SlideShare a Scribd company logo

Data Without Borders

Nair and Co.
Nair and Co.

With employees and customers in multiple countries, IT managers must answer to a web of privacy laws to keep international data legal.

TechnologyNews & Politics
1 of 3
Download to read offline
Data Without Borders Page 1 of 3 ( Sign In/Register for Account | Help ) United States Communities I am a... I want to... Secure Search Products and Services Solutions Downloads Store Support Training Partners About Oracle Technology Network About Profit Magazine Features Profit Magazine For More Information Features Oracle Governance, Risk, and Compliance Solutions Opinion Oracle Master Data Management Solutions Multimedia Gaining Customer Consent Partner News Close Oracle Magazine Archives Profit Magazine Archives Subscribe Write the Editors Data Without Borders With employees and customers in multiple countries, IT Submit an Article managers must answer to a web of privacy laws to keep Advertise international data legal. by Minda Zetlin, February 2012 A company that provides online wellness services landed a contract with a major company with offices in Spain, Germany, and France. It was the kind of sale every executive dreams of. But it came with some very big headaches, too. “Now they’ve got this problem where they have to abide by the privacy regulations in each of these three countries and register with the regulators there,” says Stuart Buglass, director of human capital consulting at Nair & Co., which advises companies on international expansion. The wellness company had walked right into one of the most challenging aspects of international business today: data and privacy laws across international borders. The challenges are considerable. Throughout the world, an evolving mosaic of privacy laws dictate how data must be handled. At issue is personally identifiable information (PII) that can be traced to an individual person (such as name, address, ID number, and job title). Most experts agree that the most-stringent data protection laws are found in the European Union (EU), where the Data Privacy Directive governs all PII use. In general, a company able to deal effectively with the provisions of the EU directive will likely be able to handle privacy laws in other jurisdictions as well. Although the provisions of the Data Privacy Directive hold across the EU, anyone collecting data on European residents must follow the laws of an individual’s country of residency as well—and those laws differ among EU member states. It might seem logical to find the strictest EU privacy laws and comply with those, but the laws are different enough to make that approach impractical. “You can’t have a broad sweep of standards that will satisfy all the different types of legislation,” Buglass says. “You have to actually identify where the data subjects are and which specific legislation applies to them.” Complex Relations One of the EU’s eight “enforceable principles” for privacy protection is that data must not be transferred to countries without adequate legal protection. But that raises the question of what constitutes a data transfer. From a privacy and security standpoint, it makes little difference whether an employee’s name is sent through a network and stored on a server in, say, Russia, or whether a hacker from Russia goes through that same network to view the data while it resides on a server in France. And indeed, the EU defines access to data as a form of transfer, for privacy purposes. While many experts recommend leaving European data in Europe, that strategy is not sufficient to ensure compliance with the law. And it can create unexpected challenges for Americans accustomed to different privacy rules. “Something as innocuous as a personnel directory that can be accessed by company staff outside of Europe can create a problem,” notes Lisa Sotto, head of the privacy and information management practice at Hunton & Williams, a law firm with expertise in intellectual property and international business. To make matters worse, international laws may conflict with each other, especially when it comes to keeping data. In general, European laws require companies to destroy PII as soon as its utility has expired. But in the United States, laws may dictate a different retention period. “If you’ve got a U.S.- based company dealing with data from another country, there may be a conflict,” says Jimma Elliott- Stevens, director of risk assurance services at PwC, a global professional services firm. Meanwhile, the list of nations with strict laws governing the use of PII is growing. In 2011, Costa Rica became the seventh Latin American country to regulate this data. India’s data privacy laws, amended in 2008, are strong enough to draw criticism from U.S. multinationals. But for nations outside the EU, stricter data privacy laws can be good for business. The European Commission has recognized a handful of countries with adequate data privacy protections—among http://www.oracle.com/us/corporate/profit/features/010312-data-1447091.html 2/3/2012
Data Without Borders Page 2 of 3 them Canada and Argentina. Data can be transferred to (or accessed from) countries with laws that offer similar protections to the EU directive. E-mail this page Printer View “It’s interesting to note that a lot of countries coming up with robust sets of legislation are those where there’s a lot of offshoring,” Buglass notes. “India’s privacy law is probably even more robust than that in the EU. It isn’t yet a trusted third country, but if India’s government can prove it can actually enforce these rules, it may be soon.” However, the chance of the U.S. gaining the status of a trusted third country are virtually nil. The American approach is to have different regulations apply in different industries (for instance, the healthcare industry is subject to the Health Insurance Portability and Accountability Act, more commonly known as HIPAA) and different states. “I think the U.S. would have to crumble and be rebuilt to change its entire sectoral approach to regulations,” Elliott-Stevens says. “The U.S. cares about data privacy, and we do have strict laws and regulatory bodies in place. But the way we deal with it is to find commonalities and start there. We negotiate and leverage relationships.” Crossing Borders So what are the options for U.S. companies with employees in countries with stricter privacy laws? One way is to keep all personal data within the country or jurisdiction where it is obtained and prevent any access from outside. Another would be to find a way to certify that data transferred outside the jurisdiction will