ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS
|
|
- Audra Anthony
- 8 years ago
- Views:
Transcription
1 ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISS
2 Data Flows and Data Mirroring Martin Abrams September ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISS
3 We Are In the Infancy Of An Information Revolution Volume of information is expanding geometrically. We talk of exabytes of data today vs. terabytes yesterday and gigabytes the day before. Data processes are expanding the data that we can understand using computers. So usable data is expanding geometrically as well. ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISS
4 We Are in the Infancy of an Information Revolution (Cont.) Analytics are also improving at geometric rates. Information yields more value. Emerging economies generate growth via knowledge based employment. Communications improvements mean that work will be done where it may most effectively be done. ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISS
5 1997 Data Flows Over a Ten Year Period Data transferred via tape or disk Data located and processed in same location Access and location the same Small network of controllers and processors Fairly simple regulatory challenge ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISS
6 2007 Data Flows Over a Ten Year Period Data flows electronically Data processed remotely and in many locations at the same time Access maybe anywhere Long chain of controllers and subcontractors all adding value Complex challenge ÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISS
7 What Is A Transfer Today? 24/7/365 customer service Processing a payment for a purchase in China with a card issued in Germany from a phone in a Canadian hotel room Business process re-engineering in India Global project teaming in Spain, Russia, China, Australia, US and Canada Social networking in a global community ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISS
8 An Example of Global Teaming Team created to address a medical problem Doctors and scientists in 10 countries with various expertise working as a virtual team New members might be added All need to look at the same data sets ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISS
9 An Example of Global Teaming (Cont) Data sets comprised of Clinical data Epidemiological data Data on compounds and materials Data located in servers in all ten countries, but mirrored on every screen What regulatory scheme covers this teaming? ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISS
10 Nature of Privacy Compounds Our Issue Privacy is local Personal information protection Domain for autonomy Security Data flows are global Yet individuals demand and expect that their local expectations be met in an increasingly networked world ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISS
11 Emerging Model of Governance Privacy is local Data flows are global Obligations are universal Accountability based systems of governance Binding Corporate Rules Cross Border Privacy Rules Growth of accountability agents and methods Linkages based on common principles ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISS
12 Conclusion Data transfers and mirroring are a simple reflection of information and communications revolution. Information will drive growth and change. Individual expectations must be met no matter where the data is seen. That means governance structures that are consistent with privacy being local, data flows being global, and obligations being universal. ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISS
13 Data Flows and Data Mirroring Benjamin S. Hayes Americas Data Privacy Compliance Lead Accenture, LLP ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISS
14 Data Flows and Data Mirroring What data is flowing across borders, and where is it going? Why is the data moving? What are the trends? Predictions for the future Outsourcing myth and reality ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISS
15 Example 1: Commercial website Content / functionality modules (not including web advertisements) supplied by various third parties: Dell Careerbuilder.com Google People magazine Yahoo Accuweather.com Time.com AOL Fortune Etc., etc., etc. ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISS
16 Commercial Website (cont.) Each module, in turn is likely powered by a service provider to Google, Time, AOL, etc. These service providers may outsource part or all of the functionality to a subcontractor. Data input through a module may be accessible to multiple parties in multiple geographies. Virtually all of the controls to protect data will be contractual (as opposed to compliance with laws) ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISS
17 Example 2 HR Outsourcing Services typically involve providing the majority of personnel administration functions: Payroll Benefits enrollment Change of status Communications to employees Helpline for employee inquiries ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISS
18 How a hypothetical HRO is staffed Assume client is in US, UK, NL and Belgium. Deal may be signed in London between Client UK and Accenture UK Accenture Consultants in US, UK, Argentina and Manila Call centers in Buenos Aires, Warsaw, and Kuala Lampur to ensure 24 hr coverage. Data processing in Bangalore Printing / mailing performed by third party in US. ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISS
19 Why are services provided this way? Primary reason cost The search for efficiency and savings drives outsourcing Strong pressure on public companies to produce profits for shareholders. Secondary reasons ability to distribute work to expert teams in various geographies, 24 hour capabilities, languages ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISS
20 Added complexity communications infrastructure Servers are located in service locations, but are backed up on different continents for disaster discovery purposes. Secondary backup servers ( fail-over capacity ) may be in yet another country. The widely distributed service delivery team may use a private group website (hosted in Chicago, serviced from India) to collaborate on projects, share drafts, etc. The advent of VOIP may mean re-examining assumptions about the privacy /security of voice communications caching, routing, clear-text packets, etc. All of this means a complex web of Model Clauses and other data transfer agreements must be applied to follow the data difficult to administer. ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISS
21 Predictions for the future The distribution of data and segmentation of business processes is driven by economics and improvements in information technology. Bandwidth availability will continue to improve, which will drive further distribution of data and segmentation of business processes. More businesses will engage in transitory data processing instead of traditional controllership. Business realities require consistent administration of data from many sources this means there is economic demand for harmonized international rules regarding data sharing, Increased or disharmonized regulation that interferes with transborder data flows will mean some economic efficiencies are unrealized. Territorial limits on transborder data flows may do little to address actual risks a risk-focused (rather than territorial) regulatory regime would be more protective of consumer interests. ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISS
22 Outsourcing Myths Work is performed in substandard conditions, employing uneducated, untrustworthy people. Information security standards are lax. Data is necessarily less safe than it would be in its home country. ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISS
23 Outsourcing Reality Work is performed in modern business conditions by educated, trained, screened personnel Information security standards are extremely strict Data is safer than it might be in many other places ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISS
24 Accenture Delivery Centers are focused on security expectations and are audited Bangalore has been certified at Level 3 of the esourcing Capability Model for Service Providers by Carnegie Mellon University 1 st outsourcer in the world to receive this designation 17+ Accenture delivery locations to receive SAS 70 Level II audits in centers are currently compliant with ISO 27001; 3 more will be added in October, 2007 (represents most of Accenture s outsourced service delivery locations); variety of other standards certifications in place. Global mandatory training on data privacy for all personnel ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISS
25 DATA FLOWS & DATA MIRRORING David Loukidelis Information and Privacy Commissioner for British Columbia oipc.bc.ca ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISS
26 Changing Nature of Trans-Border Data Flows (TBDF) As the other members of the panel have noted, the nature, complexity, scale and range of global data flows have dramatically changed in just 10 years The economics are such that bandwidth will continue to grow, storage will get ever cheaper and ICT will go on evolving As we navigate the New Spice Routes (Alhadeff), challenges to traditional models of data protection (DP) will grow more acute ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISS
27 Challenges to Traditional Accountability Mechanisms Governments and DPAs have long struggled with implications for DP enforcement of territorial limits of jurisdiction In Canada, constitutional limits on government authority result in a patchwork of similar but somewhat varying privacy laws Canadian DPAs thus face TBDF challenges similar to those across international borders Canadian legislative harmonization is desirable (compare US Uniform Law Conference approach) ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISS
28 Challenges to Accountability (cont d) Canadian DPA co-operation is desirable and is a reality, in public and private sector DPA activities Challenges to governments and DPAs are even greater in international TBDF Territorial limits on jurisdiction aside, basic nature of legal systems will vary, regulatory approaches often differ and cultures may clash This has to some degree been true since simpler days of A to B batch data transfers ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISS
29 Responding to Challenges Export control approach reflected in EU laws can be seen as one attempt to address challenges of TBDF US Safe Harbor is a noteworthy example of the challenges raised by varying policy responses to privacy issues, where one response is the export control approach Another response has been the model contract clauses approach (EU and ICC) ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISS
30 Meeting New Challenges Rapidly changing nature and extent of TBDF demand new solutions export control and model contract approaches are increasingly ill-suited for TBDF challenges What can be done? Not a new question and there are many possible answers ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISS
31 Regulatory Co-operation Bilateral DPA co-operation can be useful for specific complaints or cases (this can ease though not eliminate territorial limits issue e.g., Abika case and Canada-US cooperation) DPA information sharing can help those cooperating better allocate enforcement resources ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISS
32 Regulatory Co-operation (cont d) Multilateral co-operation can achieve this and more e.g., through creation of harmonized resources that smooth edges of privacy framework disparities Asia-Pacific Privacy Authorities organization as an example of multilateral co-operation in a regional international context ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISS
33 Co-operation & What Else? There are clearly some serious limits on how fruitful co-operation can be it cannot overcome the challenges mentioned earlier, most prominent being differences in legislative/regulatory regimes These challenges continue to drive the search for new approaches, to complement or replace existing approaches such as model contracts and export controls ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISS
34 Cross-Border Privacy Rules (CBPR) Systems Leaving international standards aside for now (they have considerable merit in principle), CBPRs involve a corporation adopting privacy rules to govern their global conduct CBPRs can be underpinned by an international standard like the APEC Privacy Framework Next step is for APEC and other organizations to establish accountability systems ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISS
35 CBPRs Systems (cont d) Challenge is to find alternative, complementary approaches for ensuring accountability for privacy practices in a complex TBDF world Accountability agents like trustmarks offer promise free of territorial restraints they could offer ADR, audit and redress and complement DPA and government action ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISS
36 Conclusion CBPRs systems offer promise Work on international standards should continue (OECD meets APEC meets ISO?) DPAs can and should increase the level of co-operation on various fronts There is no panacea, but an array of approaches can serve stakeholders well in the brave new world of TBDF ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISS
Privacy and Data Protection
Hewlett-Packard Company 3000 Hanover Street Palo Alto, CA 94304 hp.com HP Policy Position Privacy and Data Protection Current Global State of Privacy and Data Protection The rapid expansion and pervasiveness
More informationOVERVIEW. stakeholder engagement mechanisms and WP29 consultation mechanisms respectively.
