A How-to Guide for Privacy, Big Data and the Cloud in the US and Asia Pacific

Size: px
Start display at page:

Download "A How-to Guide for Privacy, Big Data and the Cloud in the US and Asia Pacific"

Transcription

1 A How-to Guide for Privacy, Big Data and the Cloud in the US and Asia Pacific Joel Lutz, The Vanguard Group, Inc and Alec Christie, DLA Piper Australia 1

2 SETTING THE SCENE 1. What do we mean by "Big Data" and "Cloud"? 2. Issues 3. What is the privacy framework for Big Data and Cloud? 4. Examples using framework 5. Applying the framework in a practical manner 2

3 THE CLOUD: WHAT IS IT? 3

4 BIG DATA: WHAT IS IT? 4

5 AUDIENCE QUESTIONS 1. For those of you who have been involved in a Big Data project, what was the privacy issue of most concern: a) re-identification of information (ie creation of personal data) b) acquisition of data from a third party c) use of collected personal data for other purposes d) the need for consent/notification e) other 2. For those of you who have been involved in a Cloud project, what was the privacy issue of most concern: a) sending personal data offshore b) security/data sovereignty c) the need for notification/consent d) working out who needed to comply with what privacy laws e) other 5

6 ISSUES Big Data Lack of transparency in how data is combined, transformed, and used within Big Data system Cloud Lack of transparency and joint responsibility IaaS and PaaS Disclosure and Security SaaS All framework principles are handled by data controller and cloud provider 6

7 GLOBAL PRIVACY FRAMEWORK Management Notice Choice/Consent Collection Use/Retention/Disposal Access Disclosure Security Quality Monitoring/Enforcement Define, document, communicate and assign accountability for privacy policies and procedures Provide notice about privacy policies and procedures; identify purpose for which information is collected, used, retained, and destroyed Provide data subject the opportunity to consent or opt out of collection or use where appropriate Collect only information needed for stated purposes Limit use to disclosed purposes; retain information only as long as needed for stated purpose; dispose of appropriately Provide data subject access to personal information for review and update Disclose information to third parties only for purposes identified Protect information against unauthorized access Maintain accurate, complete, and relevant information Monitor compliance with state privacy policies and procedures and handle related complaints 7

8 BIG DATA FRAMEWORK Small Data Notice/Consent/Choice Identify Data Sources Insure Proper Notice Big Data Identify Data Sources Insure Proper Notice Collection Identify Sources Assure Rights Identify Sources Assure Rights Use Policy Enforcement Create System Rules Create Business Process Rules Create Business Process Rules Create System Rules Retention/Destruction Set System Rules Set System Rules Access Input into system In system Output from system Disclosure What Data + What Purpose=Which Disclosure Allowed Input into system (In system?) Output from system What Data + What Purpose=Which Disclosure Allowed Quality Output Monitoring Output Monitoring 8

9 CLOUD FRAMEWORK Infrastructure as a Service (IaaS) Platform as a Service (PaaS) Software as a Service (SaaS) Notice/Consent/Choice Data Controller Data Controller Both Collection Data Controller Data Controller Both Use Policy Enforcement Data Controller Data Controller Both Retention/Destruction Data Controller Data Controller Both Access Data Controller Data Controller Both Disclosure Both Both Both Quality Data Controller Data Controller Both Security Both Both Both 9

10 Notice/Consent /Choice Collection CLOUD FRAMEWORK EXAMPLE Contractual Commitment X X Data Controller Monitoring Cloud Provider Policy Review X X Cloud Provider Procedure Review Cloud Provider Reporting Use Policy Enforcement X X X X Retention/ Destruction Access Disclosure Quality Security Data Controller Inspection/ Testing Independent Audit and Report X X X X X X X X X X X X X Security: Physical X X X Security: Network X X X X Security: Application Security: Monitoring/ Data Loss Protection Security: Contingency X X X X X X X X X X X X 10

11 EXAMPLE/CASE STUDY: THE FACTS Australian based financial services company "Dollar Co" Operates in/collects personal data in each of: Japan through a subsidiary company "JCo" Malaysia in an incorporated joint venture with a Malaysian company "MJV" Singapore through an agent "SA" South Korea through a branch "SKB" (together "related entities") 11

12 EXAMPLE/CASE STUDY: THE FACTS As part of a global HR Could platform roll out Dollar Co puts (and asks all related entities to put) all their employee personal data into the third party HR Cloud platform with servers in the US and the EU. In order to focus their product development and marketing efforts across the region Dollar Co collects anonymised data from each of its related entities across the region third party information providers websites/databases on the Internet in order to run Big Data analytics and asks each of its related entities to do the same in their countries. 12

13 EXAMPLE/CASE STUDY: THE CHALLENGES Cloud (SaaS here): Who has what privacy obligations/what privacy laws apply? What method to confirm cloud provider responsibilities? Go through all parts of framework and answer who is responsible and how is that confirmed? 1. Notice 2. Consent 3. Collection 4. Use/Retention/Disposal 5. Access 6. Disclosure 7. Security 8. Quality 13

14 EXAMPLE/CASE STUDY: THE CHALLENGES Big Data How is data transformed, combined, and used? How do you confirm all parts of the framework with lack of transparency? 1. Notice 2. Consent 3. Collection 4. Use/Retention/Disposal 5. Access 6. Disclosure 7. Security 8. Quality 14

