Digital Agenda (2010)... Commission ICT strategy for 2010-2020 Problems identified: Lack of investment in networks

More information

EU Directive on Network and Information Security SWD(2013) 31 & SWD(2013) 32. A call for views and evidence

EU Directive on Network and Information Security SWD(2013) 31 & SWD(2013) 32. A call for views and evidence EU Directive on Network and Information Security SWD(2013) 31 & SWD(2013) 32 A call for views and evidence 22 nd May 2013 Contents Contents... 2 Overview: The EU Directive on Network and Information Security...

More information

The new EU Clinical Trials Regulation How NHS research and patients will benefit

The new EU Clinical Trials Regulation How NHS research and patients will benefit the voice of the NHS in Europe Briefing September 2014 Issue 19 The new EU Clinical Trials Regulation How NHS research and patients will benefit Who should read this briefing? This briefing will be of

More information

FRANCE. Chapter XX OVERVIEW

FRANCE. Chapter XX OVERVIEW Chapter XX FRANCE Merav Griguer 1 I OVERVIEW France has an omnibus privacy, data protection and cybersecurity framework law. As a member of the European Union, France has implemented the EU Data Protection

More information

Key issues in data protection: a pan-european view

Key issues in data protection: a pan-european view Key issues in data protection: a pan-european view 19 th March 2014 Nicola Fulford, Kemp Little LLP, UK Andreas Peschel-Mehner, SKW Schwarz, Germany Marco Bellezza, Portolano Cavallo, Italy Emmanuel Schulte,

More information

Ofcom guidance on security requirements in sections 105A to D of the Communications Act 2003

Ofcom guidance on security requirements in sections 105A to D of the Communications Act 2003 Ofcom guidance on security requirements in sections 105A to D of the Communications Act 2003 Guidance Publication date: 08 August 2014 About this document The legislation that applies to telecoms providers

More information

The European General Data Protection Regulation. A guide for the insurance industry

The European General Data Protection Regulation. A guide for the insurance industry The European General Data Protection Regulation A guide for the insurance industry IMPORTANT NOTE: This guide is based on the politically agreed compromise text agreed by the European Commission, EU Parliament

More information

DPO Project Workshop II. 10 December 2013

DPO Project Workshop II. 10 December 2013 DPO Project Workshop II 10 December 2013 Agenda Arrival and Coffee 09:00 0:930 Introduction and welcome Wim Nauwelaerts, Partner, Hunton & Williams 09:30 09:40 Summary of the project, analysis of survey

More information

Logging In: Auditing Cybersecurity in an Unsecure World

Logging In: Auditing Cybersecurity in an Unsecure World About This Course Logging In: Auditing Cybersecurity in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that

More information

Privacy in the cloud. DNB has indicated that it considers cloud computing a form of outsourcing.

Privacy in the cloud. DNB has indicated that it considers cloud computing a form of outsourcing. Privacy in the cloud computing, and the company concerned is required to submit a risk analysis to DNB. 3 Cloud computing entails the saving, processing and using of company data on the servers of a cloud

More information

Cloud Computing. Hot topics in relation to security, liability and privacy. Steven De Schrijver

Cloud Computing. Hot topics in relation to security, liability and privacy. Steven De Schrijver Cloud Computing Hot topics in relation to security, liability and privacy Steven De Schrijver Cloud Computing : who and what is involved? Data Cloud Service Provider (e.g. SaaS, PaaS, IaaS) Sub-contractor

More information

MARKETING SUMMIT 2015 SPEAKERS BIOS. KEYNOTE SPEAKER + PANEL 1 : «The marketer and New Data Era»

MARKETING SUMMIT 2015 SPEAKERS BIOS. KEYNOTE SPEAKER + PANEL 1 : «The marketer and New Data Era» MARKETING SUMMIT 2015 SPEAKERS BIOS KEYNOTE SPEAKER + PANEL 1 : «The marketer and New Data Era» KEYNOTE SPEAKER KUMARDEV CHATTERJEE Kumardev Chatterjee is the Founder and President of the European Young

More information

NIST Cybersecurity Framework. ARC World Industry Forum 2014

NIST Cybersecurity Framework. ARC World Industry Forum 2014 NIST Cybersecurity Framework Vicky Yan Pillitteri NIST ARC World Industry Forum 2014 February 10-13, 2014 Orlando, FL Executive Order 13636 Improving Critical Infrastructure Cybersecurity It is the policy

More information

The EBF would like to take the opportunity to note few general remarks on key issues as follows:

The EBF would like to take the opportunity to note few general remarks on key issues as follows: Ref.:EBF_001314 Brussels, 17 June 2013 Launched in 1960, the European Banking Federation is the voice of the European banking sector from the European Union and European Free Trade Association countries.

More information

Privacy Liability & Data Breach Management Cyber Insurance as a Customer Privacy Protection Tool

Privacy Liability & Data Breach Management Cyber Insurance as a Customer Privacy Protection Tool Privacy Liability & Data Breach Management Cyber Insurance as a Customer Privacy Protection Tool Nikos Georgopoulos Cyber Risks Advisor - cyrm Nikos Georgopoulos Microsoft Insurance Conference March 2015

More information

Presentation to ACC Charlotte. Data Security & Privacy. November 2, 2011. Presented by: William J. Cook C. Andrew Konia Mark J.

Presentation to ACC Charlotte. Data Security & Privacy. November 2, 2011. Presented by: William J. Cook C. Andrew Konia Mark J. Presentation to ACC Charlotte Data Security & Privacy Presented by: November 2, 2011 William J. Cook C. Andrew Konia Mark J. Maier www.mcguirewoods.com Agenda Identifying the Issues/Concerns Current State/Impact

More information

Data Protection Avoiding Information Commissioner Fines. Caroline Egan 5 June 2014

Data Protection Avoiding Information Commissioner Fines. Caroline Egan 5 June 2014 Data Protection Avoiding Information Commissioner Fines Caroline Egan 5 June 2014 Why is data protection a hot topic in pensions? Pension schemes hold large amounts of personal data Individuals more aware

More information

Who s next after TalkTalk?

Who s next after TalkTalk? Who s next after TalkTalk? Frequently Asked Questions on Cyber Risk Fraud threat to millions of TalkTalk customers TalkTalk cyber-attack: website hit by significant breach These are just two of the many

More information