adhere to local legal strictures. (See “Gaining Customer Consent.”) The first of these options may be the right choice for many multinational companies. Privacy laws do not prevent managers from accessing sales and performance data from outside a territory, as long as IT ensures that PII, such as a customer phone number or employee attendance history, isn’t involved. “Maintaining local management of data is the perfect solution,” Buglass says. “If you haven’t got the luxury of doing that, try to limit the data transfers to certain countries. The risk, obviously, is when you can’t keep track of the data—for instance, if you have a cloud server that jumps from country to country to take advantage of available storage.” Some companies are coping with this by setting up EU-only clouds, he adds. For managers who do need to transfer PII among jurisdictions, there are legal frameworks that make this possible. One is the Safe Harbor arrangement, in which U.S. companies certify that they will abide, for example, by the EU directive when handling PII from an EU country. However, since the EU is counting on the U.S. Federal Trade Commission (FTC) to enforce the Safe Harbor provisions, this option is only available to companies regulated by the FTC. Safe Harbor has been in place for more than a decade, and so far roughly 2,000 U.S. companies have signed on. A second, more difficult option is Binding Corporate Rules, a legal framework in which companies certify that they have put in place corporate rules protecting the privacy of PII. Though created as an alternative to Safe Harbor and model contracts (see below), Binding Corporate Rules is a difficult choice, Sotto says, because it requires getting specific approval for your rules from some individual countries. While many EU countries’ data protection authorities will recognize the blessing of another country’s authority, some EU countries will not. “It’s very hard to implement,” she says. A third solution is to use the model contracts provision of the EU privacy directive. In this case, a contract between European and non-European entities requires the non-European entity to protect the privacy of personal data, Sotto says. Since the European subsidiary of a multinational company is nearly always created as a separate legal entity, the two can sign a binding contract that fulfills the data transfer requirements of the EU privacy directive. “For these solutions, you need to understand the relevant data flows within your company,” Sotto says. “What you’re collecting, the use to which you’re putting the data, and who will have access to it. And ultimately, how and when you will dispose of it.” The Role of IT Inevitably, compliance with global data privacy laws falls to IT—but industry best practices can help. Know your data. Having a precise understanding of the data you have is an essential first step, according to Carolyn Holcomb, partner, risk assurance services, at PwC. “Think about every data element that could be used to identify an individual,” she says. “If you put them all together, there are somewhere in the neighborhood of 60 different elements that are common across the different privacy laws. Make a list of all those data points, and then do a data inventory. Find out exactly where the data resides and what countries it comes from.” Don’t take what you don’t need. “Another practical solution is not to collect the data,” Holcomb says. Of course every company collects some PII from customers and employees. But many have the mindset that the more data they can collect—especially from customers—the better. While that data can be useful for market research, it will make following international data laws much harder. Consider privacy when planning cloud implementations. Buglass notes that cloud providers often move data around among different hosting companies. To address this problem, some are providing EU -only cloud solutions. But that’s not the only option, he says. “If it’s a U.S.-based cloud company, it should be a Safe Harbor adherent, and it should certify that the data won’t go beyond U.S. shores. Yet another option is to bind the cloud vendor with a contract that requires it to treat PII in accordance with the EU directive. But remember that the company that first accepted the data is still legally responsible for what happens to it if the vendor fails to abide by the contract.” Manage international data in a GRC plan. “The same risk tools that help you from being fined for regulatory violations can also help you with the bottom line for reasons unrelated to compliance,” notes Sid Sinha, senior director of governance, risk, and compliance (GRC) product management at Oracle. The same solutions used for compliance with important regulations can also eliminate process errors like finding incorrect or duplicate payments. Oracle GRC applications aid compliance with international privacy laws, as well as U.S., local, and industry regulations and audit requirements. A great time to think about GRC is at the start of a major deployment or upgrade, Sinha adds. “If you’re implementing a new system and defining business processes, that is an ideal opportunity not only to minimize the long-term cost of compliance but to http://www.oracle.com/us/corporate/profit/features/010312-data-1447091.html 2/3/2012
Data Without Borders Page 3 of 3 proactively manage the risk of a global IT project. What we hear from many Oracle GRC customers is that they wish they had started sooner and incorporated GRC before they rolled their new system out.” Indeed, tackling international privacy laws in the context of an enterprise resource planning (ERP) system will make the process as painless as possible, says Michael Baccala, partner, risk assurance services, at PwC. “When I think about using technology to deal with these challenges, an ERP solution such as Oracle’s is much better than trying to do it with a legacy or homegrown system,” Baccala says. “Clients with older or unique systems struggle more, as [those systems] are typically not as well integrated with each other. With an ERP solution such as Oracle’s, you have more-consistent controls and more-global enforcement. And once you understand the legally required process, the technology is there to support it.” Minda Zetlin is coauthor of The Geek Gap: Why Business and Technology Professionals Don’t Understand Each Other and Why They Need Each Other to Survive (Prometheus Books, 2006). Subscribe About Oracle Careers Contact Us Site Maps Legal Notices Terms of Use Your Privacy Rights Oracle Mobile http://www.oracle.com/us/corporate/profit/features/010312-data-1447091.html 2/3/2012