15 AUDIENCE QUESTION In respect of the Asia Pacific region, which do you believe is the most accurate statement: a) except for Australia and New Zealand, there are no real privacy laws in the region b) all countries in the region have privacy laws and they pretty much have uniform principles, penalties and enforcement regimes c) it is the "fastest growing" region in terms of the introduction of new and revised tougher privacy laws d) some key elements are common across most of the region (including being European in concept/approach to privacy) but there are also important differences to be wary of 15

16 ASIA PACIFIC PRIVACY REGIMES AT A GLANCE 16

17 EXAMPLE/CASE STUDY: IN GENERAL What privacy challenges are similar? Across Big Data and Cloud Across the U.S. and Asia Pacific What privacy challenges are different? Across Big Data and Cloud Across the U.S. and Asia Pacific 17

18 PRACTICAL SOLUTIONS 1. Have a framework based on rationalized legal requirements. (Use ours if you want!) 2. Do not abandon your framework because the project has a fancy name and uses cool sounding technology. (The names only attraction attention.) 3. Do not abandon your framework because the level or type of transparency is different. 4. Document your application of the framework. 5. Big Data: Execute at different points in different ways. 18

19 PRACTICAL SOLUTIONS 6. Big Data: Focus on what goes in and what comes out control there. 7. Cloud: Answer which type of cloud first. 8. Cloud: For IaaS and PaaS, focus on who is responsible for security and disclosure. 9. Cloud: For SaaS focus on who is responsible (Data Controller or Cloud Provider). 10. Cloud: For SaaS focus on how to confirm responsibilities are carried out. 19

20 QUESTIONS AND COMMENTS 20

21 RESOURCES Some resources we believe you will find useful in the Privacy, Big Data, and Cloud areas: Privacy: Data Protection Laws of the World Handbook (2014): Big Data: CSA Cloud Bytes Big Data, Open Data, Smart Data All need BIG Privacy https://cloudsecurityalliance.org/research/cloudbytes/big-data-open-datasmart-data/ Privacy and Big Data An ISACA White Paper August Center/Research/ResearchDeliverables/Pages/Privacy-and-Big-Data.aspx CSA Big Data Working Group. Expanded Top Ten Big Data Security and Privacy Challenges, April org/initiatives/bdwg/expanded_top_ten_big_data_security_and_privacy_ Challenges.pdf 21

22 Cloud: RESOURCES (CONT) Security Guidance for Critical Areas of Focus in Cloud Computing V3.0 v3.0.pdf Cloud Controls Matrix V3.0 https://cloudsecurityalliance.org/ download/cloud-controls-matrix-v3/ BSA Global Cloud Computing Scorecard Building Confidence in the Cloud: A Proposal for Industry and Government Action for Europe to Reap the Benefits of Cloud Computing (Microsoft's submission No 2 to the European Commission) public/0003/contributions/organisations/microsoft_corporation_2nd_ document_en.pdf 22

Privacy Update for Australian Government Agencies. What we've seen in the first 12 months of the new APPs and what's next!

Privacy Update for Australian Government Agencies. What we've seen in the first 12 months of the new APPs and what's next! Privacy Update for Australian Government Agencies What we've seen in the first 12 months of the new APPs and what's next! Presented by Sharon Rowe and Alec Christie Canberra, 31 March 2015 What we are

More information

Data Protection HEADLINE PART Developments: Implications HEADLINE for the PART Insurance 2 Sector Strategies for Compliance

Data Protection HEADLINE PART Developments: Implications HEADLINE for the PART Insurance 2 Sector Strategies for Compliance Data Protection HEADLINE PART Developments: 1 Implications HEADLINE for the PART Insurance 2 Sector Strategies for Compliance Sub-headline Arial 18pt dark gray Optional Name Arial 13pt italic white Venue

More information

COMMUNICATIONS ALLIANCE LTD

COMMUNICATIONS ALLIANCE LTD COMMUNICATIONS ALLIANCE LTD Communications Alliance Response to ACS Discussion Paper on a Potential Cloud Computing Consumer Protocol - 1 - TABLE OF CONTENTS INTRODUCTION 2 SECTION 1 OVERVIEW OF RESPONSE

More information

Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Understanding SOC 3

Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Understanding SOC 3 Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Understanding SOC 3 Agenda 1) A brief perspective on where SOC 3 originated

More information

Using AWS in the context of Australian Privacy Considerations October 2015

Using AWS in the context of Australian Privacy Considerations October 2015 Using AWS in the context of Australian Privacy Considerations October 2015 (Please consult https://aws.amazon.com/compliance/aws-whitepapers/for the latest version of this paper) Page 1 of 13 Overview

More information

Information Sheet: Cloud Computing

Information Sheet: Cloud Computing info sheet 03.11 Information Sheet: Cloud Computing Info Sheet 03.11 May 2011 This Information Sheet gives a brief overview of how the Information Privacy Act 2000 (Vic) applies to cloud computing technologies.

