Privacy Implications of Cloud Computing in Israel
|
|
- Hilda Sullivan
- 8 years ago
- Views:
Transcription
1 January 2012 Privacy Implications of Cloud Computing in Israel Adv. Naomi Assia Co-chairman of the Data Protection Committee -ITECHLAW
2 Cloud Computing One widely accepted definition of Cloud Computing has been offered by the U.S National Institute of Standards and Technology (NIST): Cloud computing is a model for enabling convenient, ondemand network access to a shared pool of configurable computing resources (e.g. servers, storage, networks, applications and services) that can be rapidly provisioned and released with minimal management effort or cloud provider interaction.
3
4 Cloud Computing Vendors and Service Providers are investing in solutions and services in terms of efficiency gains, cost reduction, productivity and scalability. Many technical, commercial and legal issues will require a thorough examination.
5 Cloud Computing A great deal of information that once stored on local computer hard drives is now being stored on remote servers, sometimes referred to the Clouds. Outsourcing of data processing functions to servers which are connected via the internet. Cloud Computing cover peaks in demand that overburden internal IT infrastructures.
6 Types of Cloud Services SaaS (Software as a Service)- application software that is not installed on the local computer but is made available as needed through external servers. IaaS (Infrastructure as a Service)- allows the cloud services provider to host entire IT infrastructure. PaaS (Platform as a Service)- allows the cloud provider to access the entire data processing environment, device management and database controller software. Storage as a Service- data backup and archiving services.
7 Moving into Cloud Computing Things to be considered Internal IT Security Controls Data processing on the cloud brings with it an inherent level of risk due to the bypass of the physical, logical, personal and technical controls of the internal IT personal. Server Elasticity Servers hosting personal data may be reconfigured or decommissioned frequently to accommodate capacity requirements. This means that the person/entity which uses Cloud Services can never be sure where the data resides at a given time.
8 Moving into Cloud Computing Things to be considered (continue) Compliance with Laws and Regulations Companies are ultimately responsible for the security and integrity of data entrusted to them, even when the data is stored in the Cloud.
9 Moving into Cloud Computing Things to be considered (continue) Monitoring Cloud Providers administrators Encryption, tokenizations, masking, auditing and monitoring can reduce the risk of an unauthorized use by the Cloud Service Provider. Physical Infrastructure It is important to determine the physical security measurements that the Cloud Services Provider should implement in the physical place of which the data is being stored.
10 Cloud Services Legislation Today, there is lack of worldwide legislation for drafting Cloud Services Agreements. On the other hand, there is a widespread legislation with regard to the outcome of such Cloud Services Agreements mainly in Privacy and Data Protection issues.
11 ISRAEL - Legislation The Israeli Law, Information and Technology Authority (ILITA), was established by the Ministry of Justice of Israel on September 2006 to become Israel's data protection authority. ILITA missions are, among other, to reinforce personal data protection and increase the enforcement of privacy and IT-related offences
12 ISRAEL - Legislation The adequacy of Israeli data protection law Following a detailed assessment of Israel s data protection law, at its December 2009 meeting, the Article 29 Working Party (which consists of EU data protection authorities) deemed Israel s law to be adequate. Data controller within the European Economic Area can now transfer personal data to Israel wthout breaching the EU data protection Directive s restriction on the transfer of personal data to third countries.
13 ISRAEL - Regulation While using Cloud Services, information may be also transferred to an overseas entities and kept on overseas servers. Such information can contain sensitive and confidential information of the Cloud Services consumers or even third parties information which is stored on the Cloud Services consumers databases.
14 ISRAEL - Regulation Legally, submitting sensitive or confidential information for storage or processing to a Cloud Service Provider, will not dismiss the service consumer from its obligation or responsibility to protect the information in accordance with the Privacy and Data Protection laws, regulations and agreements. An Israeli consumer of Cloud Services is subjected also to the foreign legislation of the Cloud Service Provider.
15 ISRAEL applicable legislation Protection of Privacy Act 1981 Protection of Privacy (Transfer of Data Abroad) Regulations. Protection of Privacy (conditions for keeping, safeguarding and transferring information between public bodies) Regulations. Database Registrar instruction 2/2011* the use of outsource services for personal information processing. * According to the 2/2011 instruction, the Database Registrar will issue a specific instruction for Cloud Computing which will complete the 2/2011 instruction. The 2/2011 Instruction will become valid and enforceable from May 19 th 2012.
16 Database Registrar Instruction 2/2011 Background Section B to the Protection of Privacy Act of 1981 (the Law ) regularizes the authorized use of personal information and determines the liability for prevention of misuse, leakage or theft of the information. While using Cloud Services it is important to pre-evaluate the level of the data sensitivity. The liabilities according to the Law on database s owner and/or database s holder, shall apply also while using Cloud Services.
