Technology and Web 2.0 Across Institutions - Risk Mitigation
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Technology and Web 2.0 Across Institutions - Risk Mitigation

on

  • 696 views

This was a 50 minute presentation to college administrators.

This was a 50 minute presentation to college administrators.

Statistics

Views

Total Views
696
Views on SlideShare
644
Embed Views
52

Actions

Likes
0
Downloads
2
Comments
0

2 Embeds 52

http://allaboutinformation.ca 28
http://danmichaluk.wordpress.com 24

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Technology and Web 2.0 Across Institutions - Risk Mitigation Presentation Transcript

  • 1. Technology and Web 2.0 Across Institutions: Impact and Opportunities Risk Mitigation – The Legal Perspective Dan Michaluk February 2, 2010
  • 2. Outline
    • Data breaches
    • Individual use of the “consumer cloud”
    • Outsourcing risks
    • Violence, harassment and Web 2.0
  • 3. Data breaches
  • 4. Data breaches
  • 5. Data breaches
  • 6. Data breaches
    • Risk 1 – Breach of duty to secure
      • Comprehensive risk-based approach that includes an internal responsibility system
      • Be proactive - go after low-hanging fruit (USB keys, mobile devices, shredding practices)
      • Be proactive – engage in employee training
      • Be responsive - breach response that involves a documented root-cause analysis and remedial plan
  • 7. Data breaches
    • Risk 2 – Breach of duty to warn
      • Who makes the call about investigation? notification? mitigation offers?
      • Information must flow quickly to he/she who is accountable
      • That person will balance risk of harm versus need for information
  • 8. Individual use of the “consumer cloud”
    • Common scenarios?
      • Employee e-mails work home using free internet-based e-mail
      • Employee uses free internet based services to produce written work product
      • Instructor uses consumer service to create teaching environment
  • 9. Individual use of the “consumer cloud”
    • Risks
      • Loss of control over business information
      • Loss of control over regulated personal information
      • Loss of control over the educational environment, which has human rights compliance implications
  • 10. Individual use of the “consumer cloud”
    • Risk mitigation
      • Amend data security policy
      • Amend acceptable use policy
      • Demand that work is done on work computers with limited exceptions
      • Prohibit e-mailing work home with limited exceptions
      • Recognize remote computing investment as part of risk management
  • 11. Individual use of the “consumer cloud”
    • Risk mitigation
      • Or go with the flow by outsourcing to the “enterprise cloud”
  • 12. Outsourcing risks
    • Two related risks
      • Breach of duty to secure information
      • Breach of duty to control information
  • 13. Outsourcing risks
    • Risk mitigation
      • Build a good due diligence team and engage in due diligence
      • Enter a contract that controls the information
        • Your content versus their business record
        • Use and disclosure controls
        • Retention controls
      • And so on…. (see Alberta OIPC guide)
  • 14. Violence, harassment and Web 2.0
    • Duty to provide a safe and harassment free “college environment”
      • Civil and statutory duties
      • Web 2.0 can be a tool for intimidation and harassment
      • Web 2.0 raises boundary issues
  • 15. Violence, harassment and Web 2.0
    • Managing the risk of disturbing posts
      • A feature of Columbine, Dawson College and others
      • Threat assessment procedures are a key feature in managing the threat of violence
      • Be prepared to assess reports of postings
      • Look at postings in a threat inquiry
      • Duty to routinely monitor public writings of students is questionable
  • 16. Violence, harassment and Web 2.0
    • Managing the risk of negative posts
      • This is a code of conduct issue
      • Your scope clauses should no be based on physical boundaries
      • The line between permissible and non-permissible may be subtle
      • Is it harassment? Defamation? Intimidation?
      • Or is it news? Fair comment?
  • 17. Dan Michaluk
    • [email_address] (416) 864-7253 http://danmichaluk.wordpress.com
    • or LinkedIn
  • 18. Technology and Web 2.0 Across Institutions: Impact and Opportunities Risk Mitigation – The Legal Perspective Dan Michaluk February 2, 2010