More information

Privacy Policy. 30 January 2015

Privacy Policy. 30 January 2015 Privacy Policy 30 January 2015 Table of Contents 1 Overview 3 Purpose 3 Scope 3 2 Collection 3 What information do we collect? 3 What if you do not give us the information we request? 4 3 Use of information

More information

School Information Security and Privacy in the Cloud

School Information Security and Privacy in the Cloud School Information Security and Privacy in the Cloud Information Sheet and FAQ s Staying competitive in today s digital world means using technology in ways that are innovative in scope and reach. The

More information

How Microsoft is taking Privacy by Design to Work. Alan Chan National Technology Officer Microsoft Hong Kong 7 May 2015

How Microsoft is taking Privacy by Design to Work. Alan Chan National Technology Officer Microsoft Hong Kong 7 May 2015 How Microsoft is taking Privacy by Design to Work Alan Chan National Technology Officer Microsoft Hong Kong 7 May 2015 Agenda Introducing the New Microsoft Microsoft privacy principle Protecting privacy

More information

Understanding ISO 27018 and Preparing for the Modern Era of Cloud Security

Understanding ISO 27018 and Preparing for the Modern Era of Cloud Security Understanding ISO 27018 and Preparing for the Modern Era of Cloud Security Presented by Microsoft and Foley Hoag LLP s Privacy and Data Security Practice Group May 14, 2015 Proposal or event name (optional)

More information

New Zealand Cloud Computing Code of Practice

New Zealand Cloud Computing Code of Practice New Zealand Cloud Computing Code of Practice Structure and Approach Survey Summary Version 1.0 December 2011 Contents Introduction and Background... 3 Survey Responses... 4 Structure of the code... 4 Disclosures...

More information

PRIVACY IN THE CLOUD AND BIG DATA WHAT FRANCHISORS NEED TO KNOW!

PRIVACY IN THE CLOUD AND BIG DATA WHAT FRANCHISORS NEED TO KNOW! PRIVACY IN THE CLOUD AND BIG DATA WHAT FRANCHISORS NEED TO KNOW! By Alec Christie, Partner, DLA Piper Franchisors will already be dealing with a number of day-to-day privacy issues arising from their implementation

More information

South East Asia: Data Protection Update

South East Asia: Data Protection Update Data Privacy and Security Team To: Our Clients and Friends September 2013 South East Asia: Data Protection Update Europe has had data protection laws in place for over a decade. Such laws regulate how

More information

PIPEDA and Online Backup White Paper

PIPEDA and Online Backup White Paper PIPEDA and Online Backup White Paper The cloud computing era has seen a phenomenal growth of the data backup service industry. Backup service providers, by nature of their business, are compelled to collect

More information

The Challenges of Applying HIPAA to the Cloud. Adam Greene, Partner Davis Wright Tremaine LLP

The Challenges of Applying HIPAA to the Cloud. Adam Greene, Partner Davis Wright Tremaine LLP The Challenges of Applying HIPAA to the Cloud Adam Greene, Partner Davis Wright Tremaine LLP AGENDA Key Concepts Under HIPAA HIPAA Obligations for a BA Questions Remain Reaching Answers Resources KEY CONCEPTS

More information

Privacy Risk Assessments

Privacy Risk Assessments Privacy Risk Assessments Michael Hulet Principal November 8, 2012 Agenda Privacy Review Definition Trends Privacy Program Considerations Privacy Risk Assessment Risk Assessment Tools Generally Accepted

More information

Choosing a global cloud infrastructure provider

Choosing a global cloud infrastructure provider IMAGE: ANIMIND/FOTOLIA.COM Choosing a global cloud infrastructure provider Top considerations for choosing a global cloud infrastructure provider A guide for enterprises considering IaaS services, by Lisa

More information

Microsoft appreciates the opportunity to respond to the Cloud Computing Consumer Protocol: ACS Discussion Paper July 2013 (the protocol).

Microsoft appreciates the opportunity to respond to the Cloud Computing Consumer Protocol: ACS Discussion Paper July 2013 (the protocol). Microsoft Submission to ACS Cloud Protocol Discussion Paper General Comments Microsoft appreciates the opportunity to respond to the Cloud Computing Consumer Protocol: ACS Discussion Paper July 2013 (the

More information

Privacy Statement. What Personal Information We Collect. Australia

Privacy Statement. What Personal Information We Collect. Australia Privacy Statement Kelly Services, Inc. and its subsidiaries ("Kelly Services" or Kelly ) respect your privacy and we acknowledge that you have certain rights related to any personal information we collect

More information

Privacy in the Cloud A Microsoft Perspective

Privacy in the Cloud A Microsoft Perspective A Microsoft Perspective November 2010 The information contained in this document represents the current view of Microsoft Corp. on the issues discussed as of the date of publication. Because Microsoft

More information

TPS Corporate Services Personal Data Protection Policy

TPS Corporate Services Personal Data Protection Policy TPS Corporate Services Personal Data Protection Policy In this policy, we, us, our means and all its related companies (collectively known as TPS ), you, your or yours means the persons to whom this policy

More information

Top 10 Tips and Tools for Meeting Regulatory Requirements and Managing Cloud Computing Providers in the United States and Around the World

Top 10 Tips and Tools for Meeting Regulatory Requirements and Managing Cloud Computing Providers in the United States and Around the World Top 10 Tips and Tools for Meeting Regulatory Requirements and Managing Cloud Computing Providers in the United States and Around the World Web Hull Privacy, Data Protection, & Compliance Advisor Society