Recommended

Taxonomy Management, Automatic Metadata Tagging & Auto Classification in Shar...
Taxonomy Management, Automatic Metadata Tagging & Auto Classification in Shar...Taxonomy Management, Automatic Metadata Tagging & Auto Classification in Shar...
Taxonomy Management, Automatic Metadata Tagging & Auto Classification in Shar...William LaPorte
 
Perspec sys knowledge_series__solving_privacy_residency_and_security
Perspec sys knowledge_series__solving_privacy_residency_and_securityPerspec sys knowledge_series__solving_privacy_residency_and_security
Perspec sys knowledge_series__solving_privacy_residency_and_securityAccenture
 
test
testtest
testWilliam LaPorte
 
2 7-2013-big data and e-discovery
2 7-2013-big data and e-discovery2 7-2013-big data and e-discovery
2 7-2013-big data and e-discoveryExterro
 
Data Sovereignty and the Cloud
Data Sovereignty and the CloudData Sovereignty and the Cloud
Data Sovereignty and the CloudIESL - The Institution of Engineers, Sri Lanka
 
Meeting the challenges of big data
Meeting the challenges of big dataMeeting the challenges of big data
Meeting the challenges of big dataAntoine Vigneron
 
TITUS Metadata Security for SharePoint - Moray Council Case Study
TITUS Metadata Security for SharePoint - Moray Council Case StudyTITUS Metadata Security for SharePoint - Moray Council Case Study
TITUS Metadata Security for SharePoint - Moray Council Case StudyClever Consulting
 
Storage Made Easy solution to fragmented data
Storage Made Easy solution to fragmented dataStorage Made Easy solution to fragmented data
Storage Made Easy solution to fragmented dataHybrid Cloud
 

Recommended

Taxonomy Management, Automatic Metadata Tagging & Auto Classification in Shar...
Taxonomy Management, Automatic Metadata Tagging & Auto Classification in Shar...Taxonomy Management, Automatic Metadata Tagging & Auto Classification in Shar...
Taxonomy Management, Automatic Metadata Tagging & Auto Classification in Shar...William LaPorte
 
Perspec sys knowledge_series__solving_privacy_residency_and_security
Perspec sys knowledge_series__solving_privacy_residency_and_securityPerspec sys knowledge_series__solving_privacy_residency_and_security
Perspec sys knowledge_series__solving_privacy_residency_and_securityAccenture
 
test
testtest
testWilliam LaPorte
 
2 7-2013-big data and e-discovery
2 7-2013-big data and e-discovery2 7-2013-big data and e-discovery
2 7-2013-big data and e-discoveryExterro
 
Data Sovereignty and the Cloud
Data Sovereignty and the CloudData Sovereignty and the Cloud
Data Sovereignty and the CloudIESL - The Institution of Engineers, Sri Lanka
 
