SlideShare a Scribd company logo

Swiss Re data_privacy_27_01_2016

AltheimPrivacy
AltheimPrivacy

The increasing Risk of Data Privacy on the Enterprise - How Data Privacy Liability poses a distinct and separate Cyber Risk for the enterprise alongside the risks posed by Information Security Breaches

Economy & Finance
1 of 22
© 2016 IBM Corporation Monique Altheim Jayne Golding IBM Security Services January 29th, 2016 The Increasing Risk of Data Privacy On the Enterprise Swiss Re - Expert Forum on Cyber Risk
© 2016 IBM Corporation  Data Privacy and Cyber Risk  Data Privacy must be a priority for your business  GDPR as a Risk Engine 2/9/2016 IBM Data Privacy Services Agenda 2
© 2016 IBM Corporation Data Privacy and Cyber Risk 2/9/2016 IBM Data Privacy Services 3
© 2016 IBM Corporation Cyber Risk 2/9/2016 IBM Data Privacy Services Data Security Data Privacy Scope Crown Jewels (Business Sensitive Data, Personal Data) Personal Data Objective Guaranteeing Confidentiality, Integrity and Availability (C.I.A.) of the Organization’s Crown Jewels  ID Theft Prevention  Individual Control over Personal Data  Protection of Individual’s Reputation  Protection of Individual’s Freedoms Authority  International Industry Standards (eg. ISO/IEC 27001; ENISA; PCI DSS)  National Privacy Laws & Regulations – Personal data (eg. EU Data Protection Directive)  National Critical Infrastructure Legislation (eg. German IT Security Law 2015; NIS Directive)  National Laws and Regulations (eg. The Swiss Federal Data Protection Act)  National Constitutions (eg. Art 13 Swiss Federal Constitution)  Human Rights (eg. Art. 8, Charter of Fundamental Rights of the EU)  Best Practices (ex. ISO 27018; ISO 29100 ) 4
© 2016 IBM Corporation Cyber Risk 2/9/2016 IBM Data Privacy Services Scope Data Security Business Sensitive Data Personal Data Data Privacy Personal Data 5
© 2016 IBM Corporation Cyber Risk 2/9/2016 IBM Data Privacy Services Data Security Data Privacy Principles Organizational, Technical and Physical Controls; mostly as per Industry Standards: Some Examples:  Security Policy  Incidence Response Plan  IAM (Identity and Access Management)  SIEM (Security Information and Event Management)  Firewalls  Encryption  Locks, guards, video surveillance  Collection Minimization  Transparency  Notice, Choice, Consent  Purpose Specification  Use Limitation  Data Security  Access, Rectification and Erasure Rights of Data Subjects  Retention Periods  3rd Party Vendor Requirements  Cross-border Export Restrictions  Cross-border Access Restrictions  Data Breach Notification 6
© 2016 IBM Corporation Data Privacy Security Other Privacy Principles Cyber Risk 2/9/2016 IBM Data Privacy Services Principles 7
© 2016 IBM Corporation Mexico Federal Law on the Protection of Personal Data US Federal HIPAA, GLBA, COPPA, CAN- SPAM, Do Not Call, Safe Harbor Principles; Possible Cybersecurity Legislation, Student Privacy Legislation; California Requirements Argentina Personal Data Protection Act of 2000, Confidentiality of Information Law Chile Law for the Protection of Private Life South Africa The Protection of Personal Information Act 2013 (POPIA) Canada PIPEDA and Provincial Privacy Laws Switzerland Federal Act on Data Protection Dubai Data Protection Act 2007 United Kingdom UK Data Protection Act 1998 European Union EU Data Protection Directive. Imminent adoption of the General Data Protection Regulation (GDPR) Russia Federal Law of July 27tth 2006 No 152-FZ on personal data Australia Amended Privacy Act and Spam Act Japan Personal Information Protection Act (PIPA) South Korea Personal Information Protection Act 2011 (PIPA) India Information Technology Act of 2000 Philippines Data Privacy Act 2012 Comprehensive data protection law enacted Pending effort or obligation to enact law No comprehensive law Singapore Personal Data Protection Act 2012 (PDPA) China - New Data Protection Requirements HIPAA: Health Insurance Portability and Accountability Act GLBA: Gramm Leach Bliley Act COPPA: Children Online Privacy Protection Act CAN-SPAM: Controlling the Assault of Non- Solicited Pornography And Marketing Act Source: http://dlapiperdataprotection.com/#handbook/world-map-section/c1_SG Nearly 100 countries around the world have adopted data protection and privacy laws 2/9/2016 IBM Data Privacy Services Selected Comprehensive Data Protection/Privacy Laws and Bills as of 1/2016 8
© 2016 IBM Corporation Cyber Coverage Overview 2/9/2016 IBM Data Privacy Services Security Breach - Non Privacy Privacy Breach - Security and Non-Security First Party Coverage  Forensic Investigation  Business Interruption  Data Loss/Destruction  Cyber extortion  Business Interruption  Data Loss/Destruction  Cyber extortion Privacy-Security Breach - Additional Coverage:  Data Breach Notification Costs  Credit Monitoring of Customers Third Party Coverage  Legal Defense  Settlements, Damages and Judgments  Legal Defense  Settlements, Damages and Judgments  Regulatory Fines and Penalties 9
© 2016 IBM Corporation Data Privacy must be a priority for your business 2/9/2016 IBM Data Privacy Services 10
© 2016 IBM Corporation 1. Increase in collection and storage of personal data (what you don’t have cannot be breached) - Big data & data analytics, Internet of Things - esp. IoT consumer products ex. Smart homes 2. Loss of control over data and devices - Outsourcing of processing of personal information to service providers (Cloud), BYOD 3. Globalization of the economy - Global personal data transfers 3. Increase in global privacy legislation eg. GDPR 4. Increase in cyber attacks 2/9/2016 IBM Data Privacy Services Recent trends that have increased privacy liability risk 11
© 2016 IBM Corporation Netdiligence 2015 Cyber Claims Study Study of Cyber Insurance Claims as a result of data breaches that occurred between 2012 – 2015; (data set 160 cyber claims; numbers are “payouts-to-date”)  Personal data was the most frequently exposed data – 86% (includes PII, PHI, PCI)  Average claim per record: $964.31; Median claim per record: $13  Total Claims spent on:  Crisis Services: 78% – Forensics – Data breach notification – Credit/ID monitoring – Legal guidance – Public relations • Legal Defense: 8% • Legal Settlement: 9% • Regulatory Defense: 1% • Regulatory Fines: 1% • PCI Fines: 3% Numbers 2/9/2016 IBM Data Privacy Services Source: http://www.netdiligence.com/downloads/netdiligence_2015_cyber_claims_study_093015.pdf 12
© 2016 IBM Corporation General Data Protection Regulation as a Risk Engine Is your enterprise prepared? 2/9/2016 IBM Data Privacy Services 13
© 2016 IBM Corporation The new General Data Protection Regulation (GDPR) has arrived! 2/9/2016 IBM Data Privacy Services 14  New European Union General Data Protection text was finalized in December of 2015  New rules will be formally adopted in early 2016 and will be applicable in 2018 to any organization which operates in the EU market  GDPR will fundamentally change the way companies must manage their data The majority of companies are not ready for the new privacy requirements of the GDPR