More information

(a) the kind of data and the harm that could result if any of those things should occur;

(a) the kind of data and the harm that could result if any of those things should occur; Cloud Computing This information leaflet aims to advise organisations on the factors they should take into account in considering engaging cloud computing. It explains the relevance of the Personal Data

More information

HIPAA and HITECH Compliance Simplification. Sol Cates CSO @solcates scates@vormetric.com

HIPAA and HITECH Compliance Simplification. Sol Cates CSO @solcates scates@vormetric.com HIPAA and HITECH Compliance Simplification Sol Cates CSO @solcates scates@vormetric.com Quick Agenda Why comply? What does Compliance look like? New Cares vs Rental Cars vs Custom Cars Vormetric Q&A Slide

More information

Captain Compare Privacy Policy

Captain Compare Privacy Policy Captain Compare Privacy Policy This Privacy Policy contains important information about the type of personal information we collect from you on the Captain Compare website (www.captaincompare.com.au) (Website),

More information

Big Data for Law Firms DAMIAN BLACKBURN

Big Data for Law Firms DAMIAN BLACKBURN Big Data for Law Firms DAMIAN BLACKBURN PUBLISHED BY IN ASSOCIATION WITH Big data means big business By Simon Briskman, partner, technology & outsourcing group, Field Fisher Waterhouse LLP BIG DATA is

More information

Cloud Computing Consumer Protocol. ACS Cloud Discussion Paper July 2013

Cloud Computing Consumer Protocol. ACS Cloud Discussion Paper July 2013 Cloud Computing Consumer Protocol ACS Cloud Discussion Paper July 2013 ACS Cloud Protocol Discussion Paper July 2013 2 CONTENTS SECTION PAGE 1. Introduction and Purpose 3 2. Structure and Timelines 3 3.

More information

Data Management Session: Privacy, the Cloud and Data Breaches

Data Management Session: Privacy, the Cloud and Data Breaches Data Management Session: Privacy, the Cloud and Data Breaches Annelies Moens Head of Sales and Operations, IIS President, iappanz IACCM APAC Australia Sydney, 1 August 2012 Overview Changing privacy regulation

More information

ROYAL AUSTRALASIAN COLLEGE OF SURGEONS

ROYAL AUSTRALASIAN COLLEGE OF SURGEONS 1. SCOPE This policy details the College s privacy policy and related information handling practices and gives guidelines for access to any personal information retained by the College. This includes personal

More information

FISHER & PAYKEL PRIVACY POLICY

FISHER & PAYKEL PRIVACY POLICY FISHER & PAYKEL PRIVACY POLICY 1. About this Policy Fisher & Paykel Australia Pty Limited (ABN 71 000 042 080) and its related companies ('we', 'us', 'our') understands the importance of, and is committed

More information

Acquia Comments on EU Recommendations for Data Processing in the Cloud

Acquia Comments on EU Recommendations for Data Processing in the Cloud Acquia Comments on EU Recommendations for Data Processing in the Cloud Executive Summary On July 1, 2012, European Union (EU) data protection regulators provided guidelines for service providers processing

More information

INTERNATIONAL SOS. Data Protection Policy. Version 1.05

INTERNATIONAL SOS. Data Protection Policy. Version 1.05 INTERNATIONAL SOS Data Protection Policy Document Owner: LCIS Division Document Manager: Group General Counsel Effective: December 2008 Revised: 2015 All copyright in these materials are reserved to AEA

More information

Isaac Willett April 5, 2011

Isaac Willett April 5, 2011 Current Options for EHR Implementation: Cloud or No Cloud? Regina Sharrow Isaac Willett April 5, 2011 Introduction Health Information Technology for Economic and Clinical Health Act ( HITECH (HITECH Act

More information

AASA Online Privacy Policy CRP.020

AASA Online Privacy Policy CRP.020 Introduction Alzheimer s Australia SA Inc values your privacy and takes reasonable steps to protect your personal information (that is, information which identifies or may reasonably be used to identify

More information

Daren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD

Daren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD Daren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD Agenda Cloud Computing Technical Overview Cloud Related Applications Identified Risks Assessment Criteria Cloud Computing What Is It? National

More information

Privacy and Cloud Computing for Australian Government Agencies

Privacy and Cloud Computing for Australian Government Agencies Privacy and Cloud Computing for Australian Government Agencies Better Practice Guide February 2013 Version 1.1 Introduction Despite common perceptions, cloud computing has the potential to enhance privacy

More information

Cloud Security Panel: Real World GRC Experiences. ISACA Atlanta s 2013 Annual Geek Week

Cloud Security Panel: Real World GRC Experiences. ISACA Atlanta s 2013 Annual Geek Week Cloud Security Panel: Real World GRC Experiences ISACA Atlanta s 2013 Annual Geek Week Agenda Introductions Recap: Overview of Cloud Computing and Why Auditors Should Care Reference Materials Panel/Questions

More information

Cloud Computing in a Government Context

Cloud Computing in a Government Context Cloud Computing in a Government Context Introduction There has been a lot of hype around cloud computing to the point where, according to Gartner, 1 it has become 'deafening'. However, it is important

More information

Demystifying the evolving cloud landscape

Demystifying the evolving cloud landscape Demystifying the evolving cloud landscape Agatha Poon Research Manager, Global Cloud Computing The 451 Group Today 260+ Staff One company with 3 Go to Market brands Syndicated research, certification,