Meeting the challenges of big data
Meeting the challenges of big dataMeeting the challenges of big data
Meeting the challenges of big dataAntoine Vigneron
 
TITUS Metadata Security for SharePoint - Moray Council Case Study
TITUS Metadata Security for SharePoint - Moray Council Case StudyTITUS Metadata Security for SharePoint - Moray Council Case Study
TITUS Metadata Security for SharePoint - Moray Council Case StudyClever Consulting
 
Storage Made Easy solution to fragmented data
Storage Made Easy solution to fragmented dataStorage Made Easy solution to fragmented data
Storage Made Easy solution to fragmented dataHybrid Cloud
 
Data protection guide
Data protection guideData protection guide
Data protection guidepetertran
 
GDPR: Time to Act
GDPR: Time to ActGDPR: Time to Act
GDPR: Time to ActCathy Gilmartin
 
The Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To ConsiderThe Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To ConsiderSymantec
 
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...Symantec
 
Microsoft Azure and the EU GDPR
Microsoft Azure and the EU GDPRMicrosoft Azure and the EU GDPR
Microsoft Azure and the EU GDPRMiguel Mello
 
Electronic data & record management
Electronic data & record managementElectronic data & record management
Electronic data & record managementGreenLeafInst
 
The Effective eDocument Retention Program - Policies, Processes and Solutions
The Effective eDocument Retention Program - Policies, Processes and SolutionsThe Effective eDocument Retention Program - Policies, Processes and Solutions
The Effective eDocument Retention Program - Policies, Processes and SolutionsLedjit
 
Frukostseminarium om molntjänster
Frukostseminarium om molntjänsterFrukostseminarium om molntjänster
Frukostseminarium om molntjänsterTranscendent Group
 
Cloud
CloudCloud
Cloudalberto0
 
Www.ico.org.uk ~ media_documents_library_data_protection_practical_applicatio...
Www.ico.org.uk ~ media_documents_library_data_protection_practical_applicatio...Www.ico.org.uk ~ media_documents_library_data_protection_practical_applicatio...
Www.ico.org.uk ~ media_documents_library_data_protection_practical_applicatio...Victor Gridnev
 
Data Protection Magazine
Data Protection Magazine Data Protection Magazine
Data Protection Magazine teresadepiano
 
GDPR and Analytics
GDPR and AnalyticsGDPR and Analytics
GDPR and Analyticsbrunomase
 
Is There Sun Behind Those Clouds
Is There Sun Behind Those CloudsIs There Sun Behind Those Clouds
Is There Sun Behind Those CloudsJanine Anthony Bowen, Esq.
 
C:\Fakepath\Cloud Computing Mitigating Risk Fmb 0110
C:\Fakepath\Cloud Computing Mitigating Risk Fmb 0110C:\Fakepath\Cloud Computing Mitigating Risk Fmb 0110
C:\Fakepath\Cloud Computing Mitigating Risk Fmb 0110guestd7fc9c
 
Data goverance two_8.2.18 - copy
Data goverance two_8.2.18 - copyData goverance two_8.2.18 - copy
Data goverance two_8.2.18 - copySandra (Sandy) Dunn
 
GDPR & digital strategy
GDPR & digital strategyGDPR & digital strategy
GDPR & digital strategyProf. Jacques Folon (Ph.D)
 
Protecting Data Privacy Beyond the Trusted System of Record
Protecting Data Privacy Beyond the Trusted System of RecordProtecting Data Privacy Beyond the Trusted System of Record
Protecting Data Privacy Beyond the Trusted System of RecordCor Ranzijn
 
earlegal #8 - Données à caractère personnel, anonymisation/pseudonymisation ?
earlegal #8 - Données à caractère personnel, anonymisation/pseudonymisation ?earlegal #8 - Données à caractère personnel, anonymisation/pseudonymisation ?
earlegal #8 - Données à caractère personnel, anonymisation/pseudonymisation ?Lexing - Belgium
 
Understanding Minimizing And Mitigating Risk In Cloud Computing
Understanding Minimizing And Mitigating Risk In Cloud ComputingUnderstanding Minimizing And Mitigating Risk In Cloud Computing
Understanding Minimizing And Mitigating Risk In Cloud ComputingJanine Anthony Bowen, Esq.
 