Joint work between experts from the Article 29 Working Party and from APEC Economies, on a referential for requirements for Binding Corporate Rules submitted to national Data Protection Authorities in
More informationOUTSOURCING, HOSTING AND DATA PRIVACY ISSUES
OUTSOURCING, HOSTING AND DATA PRIVACY ISSUES 4 April 2013 James Castro-Edwards Solicitor Monica Salgado Advogada / Portuguese Lawyer OUR TEAM Speechly Bircham is an ambitious, full-service law firm with
More informationGlobal Privacy and Data Security in the Cloud September 14, 2011 Miriam Wugmeister
2011 Morrison & Foerster LLP All Rights Reserved mofo.com Global Privacy and Data Security in the Cloud September 14, 2011 Miriam Wugmeister Presenter Miriam Wugmeister Morrison & Foerster LLP New York
More informationThe HR Skinny: Effectively managing international employee data flows
The HR Skinny: Effectively managing international employee data flows Topics we will cover today Laws affecting HR data flows HR international data protection challenges and strategic solutions Case study
More informationImplementing Privacy Compliant Hybrid Cloud Solutions
Implementing Privacy Compliant Hybrid Cloud Solutions SESSION ID: DSP-T07A Peter J Reid Privacy Officer, Enterprise Business Hewlett-Packard Company Historical IT Outsourcing Perspective Cloud Web 2.0
More informationES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS
ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISS Terra Incognita Auditing for Privacy Workshop: Chairman s Remarks 2007 International Data Protection and Privacy
More informationTowards Effective Internet Governance
Towards Effective Internet Governance Risaburo NEZU Director Science, Technology and Industry OECD APEC e- commerce convention May 15, 2000 Tokyo Japan ISSUES 1. Tax 2. Tariffs 3. Privacy protection 4.
More informationData Protection and Cloud Computing: an Overview of the Legal Issues
Data Protection and Cloud Computing: an Overview of the Legal Issues Christopher Kuner Partner, Hunton & Williams, Brussels Research Assistant, University of Copenhagen Nordic IT Law Conference Copenhagen,
More informationWelcome & Introductions
Addressing Data Privacy and Security Compliance in Cloud Computing Benjamin Hayes, Director of Legal Services, Data Privacy Compliance North America Accenture Copyright 2011 Accenture All Rights Reserved.
More informationData Security Council of India (DSCI) Response to
Data Security Council of India (DSCI) Response to A Comprehensive Approach on Personal Data Protection in the European Union Communication from the Commission to the European Parliament, The Council, The
More informationTransborder Dataflows and ecommunications: Outsourcing in Historical Context
Transborder Dataflows and ecommunications: Outsourcing in Historical Context March 6, 2015 Faculty of Information, University of Toronto Stephanie Perrin Assessing Privacy Risks of Extra-National Outsourcing
More informationES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS
ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISS Terra Incognita Auditing for Privacy Workshop: Chairman s Remarks 2007 International Data Protection and Privacy
More informationData Management: Considerations for Integrating Compliance Requirements At Home and Abroad. Toronto, Ontario June 14, 2005
Data Management: Considerations for Integrating Compliance Requirements At Home and Abroad Toronto, Ontario June 14, 2005 Outsourcing Update: New Contractual Options and Risks Lisa K. Abe June 14, 2005
More informationData transfers in the Cloud
Data transfers in the Cloud Rapporteur: Emmanuelle Bartoli Meeting date: 28 th March 2014 1 The purpose of this document is to explore options for how contracts between Cloud providers and consumers and
More informationCloud computing and personal data protection. Gwendal LE GRAND Director of technology and innovation CNIL
Cloud computing and personal data protection Gwendal LE GRAND Director of technology and innovation CNIL 1 Data protection in Europe Directive 95/46/EC Loi 78-17 du 6 janvier 1978 amended in 2004 (France)
More informationIsraeli Law Information and Technology Authority. Privacy and Data Security in the Cloud - The Israeli Perspective
הרשות למשפט, טכנולוגיה ומידע Israeli Law Information and Technology Authority Privacy and Data Security in the Cloud - The Israeli Perspective Amit Ashkenazi, Head of the Legal Department Outline Introduction
More informationThe eighth data protection principle and international data transfers
Data Protection Act 1998 The eighth data protection principle and international data transfers The Information Commissioner s recommended approach to assessing adequacy including consideration of the issue
More informationGlobal Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com
Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com W H I T E P A P E R T h e B e n e f i t s o f C l o u d - B a s e d B a c k u p : A d d r e s s i
More informationBHF Southern African Conference
BHF Southern African Conference Navigating the complexities of the new legislative framework Peter Hill, Director: IT Governance Network TOPICS TO BE COVERED The practical implementation of the PPI Act
More informationAUDITING AND ENFORCEMENT AT THE SPANISH DPA. EXPERIENCE WITH OUTSOURCING TO COUNTRIES WITH A NON ADEQUATE LEVEL OF PROTECTION
AUDITING AND ENFORCEMENT AT THE SPANISH DPA. EXPERIENCE WITH OUTSOURCING TO COUNTRIES WITH A NON ADEQUATE LEVEL OF PROTECTION CONFERENCE ON CROSS-BORDER DATA FLOW & PRIVACY October 15 16, 2007 Washington,
More informationPromoting Cross Border Data Flows Priorities for the Business Community
Promoting Cross Border Data Flows Priorities for the Business Community The movement of electronic information across borders is critical to businesses around the world, but the international rules governing
More informationMicrosoft appreciates the opportunity to respond to the Cloud Computing Consumer Protocol: ACS Discussion Paper July 2013 (the protocol).
Microsoft Submission to ACS Cloud Protocol Discussion Paper General Comments Microsoft appreciates the opportunity to respond to the Cloud Computing Consumer Protocol: ACS Discussion Paper July 2013 (the
More informationCLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES:
CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES: Privacy Responsibilities and Considerations Cloud computing is the delivery of computing services over the Internet, and it offers many potential
More informationINFORMATION SECURITY GUIDE. Cloud Computing Outsourcing. Information Security Unit. Information Technology Services (ITS) July 2013
INFORMATION SECURITY GUIDE Cloud Computing Outsourcing Information Security Unit Information Technology Services (ITS) July 2013 CONTENTS 1. Background...2 2. Legislative and Policy Requirements...3 3.
More informationI. Introduction to Privacy: Common Principles and Approaches
I. Introduction to Privacy: Common Principles and Approaches A. A Modern History of Privacy a. Descriptions and definitions b. Historical and social origins c. Information types i. Personal and non-personal
More informationPolicy Statement. Employee privacy, data protection and human resources. Prepared by the Commission on E-Business, IT and Telecoms. I.
International Chamber of Commerce The world business organization Policy Statement Employee privacy, data protection and human resources Prepared by the Commission on E-Business, IT and Telecoms I. Introduction
More informationInformation Security Risks when going cloud. How to deal with data security: an EU perspective.
Separating fact from fiction about new software licensing /SaaS/ cloud computing models: advantages, disadvantages and ethical implications. Information Security Risks when going cloud. How to deal with
More informationSAS CLOUD ANALYTICS MAY 2015
SAS CLOUD ANALYTICS MAY 2015 SAS SOLUTIONS ONDEMAND HISTORY Established in 2000 Formed as the Application Service Provider Group HP ES40 6/833: Tru64 Unix V5.1 TruCluster. 4 CPU s, 8 GB Memory 2 SAS CLOUD
More informationProtecting Saskatchewan data the USA Patriot Act
Protecting Saskatchewan data the USA Patriot Act Main points... 404 Introduction... 405 Standing Committee on Public Accounts motion... 405 Our response to the motion... 405 ITO, its service provider,
More informationFeasibility Study for a EU Pension Fund for Researchers. European Commission Research Directorate-General
Feasibility Study for a EU Pension Fund for Researchers European Commission Research Directorate-General Executive Summary n RTD/DirC/C4/2009/026879 1 Executive Summary This report covers the main results
More informationDean Bank Primary and Nursery School. Secure Storage of Data and Cloud Storage
Dean Bank Primary and Nursery School Secure Storage of Data and Cloud Storage January 2015 All school e-mail is disclosable under Freedom of Information and Data Protection legislation. Be aware that anything
More informationTen steps to develop a multilayered privacy notice
Ten steps to develop a multilayered privacy notice Prepared by leading lawyers and experts in privacy with The Center for Information Policy Leadership Foreword Experts agree that good privacy begins
More informationConsiderations for Outsourcing Records Storage to the Cloud
Considerations for Outsourcing Records Storage to the Cloud 2 Table of Contents PART I: Identifying the Challenges 1.0 Are we even allowed to move the records? 2.0 Maintaining Legal Control 3.0 From Storage
More informationData Archiving for Littelfuse Paved the Way for One Day SAP ERP ECC 6.0 Upgrade