17 Database Registrar Instruction 2/2011 (continue) Instruction - summary Preliminary exam of Cloud Service (scope and service model) The Service Provider - proved experience in processing personal data, background check and reputation, preliminary check for conflict of interests or the possibility for misuse of the stored information. Drafting the Cloud Services Agreement according to the applicable laws of the parties and the place which the servers are being stored.
18 Database Registrar instruction 2/2011 Instruction summary (continue) Data Protection and controlling the Cloud Services Provider activity. Determine the rights of the Data Subjects to review and make amendments to the data. To determine the period which the personal data is being stored with the service provider and the mechanism for data elimination.
19 Cloud Services Agreements As in any multinational agreements, the parties should determine the jurisdiction and governing law. Determining the above will not release the parties from other enforceable local laws and regulations with regard to Privacy and Data Protection issues. Also the place of which the servers are being stored have a significant influence on the parties responsibilities while executing the agreement.
20 Cloud Services Agreements (continue) Any database (as defined in the Israeli Privacy Protection Act of 1981) transfer to an overseas server, is subjected to the Protection of Privacy (Transfer of Data Abroad) Regulations and thus the transfer should be only to a server located in countries with adequate legislation. Cloud Services Agreements should include specific clauses which shall determine the responsibilities of the Cloud Service Provider for confidentiality, privacy and data protection and shall also determine controlling and reporting mechanism to verify standing by to the responsibilities.
21 The Business Software Alliance (BSA) has presented its Cloud Computing Policy Agenda for the EU. BSA identifies 10 concrete policy actions to boost users privacy and security in the cloud. The actions are aimed to promote the development of necessary standards and infrastructures and ensure an adequate degree of regulatory clarity in EU Cloud Computing Services.
22 Privacy and Data Transfer In order for Cloud Computing Services to develop to their full potential, it is essential to harmonize EU s data protection framework across the EU. That review provide the opportunity to clarify the rules related to privacy and data protection with regard to Cloud Computing. That should include a single definition of Personal Data across the EU and a simplified Data Protection Authority notification system. Efforts to clarify the applications of data retention rules across the EU would ensure a single, coherent and cost effective retention period within the EU market.
23 At the World Economic Forum in Davos on 2011, Neelie Kroes, VP of the EU Commission responsible for the Digital Agenda, reaffirmed that facilitating the take up of cloud computing is a priority in the EU, as it will help a new generation of services to emerge and to boost economic growth across a wide range of sectors.
24
25 CLOUD COMPUTING Overview of the responses given by ITECHLAW (France) and AFDIT to some of the issues raised in the CNIL open consultation of 17 October to 17 November 2011 Claire Bernier - ALTANA - Co-founding Partner Co-chairman of the Data Protection Committee - ITECHLAW Co-local representative for France - ITECHLAW Chairman of the Data Protection Commission - AFDIT Member of the Board - AFDIT cbernier@altanalaw.com
26 Definition of Cloud Computing
27 Creation of a specific legal status for Cloud providers? The CNIL is considering the creation of a specific legal status for Cloud providers Response from ITECHLAW and AFDIT: The creation of a specific legal status for Cloud providers is not necessary: The French Data Protection Act (loi informatique et libertés) excludes Cloud providers from any liability relating to obligations incumbent on data controllers. The various provisions currently laid down in French law, with regard to both the specific provisions contained in the French Data Protection Act(Articles 34 and 35) and criminal law and civil law (contract and tort), already cover the various situations that could arise in the context of Cloud computing services. Cloud providers are bound by all obligations incumbent on IT solution providers, including in particular a duty to provide full information regarding the service ( obligation d information ), a duty to give advice and due warning ( obligation de conseil et de mise en garde ) and a duty to render the data secure and confidential. Any increase in the number of services provided must not result in the transformation of the Cloud provider into a data controller (while the purpose of the data processing and the means implemented are unknown to the client, they are accepted by the latter and implemented at his/her instruction on his/her behalf). Suggestions by ITECHLAW and AFDIT: Given the client s lack of knowledge and/or control over the technical means implemented, it should be looked at how could be reinforced the Cloud provider s obligations and its liability broaden.
