Presentation by: Dr. Nathalie Moreno Partner. Cloud Computing and Data Protection: an Update 4 October 2012



Similar documents
OUTSOURCING, HOSTING AND DATA PRIVACY ISSUES

HOW TO HANDLE A WHISTLEBLOWER REPORT IN THE EU

BIG DATA AND THE INTERNET OF THINGS

Ethical hotlines and whistleblowing ensuring businesses are not in conflict with local laws

Article 29 Working Party Issues Opinion on Cloud Computing

Summary of responses to the public consultation on Cloud computing run by CNIL from October to December 2011 and analysis by CNIL

Information Management Compliance and Data protection.

CLOUD COMPUTING Contractual and data protection aspects

Data Protection Act Guidance on the use of cloud computing

Multi-Jurisdictional Study: Cloud Computing Legal Requirements. Julien Debussche Associate January 2015

ICANWK616A Manage security, privacy and compliance of cloud service deployment

August Report on Cloud Computing and the Law for UK FE and HE (An Overview)

technical factsheet 176

(a) the kind of data and the harm that could result if any of those things should occur;

Cloud Security under the EU Data Protection Directive and draft General Data Protection Regulation

Data Protection & Cyber Security Law Update 1 st October 2015

An overview of UK data protection law

Data Protection and Cloud Computing: an Overview of the Legal Issues

E-Discovery and EU Data Protection laws

Recommendations for companies planning to use Cloud computing services

Privacy Level Agreement Outline for the Sale of Cloud Services in the European Union

EU Regulatory Trends in Data Protection & Cybersecurity What should be on the industry s agenda?

PRIVACY MANAGEMENT ACTIVITIES

Cloud Computing. Introduction

Cloud computing and personal data protection. Gwendal LE GRAND Director of technology and innovation CNIL

the paris office Elizabeth Naud and Luc Poux, architects

Information Security Risks when going cloud. How to deal with data security: an EU perspective.

Privacy and Electronic Communications Regulations

The potential legal consequences of a personal data breach

On the edge Lexis PSL Restructuring & Insolvency

How to ensure control and security when moving to SaaS/cloud applications

FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS

Insights into Cloud Computing

WHITE PAPER Meeting European Data Protection and Security Requirements with CipherCloud Solutions

Acquia Comments on EU Recommendations for Data Processing in the Cloud

Dealing with data breaches in Europe and beyond

Proposed guidance for firms outsourcing to the cloud and other third-party IT services

Data protection issues on an EU outsourcing

new york offi ce Latitude N 40 42' 36" Longitude W "

The eighth data protection principle and international data transfers

hong kong offi ce Latitude N 22 16' 42" Longitude E "

DATA PROTECTION POLICY

Cloud Security Trust Cisco to Protect Your Data

Cloud Security and Managing Use Risks

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS

Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries

BRING YOUR OWN DEVICE

Every Cloud Has A Silver Lining. Protecting Privilege Data In A Hosted World

CCBE GUIDELINES ON THE USE OF CLOUD COMPUTING SERVICES BY LAWYERS

Data controllers and data processors: what the difference is and what the governance implications are

ARTICLE 29 DATA PROTECTION WORKING PARTY

CCBE RESPONSE REGARDING THE EUROPEAN COMMISSION PUBLIC CONSULTATION ON CLOUD COMPUTING

Mitigating and managing cyber risk: ten issues to consider

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction

Release 1. ICAICT814A Develop cloud computing strategies for a business

AUDITING AND ENFORCEMENT AT THE SPANISH DPA. EXPERIENCE WITH OUTSOURCING TO COUNTRIES WITH A NON ADEQUATE LEVEL OF PROTECTION

CPNI VIEWPOINT 01/2010 CLOUD COMPUTING

Big Data for Mutuals. Marc Dautlich 25 November 2013

COMMISSION REGULATION (EU) No /.. of XXX

Personal data and cloud computing, the cloud now has a standard. by Luca Bolognini

Checklist: Cloud Computing Agreement

August User Guide: Cloud Computing Contracts, SLAs and Terms & Conditions of Use. Key Points. What s in this Guide?