Data Archiving for Littelfuse Paved the Way for One Day SAP ERP ECC 6.0 Upgrade Industry: High-tech Manufacturing Geography: USA Employee Size: 6,550 Revenue Range: $500 Million - $1 Billion The Client
More informationIAPP Privacy Certification
IAPP Privacy Certification Program Introduction to the Certification Foundation copyright 2011, IAPP Overview Each candidate who seeks an IAPP privacy certification for the very first time must complete
More informationThe Legal Pitfalls of Failing to Develop Secure Cloud Services
SESSION ID: CSV-R03 The Legal Pitfalls of Failing to Develop Secure Cloud Services Cristin Goodwin Senior Attorney, Trustworthy Computing & Regulatory Affairs Microsoft Corporation Edward McNicholas Global
More informationAcquia Comments on EU Recommendations for Data Processing in the Cloud
Acquia Comments on EU Recommendations for Data Processing in the Cloud Executive Summary On July 1, 2012, European Union (EU) data protection regulators provided guidelines for service providers processing
More informationSelf-Assessment of a Comprehensive Privacy Programme: A Tool for Practitioners
Self-Assessment of a Comprehensive Privacy Programme: A Tool for Practitioners The Accountability Project ( the Project ) is pleased to release Self-Assessment of a Comprehensive Privacy Programme: A Tool
More informationTHE INTERNATIONAL CHAMBER OF COMMERCE PROPOSES AN ALTERNATIVE FOR LEGITIMIZING INTERNATIONAL TRANSFERS OF PERSONAL DATA FROM THE EUROPEAN UNION
CLIENT MEMORANDUM THE INTERNATIONAL CHAMBER OF COMMERCE PROPOSES AN ALTERNATIVE FOR LEGITIMIZING INTERNATIONAL TRANSFERS OF PERSONAL DATA FROM THE EUROPEAN UNION The ICC Report analyzes the use of binding
More informationJeanne Kelly, Partner Cloud Computing: The Legal Issues
Jeanne Kelly, Partner Cloud Computing: The Legal Issues 14 June 2010 One of the things we really need to watch out for is that we don t hold cloud deployment back because we have some storyline about how
More informationCloud Computing: Contracting and Compliance Issues for In-House Counsel
International In-house Counsel Journal Vol. 6, No. 23, Spring 2013, 1 Cloud Computing: Contracting and Compliance Issues for In-House Counsel SHAHAB AHMED Director Legal and Corporate Affairs, Microsoft,
More informationCritical Privacy Questions to Ask an HCM/CRM SaaS Provider
Research Publication Date: 31 July 2009 ID Number: G00168488 Critical Privacy Questions to Ask an HCM/CRM SaaS Provider Carsten Casper, Thomas Otter, Arabella Hallawell The vast majority (probably greater
More informationArticle 29 Working Party Issues Opinion on Cloud Computing
Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,
More informationICT budget and staffing trends in Healthcare
ICT budget and staffing trends in Healthcare Enterprise ICT investment plans November 2013 ICT budget and staffing trends in Healthcare P a g e 1 www.kable.co.uk / The id Factor Ltd / + 44 (0) 207 936
More informationSPECIAL ISSUES IN CANADIAN IT OUTSOURCING BY C. IAN KYER AND JOHN BEARDWOOD
SPECIAL ISSUES IN CANADIAN IT OUTSOURCING BY C. IAN KYER AND JOHN BEARDWOOD INTRODUCTION For an American service provider, doing an outsourcing in Canada is like a fan of the National League Chicago Cubs
More informationPrivacy, the Cloud and Data Breaches
Privacy, the Cloud and Data Breaches Annelies Moens Head of Sales and Operations, Information Integrity Solutions Legalwise Seminars Sydney, 20 March 2013 About IIS Building trust and privacy through global
More informationUsing AWS in the context of Australian Privacy Considerations October 2015
Using AWS in the context of Australian Privacy Considerations October 2015 (Please consult https://aws.amazon.com/compliance/aws-whitepapers/for the latest version of this paper) Page 1 of 13 Overview
More informationTestimony of Peter Allgeier President Coalition of Services Industries (CSI)
Testimony of Peter Allgeier President Coalition of Services Industries (CSI) Hearing On International Data Flows: Promoting Digital Trade in the 21st Century House Committee on the Judiciary Subcommittee
More informationData protection legislation influence on cloud computing from local as well as EU perspective
mag. Andrej Tomšič Deputy Information Commissioner Information Commissioner Data protection legislation influence on cloud computing from local as well as EU perspective CLASS conference 2012 I Cloud Assisted
More informationWhy Join BSA? A Vital Resource for Software Companies. The many reasons why software companies join BSA OUR VALUE PROPOSITION
Why Join BSA? The many reasons why software companies join BSA OUR VALUE PROPOSITION A membership in BSA The Software Alliance provides you a seat at the table with the world s leading software companies.