© 2016 IBM Corporation  Unlike the existing 1995 Data Protection Directive (95/46/EC), the Regulation will create a unified data protection law for all 28 European Countries. – It will also have international reach - applying to organizations that handle personal data of any EU resident (data subjects)  The objectives of the GDPR are twofold: – To enhance the level of personal data protection for EU residents – To modernize the law in line with existing and emerging technologies (e.g. social networks and cloud computing) and to clarify responsibility for the handling and storage of data, making it easier for organizations to comply and avoid fines. 2/9/2016 IBM Data Privacy Services 15 Key Aspects of the New General Data Protection Regulation Non-compliance could lead to regular and periodic audits and/or a fine of € 20 million or 4% of the company’s annual worldwide turnover, whichever is greater
© 2016 IBM Corporation  Expansion of Applicability of EU Privacy Framework  Data Breach Notification Requirement  Privacy by Design, Privacy by Default  Privacy Impact Assessments  Data Privacy Officers  Expansion of Obligations of Data Processors  Major Increase of Fines 2/9/2016 IBM Data Privacy Services Major Changes 16
© 2016 IBM Corporation  Understand your obligations – Become familiar with the proposed GDPR requirements and monitor its development  Know what data you have and where it is located – Conduct a data inventory and mapping initiative to assist in understanding and evaluating the operational and technological changes required for compliance  Appoint a Data Protection Officer – Create a structured privacy office and appoint, at minimum, a data protection officer (DPO) who has expert knowledge on data protection law  Review all privacy notices – Confirm all privacy notices are presented in clear and plain language and are transparent and easily accessible to data subjects.  Review customer consent and choice mechanisms – Ensure that the appropriate consent and choice mechanisms are in place and/or are updated to meet the express consent requirements and to easily facilitate customer choice (e.g. Right to Erasure, Portability) 2/9/2016 IBM Data Privacy Services GDPR Readiness – Understand your risk 17
© 2016 IBM Corporation  Implement a Privacy By Design approach to new systems and services – Create a Privacy By Design framework to ensure that privacy requirements are embedded, by default and design, from the very outset of the development of new systems and services.  Document your privacy compliance activities – Adequately document all processing operations involving personal data through the use of Data Privacy Impact Assessments (DPIAs)  Implement and document appropriate security measures – Provide technical, physical and administrative security measures 'appropriate' to the risks identified by DPIAs  Create breach response and notification protocols – Implement data breach investigation, containment and response processes and procedures, and be sure to test their effectiveness  Develop audit capabilities and processes – Establish a robust audit plan and process to monitor ongoing compliance and to mitigate risk 2/9/2016 IBM Data Privacy Services GDPR Readiness – Mitigate your risk 18
© 2016 IBM Corporation  Review all cross border data transfers – Confirm that you have a legitimate basis for transferring data to jurisdictions outside the EU that do not have adequate data protection regulations  Assess external contracts, both as a controller and/or as a processor – Determine whether contractual obligations need to be amended to reflect any changes in services and/or costs in in line with the enhanced responsibilities on controllers and processors  Train your employees – Create training programs to educate employees on their obligations when accessing or processing personal data.  Make sure the appropriate budgets are in place to support the changes – Prepare to invest in data protection 2/9/2016 IBM Data Privacy Services 19 GDPR Readiness – Mitigate your risk Be proactive! Build a robust, auditable, privacy compliance program to manage GDPR compliance and to reduce risk
© 2016 IBM Corporation Questions? 2/9/2016 IBM Data Privacy Services 20
© 2016 IBM Corporation2/9/2016 IBM Data Privacy Services IBM Data Privacy Services Contacts Monique Altheim Global Privacy Managing Consultant malthei@us.ibm.com 1-347-628-1479 Jayne Golding European Privacy Lead jgoldin1@uk.ibm.com +44 7584 202302 21
Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products in connection with this publication and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. IBM does not warrant the quality of any third-party products, or the ability of any such third-party products to interoperate with IBM’s products. IBM EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. The provision of the information contained herein is not intended to, and does not, grant any right or license under any IBM patents, copyrights, trademarks or other intellectual property right. Other company, product, or service names may be trademarks or service marks of others. A current list of IBM trademarks is available at “Copyright and trademark information” www.ibm.com/legal/copytrade.shtml Copyright © 2016 by International Business Machines Corporation (IBM). No part of this document may be reproduced or transmitted in any form without written permission from IBM. U.S. Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM. Information in these presentations (including information relating to products that have not yet been announced by IBM) has been reviewed for accuracy as of the date of initial publication and could include unintentional technical or typographical errors. IBM shall have no responsibility to update this information. THIS document is distributed "AS IS" without any warranty, either express or implied. In no event shall IBM be liable for any damage arising from the use of this information, including but not limited to, loss of data, business interruption, loss of profit or loss of opportunity. IBM products and services are warranted according to the terms and conditions of the agreements under which they are provided. Any statements regarding IBM’s future direction, intent or product plans are subject to change or withdrawal without notice. Performance data contained herein was generally obtained in a controlled, isolated environments. Customer examples are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual performance, cost, savings or other results in other operating environments may vary. References in this document to IBM products, programs, or services does not imply that IBM intends to make such products, programs or services available in all countries in which IBM operates or does business. Workshops, sessions and associated materials may have been prepared by independent session speakers, and do not necessarily reflect the views of IBM. All materials and discussions are provided for informational purposes only, and are neither intended to, nor shall constitute legal or other guidance or advice to any individual participant or their specific situation. It is the customer’s responsibility to insure its own compliance with legal requirements and to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actions the customer may need to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer is in compliance with any law. Legal notices and disclaimers