More information

Alec Christie, Partner, DLA. Piper Australia 26 October 2014

Alec Christie, Partner, DLA. Piper Australia 26 October 2014 hat franchisors need to know bout privacy, the cl oud and big ata Alec Christie, Partner, DLA Piper Australia 26 October 2014 hat we will cover today! Privacy: What has changed? (What hasn't?) The "new"

More information

Privacy, the Cloud and Data Breaches

Privacy, the Cloud and Data Breaches Privacy, the Cloud and Data Breaches Annelies Moens Head of Sales and Operations, Information Integrity Solutions Legalwise Seminars Sydney, 20 March 2013 About IIS Building trust and privacy through global

More information

TEG Live Privacy Policy

TEG Live Privacy Policy TEG Live Privacy Policy We Respect Your Privacy At TEG Live * the security of personal information that we collect is of utmost importance to us. You can find information about how we handle and manage

More information

CORPORATE TRAVEL MANAGEMENT PRIVACY POLICY

CORPORATE TRAVEL MANAGEMENT PRIVACY POLICY CORPORATE TRAVEL MANAGEMENT PRIVACY POLICY 1. About this Policy Corporate Travel Management Group Pty Ltd (ABN 52 005 000 895) (CTM) ('we', 'us', 'our') understands the importance of, and is committed

More information

OUTSOURCING, HOSTING AND DATA PRIVACY ISSUES

OUTSOURCING, HOSTING AND DATA PRIVACY ISSUES OUTSOURCING, HOSTING AND DATA PRIVACY ISSUES 4 April 2013 James Castro-Edwards Solicitor Monica Salgado Advogada / Portuguese Lawyer OUR TEAM Speechly Bircham is an ambitious, full-service law firm with

More information

AlixPartners, LLP. General Data Protection Statement

AlixPartners, LLP. General Data Protection Statement AlixPartners, LLP General Data Protection Statement GENERAL DATA PROTECTION STATEMENT 1. INTRODUCTION 1.1 AlixPartners, LLP ( AlixPartners ) is committed to fulfilling its obligations under the data protection

More information

A hole in the cloud: Is cloud secure?

A hole in the cloud: Is cloud secure? A hole in the cloud: Is cloud secure? N. Vijaykumar Infosys Technologies Limited, Bangalore presented at Security in cloud is a key challenge! 70% 60% 50% 40% 30% 20% 10% 0% Data integrity tampering Hacker

More information

Information Technology: This Year s Hot Issue - Cloud Computing

Information Technology: This Year s Hot Issue - Cloud Computing Information Technology: This Year s Hot Issue - Cloud Computing Presented by: Alan Sutin Global IP & Technology Practice Group GREENBERG TRAURIG, LLP ATTORNEYS AT LAW WWW.GTLAW.COM 2011. All rights reserved.

More information

Cloud Computing and Privacy Laws! 17.7. 22.7. 2011 Prof. Dr. Thomas Fetzer, LL.M. Technische Universität Dresden Law School

Cloud Computing and Privacy Laws! 17.7. 22.7. 2011 Prof. Dr. Thomas Fetzer, LL.M. Technische Universität Dresden Law School DEUTSCH-FRANZÖSISCHE SOMMERUNIVERSITÄT! FÜR NACHWUCHSWISSENSCHAFTLER 2011! CLOUD COMPUTING : HERAUSFORDERUNGEN UND MÖGLICHKEITEN UNIVERSITÉ DʼÉTÉ FRANCO-ALLEMANDE POUR JEUNES CHERCHEURS 2011! CLOUD COMPUTING

More information

Analysis of Asia Pacific Hosted Email Market

Analysis of Asia Pacific Hosted Email Market MEDICAL DEVICES PHARMACEUTICALS CHEMICALS FOOD & BEVERAGE ELECTRONICS Analysis of Asia Pacific Hosted Email Market VPG Publications, Consulting, Clients www.vpgcorp.com VPG Market Research Reports www.vpgmarketresearch.com

More information

AHLA. JJ. Keeping Your Cloud Services Provider from Raining on Your Parade. Jean Hess Manager HORNE LLP Ridgeland, MS

AHLA. JJ. Keeping Your Cloud Services Provider from Raining on Your Parade. Jean Hess Manager HORNE LLP Ridgeland, MS AHLA JJ. Keeping Your Cloud Services Provider from Raining on Your Parade Jean Hess Manager HORNE LLP Ridgeland, MS Melissa Markey Hall Render Killian Heath & Lyman PC Troy, MI Physicians and Hospitals

More information

{Moving to the cloud}

{Moving to the cloud} {Moving to the cloud} plantemoran.com doesn t mean outsourcing your security controls. Cloud computing is a strategic move. Its impact will have a ripple effect throughout an organization. You don t have

More information

A Flexible and Comprehensive Approach to a Cloud Compliance Program

A Flexible and Comprehensive Approach to a Cloud Compliance Program A Flexible and Comprehensive Approach to a Cloud Compliance Program Stuart Aston Microsoft UK Session ID: SPO-201 Session Classification: General Interest Compliance in the cloud Transparency Responsibility