More informationData Protection HEADLINE PART Developments: Implications HEADLINE for the PART Insurance 2 Sector Strategies for Compliance
Data Protection HEADLINE PART Developments: 1 Implications HEADLINE for the PART Insurance 2 Sector Strategies for Compliance Sub-headline Arial 18pt dark gray Optional Name Arial 13pt italic white Venue
More informationResponse to the European Commission consultation on. European Data Protection Legal Framework
Response to the European Commission consultation on European Data Protection Legal Framework A submission by Acxiom (ID number 02737212854-67) Correspondence Address: Martin-Behaim-Straße 12, 63263 Neu-Isenburg,
More informationThe prospects for data breach laws in 22 European countries
The prospects for data breach laws in 22 European countries Stewart Dresner, Chief Executive Privacy Laws & Business Wednesday, 4 November 2009 16 30-17 45: PARALLEL SESSION A: Ooopsss!!!!! Where did I
More informationOverview of Cloud Computing in India
Overview of Cloud Computing in India NIST Standards in Trade Workshop with India Rahul Jain Principal Consultant Data Security Council of India September 17, 2014 Opportunities in the Cloud Cloud Market
More informationEuropean Commission Green Paper on card, mobile and e- payments
European Commission Green Paper on card, mobile and e- payments A Cicero Consulting Special Report 2 Contents page Cicero Introduction Page 3 Current payments landscape Page 5 Objectives Page 5 Possible
More informationGlobal Data Center Location Insights March 2013
Global Data Center Location Insights March 2013 This report is solely for the use of Talent Neuron clients and Talent Neuron Subscribers. No part of it may be circulated, quoted, or reproduced for distribution
More informationCyberEdge Insurance Proposal Form
Note to the Proposer Signing or completing this proposal does not bind the Proposer, or any individual or entity he or she is representing to complete this insurance. Please provide by addendum any supplementary
More informationAccountability: Data Governance for the Evolving Digital Marketplace 1
Accountability: Data Governance for the Evolving Digital Marketplace 1 1 For the past three years, the Centre for Information Policy Leadership at Hunton & Williams LLP has served as secretariat for the
More informationInformation Sheet: Cloud Computing
info sheet 03.11 Information Sheet: Cloud Computing Info Sheet 03.11 May 2011 This Information Sheet gives a brief overview of how the Information Privacy Act 2000 (Vic) applies to cloud computing technologies.
More informationCloud Computing and Data Protection Compliance - Experiences from Norway
Cloud Computing and Data Protection Compliance - Experiences from Norway PhD Thomas Olsen Legal Aspects of Cloud Computing, UiO, 27 January 2015 www.svw.no Overview Cloud Computing Introduction to EU and
More informationPRIVACY & DATA PROTECTION ANNUAL REPORT
2012 2013 PRIVACY & DATA PROTECTION ANNUAL REPORT CONTENTS 2 Leading the Way 4 A Strong Privacy Advocate 7 Protecting Our Customers 16 The Mobile Revolution PREFACE by Dr. Larry Ponemon Chairman & Founder,
More informationPreparing for the EU General Data Protection Regulation
RESEARCH REPORT Preparing for the EU General Data Protection Regulation Assessing Awareness, Readiness & Impact of the Proposed Changes in US, UK, France & Germany TRUSTe Inc. 1 888 878 7830 +44 203 078
More informationPUBLIC CONSULTATION ON POSTAL SERVICES
EUROPEAN COMMISSION PUBLIC CONSULTATION ON POSTAL SERVICES PART 2 CONSULTATION ENDS JAN 27 2006 NOV 2005 V1.9 Page 1 of 9 PART 2 CONSULTATION ON POSTAL SERVICES Part 2 asks more detailed questions on a
More informationCloud Computing Hits Snag in Europe
Cloud Computing Hits Snag in Europe By KEVIN J. O'BRIEN Published: September 19, 2010 BERLIN in the world of ideas, cloud computing has the potential to revolutionize the way people work. Spain Is Ripe
More informationPolicy Brief: Protecting Privacy in Cloud-Based Genomic Research
Policy Brief: Protecting Privacy in Cloud-Based Genomic Research Version 1.0 July 21 st, 2015 Suggested Citation: Adrian Thorogood, Howard Simkevitz, Mark Phillips, Edward S Dove & Yann Joly, Policy Brief:
More informationApplication of Data Protection Concepts to Cloud Computing
Application of Data Protection Concepts to Cloud Computing By Denitza Toptchiyska Abstract: The fast technological development and growing use of cloud computing services require implementation of effective
More informationUnleashing the Potential of Cloud Computing in Europe - What is it and what does it mean for me?