Recommended

Public-Private Partnerships in Risk Management
Public-Private Partnerships in Risk ManagementPublic-Private Partnerships in Risk Management
Public-Private Partnerships in Risk ManagementGlobal Risk Forum GRFDavos
 
Swiss Re sigma catastrophe database by Lucia Bevere
Swiss Re sigma catastrophe database by Lucia BevereSwiss Re sigma catastrophe database by Lucia Bevere
Swiss Re sigma catastrophe database by Lucia BevereOECD Governance
 
4th Workshop on Strategic Crisis Management, Panel 1 - Risk and crisis antici...
4th Workshop on Strategic Crisis Management, Panel 1 - Risk and crisis antici...4th Workshop on Strategic Crisis Management, Panel 1 - Risk and crisis antici...
4th Workshop on Strategic Crisis Management, Panel 1 - Risk and crisis antici...OECD Governance
 
Microsoft power point risk governance-schreckenberg_swissre_idrc_2012
Microsoft power point risk governance-schreckenberg_swissre_idrc_2012Microsoft power point risk governance-schreckenberg_swissre_idrc_2012
Microsoft power point risk governance-schreckenberg_swissre_idrc_2012Global Risk Forum GRFDavos
 
Special Swiss Re session on economics of disasters – costs and financing mech...
Special Swiss Re session on economics of disasters – costs and financing mech...Special Swiss Re session on economics of disasters – costs and financing mech...
Special Swiss Re session on economics of disasters – costs and financing mech...Global Risk Forum GRFDavos
 
Munich RE Naturkatastrophen 2013 Überblick
Munich RE Naturkatastrophen 2013 ÜberblickMunich RE Naturkatastrophen 2013 Überblick
Munich RE Naturkatastrophen 2013 Überblickhaemmerle-consulting
 
Warren Buffett Slideshow
Warren Buffett SlideshowWarren Buffett Slideshow
Warren Buffett SlideshowAJDloveland
 
2015 Ocean Marine Trends
2015 Ocean Marine Trends2015 Ocean Marine Trends
2015 Ocean Marine TrendsGen Re
 

Recommended

Public-Private Partnerships in Risk Management
Public-Private Partnerships in Risk ManagementPublic-Private Partnerships in Risk Management
Public-Private Partnerships in Risk ManagementGlobal Risk Forum GRFDavos
 
Swiss Re sigma catastrophe database by Lucia Bevere
Swiss Re sigma catastrophe database by Lucia BevereSwiss Re sigma catastrophe database by Lucia Bevere
Swiss Re sigma catastrophe database by Lucia BevereOECD Governance
 
4th Workshop on Strategic Crisis Management, Panel 1 - Risk and crisis antici...
4th Workshop on Strategic Crisis Management, Panel 1 - Risk and crisis antici...4th Workshop on Strategic Crisis Management, Panel 1 - Risk and crisis antici...
4th Workshop on Strategic Crisis Management, Panel 1 - Risk and crisis antici...OECD Governance
 
Microsoft power point risk governance-schreckenberg_swissre_idrc_2012
Microsoft power point risk governance-schreckenberg_swissre_idrc_2012Microsoft power point risk governance-schreckenberg_swissre_idrc_2012
Microsoft power point risk governance-schreckenberg_swissre_idrc_2012Global Risk Forum GRFDavos
 
Special Swiss Re session on economics of disasters – costs and financing mech...
Special Swiss Re session on economics of disasters – costs and financing mech...Special Swiss Re session on economics of disasters – costs and financing mech...
Special Swiss Re session on economics of disasters – costs and financing mech...Global Risk Forum GRFDavos
 
Munich RE Naturkatastrophen 2013 Überblick
Munich RE Naturkatastrophen 2013 ÜberblickMunich RE Naturkatastrophen 2013 Überblick
Munich RE Naturkatastrophen 2013 Überblickhaemmerle-consulting
 
Warren Buffett Slideshow
Warren Buffett SlideshowWarren Buffett Slideshow
Warren Buffett SlideshowAJDloveland
 
2015 Ocean Marine Trends
2015 Ocean Marine Trends2015 Ocean Marine Trends
2015 Ocean Marine TrendsGen Re
 
Genre presentation
Genre presentationGenre presentation
Genre presentationrdeable
 
American Urbanization: New York City
American Urbanization: New York CityAmerican Urbanization: New York City
American Urbanization: New York Citymeggss24
 
Applying technology to school
Applying technology to schoolApplying technology to school
Applying technology to schoolAditi Sameer
 
2011 annual audited financial statements
2011 annual audited financial statements2011 annual audited financial statements
2011 annual audited financial statementsProphecy Corp
 
Power is Everywhere
Power is EverywherePower is Everywhere
Power is EverywhereNoel Hatch
 
How the Americas Change (ass. 4)
How the Americas Change (ass. 4)How the Americas Change (ass. 4)
How the Americas Change (ass. 4)03ram
 
Government Publications and Research_What You Need to Know 2015 (7)
Government Publications and Research_What You Need to Know 2015 (7)Government Publications and Research_What You Need to Know 2015 (7)
Government Publications and Research_What You Need to Know 2015 (7)Mary Howrey
 
Hist.141 (Little Ice Age)
Hist.141 (Little Ice Age)Hist.141 (Little Ice Age)
Hist.141 (Little Ice Age)03ram
 
Nation Report: Brazil
Nation Report: BrazilNation Report: Brazil
Nation Report: Brazilmeggss24
 
Senior Health Insurance_DVU_September 12 2013
Senior Health Insurance_DVU_September 12 2013Senior Health Insurance_DVU_September 12 2013
Senior Health Insurance_DVU_September 12 2013Mary Howrey
 
Need for speed undercover
Need for speed undercoverNeed for speed undercover
Need for speed undercoverLucciodavid
 
Urban Games to Make a Living
Urban Games to Make a LivingUrban Games to Make a Living
Urban Games to Make a LivingNoel Hatch
 
Stimulants Workshop
Stimulants WorkshopStimulants Workshop
Stimulants WorkshopNoel Hatch
 
Assignment 8 Article Sets
Assignment 8 Article SetsAssignment 8 Article Sets
Assignment 8 Article Setsmeggss24
 
Day ın the Lıfe Template
Day ın the Lıfe TemplateDay ın the Lıfe Template
Day ın the Lıfe TemplateNoel Hatch
 
Metro lite guided tour2.0
Metro lite guided tour2.0Metro lite guided tour2.0
Metro lite guided tour2.0Chandra Vikash
 
Plan your Activity
Plan your ActivityPlan your Activity
Plan your ActivityNoel Hatch
 
European Alternatives London
European Alternatives LondonEuropean Alternatives London
European Alternatives LondonNoel Hatch
 
Checkdesk @ IPI News Innovation Platform, London (Sep 13, 2013)
Checkdesk @ IPI News Innovation Platform, London (Sep 13, 2013)Checkdesk @ IPI News Innovation Platform, London (Sep 13, 2013)
Checkdesk @ IPI News Innovation Platform, London (Sep 13, 2013)Tom Trewinnard
 
2011 AGM Circular
2011 AGM Circular2011 AGM Circular
2011 AGM CircularProphecy Corp
 
Security and Privacy in Deals (altheim & mahajan)(6-3 -2015)
Security and Privacy in Deals (altheim & mahajan)(6-3 -2015)Security and Privacy in Deals (altheim & mahajan)(6-3 -2015)
Security and Privacy in Deals (altheim & mahajan)(6-3 -2015)AltheimPrivacy
 