More information

[Who Cares?] as a Service

[Who Cares?] as a Service Who Cares? Figurative: I don t care. Literal: Who is caring for it? 4 Option 1: Build crib. Uncluttering Cloud 5 Option 2: Assemble crib. Uncluttering Cloud 6 Option 3: Buy assembled crib. Uncluttering

More information

POWER PROTECT PROMOTE. Information Governance In The Cloud

POWER PROTECT PROMOTE. Information Governance In The Cloud Information Governance In The Cloud Galina Datskovsky, Ph. D., CRM President of ARMA International SVP Information Governance Solutions Topics Cloud Characteristics And Risks Information Management In

More information

Welcome & Introductions

Welcome & Introductions Addressing Data Privacy and Security Compliance in Cloud Computing Benjamin Hayes, Director of Legal Services, Data Privacy Compliance North America Accenture Copyright 2011 Accenture All Rights Reserved.

More information

Global Privacy and Data Security in the Cloud September 14, 2011 Miriam Wugmeister

Global Privacy and Data Security in the Cloud September 14, 2011 Miriam Wugmeister 2011 Morrison & Foerster LLP All Rights Reserved mofo.com Global Privacy and Data Security in the Cloud September 14, 2011 Miriam Wugmeister Presenter Miriam Wugmeister Morrison & Foerster LLP New York

More information

Recommendations for companies planning to use Cloud computing services

Recommendations for companies planning to use Cloud computing services Recommendations for companies planning to use Cloud computing services From a legal standpoint, CNIL finds that Cloud computing raises a number of difficulties with regard to compliance with the legislation

More information

Privacy Policy Australian Construction Products Pty Limited

Privacy Policy Australian Construction Products Pty Limited Privacy Policy Australian Construction Products Pty Limited What is this privacy policy about? This Privacy Policy describes how Australian Construction Products 63 091 618 781 (we or us) will treat the

More information

Four steps to improving cloud security and compliance

Four steps to improving cloud security and compliance white paper Four steps to improving cloud security and compliance Despite the widespread proliferation of cloud computing, IT decision makers still express major concerns about security, compliance, and

More information

You may choose not to provide us with any of this information, but not doing so will affect our ability to provide you with storage.

You may choose not to provide us with any of this information, but not doing so will affect our ability to provide you with storage. BENALLA MINI STORAGE Privacy Policy This Privacy Policy outlines the policy of Benalla Mini Storage, Nish Court Benalla, abn37 371 733 702, managed by Benalla Residential Rural Real Estate of 72 Bridge

More information

Cloud Security Strategies. Fabio Gianotti, Head of Cyber Security and Enterprise Security Systems

Cloud Security Strategies. Fabio Gianotti, Head of Cyber Security and Enterprise Security Systems Cloud Security Strategies Fabio Gianotti, Head of Cyber Security and Enterprise Security Systems London, 14 October 2015 UNICREDIT AT A GLANCE Employees: more than 146.600 Branches: 8.403 Banking operations

More information

Review of Cloud Risks: What if

Review of Cloud Risks: What if Review of Cloud Risks: What if Availability of Data Ownership of Data Security of Information Privacy Controls there is no way to prevent Twitter from sharing your data (like when & where you tweeted from)

More information

The Winnipeg Foundation Privacy Policy

The Winnipeg Foundation Privacy Policy The Winnipeg Foundation Privacy Policy The http://www.wpgfdn.org (the Website ) is operated by The Winnipeg Foundation (the Foundation ). The Winnipeg Foundation Privacy Policy Foundation is committed

More information

Cloud Computing and Records Management

Cloud Computing and Records Management GPO Box 2343 Adelaide SA 5001 Tel (+61 8) 8204 8773 Fax (+61 8) 8204 8777 DX:336 srsarecordsmanagement@sa.gov.au www.archives.sa.gov.au Cloud Computing and Records Management June 2015 Version 1 Version

More information

The HR Skinny: Effectively managing international employee data flows

The HR Skinny: Effectively managing international employee data flows The HR Skinny: Effectively managing international employee data flows Topics we will cover today Laws affecting HR data flows HR international data protection challenges and strategic solutions Case study

More information

Brad Smith, General Counsel & Executive Vice President, Legal and Corporate Affairs, Microsoft

Brad Smith, General Counsel & Executive Vice President, Legal and Corporate Affairs, Microsoft Brad Smith, General Counsel & Executive Vice President, Legal and Corporate Affairs, Microsoft 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are or may be

More information

STORAGE ASEAN. Unstructured data. growth continues to present challenges. and opportunities

STORAGE ASEAN. Unstructured data. growth continues to present challenges. and opportunities STORAGE ASEAN MANAGING THE INFORMATION THAT DRIVES THE ENTERPRISE UNSTRUCTURED DATA Home growth continues to present challenges STORAGE CHOICES storage? Prepare to be confused by the variety of options

More information

Cultural Human Resources Council (CHRC) Personal Information Protection and Electronic Documents Act (PIPEDA) Privacy Policy

Cultural Human Resources Council (CHRC) Personal Information Protection and Electronic Documents Act (PIPEDA) Privacy Policy Cultural Human Resources Council (CHRC) Personal Information Protection and Electronic Documents Act (PIPEDA) Privacy Policy September 2004 1.0 INTRODUCTION... 3 2.0 CHRC POLICY STATEMENT... 3 3.0 PRIVACY

More information

THE MOBILE MAJORITY: BUILDING PRIVACY BY DESIGN INTO MOBILE APPS

THE MOBILE MAJORITY: BUILDING PRIVACY BY DESIGN INTO MOBILE APPS THE MOBILE MAJORITY: BUILDING PRIVACY BY DESIGN INTO MOBILE APPS Clarissa Cerda, EVP, Chief Legal Officer and Secretary, LifeLock Kimberly Cilke, CIPP/US Deputy General Counsel, GoDaddy.com Timothy Sparapani

More information

BIG DATA, BIG ISSUES?