28 Applicable law with respect to Cloud computing providers The CNIL raises the question as to applicable law Response from ITECHLAW and from AFDIT: In terms of criminal law: French criminal law is applicable to both data controllers and sub-contractors where: One of the essential elements of the offence is committed on French territory (Cf. Article of the French Criminal Code [Code pénal]) The victim is French at the time of the offence (Cf. Article of the Criminal Code) The offence is committed outside French territory but by a French national and the acts are punishable by the legislation of the country in which they are committed (Cf. Article of the Criminal Code). In terms of civil law: The parties to a contract for the provision of a Cloud solution can include a choice of forum clause with a clause attributing jurisdiction. In the absence of such provisions in the contract, the French court before which the dispute is brought applies the provisions laid down in private international law, referring in particular to Article 4 of the Rome I Regulation, which provides that where the parties have not chosen the applicable law for the contract, the latter is governed by the law of the country relating most closely thereto. The contract is generally presumed to be most closely related to the country in which the party providing the characteristic performance of the contract has its habitual residence at the time the contract is entered into. Some service providers have, in the absence of international agreement on the matter, proposed that the characteristic performance of a Cloud should be the place where the servers are geographically localised and that, consequently, the law of the country in which the servers are located should apply. Observations by ITECHLAW and AFDIT: These solutions do not appear adequate with respect to Cloud because: clients are generally bound by membership agreements, clients would have to face high costs in order to defend their rights due to the high level of legal uncertainly surrounding the determination of applicable law. In terms of tort, the question remains unresolved by applicationof the conflict-of-law rules laid down in the Rome II Regulation.
29 Obligation to conduct a prior risk analysis? The CNIL would like data controllers to perform a risk analysis in order to assess the impact of resorting to a Cloud solution Response from ITECHLAW and AFDIT: From an economic point of view: imposing a legal risk analysis obligation on data controllers risks to make them incurring significant costs, which would contradict Cloud s primary aim, i.e. to rationalise costs. From a legal standpoint: If the risk analysis is conducted by a third party, the Cloud provider could rely on said analysis and seek for the liability of the third party that conducted it in order to avoid its duties to give advice and due warning. If the risk analysis is carried out by the provider itself: possibility that the service provider seeks to minimise the real risks incurred, a situation that would only be revealed in the event of a dispute and that would be difficult to dispute out of court, incurring therefore very high costs (expertise, etc.).
30 Questions?
Summary of responses to the public consultation on Cloud computing run by CNIL from October to December 2011 and analysis by CNIL
Summary of responses to the public consultation on Cloud computing run by CNIL from October to December 2011 and analysis by CNIL 1. Definition of Cloud Computing In the public consultation, CNIL defined
More informationRecommendations for companies planning to use Cloud computing services
Recommendations for companies planning to use Cloud computing services From a legal standpoint, CNIL finds that Cloud computing raises a number of difficulties with regard to compliance with the legislation
More informationCCBE GUIDELINES ON THE USE OF CLOUD COMPUTING SERVICES BY LAWYERS
CCBE GUIDELINES ON THE USE OF CLOUD COMPUTING SERVICES BY LAWYERS CCBE guidelines on the use of cloud computing services by lawyers TABLE OF CONTENTS I. INTRODUCTION... 3 1. Scope of the guidelines...
More informationFINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information
FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1
More informationIsraeli Law Information and Technology Authority. Privacy and Data Security in the Cloud - The Israeli Perspective
הרשות למשפט, טכנולוגיה ומידע Israeli Law Information and Technology Authority Privacy and Data Security in the Cloud - The Israeli Perspective Amit Ashkenazi, Head of the Legal Department Outline Introduction
More informationCCBE RESPONSE REGARDING THE EUROPEAN COMMISSION PUBLIC CONSULTATION ON CLOUD COMPUTING
CCBE RESPONSE REGARDING THE EUROPEAN COMMISSION PUBLIC CONSULTATION ON CLOUD COMPUTING CCBE response regarding the European Commission Public Consultation on Cloud Computing The Council of Bars and Law
More informationLEGAL ISSUES IN CLOUD COMPUTING
LEGAL ISSUES IN CLOUD COMPUTING RITAMBHARA AGRAWAL INTELLIGERE 1 CLOUD COMPUTING Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing
More informationCloud Computing: Legal Risks and Best Practices
Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent
More informationPrivacy, the Cloud and Data Breaches
Privacy, the Cloud and Data Breaches Annelies Moens Head of Sales and Operations, Information Integrity Solutions Legalwise Seminars Sydney, 20 March 2013 About IIS Building trust and privacy through global
More informationData Management Session: Privacy, the Cloud and Data Breaches
Data Management Session: Privacy, the Cloud and Data Breaches Annelies Moens Head of Sales and Operations, IIS President, iappanz IACCM APAC Australia Sydney, 1 August 2012 Overview Changing privacy regulation
More informationCloud Computing and Records Management
GPO Box 2343 Adelaide SA 5001 Tel (+61 8) 8204 8773 Fax (+61 8) 8204 8777 DX:336 srsarecordsmanagement@sa.gov.au www.archives.sa.gov.au Cloud Computing and Records Management June 2015 Version 1 Version
More informationCloud Computing. Introduction
Cloud Computing Introduction This information leaflet aims to advise organisations which are considering engaging cloud computing on the factors they should consider. It explains the relationship between
More informationStrategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security
Strategic Compliance & Securing the Cloud Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security Complexity and Challenges 2 Complexity and Challenges Compliance Regulatory entities
More informationData protection issues on an EU outsourcing
Data protection issues on an EU outsourcing Saam Golshani, Alastair Gorrie and Diego Rigatti, Orrick Herrington & Sutcliffe www.practicallaw.com/8-380-8496 Outsourcing can mean subcontracting a process
More informationData Protection. Processing and Transfer of Personal Data in Kvaerner. Binding Corporate Rules Public Document
Data Protection Processing and Transfer of Personal Data in Kvaerner Binding Corporate Rules Public Document 1 of 19 1 / 19 Table of contents 1 Introduction... 4 1.1 Scope... 4 1.2 Definitions... 4 1.2.1
More informationThe Keys to the Cloud: The Essentials of Cloud Contracting
The Keys to the Cloud: The Essentials of Cloud Contracting September 30, 2014 Bert Kaminski Assistant General Counsel, Oracle North America Ken Adler Partner, Loeb & Loeb LLP Akiba Stern Partner, Loeb
More informationThe Cloud and Cross-Border Risks - Singapore
The Cloud and Cross-Border Risks - Singapore February 2011 What is the objective of the paper? Macquarie Telecom has commissioned this paper by international law firm Freshfields Bruckhaus Deringer in
More informationData Protection Act 1998. Guidance on the use of cloud computing
Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered
More information(a) the kind of data and the harm that could result if any of those things should occur;
Cloud Computing This information leaflet aims to advise organisations on the factors they should take into account in considering engaging cloud computing. It explains the relevance of the Personal Data
More informationCloud computing and personal data protection. Gwendal LE GRAND Director of technology and innovation CNIL
Cloud computing and personal data protection Gwendal LE GRAND Director of technology and innovation CNIL 1 Data protection in Europe Directive 95/46/EC Loi 78-17 du 6 janvier 1978 amended in 2004 (France)
More informationINFORMATION SECURITY GUIDE. Cloud Computing Outsourcing. Information Security Unit. Information Technology Services (ITS) July 2013
INFORMATION SECURITY GUIDE Cloud Computing Outsourcing Information Security Unit Information Technology Services (ITS) July 2013 CONTENTS 1. Background...2 2. Legislative and Policy Requirements...3 3.
More informationAnnex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015
Annex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015 The following comprises a checklist of areas that genomic research organizations or consortia (collectively referred
More informationCloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org
Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org 1 Disclaimers This presentation provides education on Cloud Computing and its security
More informationWelcome & Introductions
Addressing Data Privacy and Security Compliance in Cloud Computing Benjamin Hayes, Director of Legal Services, Data Privacy Compliance North America Accenture Copyright 2011 Accenture All Rights Reserved.
More informationCloud Computing in a Government Context
Cloud Computing in a Government Context Introduction There has been a lot of hype around cloud computing to the point where, according to Gartner, 1 it has become 'deafening'. However, it is important
More informationThe HR Skinny: Effectively managing international employee data flows
The HR Skinny: Effectively managing international employee data flows Topics we will cover today Laws affecting HR data flows HR international data protection challenges and strategic solutions Case study
More informationGAIN CLARITY CRITICAL ISSUES. Your Data in the Cloud : Benefits & Risks GAIN CONTROL. berrydunn.com
GAIN CLARITY CRITICAL ISSUES Your Data in the Cloud : Benefits & Risks berrydunn.com AGENDA Defining Cloud Services Benefits and Risks Core Requirements Myths about Clouds Is Your Data in the Cloud Secure?