Cloud Software Services for Schools

Security breaches: A regulatory overview. Jonathan Bamford Head of Strategic Liaison

Data Protection for the Guidance Counsellor. Issues To Plan For

Application of Data Protection Concepts to Cloud Computing

New Relic EU Data Protection Whitepaper

Policy and Procedure for approving, monitoring and reviewing personal data processing agreements

pharmaceutical & biotechnology

Privacy in the cloud. DNB has indicated that it considers cloud computing a form of outsourcing.

PRIVACY CHECKLIST FOR CLOUD SERVICE CONTRACTS

Into the Cloud: How will the Draft EU Data Protection Regulation affect cloud computing service providers and users?

Data Protection Policy

Personal information, for purposes of this Policy, includes any information which relates to an identified or an identifiable person.

Data Privacy, Security, and Risk Management in the Cloud

Life Sciences & Healthcare

Welcome to the legal world of M2M and IoT

Cloud Software Services for Schools

Data Protection Policy

Transcription:

Presentation by: Dr. Nathalie Moreno Partner Cloud Computing and Data Protection: an Update 4 October 2012

Our team Speechly Bircham is an ambitious, international mid-size fullservice law firm head-quartered in London, with offices in Luxembourg and Zurich. We work with an alliance of partner law firms. We work with business across the UK and internationally and focus on the technology, the financial services, energy and environment, real estate and construction sectors. Our Data Protection & Information Law team provide a range of expertise on data privacy audit, compliance, risk management, information security and data breaches. We are listed in Chambers 2012 as a leading law firm for Data Protection and have advised on this area of law since 1983. We have a team of European specialised lawyers dealing with data protection matters globally. Our principal services for international companies include: Corporate Finance Corporate governance Intellectual property, technology & Data Competition law Commercial dispute resolution Employment advisory Pensions advisory work Real estate, construction & engineering..fantastic response times, the best business acumen and a strong team Legal 500

Data Protection and Information Law Data Protection Freedom of Information Public Sector Privacy Confidentiality International transfers Employment laws CCTV Direct marketing Cloud computing Outsourcing Private Sector Prejudice test and public interest analysis Data Protection and Information Law Compliance Surveillance, Interception and Monitoring RIPA Lawful business regulations Security Tracking and location data Sarbanes Oxley Ethical hotlines FCPA/OFAC/Bribery E-Discovery Rules Data retention Data destruction Records management

Presenter profile Dr Nathalie Moreno, Partner, IP, Technology & Data Nathalie is a highly qualified international TMT lawyer, with over eighteen years experience in advising clients operating in the communications, e-commerce and information technology sectors across EMEA and globally. A Harvard Law School graduate and a PhD in International law holder, she is currently the only dual qualified TMT partner, based in the United Kingdom regularly advising on all TMT matters both under English and French laws after practicing in several jurisdictions such as Belgium, France, USA and the UK. Nathalie advises multinational Information Technology and Information and Communication Technology (ICT) Service and Network Providers (including telecommunications operators) on transactions, ranging from commercial agreements to complex outsourcing deals. She has unique expertise in managing multi-jurisdictional projects on global data protection, as a one-stop solution service including: advising on EMEA data protection compliance projects including, crossborder data flows (CRM, HR, and Finance); audit and implementation projects; information management and security, risk management; outsourcing/in-sourcing and data protection and security compliance; data breach security incidents. She is ranked among the top lawyers in IT and Telecoms in the UK Legal Expert 2012. nathalie.moreno@speechlys.com Tel: +44 (0)20 7427 4530

Overview Basics on Cloud Computing; What is the Data Life Cycle? What are the Key Data Protection Concerns? What are the implications of the 1995 Data Protection Directive for cloud computing? The impact of the proposed EU data protection regulation on cloud computing; Art. 29 Data Protection WP Opinion on the application of data protection to cloud computing and similar services; The New UK and EU guidance on the use of cloud computing.