NYCLA Privacy CLE_october_1_2014_presentation
NYCLA Privacy CLE_october_1_2014_presentationNYCLA Privacy CLE_october_1_2014_presentation
NYCLA Privacy CLE_october_1_2014_presentationAltheimPrivacy
 

More Related Content

Viewers also liked

Genre presentation
Genre presentationGenre presentation
Genre presentationrdeable
 
American Urbanization: New York City
American Urbanization: New York CityAmerican Urbanization: New York City
American Urbanization: New York Citymeggss24
 
Applying technology to school
Applying technology to schoolApplying technology to school
Applying technology to schoolAditi Sameer
 
2011 annual audited financial statements
2011 annual audited financial statements2011 annual audited financial statements
2011 annual audited financial statementsProphecy Corp
 
Power is Everywhere
Power is EverywherePower is Everywhere
Power is EverywhereNoel Hatch
 
How the Americas Change (ass. 4)
How the Americas Change (ass. 4)How the Americas Change (ass. 4)
How the Americas Change (ass. 4)03ram
 
Government Publications and Research_What You Need to Know 2015 (7)
Government Publications and Research_What You Need to Know 2015 (7)Government Publications and Research_What You Need to Know 2015 (7)
Government Publications and Research_What You Need to Know 2015 (7)Mary Howrey
 
Hist.141 (Little Ice Age)
Hist.141 (Little Ice Age)Hist.141 (Little Ice Age)
Hist.141 (Little Ice Age)03ram
 
Nation Report: Brazil
Nation Report: BrazilNation Report: Brazil
Nation Report: Brazilmeggss24
 
Senior Health Insurance_DVU_September 12 2013
Senior Health Insurance_DVU_September 12 2013Senior Health Insurance_DVU_September 12 2013
Senior Health Insurance_DVU_September 12 2013Mary Howrey
 
Need for speed undercover
Need for speed undercoverNeed for speed undercover
Need for speed undercoverLucciodavid
 
Urban Games to Make a Living
Urban Games to Make a LivingUrban Games to Make a Living
Urban Games to Make a LivingNoel Hatch
 
Stimulants Workshop
Stimulants WorkshopStimulants Workshop
Stimulants WorkshopNoel Hatch
 
Assignment 8 Article Sets
Assignment 8 Article SetsAssignment 8 Article Sets
Assignment 8 Article Setsmeggss24
 
Day ın the Lıfe Template
Day ın the Lıfe TemplateDay ın the Lıfe Template
Day ın the Lıfe TemplateNoel Hatch
 
Metro lite guided tour2.0
Metro lite guided tour2.0Metro lite guided tour2.0
Metro lite guided tour2.0Chandra Vikash
 
Plan your Activity
Plan your ActivityPlan your Activity
Plan your ActivityNoel Hatch
 
European Alternatives London
European Alternatives LondonEuropean Alternatives London
European Alternatives LondonNoel Hatch
 
Checkdesk @ IPI News Innovation Platform, London (Sep 13, 2013)
Checkdesk @ IPI News Innovation Platform, London (Sep 13, 2013)Checkdesk @ IPI News Innovation Platform, London (Sep 13, 2013)
Checkdesk @ IPI News Innovation Platform, London (Sep 13, 2013)Tom Trewinnard
 

Viewers also liked (20)

Genre presentation
Genre presentationGenre presentation
Genre presentation
 
American Urbanization: New York City
American Urbanization: New York CityAmerican Urbanization: New York City
American Urbanization: New York City
 
Applying technology to school
Applying technology to schoolApplying technology to school
Applying technology to school
 
2011 annual audited financial statements
2011 annual audited financial statements2011 annual audited financial statements
2011 annual audited financial statements
 
Power is Everywhere
Power is EverywherePower is Everywhere
Power is Everywhere
 
How the Americas Change (ass. 4)
How the Americas Change (ass. 4)How the Americas Change (ass. 4)
How the Americas Change (ass. 4)
 
Government Publications and Research_What You Need to Know 2015 (7)
Government Publications and Research_What You Need to Know 2015 (7)Government Publications and Research_What You Need to Know 2015 (7)
Government Publications and Research_What You Need to Know 2015 (7)
 
Hist.141 (Little Ice Age)
Hist.141 (Little Ice Age)Hist.141 (Little Ice Age)
Hist.141 (Little Ice Age)
 
Nation Report: Brazil
Nation Report: BrazilNation Report: Brazil
Nation Report: Brazil
 
Senior Health Insurance_DVU_September 12 2013
Senior Health Insurance_DVU_September 12 2013Senior Health Insurance_DVU_September 12 2013
Senior Health Insurance_DVU_September 12 2013
 
Need for speed undercover
Need for speed undercoverNeed for speed undercover
Need for speed undercover
 
Urban Games to Make a Living
Urban Games to Make a LivingUrban Games to Make a Living
Urban Games to Make a Living
 
Stimulants Workshop
Stimulants WorkshopStimulants Workshop
Stimulants Workshop
 
Assignment 8 Article Sets
Assignment 8 Article SetsAssignment 8 Article Sets
Assignment 8 Article Sets
 
Day ın the Lıfe Template
Day ın the Lıfe TemplateDay ın the Lıfe Template
Day ın the Lıfe Template
 
Metro lite guided tour2.0
Metro lite guided tour2.0Metro lite guided tour2.0
Metro lite guided tour2.0
 
Plan your Activity
Plan your ActivityPlan your Activity
Plan your Activity
 
European Alternatives London
European Alternatives LondonEuropean Alternatives London
European Alternatives London
 
Checkdesk @ IPI News Innovation Platform, London (Sep 13, 2013)
Checkdesk @ IPI News Innovation Platform, London (Sep 13, 2013)Checkdesk @ IPI News Innovation Platform, London (Sep 13, 2013)
Checkdesk @ IPI News Innovation Platform, London (Sep 13, 2013)
 
2011 AGM Circular
2011 AGM Circular2011 AGM Circular
2011 AGM Circular
 

More from AltheimPrivacy

Security and Privacy in Deals (altheim & mahajan)(6-3 -2015)
Security and Privacy in Deals (altheim & mahajan)(6-3 -2015)Security and Privacy in Deals (altheim & mahajan)(6-3 -2015)
Security and Privacy in Deals (altheim & mahajan)(6-3 -2015)AltheimPrivacy
 
NYCLA Privacy CLE_october_1_2014_presentation
NYCLA Privacy CLE_october_1_2014_presentationNYCLA Privacy CLE_october_1_2014_presentation
NYCLA Privacy CLE_october_1_2014_presentationAltheimPrivacy
 
Ripped from the Headlines: Cautionary Tales from the Annals of Data Privacy
Ripped from the Headlines: Cautionary Tales from the Annals of Data PrivacyRipped from the Headlines: Cautionary Tales from the Annals of Data Privacy
Ripped from the Headlines: Cautionary Tales from the Annals of Data PrivacyAltheimPrivacy
 