More informationHIPAA and HITECH Compliance Simplification. Sol Cates CSO @solcates scates@vormetric.com
HIPAA and HITECH Compliance Simplification Sol Cates CSO @solcates scates@vormetric.com Quick Agenda Why comply? What does Compliance look like? New Cares vs Rental Cars vs Custom Cars Vormetric Q&A Slide
More informationPresentation by: Dr. Nathalie Moreno Partner. Cloud Computing and Data Protection: an Update 4 October 2012
Presentation by: Dr. Nathalie Moreno Partner Cloud Computing and Data Protection: an Update 4 October 2012 Our team Speechly Bircham is an ambitious, international mid-size fullservice law firm head-quartered
More informationon Electronic Signature and change to some other laws (Electronic Signature Act) The Parliament has hereby agreed on this Act of the Czech Republic:
227/2000 Coll. ACT of 29 th June 2000 on Electronic Signature and change to some other laws (Electronic Signature Act) Amendment: 226/2002 Coll. Amendment: 517/2002 Coll. Amendment :440/2004 Coll. Amendment:
More informationThe potential legal consequences of a personal data breach
The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.
More informationCloud Computing. Bringing the Cloud into Focus
Cloud Computing Bringing the Cloud into Focus November 2011 Introduction Ken Cochrane CEO, IT/NET Partner, KPGM Performance and Technology National co-leader IT Advisory Services KPMG Andrew Brewin Vice
More informationCloud Computing. What is Cloud Computing?
Cloud Computing What is Cloud Computing? Cloud computing is where the organization outsources data processing to computers owned by the vendor. Primarily the vendor hosts the equipment while the audited
More informationMaking Sense of Cloud Computing in the Public Sector. By EVA OlSAKER
Making Sense of Cloud Computing in the Public Sector By EVA OlSAKER Every other article or news clip about government Platform as a Service. PaaS allows customers to use hardware, operating systems, storage,
More informationINFORMATION SECURITY MANAGEMENT POLICY
INFORMATION SECURITY MANAGEMENT POLICY Security Classification Level 4 - PUBLIC Version 1.3 Status APPROVED Approval SMT: 27 th April 2010 ISC: 28 th April 2010 Senate: 9 th June 2010 Council: 23 rd June
More informationSecurity Issues in Cloud Computing
Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources
More informationPrivacy in the Cloud A Microsoft Perspective
A Microsoft Perspective November 2010 The information contained in this document represents the current view of Microsoft Corp. on the issues discussed as of the date of publication. Because Microsoft
More informationInformation Technology: This Year s Hot Issue - Cloud Computing
Information Technology: This Year s Hot Issue - Cloud Computing Presented by: Alan Sutin Global IP & Technology Practice Group GREENBERG TRAURIG, LLP ATTORNEYS AT LAW WWW.GTLAW.COM 2011. All rights reserved.
More informationData Privacy, Security, and Risk Management in the Cloud
Data Privacy, Security, and Risk Management in the Cloud Diana S. Hare, Associate General Counsel and Chief Privacy Counsel, Drexel University David W. Opderbeck, Counsel, Gibbons P.C. Robin Rosenberg,
More informationTHE HARTFORD ASSET MANAGEMENT CHOICE sm POLICY NETWORK
THE HARTFORD ASSET MANAGEMENT CHOICE sm POLICY NETWORK SECURITY AND THEFT OF DATA COVERAGE APPLICATION Name of Insurance Company to which application is made NOTICE: THIS POLICY PROVIDES CLAIMS MADE COVERAGE.
More informationType of Personal Data We Collect and How We Use It
Philips Lumify App Privacy Notice This Privacy Notice was last changed on September 1, 2015. Philips Electronics North America Corporation ("Philips") strongly believes in protecting the privacy of the
More informationA COALFIRE PERSPECTIVE. Moving to the Cloud. NCHELP Spring Convention Panel May 2012
A COALFIRE PERSPECTIVE Moving to the Cloud A Summary of Considerations for Implementing Cloud Migration Plans into New Business Platforms NCHELP Spring Convention Panel May 2012 DALLAS DENVER LOS ANGELES
More informationOWASP Chapter Meeting June 2010. Presented by: Brayton Rider, SecureState Chief Architect
OWASP Chapter Meeting June 2010 Presented by: Brayton Rider, SecureState Chief Architect Agenda What is Cloud Computing? Cloud Service Models Cloud Deployment Models Cloud Computing Security Security Cloud
More informationADRI. Advice on managing the recordkeeping risks associated with cloud computing. ADRI-2010-1-v1.0
ADRI Advice on managing the recordkeeping risks associated with cloud computing ADRI-2010-1-v1.0 Version 1.0 29 July 2010 Advice on managing the recordkeeping risks associated with cloud computing 2 Copyright
More informationinformation systems security policy...