BIG DATA, BIG ISSUES? BIG DATA, BIG ISSUES? IS AUSTRALIAN PRIVACY LAW KEEPING UP? By Reyhaneh Saadati, Solicitor & Alec Christie, Partner, DLA Piper Big Data has been dubbed by many as the "new economic asset" of our age and

More information

CONTROLLING CLOUDS: BEYOND SAFETY

CONTROLLING CLOUDS: BEYOND SAFETY CONTROLLING CLOUDS: BEYOND SAFETY GORDON HAFF (@ghaff) CLOUD EVANGELIST 22 OCTOBER 2013 ABOUT ME Red Hat Cloud Evangelist Twitter: @ghaff Google+: Gordon Haff Email: ghaff@redhat.com Blog: http://bitmason.blogspot.com

More information

PRIVACY POLICY NEXT BUSINESS ENERGY PTY LIMITED ABN 91 167 937 555

PRIVACY POLICY NEXT BUSINESS ENERGY PTY LIMITED ABN 91 167 937 555 PRIVACY POLICY NEXT BUSINESS ENERGY PTY LIMITED ABN 91 167 937 555 TABLE OF CONTENTS 1. INTRODUCTION 3 2. HOW WE COLLECT YOUR PERSONAL INFORMATION 3 3. TYPES OF INFORMATION WE COLLECT 4 4. HOW WE USE THE

More information

Cloud Computing Governance & Security. Security Risks in the Cloud

Cloud Computing Governance & Security. Security Risks in the Cloud Cloud Computing Governance & Security The top ten questions you have to ask Mike Small CEng, FBCS, CITP Fellow Analyst, KuppingerCole This Webinar is supported by Agenda What is the Problem? Ten Cloud

More information

Estée Lauder Companies Global Jobs Website Privacy Policy

Estée Lauder Companies Global Jobs Website Privacy Policy Effective Date: August 14, 2014 Estée Lauder Companies Global Jobs Website Privacy Policy The Estée Lauder Companies ( we, us, or our ) respects your concerns about privacy and value the relationship we

More information

QUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN 18 085 048 237. better health cover shouldn t hurt

QUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN 18 085 048 237. better health cover shouldn t hurt QUEENSLAND COUNTRY HEALTH FUND privacy policy Queensland Country Health Fund Ltd ABN 18 085 048 237 better health cover shouldn t hurt 1 2 contents 1. Introduction 4 2. National Privacy Principles 5 3.

More information

Office of the Data Protection Commissioner of The Bahamas. Data Protection (Privacy of Personal Information) Act, 2003. A Guide for Data Controllers

Office of the Data Protection Commissioner of The Bahamas. Data Protection (Privacy of Personal Information) Act, 2003. A Guide for Data Controllers Office of the Data Protection Commissioner of The Bahamas Data Protection (Privacy of Personal Information) Act, 2003 A Guide for Data Controllers 1 Acknowledgement Some of the information contained in

More information

Addressing Information Protection, Privacy & Sovereignty Concerns in Cloud Applications

Addressing Information Protection, Privacy & Sovereignty Concerns in Cloud Applications Addressing Information Protection, Privacy & Sovereignty Concerns in Cloud Applications Varun Badhwar Co-Founder; VP of Products & Solution Engineering 1 2013 CipherCloud All rights reserved. Agenda Introduction

More information

Best Practices at Research Level

Best Practices at Research Level PReparing Industry to Privacy-by-design by supporting its Application in REsearch Best Practices at Research Level Hisain Elshaafi Telecommunications Software and Systems Group (TSSG) Waterford Institute

More information

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Best Practices for Security in the Cloud John Essner, Director

More information

Healthcare Data in the Cloud A Gathering Storm of Governance. Erik Pupo Senior Manager, Deloitte

Healthcare Data in the Cloud A Gathering Storm of Governance. Erik Pupo Senior Manager, Deloitte Healthcare Data in the Cloud A Gathering Storm of Governance Erik Pupo Senior Manager, Deloitte Objectives for this Webinar Explain what the healthcare cloud really means Highlight emerging challenges

More information

SaaS. Business Associate Agreement

SaaS. Business Associate Agreement SaaS Business Associate Agreement This Business Associate Agreement ( BA Agreement ) becomes effective pursuant to the terms of Section 5 of the End User Service Agreement ( EUSA ) between Customer ( Covered

More information

GE Money s Know Your Intermediary Personal Loan Broker Application

GE Money s Know Your Intermediary Personal Loan Broker Application GE Money s Know Your Intermediary Personal Loan Broker Application In order to comply with the Know Your Intermediary (KYI) requirements of GE Money for the introduction of personal loans, the following