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...AltheimPrivacy
 
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...AltheimPrivacy
 
How to Hide Your Page "Likes" from Facebook Graph Search and Social Ads
How to Hide Your Page "Likes" from Facebook Graph Search and Social AdsHow to Hide Your Page "Likes" from Facebook Graph Search and Social Ads
How to Hide Your Page "Likes" from Facebook Graph Search and Social AdsAltheimPrivacy
 
Bridging U.S. Cross-Border Ediscovery Obligations and EU Data Protection Obli...
Bridging U.S. Cross-Border Ediscovery Obligations and EU Data Protection Obli...Bridging U.S. Cross-Border Ediscovery Obligations and EU Data Protection Obli...
Bridging U.S. Cross-Border Ediscovery Obligations and EU Data Protection Obli...AltheimPrivacy
 
Threats to Privacy in the Management of Data Stored in Computer Systems by Gu...
Threats to Privacy in the Management of Data Stored in Computer Systems by Gu...Threats to Privacy in the Management of Data Stored in Computer Systems by Gu...
Threats to Privacy in the Management of Data Stored in Computer Systems by Gu...AltheimPrivacy
 
Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)AltheimPrivacy
 
Three Easy Steps To Basic Privacy/Security on Facebook
Three Easy Steps To Basic Privacy/Security on FacebookThree Easy Steps To Basic Privacy/Security on Facebook
Three Easy Steps To Basic Privacy/Security on FacebookAltheimPrivacy
 
Cross Border Ediscovery vs. EU Data Protection at LegalTech West Coast
Cross Border Ediscovery vs. EU Data Protection at LegalTech West Coast Cross Border Ediscovery vs. EU Data Protection at LegalTech West Coast
Cross Border Ediscovery vs. EU Data Protection at LegalTech West CoastAltheimPrivacy
 
Facebook New Changes 2011
Facebook New Changes 2011Facebook New Changes 2011
Facebook New Changes 2011AltheimPrivacy
 

More from AltheimPrivacy (12)

Security and Privacy in Deals (altheim & mahajan)(6-3 -2015)
Security and Privacy in Deals (altheim & mahajan)(6-3 -2015)Security and Privacy in Deals (altheim & mahajan)(6-3 -2015)
Security and Privacy in Deals (altheim & mahajan)(6-3 -2015)
 
NYCLA Privacy CLE_october_1_2014_presentation
NYCLA Privacy CLE_october_1_2014_presentationNYCLA Privacy CLE_october_1_2014_presentation
NYCLA Privacy CLE_october_1_2014_presentation
 
Ripped from the Headlines: Cautionary Tales from the Annals of Data Privacy
Ripped from the Headlines: Cautionary Tales from the Annals of Data PrivacyRipped from the Headlines: Cautionary Tales from the Annals of Data Privacy
Ripped from the Headlines: Cautionary Tales from the Annals of Data Privacy
 
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...
 
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
 
How to Hide Your Page "Likes" from Facebook Graph Search and Social Ads
How to Hide Your Page "Likes" from Facebook Graph Search and Social AdsHow to Hide Your Page "Likes" from Facebook Graph Search and Social Ads
How to Hide Your Page "Likes" from Facebook Graph Search and Social Ads
 
Bridging U.S. Cross-Border Ediscovery Obligations and EU Data Protection Obli...
Bridging U.S. Cross-Border Ediscovery Obligations and EU Data Protection Obli...Bridging U.S. Cross-Border Ediscovery Obligations and EU Data Protection Obli...
Bridging U.S. Cross-Border Ediscovery Obligations and EU Data Protection Obli...
 
Threats to Privacy in the Management of Data Stored in Computer Systems by Gu...
Threats to Privacy in the Management of Data Stored in Computer Systems by Gu...Threats to Privacy in the Management of Data Stored in Computer Systems by Gu...
Threats to Privacy in the Management of Data Stored in Computer Systems by Gu...
 
Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)
 
Three Easy Steps To Basic Privacy/Security on Facebook
Three Easy Steps To Basic Privacy/Security on FacebookThree Easy Steps To Basic Privacy/Security on Facebook
Three Easy Steps To Basic Privacy/Security on Facebook
 
Cross Border Ediscovery vs. EU Data Protection at LegalTech West Coast
Cross Border Ediscovery vs. EU Data Protection at LegalTech West Coast Cross Border Ediscovery vs. EU Data Protection at LegalTech West Coast
Cross Border Ediscovery vs. EU Data Protection at LegalTech West Coast
 
Facebook New Changes 2011
Facebook New Changes 2011Facebook New Changes 2011
Facebook New Changes 2011
 

Recently uploaded

Solution Manual for Financial Accounting, 11th Edition by Robert Libby, Patri...
Solution Manual for Financial Accounting, 11th Edition by Robert Libby, Patri...Solution Manual for Financial Accounting, 11th Edition by Robert Libby, Patri...
Solution Manual for Financial Accounting, 11th Edition by Robert Libby, Patri...ssifa0344
 
Call Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance Bookingroncy bisnoi
 
Solution Manual for Principles of Corporate Finance 14th Edition by Richard B...
Solution Manual for Principles of Corporate Finance 14th Edition by Richard B...Solution Manual for Principles of Corporate Finance 14th Edition by Richard B...
Solution Manual for Principles of Corporate Finance 14th Edition by Richard B...ssifa0344
 
06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf
06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf
06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdfFinTech Belgium
 
Booking open Available Pune Call Girls Talegaon Dabhade 6297143586 Call Hot ...
Booking open Available Pune Call Girls Talegaon Dabhade 6297143586 Call Hot ...Booking open Available Pune Call Girls Talegaon Dabhade 6297143586 Call Hot ...
Booking open Available Pune Call Girls Talegaon Dabhade 6297143586 Call Hot ...Call Girls in Nagpur High Profile
 
Vip Call US 📞 7738631006 ✅Call Girls In Sakinaka ( Mumbai )
Vip Call US 📞 7738631006 ✅Call Girls In Sakinaka ( Mumbai )Vip Call US 📞 7738631006 ✅Call Girls In Sakinaka ( Mumbai )
Vip Call US 📞 7738631006 ✅Call Girls In Sakinaka ( Mumbai )Pooja Nehwal
 
The Economic History of the U.S. Lecture 19.pdf
The Economic History of the U.S. Lecture 19.pdfThe Economic History of the U.S. Lecture 19.pdf
The Economic History of the U.S. Lecture 19.pdfGale Pooley
 
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...Call Girls in Nagpur High Profile
 
Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...
Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...
Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...Pooja Nehwal
 