sales assessment.com information systems security policy... Approved: 2nd February 2010 Last updated: 2nd February 2010 sales assessment.com 2 index... 1. Policy Statement 2. IT Governance 3. IT Management
More informationIsaac Willett April 5, 2011
Current Options for EHR Implementation: Cloud or No Cloud? Regina Sharrow Isaac Willett April 5, 2011 Introduction Health Information Technology for Economic and Clinical Health Act ( HITECH (HITECH Act
More informationACT. of 15 March 2002
215 ACT of 15 March 2002 on electronic signature and on the amendment and supplementing of certain acts as amended by Act No. 679/2004 Coll., Act No. 25/2006 Coll., Act No. 275/2006 Coll., Act No. 214/2008
More informationHow To Protect Your Data In The Cloud
Cloud Computing Hot topics in relation to security, liability and privacy Steven De Schrijver Cloud Computing : who and what is involved? Data Cloud Service Provider (e.g. SaaS, PaaS, IaaS) Sub-contractor
More informationA Flexible and Comprehensive Approach to a Cloud Compliance Program
A Flexible and Comprehensive Approach to a Cloud Compliance Program Stuart Aston Microsoft UK Session ID: SPO-201 Session Classification: General Interest Compliance in the cloud Transparency Responsibility
More informationCloud Computing Contracts. October 11, 2012
Cloud Computing Contracts October 11, 2012 Lorene Novakowski Karam Bayrakal Covering Cloud Computing Cloud Computing Defined Models Manage Cloud Computing Risk Mitigation Strategy Privacy Contracts Best
More informationOverview of Topics Covered
How to Effectively Collaborate with Cloud Providers Agenda Overview of Topics Covered Agenda Evolution of the Cloud Comparison of Private vs. Public Clouds Other Regulatory Frameworks Similar to HIPAA
More informationRisk Management of Outsourced Technology Services. November 28, 2000
Risk Management of Outsourced Technology Services November 28, 2000 Purpose and Background This statement focuses on the risk management process of identifying, measuring, monitoring, and controlling the
More informationCloud Security Introduction and Overview
Introduction and Overview Klaus Gribi Senior Security Consultant klaus.gribi@swisscom.com May 6, 2015 Agenda 2 1. Cloud Security Cloud Evolution, Service and Deployment models Overview and the Notorious
More informationCLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES:
CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES: Privacy Responsibilities and Considerations Cloud computing is the delivery of computing services over the Internet, and it offers many potential
More informationCPNI VIEWPOINT 01/2010 CLOUD COMPUTING
CPNI VIEWPOINT 01/2010 CLOUD COMPUTING MARCH 2010 Acknowledgements This viewpoint is based upon a research document compiled on behalf of CPNI by Deloitte. The findings presented here have been subjected
More informationSigning the Contract - Contracture of People Managers
CERTIFICATION APPLICATION FOR AN ELECTRONIC DOCUMENT MANAGEMENT SYSTEM This form is reserved for agencies and brokers acting on their own account and for designers of EDM systems for those agencies and
More informationPrivacy and Security Guidance Cloud Computing in the MUSH Sector
dentons.com Privacy and Security Guidance Cloud Computing in the MUSH Sector Operational Privacy Risks and Opportunities in Cloud Computing: A Focus on Municipalities, Universities, School Boards, and
More informationtechnical factsheet 176
technical factsheet 176 Data Protection CONTENTS 1. Introduction 1 2. Register with the Information Commissioner s Office 1 3. Period protection rights and duties remain effective 2 4. The data protection
More informationPrivacy Level Agreement Outline for the Sale of Cloud Services in the European Union
Privacy Level Agreement Working Group Privacy Level Agreement Outline for the Sale of Cloud Services in the European Union February 2013 The PLA Outline has been developed within CSA by an expert working
More informationFRANCE. Chapter XX OVERVIEW
Chapter XX FRANCE Merav Griguer 1 I OVERVIEW France has an omnibus privacy, data protection and cybersecurity framework law. As a member of the European Union, France has implemented the EU Data Protection
More informationCloud Computing: Opportunities, Challenges, and Solutions. Jungwoo Ryoo, Ph.D., CISSP, CISA The Pennsylvania State University
Cloud Computing: Opportunities, Challenges, and Solutions Jungwoo Ryoo, Ph.D., CISSP, CISA The Pennsylvania State University What is cloud computing? What are some of the keywords? How many of you cannot
More informationCloud Computing: Contracting and Compliance Issues for In-House Counsel
International In-house Counsel Journal Vol. 6, No. 23, Spring 2013, 1 Cloud Computing: Contracting and Compliance Issues for In-House Counsel SHAHAB AHMED Director Legal and Corporate Affairs, Microsoft,
More informationHIPAA in the Cloud. How to Effectively Collaborate with Cloud Providers
How to Effectively Collaborate with Cloud Providers Speaker Bio Chad Kissinger Chad Kissinger Founder OnRamp Chad Kissinger is the Founder of OnRamp, an industry leading high security and hybrid hosting
More informationData Privacy and Security for Market Research in the Cloud
Data Privacy and Security for Market Research in the Cloud Peter Milla IIeX2015 NA Agenda Page 2 1. Background 2. Why the Cloud? 3. Data Privacy and Data Security in the Cloud 4. How do We Deal with It?