Polling questions 1 1. Are you a provider or a consumer of cloud computing services? a. I am a provider of cloud computing services b. I am a consumer of cloud computing services c. Neither but I am a cloud user

Polling questions 2 2. Which way do you think that the new EU Data Protection Regulation will impact cloud computing: a. It will clarify and improve data protection rules b. It will create more complex rules albeit not necessary better data protection c. Data protection rules relating to cloud computing should be dealt with in a separate regulation d. No opinion

Polling questions 3 3. What is your main source of concern in relation to cloud computing services? a. Security concerns re potential breaches (e.g. unauthorised access) b. Business continuity concerns in the event of a service failure c. Control over data stored in the cloud

Introduction

Basics on Cloud Computing Definition Cloud computing is defined as access to computing resources, on demand, via a network: computing resources; on demand; via a network. The Players: Cloud provider; Cloud customer; Cloud user. Deployment models: Private cloud; Community cloud; Public cloud; Hybrid cloud. Service models: Infrastructure as a Service (IaaS); Platform as a Service (PaaS); Software as a Service (SaaS). => Layered services

What is the Data Life Cycle?

What are the Key Data Protection Concerns? Typically mix security and privacy Some considerations to be aware of: Who is responsible for protecting personal data? Applicable law and jurisdiction; Contractual issues; Legal basis for data processing; International Data transfers; Data security; Storage; Retention; Destruction; Auditing, monitoring and risk management; Data protection breaches. 12

What are the implications of the 1995 Data Protection Directive for cloud computing? Distinctions between "data controllers" and "data processors Contractual obligations on compliance for customers and providers Processing under customer s instructions; Technical and organisational security measures to prevent unauthorised or unlawful processing, accidental loss, destruction or damage. International data transfers

The impact of the proposed EU data protection regulation on cloud computing Draft European Union data protection regulation of January 2012 to replace Directive 95/46/EC in 2014 Provisions impacting cloud computing: Single rule throughout the EEA; Jurisdiction: when are Cloud Users and Providers subject to EU Data Protection Law? Security requirements when engaging a cloud provider; Data security and risk assessment requirements; Breach notification requirements.

Art. 29 Data Protection Working Party Opinion on the application of data protection to cloud computing and similar services Opinion WP196 of 1st July 2012 Two main risks associated to cloud computing services lack of control over the data and lack of information on data processing Cloud Computing Duties and Responsibilities Cloud clients (as data controllers) Cloud providers (as data processors) Subcontractors Cloud Services Contracts General Data Protection Principles International Data Transfers Risk Analysis and Checklist Future developments

New UK and EU Guidance on Cloud Computing Guidance on Cloud Computing of the ICO of 27 September 2012 Assess the risk of processing highly sensitive data in the cloud; Consider that moving data to the cloud may create additional types of data; Privacy impact assessments should be considered before engaging in large or complex cloud services; Assessment of the administrative, technical and physical controls of the cloud service provider is not a one-time event; Use third-party audits and certifications; Technical security measures of a cloud computing program should include: Access control Encryption of data Data retention and destruction procedures Limits on the cloud service provider s access Unleashing the potential of cloud computing in Europe of 27 September 2012 The EU Commission Communication outlines three main areas of action: Setting up the necessary standards; Contract Terms and Conditions; Open Cloud Partnership.

Click to edit Master title style Click to edit Master text styles Second level Third level Fourth level» Fifth level Further Information For more information on our services, please contact: Dr. Nathalie Moreno +44 (0)20 7427 4530 nathalie.moreno@speechlys.com Construction & Engineering www.speechlys.com 1 November 2006 17

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information