88 privacy breaches (sample book) 15 apr
88 privacy breaches (sample book) 15 apr88 privacy breaches (sample book) 15 apr
88 privacy breaches (sample book) 15 aprStraits Interactive
 
Opteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix LLC
 
Big Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPRBig Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPRMatt Stubbs
 

More Related Content

What's hot

Data protection guide
Data protection guideData protection guide
Data protection guidepetertran
 
The Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To ConsiderThe Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To ConsiderSymantec
 
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...Symantec
 
Microsoft Azure and the EU GDPR
Microsoft Azure and the EU GDPRMicrosoft Azure and the EU GDPR
Microsoft Azure and the EU GDPRMiguel Mello
 
Electronic data & record management
Electronic data & record managementElectronic data & record management
Electronic data & record managementGreenLeafInst
 
The Effective eDocument Retention Program - Policies, Processes and Solutions
The Effective eDocument Retention Program - Policies, Processes and SolutionsThe Effective eDocument Retention Program - Policies, Processes and Solutions
The Effective eDocument Retention Program - Policies, Processes and SolutionsLedjit
 
Frukostseminarium om molntjänster
Frukostseminarium om molntjänsterFrukostseminarium om molntjänster
Frukostseminarium om molntjänsterTranscendent Group
 
Www.ico.org.uk ~ media_documents_library_data_protection_practical_applicatio...
Www.ico.org.uk ~ media_documents_library_data_protection_practical_applicatio...Www.ico.org.uk ~ media_documents_library_data_protection_practical_applicatio...
Www.ico.org.uk ~ media_documents_library_data_protection_practical_applicatio...Victor Gridnev
 
Data Protection Magazine
Data Protection Magazine Data Protection Magazine
Data Protection Magazine teresadepiano
 
GDPR and Analytics
GDPR and AnalyticsGDPR and Analytics
GDPR and Analyticsbrunomase
 
C:\Fakepath\Cloud Computing Mitigating Risk Fmb 0110
C:\Fakepath\Cloud Computing Mitigating Risk Fmb 0110C:\Fakepath\Cloud Computing Mitigating Risk Fmb 0110
C:\Fakepath\Cloud Computing Mitigating Risk Fmb 0110guestd7fc9c
 
Data goverance two_8.2.18 - copy
Data goverance two_8.2.18 - copyData goverance two_8.2.18 - copy
Data goverance two_8.2.18 - copySandra (Sandy) Dunn
 
Protecting Data Privacy Beyond the Trusted System of Record
Protecting Data Privacy Beyond the Trusted System of RecordProtecting Data Privacy Beyond the Trusted System of Record
Protecting Data Privacy Beyond the Trusted System of RecordCor Ranzijn
 
earlegal #8 - Données à caractère personnel, anonymisation/pseudonymisation ?
earlegal #8 - Données à caractère personnel, anonymisation/pseudonymisation ?earlegal #8 - Données à caractère personnel, anonymisation/pseudonymisation ?
earlegal #8 - Données à caractère personnel, anonymisation/pseudonymisation ?Lexing - Belgium
 
Understanding Minimizing And Mitigating Risk In Cloud Computing
Understanding Minimizing And Mitigating Risk In Cloud ComputingUnderstanding Minimizing And Mitigating Risk In Cloud Computing
Understanding Minimizing And Mitigating Risk In Cloud ComputingJanine Anthony Bowen, Esq.
 
88 privacy breaches (sample book) 15 apr
88 privacy breaches (sample book) 15 apr88 privacy breaches (sample book) 15 apr
88 privacy breaches (sample book) 15 aprStraits Interactive
 

What's hot (20)

Data protection guide
Data protection guideData protection guide
Data protection guide
 
GDPR: Time to Act
GDPR: Time to ActGDPR: Time to Act
GDPR: Time to Act
 
The Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To ConsiderThe Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To Consider
 
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
 
Microsoft Azure and the EU GDPR
Microsoft Azure and the EU GDPRMicrosoft Azure and the EU GDPR
Microsoft Azure and the EU GDPR
 
Electronic data & record management
Electronic data & record managementElectronic data & record management
Electronic data & record management
 
The Effective eDocument Retention Program - Policies, Processes and Solutions
The Effective eDocument Retention Program - Policies, Processes and SolutionsThe Effective eDocument Retention Program - Policies, Processes and Solutions
The Effective eDocument Retention Program - Policies, Processes and Solutions
 
Frukostseminarium om molntjänster
Frukostseminarium om molntjänsterFrukostseminarium om molntjänster
Frukostseminarium om molntjänster
 
Cloud
CloudCloud
Cloud
 
Www.ico.org.uk ~ media_documents_library_data_protection_practical_applicatio...
Www.ico.org.uk ~ media_documents_library_data_protection_practical_applicatio...Www.ico.org.uk ~ media_documents_library_data_protection_practical_applicatio...
Www.ico.org.uk ~ media_documents_library_data_protection_practical_applicatio...
 