More information

CIHI Submission: 2011 Prescribed Entity Review

CIHI Submission: 2011 Prescribed Entity Review pic pic CIHI Submission: 2011 Prescribed Entity Review October 2011 Who We Are Established in 1994, CIHI is an independent, not-for-profit corporation that provides essential information on Canada s health

More information

Privacy Policy Draft

Privacy Policy Draft Introduction Privacy Policy Draft Please note this is a draft policy pending final approval Alzheimer s Australia values your privacy and takes reasonable steps to protect your personal information (that

More information

APAC OF POSSIBILITIES: TIPS FOR INCREASING CLOUD SECURITY AND ADOPTION

APAC OF POSSIBILITIES: TIPS FOR INCREASING CLOUD SECURITY AND ADOPTION APAC OF POSSIBILITIES: TIPS FOR INCREASING CLOUD SECURITY AND ADOPTION Ken Low Director of Enterprise Security, Asia Pacific, Trend Micro Chairman, Asia Pacific Executive Council, Cloud Security Alliance

More information

Cloud Data Security. Sol Cates CSO @solcates scates@vormetric.com

Cloud Data Security. Sol Cates CSO @solcates scates@vormetric.com Cloud Data Security Sol Cates CSO @solcates scates@vormetric.com Agenda The Cloud Securing your data, in someone else s house Explore IT s Dirty Little Secret Why is Data so Vulnerable? A bit about Vormetric

More information

Whitepaper. Implications of Federal Privacy Reforms for Federal Government Agencies. Date Released: 1 August 2013

Whitepaper. Implications of Federal Privacy Reforms for Federal Government Agencies. Date Released: 1 August 2013 Whitepaper Implications of Federal Privacy Reforms for Federal Government Agencies Date Released: 1 August 2013 Authors: Amanda Biggs and Helaine Leggat Disclaimer This White Paper is published for general

More information

John Essner, CISO Office of Information Technology State of New Jersey

John Essner, CISO Office of Information Technology State of New Jersey John Essner, CISO Office of Information Technology State of New Jersey http://csrc.nist.gov/publications/nistpubs/800-144/sp800-144.pdf Governance Compliance Trust Architecture Identity and Access Management

More information

Service Organization Control Reports

Service Organization Control Reports SAS 70 ENDS EXIT TO SSAE 16 Service Organization Control Reports What Did We Learn from Year One? Agenda Definitions Service Organization Reports What are they? Year One Experiences SSAE 16 Year One Experiences

More information

SOC on Amazon Web Services (AWS) What You Need To Know Understanding the regulatory roadmap for SOC on AWS

SOC on Amazon Web Services (AWS) What You Need To Know Understanding the regulatory roadmap for SOC on AWS SOC on Amazon Web Services (AWS) What You Need To Know Understanding the regulatory roadmap for SOC on AWS Jeff Cook November 2015 Summary Service Organization Control (SOC) reports (formerly SAS 70 or

More information

Australian government Commercial sector/private company Health provider General public Street address/po Box: Suburb: City: State: Post code:

Australian government Commercial sector/private company Health provider General public Street address/po Box: Suburb: City: State: Post code: Data Request Form Request Number Date Requested Requestor details (Office Use Only): Date: Name of requestor First name: Last name: Email address Phone number ( ) Organisation Role of requestor Organisation

More information

Corporate Presentation

Corporate Presentation Corporate Presentation XcellHost Cloud Services India Dubai Singapore Experience High Touch Support Reliable Secure Speed Scalable Manageable Value XcellHost About Us Founded in 1999. Global Reach Personal

More information

Legal Issues Associated with Cloud Computing. Laurin H. Mills May 13, 2009

Legal Issues Associated with Cloud Computing. Laurin H. Mills May 13, 2009 Legal Issues Associated with Cloud Computing Laurin H. Mills May 13, 2009 What Is Cloud Computing? The cloud is a metaphor for the Internet Leverages the connectivity of the Internet to optimize the utility

More information

BUSINESS PRACTICES PROTECTION INSURANCE TRANSPORT INDUSTRY

BUSINESS PRACTICES PROTECTION INSURANCE TRANSPORT INDUSTRY BUSINESS PRACTICES PROTECTION INSURANCE TRANSPORT INDUSTRY NOTICES RELATING TO THE OPERATION OF THIS POLICY Attention is drawn to Section 21 of the Insurance Contracts Act 1984 (Commonwealth) which provides

More information

The taxation treatment of Australian financial products is not the same as for New Zealand financial products.

The taxation treatment of Australian financial products is not the same as for New Zealand financial products. Overseas distribution No action has been taken to register or qualify the offer of Units under this PDS, or to otherwise permit a public offering of Units, in any jurisdiction outside Australia and New

More information

Hans Bos Microsoft Nederland. hans.bos@microsoft.com

Hans Bos Microsoft Nederland. hans.bos@microsoft.com Hans Bos Microsoft Nederland Email: Twitter: hans.bos@microsoft.com @hansbos Microsoft s Cloud Environment Consumer and Small Business Services Software as a Service (SaaS) Enterprise Services Third-party

More information

Ten steps to develop a multilayered privacy notice

Ten steps to develop a multilayered privacy notice Ten steps to develop a multilayered privacy notice Prepared by leading lawyers and experts in privacy with The Center for Information Policy Leadership Foreword Experts agree that good privacy begins

More information