TEST BANK For Corporate Finance, 13th Edition By Stephen Ross, Randolph Weste...
TEST BANK For Corporate Finance, 13th Edition By Stephen Ross, Randolph Weste...TEST BANK For Corporate Finance, 13th Edition By Stephen Ross, Randolph Weste...
TEST BANK For Corporate Finance, 13th Edition By Stephen Ross, Randolph Weste...ssifa0344
 
05_Annelore Lenoir_Docbyte_MeetupDora&Cybersecurity.pptx
05_Annelore Lenoir_Docbyte_MeetupDora&Cybersecurity.pptx05_Annelore Lenoir_Docbyte_MeetupDora&Cybersecurity.pptx
05_Annelore Lenoir_Docbyte_MeetupDora&Cybersecurity.pptxFinTech Belgium
 
03_Emmanuel Ndiaye_Degroof Petercam.pptx
03_Emmanuel Ndiaye_Degroof Petercam.pptx03_Emmanuel Ndiaye_Degroof Petercam.pptx
03_Emmanuel Ndiaye_Degroof Petercam.pptxFinTech Belgium
 
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service Nashik
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service NashikHigh Class Call Girls Nashik Maya 7001305949 Independent Escort Service Nashik
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
Pooja 9892124323 : Call Girl in Juhu Escorts Service Free Home Delivery
Pooja 9892124323 : Call Girl in Juhu Escorts Service Free Home DeliveryPooja 9892124323 : Call Girl in Juhu Escorts Service Free Home Delivery
Pooja 9892124323 : Call Girl in Juhu Escorts Service Free Home DeliveryPooja Nehwal
 
Log your LOA pain with Pension Lab's brilliant campaign
Log your LOA pain with Pension Lab's brilliant campaignLog your LOA pain with Pension Lab's brilliant campaign
Log your LOA pain with Pension Lab's brilliant campaignHenry Tapper
 

Recently uploaded (20)

Solution Manual for Financial Accounting, 11th Edition by Robert Libby, Patri...
Solution Manual for Financial Accounting, 11th Edition by Robert Libby, Patri...Solution Manual for Financial Accounting, 11th Edition by Robert Libby, Patri...
Solution Manual for Financial Accounting, 11th Edition by Robert Libby, Patri...
 
(Vedika) Low Rate Call Girls in Pune Call Now 8250077686 Pune Escorts 24x7
(Vedika) Low Rate Call Girls in Pune Call Now 8250077686 Pune Escorts 24x7(Vedika) Low Rate Call Girls in Pune Call Now 8250077686 Pune Escorts 24x7
(Vedika) Low Rate Call Girls in Pune Call Now 8250077686 Pune Escorts 24x7
 
Call Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Koregaon Park Call Me 7737669865 Budget Friendly No Advance Booking
 
Solution Manual for Principles of Corporate Finance 14th Edition by Richard B...
Solution Manual for Principles of Corporate Finance 14th Edition by Richard B...Solution Manual for Principles of Corporate Finance 14th Edition by Richard B...
Solution Manual for Principles of Corporate Finance 14th Edition by Richard B...
 
VIP Call Girl in Mira Road 💧 9920725232 ( Call Me ) Get A New Crush Everyday ...
VIP Call Girl in Mira Road 💧 9920725232 ( Call Me ) Get A New Crush Everyday ...VIP Call Girl in Mira Road 💧 9920725232 ( Call Me ) Get A New Crush Everyday ...
VIP Call Girl in Mira Road 💧 9920725232 ( Call Me ) Get A New Crush Everyday ...
 
06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf
06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf
06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf
 
Booking open Available Pune Call Girls Talegaon Dabhade 6297143586 Call Hot ...
Booking open Available Pune Call Girls Talegaon Dabhade 6297143586 Call Hot ...Booking open Available Pune Call Girls Talegaon Dabhade 6297143586 Call Hot ...
Booking open Available Pune Call Girls Talegaon Dabhade 6297143586 Call Hot ...
 
Vip Call US 📞 7738631006 ✅Call Girls In Sakinaka ( Mumbai )
Vip Call US 📞 7738631006 ✅Call Girls In Sakinaka ( Mumbai )Vip Call US 📞 7738631006 ✅Call Girls In Sakinaka ( Mumbai )
Vip Call US 📞 7738631006 ✅Call Girls In Sakinaka ( Mumbai )
 
The Economic History of the U.S. Lecture 19.pdf
The Economic History of the U.S. Lecture 19.pdfThe Economic History of the U.S. Lecture 19.pdf
The Economic History of the U.S. Lecture 19.pdf
 
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Shivane 6297143586 Call Hot Indian Gi...
 
Veritas Interim Report 1 January–31 March 2024
Veritas Interim Report 1 January–31 March 2024Veritas Interim Report 1 January–31 March 2024
Veritas Interim Report 1 January–31 March 2024
 
Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...
Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...
Dharavi Russian callg Girls, { 09892124323 } || Call Girl In Mumbai ...
 
TEST BANK For Corporate Finance, 13th Edition By Stephen Ross, Randolph Weste...
TEST BANK For Corporate Finance, 13th Edition By Stephen Ross, Randolph Weste...TEST BANK For Corporate Finance, 13th Edition By Stephen Ross, Randolph Weste...
TEST BANK For Corporate Finance, 13th Edition By Stephen Ross, Randolph Weste...
 
05_Annelore Lenoir_Docbyte_MeetupDora&Cybersecurity.pptx
05_Annelore Lenoir_Docbyte_MeetupDora&Cybersecurity.pptx05_Annelore Lenoir_Docbyte_MeetupDora&Cybersecurity.pptx
05_Annelore Lenoir_Docbyte_MeetupDora&Cybersecurity.pptx
 
03_Emmanuel Ndiaye_Degroof Petercam.pptx
03_Emmanuel Ndiaye_Degroof Petercam.pptx03_Emmanuel Ndiaye_Degroof Petercam.pptx
03_Emmanuel Ndiaye_Degroof Petercam.pptx
 
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service Nashik
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service NashikHigh Class Call Girls Nashik Maya 7001305949 Independent Escort Service Nashik
High Class Call Girls Nashik Maya 7001305949 Independent Escort Service Nashik
 
VIP Independent Call Girls in Bandra West 🌹 9920725232 ( Call Me ) Mumbai Esc...
VIP Independent Call Girls in Bandra West 🌹 9920725232 ( Call Me ) Mumbai Esc...VIP Independent Call Girls in Bandra West 🌹 9920725232 ( Call Me ) Mumbai Esc...
VIP Independent Call Girls in Bandra West 🌹 9920725232 ( Call Me ) Mumbai Esc...
 