EUROPEAN COMMISSION MEMO Brussels, 27 September 2012 Unleashing the Potential of Cloud Computing in Europe - What is it and what does it mean for me? See also IP/12/1025 What is Cloud Computing? Cloud
More informationitg CloudBase is a suite of fully managed Hybrid & Private Cloud Services ready to support your business onwards and upwards into the future.
Web Filtering Email Filtering Mail Archiving Cloud Backup Disaster Recovery Virtual Machines Private Cloud itg CloudBase is a suite of fully managed Hybrid & Private Cloud Services ready to support your
More informationCloud Computing Consumer Protocol
Cloud Computing Consumer Protocol Submission by the Australian Communications Consumer Action Network to the Australian Computer Society 16 August 2013 Australian Communications Consumer Action Network
More informationwww.corrs.com.au OFFSHORING Data the new privacy laws
www.corrs.com.au OFFSHORING Data the new privacy laws OFFSHORING DATA THE NEW PRIVACY LAWS Transfer of data by Australian organisations to other jurisdictions is increasingly common. This is a result of
More informationCOMPUTER SOFTWARE/SERVICES AND ITeS EXPORTS
COMPUTER SOFTWARE/SERVICES AND ITeS EXPORTS OVERVIEW In recent times, Software development and information technology enabled services (ITeS) including business process outsourcing (BPO)/ knowledge process
More informationMr President, Ladies and Gentlemen Members of the Court, Mr Advocate. Thank you for inviting the European Data Protection Supervisor today.
Request for an Opinion by the European Parliament, draft EU-Canada PNR agreement (Opinion 1/15) Hearing of 5 April 2016 Pleading notes of the European Data Protection Supervisor (EDPS) Mr President, Ladies
More informationSummary of responses to the public consultation on Cloud computing run by CNIL from October to December 2011 and analysis by CNIL
Summary of responses to the public consultation on Cloud computing run by CNIL from October to December 2011 and analysis by CNIL 1. Definition of Cloud Computing In the public consultation, CNIL defined
More informationCloud Computing: Legal Risks and Best Practices
Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent
More informationTrends in Tax Administration Outsourcing. Why tax administrations outsource?
Trends in Tax Administration Outsourcing The M Group, Inc. Federation of Tax Administrators August 13, 2003 Agenda Outsourcing and Out-tasking Why tax administrations outsource? Trends in outsourcing Making
More informationCONSULTING SERVICES Business & technology consulting and managed services
CONSULTING SERVICES Business & technology consulting and managed services SUNGARD CONSULTING SERVICES Leveraging global delivery to help drive operational efficiency while reducing IT cost Companies face
More informationCOMPLIANT LOGISTICS FOR THE OIL & GAS INDUSTRY
COMPLIANT LOGISTICS FOR THE OIL & GAS INDUSTRY Content We understand 67% WE UNDERSTAND YOUR REQUIREMENTS We understand Today s energy market is more dynamic than ever, with demand expected to keep rising
More informationTHIRD PARTY. T i m L i e t z R e g i o n a l P r a c t i c e L e a d e r R i s k A d v i s o r y S e r v i c e s
MANAGING THIRD PARTY RISK T i m L i e t z R e g i o n a l P r a c t i c e L e a d e r R i s k A d v i s o r y S e r v i c e s Experis -- a different kind of talent company. Experis Tuesday, January 08,
More informationEthical hotlines and whistleblowing ensuring businesses are not in conflict with local laws
Ethical hotlines and whistleblowing ensuring businesses are not in conflict with local laws 16 January 2014 Robert Bond, CCEP Partner and Notary Public Our Team Speechly Bircham is an ambitious, full-service
More informationWorld Hybrid Cloud - Market
Report Code: IC 15256 World Hybrid Cloud - Market (product Types, Application, Technology, End Users and Geography) Global Share, Size, Industry Analysis, Trends, Opportunities, Growth and Forecast, 2014-2020
More informationThe Benefits of Integrated. Cloud Recovery as a Service
The Benefits of Integrated Cloud Recovery as a Service The Benefits of Integrated Cloud Backup and Recovery Cloud computing is today s hottest topic in IT. Businesses of all sizes are trying to achieve
More informationPrivacy and Access 20/20 Conference. Data Sovereignty and Data Localization. Does it matter?