Data Protection Magazine
Data Protection Magazine Data Protection Magazine
Data Protection Magazine
 
GDPR and Analytics
GDPR and AnalyticsGDPR and Analytics
GDPR and Analytics
 
Is There Sun Behind Those Clouds
Is There Sun Behind Those CloudsIs There Sun Behind Those Clouds
Is There Sun Behind Those Clouds
 
C:\Fakepath\Cloud Computing Mitigating Risk Fmb 0110
C:\Fakepath\Cloud Computing Mitigating Risk Fmb 0110C:\Fakepath\Cloud Computing Mitigating Risk Fmb 0110
C:\Fakepath\Cloud Computing Mitigating Risk Fmb 0110
 
Data goverance two_8.2.18 - copy
Data goverance two_8.2.18 - copyData goverance two_8.2.18 - copy
Data goverance two_8.2.18 - copy
 
GDPR & digital strategy
GDPR & digital strategyGDPR & digital strategy
GDPR & digital strategy
 
Protecting Data Privacy Beyond the Trusted System of Record
Protecting Data Privacy Beyond the Trusted System of RecordProtecting Data Privacy Beyond the Trusted System of Record
Protecting Data Privacy Beyond the Trusted System of Record
 
earlegal #8 - Données à caractère personnel, anonymisation/pseudonymisation ?
earlegal #8 - Données à caractère personnel, anonymisation/pseudonymisation ?earlegal #8 - Données à caractère personnel, anonymisation/pseudonymisation ?
earlegal #8 - Données à caractère personnel, anonymisation/pseudonymisation ?
 
Understanding Minimizing And Mitigating Risk In Cloud Computing
Understanding Minimizing And Mitigating Risk In Cloud ComputingUnderstanding Minimizing And Mitigating Risk In Cloud Computing
Understanding Minimizing And Mitigating Risk In Cloud Computing
 
88 privacy breaches (sample book) 15 apr
88 privacy breaches (sample book) 15 apr88 privacy breaches (sample book) 15 apr
88 privacy breaches (sample book) 15 apr
 

Similar to Data Without Borders

Opteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix LLC
 
Big Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPRBig Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPRMatt Stubbs
 
What will be the Impact of GDPR Compliance in EU & UK?
What will be the Impact of GDPR Compliance in EU & UK?What will be the Impact of GDPR Compliance in EU & UK?
What will be the Impact of GDPR Compliance in EU & UK?Cigniti Technologies Ltd
 
Big data security
Big data securityBig data security
Big data securityAnne ndolo
 
Big data security
Big data securityBig data security
Big data securityAnne ndolo
 
Beyond GDPR Compliance - Role of Internal Audit
Beyond GDPR Compliance - Role of Internal AuditBeyond GDPR Compliance - Role of Internal Audit
Beyond GDPR Compliance - Role of Internal AuditOmo Osagiede
 
General Data Protection Regulation (GDPR) Implications for Canadian Firms
General Data Protection Regulation (GDPR) Implications for Canadian FirmsGeneral Data Protection Regulation (GDPR) Implications for Canadian Firms
General Data Protection Regulation (GDPR) Implications for Canadian Firmsaccenture
 
The EU General Protection Regulation and how Oracle can help
The EU General Protection Regulation and how Oracle can help The EU General Protection Regulation and how Oracle can help
The EU General Protection Regulation and how Oracle can help Niklas Hjorthen
 
Governing the Chaos
Governing the ChaosGoverning the Chaos
Governing the ChaosJohn Hansen
 
5 key steps for SMBs for reaching GDPR Compliance
5 key steps for SMBs for reaching GDPR Compliance5 key steps for SMBs for reaching GDPR Compliance
5 key steps for SMBs for reaching GDPR ComplianceGabor Farkas
 
Top 10 GDPR solution providers 2020
Top 10 GDPR solution providers 2020Top 10 GDPR solution providers 2020
Top 10 GDPR solution providers 2020TheCEOViews
 
Top gdpr assessment tools
Top gdpr assessment toolsTop gdpr assessment tools
Top gdpr assessment toolsRajivarnan R
 
ISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniquesISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniquesUlf Mattsson
 
Quick Start Guide to IT Security for Businesses
Quick Start Guide to IT Security for BusinessesQuick Start Guide to IT Security for Businesses
Quick Start Guide to IT Security for BusinessesCompTIA
 
How Cloudera SDX can aid GDPR compliance
How Cloudera SDX can aid GDPR complianceHow Cloudera SDX can aid GDPR compliance
How Cloudera SDX can aid GDPR complianceCloudera, Inc.
 