More informationGENERAL TERMS OF SALE
GENERAL TERMS OF SALE PREAMBLE These General Terms of Sale govern all services provided by PASSWORD EUROPE, regardless of their content, form or where they are performed, including, but not limited to,
More informationInternational Working Group on Data Protection in Telecommunications
International Working Group on Data Protection in Telecommunications 675.44.8 24 April 2012 Scope Working Paper on Cloud Computing - Privacy and data protection issues - Sopot Memorandum - 51 st meeting,
More informationSecuring and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer
Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer What is Cloud Computing A model for enabling convenient, on-demand network access to a shared pool of configurable
More informationPurpose. Service Model SaaS (Applications) PaaS (APIs) IaaS (Virtualization) Use Case 1: Public Use Case 2: Use Case 3: Public.
Federal CIO Council Information Security and Identity Management Committee (ISIMC) Guidelines for the Secure Use of Cloud Computing by Federal Departments and Agencies DRAFT V0.41 Earl Crane, CISSP, CISM
More informationAcquia Comments on EU Recommendations for Data Processing in the Cloud
Acquia Comments on EU Recommendations for Data Processing in the Cloud Executive Summary On July 1, 2012, European Union (EU) data protection regulators provided guidelines for service providers processing
More informationPolicy Statement. Employee privacy, data protection and human resources. Prepared by the Commission on E-Business, IT and Telecoms. I.
International Chamber of Commerce The world business organization Policy Statement Employee privacy, data protection and human resources Prepared by the Commission on E-Business, IT and Telecoms I. Introduction
More informationFAQ: HIPAA AND CLOUD COMPUTING (v1.0)
FAQ: HIPAA AND CLOUD COMPUTING (v1.0) 7 August 2013 Cloud computing outsourcing core infrastructural computing functions to dedicated providers holds great promise for health care. It can result in more
More informationKeeping up with the World of Cloud Computing: What Should Internal Audit be Thinking About?
Keeping up with the World of Cloud Computing: What Should Internal Audit be Thinking About? IIA San Francisco Chapter October 11, 2011 Agenda Introductions Cloud computing overview Risks and audit strategies
More informationAllison Stanton Director of E-Discovery U.S. Department of Justice, Civil Division
Allison Stanton Director of E-Discovery U.S. Department of Justice, Civil Division Jason R. Baron Director of Litigation National Archives and Records Administration 1 Overview Cloud Computing Defined
More informationCloud Services Overview
Cloud Services Overview John Hankins Global Offering Executive Ricoh Production Print Solutions May 23, 2012 Cloud Services Agenda Definitions Types of Clouds The Role of Virtualization Cloud Architecture
More informationSAMPLE RETURN POLICY
DISCLAIMER The sample documents below are provided for general information purposes only. Your use of any of these sample documents is at your own risk, and you should not use any of these sample documents
More informationInformation Security Guideline: Cloud Computing Services. Information Security and Privacy Committee Draft version 8/1/2012
Information Security Guideline: Cloud Computing Services Information Security and Privacy Committee Draft version 8/1/2012 Table of Contents Introduction... 1 Purpose... 2 Scope... 2 Risks and Concerns
More informationHIPAA in the Cloud How to Effectively Collaborate with Cloud Providers
How to Effectively Collaborate with Cloud Providers Agenda Overview of Topics Covered Agenda Evolution of the Cloud Comparison of Private vs. Public Clouds Other Regulatory Frameworks Similar to HIPAA
More informationDaren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD
Daren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD Agenda Cloud Computing Technical Overview Cloud Related Applications Identified Risks Assessment Criteria Cloud Computing What Is It? National
More informationAskAvanade: Answering the Burning Questions around Cloud Computing
AskAvanade: Answering the Burning Questions around Cloud Computing There is a great deal of interest in better leveraging the benefits of cloud computing. While there is a lot of excitement about the cloud,
More informationCloud Computing in the Federal Sector: What is it, what to worry about, and what to negotiate.