Pooja 9892124323 : Call Girl in Juhu Escorts Service Free Home Delivery
Pooja 9892124323 : Call Girl in Juhu Escorts Service Free Home DeliveryPooja 9892124323 : Call Girl in Juhu Escorts Service Free Home Delivery
Pooja 9892124323 : Call Girl in Juhu Escorts Service Free Home Delivery
 
Log your LOA pain with Pension Lab's brilliant campaign
Log your LOA pain with Pension Lab's brilliant campaignLog your LOA pain with Pension Lab's brilliant campaign
Log your LOA pain with Pension Lab's brilliant campaign
 
(INDIRA) Call Girl Mumbai Call Now 8250077686 Mumbai Escorts 24x7
(INDIRA) Call Girl Mumbai Call Now 8250077686 Mumbai Escorts 24x7(INDIRA) Call Girl Mumbai Call Now 8250077686 Mumbai Escorts 24x7
(INDIRA) Call Girl Mumbai Call Now 8250077686 Mumbai Escorts 24x7
 

Swiss Re data_privacy_27_01_2016

  • 1. © 2016 IBM Corporation Monique Altheim Jayne Golding IBM Security Services January 29th, 2016 The Increasing Risk of Data Privacy On the Enterprise Swiss Re - Expert Forum on Cyber Risk
  • 2. © 2016 IBM Corporation  Data Privacy and Cyber Risk  Data Privacy must be a priority for your business  GDPR as a Risk Engine 2/9/2016 IBM Data Privacy Services Agenda 2
  • 3. © 2016 IBM Corporation Data Privacy and Cyber Risk 2/9/2016 IBM Data Privacy Services 3
  • 4. © 2016 IBM Corporation Cyber Risk 2/9/2016 IBM Data Privacy Services Data Security Data Privacy Scope Crown Jewels (Business Sensitive Data, Personal Data) Personal Data Objective Guaranteeing Confidentiality, Integrity and Availability (C.I.A.) of the Organization’s Crown Jewels  ID Theft Prevention  Individual Control over Personal Data  Protection of Individual’s Reputation  Protection of Individual’s Freedoms Authority  International Industry Standards (eg. ISO/IEC 27001; ENISA; PCI DSS)  National Privacy Laws & Regulations – Personal data (eg. EU Data Protection Directive)  National Critical Infrastructure Legislation (eg. German IT Security Law 2015; NIS Directive)  National Laws and Regulations (eg. The Swiss Federal Data Protection Act)  National Constitutions (eg. Art 13 Swiss Federal Constitution)  Human Rights (eg. Art. 8, Charter of Fundamental Rights of the EU)  Best Practices (ex. ISO 27018; ISO 29100 ) 4
  • 5. © 2016 IBM Corporation Cyber Risk 2/9/2016 IBM Data Privacy Services Scope Data Security Business Sensitive Data Personal Data Data Privacy Personal Data 5
  • 6. © 2016 IBM Corporation Cyber Risk 2/9/2016 IBM Data Privacy Services Data Security Data Privacy Principles Organizational, Technical and Physical Controls; mostly as per Industry Standards: Some Examples:  Security Policy  Incidence Response Plan  IAM (Identity and Access Management)  SIEM (Security Information and Event Management)  Firewalls  Encryption  Locks, guards, video surveillance  Collection Minimization  Transparency  Notice, Choice, Consent  Purpose Specification  Use Limitation  Data Security  Access, Rectification and Erasure Rights of Data Subjects  Retention Periods  3rd Party Vendor Requirements  Cross-border Export Restrictions  Cross-border Access Restrictions  Data Breach Notification 6
  • 7. © 2016 IBM Corporation Data Privacy Security Other Privacy Principles Cyber Risk 2/9/2016 IBM Data Privacy Services Principles 7
  • 8. © 2016 IBM Corporation Mexico Federal Law on the Protection of Personal Data US Federal HIPAA, GLBA, COPPA, CAN- SPAM, Do Not Call, Safe Harbor Principles; Possible Cybersecurity Legislation, Student Privacy Legislation; California Requirements Argentina Personal Data Protection Act of 2000, Confidentiality of Information Law Chile Law for the Protection of Private Life South Africa The Protection of Personal Information Act 2013 (POPIA) Canada PIPEDA and Provincial Privacy Laws Switzerland Federal Act on Data Protection Dubai Data Protection Act 2007 United Kingdom UK Data Protection Act 1998 European Union EU Data Protection Directive. Imminent adoption of the General Data Protection Regulation (GDPR) Russia Federal Law of July 27tth 2006 No 152-FZ on personal data Australia Amended Privacy Act and Spam Act Japan Personal Information Protection Act (PIPA) South Korea Personal Information Protection Act 2011 (PIPA) India Information Technology Act of 2000 Philippines Data Privacy Act 2012 Comprehensive data protection law enacted Pending effort or obligation to enact law No comprehensive law Singapore Personal Data Protection Act 2012 (PDPA) China - New Data Protection Requirements HIPAA: Health Insurance Portability and Accountability Act GLBA: Gramm Leach Bliley Act COPPA: Children Online Privacy Protection Act CAN-SPAM: Controlling the Assault of Non- Solicited Pornography And Marketing Act Source: http://dlapiperdataprotection.com/#handbook/world-map-section/c1_SG Nearly 100 countries around the world have adopted data protection and privacy laws 2/9/2016 IBM Data Privacy Services Selected Comprehensive Data Protection/Privacy Laws and Bills as of 1/2016 8
  • 9. © 2016 IBM Corporation Cyber Coverage Overview 2/9/2016 IBM Data Privacy Services Security Breach - Non Privacy Privacy Breach - Security and Non-Security First Party Coverage  Forensic Investigation  Business Interruption  Data Loss/Destruction  Cyber extortion  Business Interruption  Data Loss/Destruction  Cyber extortion Privacy-Security Breach - Additional Coverage:  Data Breach Notification Costs  Credit Monitoring of Customers Third Party Coverage  Legal Defense  Settlements, Damages and Judgments  Legal Defense  Settlements, Damages and Judgments  Regulatory Fines and Penalties 9
  • 10. © 2016 IBM Corporation Data Privacy must be a priority for your business 2/9/2016 IBM Data Privacy Services 10
  • 11. © 2016 IBM Corporation 1. Increase in collection and storage of personal data (what you don’t have cannot be breached) - Big data & data analytics, Internet of Things - esp. IoT consumer products ex. Smart homes 2. Loss of control over data and devices - Outsourcing of processing of personal information to service providers (Cloud), BYOD 3. Globalization of the economy - Global personal data transfers 3. Increase in global privacy legislation eg. GDPR 4. Increase in cyber attacks 2/9/2016 IBM Data Privacy Services Recent trends that have increased privacy liability risk 11
  • 12. © 2016 IBM Corporation Netdiligence 2015 Cyber Claims Study Study of Cyber Insurance Claims as a result of data breaches that occurred between 2012 – 2015; (data set 160 cyber claims; numbers are “payouts-to-date”)  Personal data was the most frequently exposed data – 86% (includes PII, PHI, PCI)  Average claim per record: $964.31; Median claim per record: $13  Total Claims spent on:  Crisis Services: 78% – Forensics – Data breach notification – Credit/ID monitoring – Legal guidance – Public relations • Legal Defense: 8% • Legal Settlement: 9% • Regulatory Defense: 1% • Regulatory Fines: 1% • PCI Fines: 3% Numbers 2/9/2016 IBM Data Privacy Services Source: http://www.netdiligence.com/downloads/netdiligence_2015_cyber_claims_study_093015.pdf 12
  • 13. © 2016 IBM Corporation General Data Protection Regulation as a Risk Engine Is your enterprise prepared? 2/9/2016 IBM Data Privacy Services 13
  • 14. © 2016 IBM Corporation The new General Data Protection Regulation (GDPR) has arrived! 2/9/2016 IBM Data Privacy Services 14  New European Union General Data Protection text was finalized in December of 2015  New rules will be formally adopted in early 2016 and will be applicable in 2018 to any organization which operates in the EU market  GDPR will fundamentally change the way companies must manage their data The majority of companies are not ready for the new privacy requirements of the GDPR