Privacy and Access 20/20 Conference Data Sovereignty and Data Localization Does it matter? 13 November 2015 1 Overview To focus the mind: Microsoft vs. USA 2015 Stepping back to leap forward: The basic
More informationCLOUD COMPUTING & THE PATRIOT ACT: A RED HERRING?
CLOUD COMPUTING & THE PATRIOT ACT: A RED HERRING? Lindsey Finch Senior Global Privacy Counsel Salesforce.com lfinch@salesforce.com David T.S. Fraser Partner McInnes Cooper David.fraser@mcinnescooper.com
More informationWhy you need Cryoserver for your Office 365 cloud service
Why you need Cryoserver for your Office 365 cloud service March 2014 FCS (UK) Ltd +44(0)800 280 0525 (EMEA) 1-866-311-1652 (US Toll Free) info@cryoserver.com www.cryoserver.com Introduction Contents Introduction...
More informationGain Efficiency, Cost Savings and Compliance with Iron Mountain s Portfolio of Services
ONE SOLUTION Maximize the Business Value of Your Information Gain Efficiency, Cost Savings and Compliance with Iron Mountain s Portfolio of Services In today s world, information whether in paper or digital
More informationES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS
ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISS Who do you Trust? A Look at Privacy Seals Christine A. Varney Partner Hogan & Hartson LLP Washington, D.C.
More informationRetention & Disposition in the Cloud Do you really have control?
InterPARES Trust Retention & Disposition in the Cloud Do you really have control? Franks Patricia, San Jose State University, San Jose, USA and Alan Doyle, University of British Columbia, Canada October
More informationTHE PHONE RINGS FROM DOWN SOUTH: WHAT ISSUES SHOULD I CONSIDER FOR EXPANDING MY U.S. FRANCHISE INTO CANADA?
THE PHONE RINGS FROM DOWN SOUTH: WHAT ISSUES SHOULD I CONSIDER FOR EXPANDING MY U.S. FRANCHISE INTO CANADA? By Leonard H. Polsky Gowling Lafleur Henderson LLP Vancouver, British Columbia SYNOPSIS Canadian
More informationUnderstanding ISO 27018 and Preparing for the Modern Era of Cloud Security
Understanding ISO 27018 and Preparing for the Modern Era of Cloud Security Presented by Microsoft and Foley Hoag LLP s Privacy and Data Security Practice Group May 14, 2015 Proposal or event name (optional)
More information2013 Global Contact Center Survey Results
2013 Global Contact Center Survey Results Deloitte Consulting LLP March 2013 Contents About the survey 3 Top 10 Insights 5 Survey results: Survey participant profile 8 Geography 11 Organization & Scope
More informationG24 - SAS 70 Practices and Developments Todd Bishop
G24 - SAS 70 Practices and Developments Todd Bishop SAS No. 70 Practices & Developments Todd Bishop Senior Manager, PricewaterhouseCoopers LLP Agenda SAS 70 Background Information and Overview Common SAS
More informationCertified Disaster Recovery Engineer
Cyber Security Training & Consulting Certified Disaster COURSE OVERVIEW 4 Days 32 CPE Credits $2,500 When a business is hit by a natural disaster, cyber crime or any other disruptive tragedy, how should
More informationInteractive Response Technologies
Interactive Response Technologies Increasing accuracy and efficiency in clinical trials To increase the accuracy and efficiency of conducting your global clinical trials, ICON s Interactive Response Technologies
More informationFly. Wealth and Retirement IT Hosting
Fly. Wealth and Retirement IT Hosting 02 SunGard Hedge 360 SunGard Wealth and Retirement IT Hosting SunGard IT Hosting 01 241bn The global cloud computing market will reach $241 billion in 2020. Achieve
More informationErasing the Borders of International Employment. SD Worx Connect
Erasing the Borders of International Employment SD Worx Connect Does your company have employees in multiple countries? If so, you are undoubtedly all too familiar with the web of rules and laws and the
More informationAssessing Risks in the Cloud
Assessing Risks in the Cloud Jim Reavis Executive Director Cloud Security Alliance Agenda Definitions of Cloud & Cloud Usage Key Cloud Risks About CSA CSA Guidance approach to Addressing Risks Research
More informationLegal Issues in the Cloud: A Case Study. Jason Epstein
Legal Issues in the Cloud: A Case Study Jason Epstein Outline Overview of Cloud Computing Service Models (SaaS, PaaS, IaaS) Deployment Models (Private, Community, Public, Hybrid) Adoption Different types
More informationTransparency. Privacy. Compliance. Security. What does privacy at Microsoft mean? Are you using my data to build advertising products?
Privacy Transparency What does privacy at Microsoft mean? Are you using my data to build advertising products? Where is my data? Who has access to my data? Compliance What certifications and capabilities
More information