Cloud Computing in the Federal Sector: What is it, what to worry about, and what to negotiate. Presented by: Sabrina M. Segal, USITC, Counselor to the Inspector General, Sabrina.segal@usitc.gov Reference
More informationAHLA. JJ. Keeping Your Cloud Services Provider from Raining on Your Parade. Jean Hess Manager HORNE LLP Ridgeland, MS
AHLA JJ. Keeping Your Cloud Services Provider from Raining on Your Parade Jean Hess Manager HORNE LLP Ridgeland, MS Melissa Markey Hall Render Killian Heath & Lyman PC Troy, MI Physicians and Hospitals
More informationKey Considerations of Regulatory Compliance in the Public Cloud
Key Considerations of Regulatory Compliance in the Public Cloud W. Noel Haskins-Hafer CRMA, CISA, CISM, CFE, CGEIT, CRISC 10 April, 2013 w_haskins-hafer@intuit.com Disclaimer Unless otherwise specified,
More informationAlign Technology. Data Protection Binding Corporate Rules Controller Policy. 2014 Align Technology, Inc. All rights reserved.
Align Technology Data Protection Binding Corporate Rules Controller Policy Contents INTRODUCTION 3 PART I: BACKGROUND AND ACTIONS 4 PART II: CONTROLLER OBLIGATIONS 6 PART III: APPENDICES 13 2 P a g e INTRODUCTION
More informationLAW ON ELECTRONIC TRANSACTIONS
Lao People s Democratic Republic Peace Independence Democracy Unity Prosperity National Assembly No 20/NA Vientiane Capital, Date: 7 December 2012 (Unofficial Translation) LAW ON ELECTRONIC TRANSACTIONS
More informationCloud Computing Flying High (or not) Ben Roper IT Director City of College Station
Cloud Computing Flying High (or not) Ben Roper IT Director City of College Station What is Cloud Computing? http://www.agent-x.com.au/ Wikipedia - the use of computing resources (hardware and software)
More informationManaging Outsourcing Arrangements
Guidance Note GGN 221.1 Managing Outsourcing Arrangements 1. This Guidance Note provides further detail on the requirements for managing material outsourcing arrangements (refer Prudential Standard GPS
More informationData Compliance. And. Your Obligations
Information Booklet Data Compliance And Your Obligations What is Data Protection? It is the safeguarding of the privacy rights of individuals in relation to the processing of personal data. The Data Protection
More informationOutsourcing Technology Services A Management Decision
Outsourcing Technology Services A Management Decision A Telephone Seminar for National Banks Tuesday, July 20, 2004 And again on Wednesday, July 21, 2004 Agenda Outsourcing activities and relationships
More informationLAWYERING IN THE CLOUD CRIB NOTES 2012 Charles F. Luce, Jr. coloradolegalethics.com/ (alpha release)
CHARLES LUCE S LAWYERING IN THE CLOUD CRIB NOTES 2012 Charles F. Luce, Jr. coloradolegalethics.com/ (alpha release) A. Cloud Computing Defined: n. A loosely defined term for any system providing access
More informationOFFICE OF AUDITS & ADVISORY SERVICES CLOUD COMPUTING AUDIT FINAL REPORT
County of San Diego Auditor and Controller OFFICE OF AUDITS & ADVISORY SERVICES CLOUD COMPUTING AUDIT FINAL REPORT Chief of Audits: Juan R. Perez Audit Manager: Lynne Prizzia, CISA, CRISC Senior Auditor:
More informationBriefly summarised, SURFmarket has submitted the following questions to the Dutch DPA:
UNOFFICIAL TRANSLATION Written opinion on the application of the Wet bescherming persoonsgegevens [Dutch Data Protection Act] in the case of a contract for cloud computing services from an American provider
More informationArticle 29 Working Party Issues Opinion on Cloud Computing
Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,
More informationIdentity & Access Management The Cloud Perspective. Andrea Themistou 08 October 2015
Identity & Management The Cloud Perspective Andrea Themistou 08 October 2015 Agenda Cloud Adoption Benefits & Risks Security Evolution for Cloud Adoption Securing Cloud Applications with IAM Securing Cloud
More informationPaychex Accounting Online Terms of Use
Paychex Accounting Online Terms of Use Paychex recommends that Client read the Terms of Use prior to using the Paychex Accounting Online Software ( Software ). If Client does not accept and agree with
More informationCloud computing and the legal framework
Cloud computing and the legal framework - Guidance on legislative requirement and the contractual environment related to cloud computing Content 1. Introduction 3 2. The Danish Act on Processing of Personal
More informationIT OUTSOURCING SECURITY
IT OUTSOURCING SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
More informationManaging General Agents (MGAs) Guideline
Managing General Agents (MGAs) Guideline JUNE 2013 DRAFT FOR COMMENT BC AUTHORIZED LIFE INSURERS www.fic.gov.bc.ca PURPOSE This draft guideline outlines best practices that the Financial Institutions Commission
More information