  • 15. © 2016 IBM Corporation  Unlike the existing 1995 Data Protection Directive (95/46/EC), the Regulation will create a unified data protection law for all 28 European Countries. – It will also have international reach - applying to organizations that handle personal data of any EU resident (data subjects)  The objectives of the GDPR are twofold: – To enhance the level of personal data protection for EU residents – To modernize the law in line with existing and emerging technologies (e.g. social networks and cloud computing) and to clarify responsibility for the handling and storage of data, making it easier for organizations to comply and avoid fines. 2/9/2016 IBM Data Privacy Services 15 Key Aspects of the New General Data Protection Regulation Non-compliance could lead to regular and periodic audits and/or a fine of € 20 million or 4% of the company’s annual worldwide turnover, whichever is greater
  • 16. © 2016 IBM Corporation  Expansion of Applicability of EU Privacy Framework  Data Breach Notification Requirement  Privacy by Design, Privacy by Default  Privacy Impact Assessments  Data Privacy Officers  Expansion of Obligations of Data Processors  Major Increase of Fines 2/9/2016 IBM Data Privacy Services Major Changes 16
  • 17. © 2016 IBM Corporation  Understand your obligations – Become familiar with the proposed GDPR requirements and monitor its development  Know what data you have and where it is located – Conduct a data inventory and mapping initiative to assist in understanding and evaluating the operational and technological changes required for compliance  Appoint a Data Protection Officer – Create a structured privacy office and appoint, at minimum, a data protection officer (DPO) who has expert knowledge on data protection law  Review all privacy notices – Confirm all privacy notices are presented in clear and plain language and are transparent and easily accessible to data subjects.  Review customer consent and choice mechanisms – Ensure that the appropriate consent and choice mechanisms are in place and/or are updated to meet the express consent requirements and to easily facilitate customer choice (e.g. Right to Erasure, Portability) 2/9/2016 IBM Data Privacy Services GDPR Readiness – Understand your risk 17
  • 18. © 2016 IBM Corporation  Implement a Privacy By Design approach to new systems and services – Create a Privacy By Design framework to ensure that privacy requirements are embedded, by default and design, from the very outset of the development of new systems and services.  Document your privacy compliance activities – Adequately document all processing operations involving personal data through the use of Data Privacy Impact Assessments (DPIAs)  Implement and document appropriate security measures – Provide technical, physical and administrative security measures 'appropriate' to the risks identified by DPIAs  Create breach response and notification protocols – Implement data breach investigation, containment and response processes and procedures, and be sure to test their effectiveness  Develop audit capabilities and processes – Establish a robust audit plan and process to monitor ongoing compliance and to mitigate risk 2/9/2016 IBM Data Privacy Services GDPR Readiness – Mitigate your risk 18
  • 19. © 2016 IBM Corporation  Review all cross border data transfers – Confirm that you have a legitimate basis for transferring data to jurisdictions outside the EU that do not have adequate data protection regulations  Assess external contracts, both as a controller and/or as a processor – Determine whether contractual obligations need to be amended to reflect any changes in services and/or costs in in line with the enhanced responsibilities on controllers and processors  Train your employees – Create training programs to educate employees on their obligations when accessing or processing personal data.  Make sure the appropriate budgets are in place to support the changes – Prepare to invest in data protection 2/9/2016 IBM Data Privacy Services 19 GDPR Readiness – Mitigate your risk Be proactive! Build a robust, auditable, privacy compliance program to manage GDPR compliance and to reduce risk
  • 20. © 2016 IBM Corporation Questions? 2/9/2016 IBM Data Privacy Services 20
  • 21. © 2016 IBM Corporation2/9/2016 IBM Data Privacy Services IBM Data Privacy Services Contacts Monique Altheim Global Privacy Managing Consultant malthei@us.ibm.com 1-347-628-1479 Jayne Golding European Privacy Lead jgoldin1@uk.ibm.com +44 7584 202302 21
  • 22. Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products in connection with this publication and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. IBM does not warrant the quality of any third-party products, or the ability of any such third-party products to interoperate with IBM’s products. IBM EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. The provision of the information contained herein is not intended to, and does not, grant any right or license under any IBM patents, copyrights, trademarks or other intellectual property right. Other company, product, or service names may be trademarks or service marks of others. A current list of IBM trademarks is available at “Copyright and trademark information” www.ibm.com/legal/copytrade.shtml Copyright © 2016 by International Business Machines Corporation (IBM). No part of this document may be reproduced or transmitted in any form without written permission from IBM. U.S. Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM. Information in these presentations (including information relating to products that have not yet been announced by IBM) has been reviewed for accuracy as of the date of initial publication and could include unintentional technical or typographical errors. IBM shall have no responsibility to update this information. THIS document is distributed "AS IS" without any warranty, either express or implied. In no event shall IBM be liable for any damage arising from the use of this information, including but not limited to, loss of data, business interruption, loss of profit or loss of opportunity. IBM products and services are warranted according to the terms and conditions of the agreements under which they are provided. Any statements regarding IBM’s future direction, intent or product plans are subject to change or withdrawal without notice. Performance data contained herein was generally obtained in a controlled, isolated environments. Customer examples are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual performance, cost, savings or other results in other operating environments may vary. References in this document to IBM products, programs, or services does not imply that IBM intends to make such products, programs or services available in all countries in which IBM operates or does business. Workshops, sessions and associated materials may have been prepared by independent session speakers, and do not necessarily reflect the views of IBM. All materials and discussions are provided for informational purposes only, and are neither intended to, nor shall constitute legal or other guidance or advice to any individual participant or their specific situation. It is the customer’s responsibility to insure its own compliance with legal requirements and to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actions the customer may need to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer is in compliance with any law. Legal notices and disclaimers