How Cloudera SDX can aid GDPR compliance 6.21.18
How Cloudera SDX can aid GDPR compliance 6.21.18How Cloudera SDX can aid GDPR compliance 6.21.18
How Cloudera SDX can aid GDPR compliance 6.21.18Cloudera, Inc.
 

Similar to Data Without Borders (20)

Opteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdf
 
Big Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPRBig Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPR
 
What will be the Impact of GDPR Compliance in EU & UK?
What will be the Impact of GDPR Compliance in EU & UK?What will be the Impact of GDPR Compliance in EU & UK?
What will be the Impact of GDPR Compliance in EU & UK?
 
Big data security
Big data securityBig data security
Big data security
 
Big data security
Big data securityBig data security
Big data security
 
Encrypt-Everything-eB.pdf
Encrypt-Everything-eB.pdfEncrypt-Everything-eB.pdf
Encrypt-Everything-eB.pdf
 
Wp security-data-safe
Wp security-data-safeWp security-data-safe
Wp security-data-safe
 
Beyond GDPR Compliance - Role of Internal Audit
Beyond GDPR Compliance - Role of Internal AuditBeyond GDPR Compliance - Role of Internal Audit
Beyond GDPR Compliance - Role of Internal Audit
 
Ai in compliance
Ai in compliance Ai in compliance
Ai in compliance
 
Data security and privacy
Data security and privacyData security and privacy
Data security and privacy
 
General Data Protection Regulation (GDPR) Implications for Canadian Firms
General Data Protection Regulation (GDPR) Implications for Canadian FirmsGeneral Data Protection Regulation (GDPR) Implications for Canadian Firms
General Data Protection Regulation (GDPR) Implications for Canadian Firms
 
The EU General Protection Regulation and how Oracle can help
The EU General Protection Regulation and how Oracle can help The EU General Protection Regulation and how Oracle can help
The EU General Protection Regulation and how Oracle can help
 
Governing the Chaos
Governing the ChaosGoverning the Chaos
Governing the Chaos
 
5 key steps for SMBs for reaching GDPR Compliance
5 key steps for SMBs for reaching GDPR Compliance5 key steps for SMBs for reaching GDPR Compliance
5 key steps for SMBs for reaching GDPR Compliance
 
Top 10 GDPR solution providers 2020
Top 10 GDPR solution providers 2020Top 10 GDPR solution providers 2020
Top 10 GDPR solution providers 2020
 
Top gdpr assessment tools
Top gdpr assessment toolsTop gdpr assessment tools
Top gdpr assessment tools
 
ISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniquesISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniques
 
Quick Start Guide to IT Security for Businesses
Quick Start Guide to IT Security for BusinessesQuick Start Guide to IT Security for Businesses
Quick Start Guide to IT Security for Businesses
 
How Cloudera SDX can aid GDPR compliance
How Cloudera SDX can aid GDPR complianceHow Cloudera SDX can aid GDPR compliance
How Cloudera SDX can aid GDPR compliance
 
How Cloudera SDX can aid GDPR compliance 6.21.18
How Cloudera SDX can aid GDPR compliance 6.21.18How Cloudera SDX can aid GDPR compliance 6.21.18
How Cloudera SDX can aid GDPR compliance 6.21.18
 

More from Nair and Co.

Sweden Proposes Budget 2014
Sweden Proposes Budget 2014Sweden Proposes Budget 2014
Sweden Proposes Budget 2014Nair and Co.
 
Russia Adopts Amended Tax Code
Russia Adopts Amended Tax CodeRussia Adopts Amended Tax Code
Russia Adopts Amended Tax CodeNair and Co.
 
India Enacts Further Sections of the Companies Act, 2013
India Enacts Further Sections of the Companies Act, 2013India Enacts Further Sections of the Companies Act, 2013
India Enacts Further Sections of the Companies Act, 2013Nair and Co.
 
Vietnam Amends Tax, Labour and VAT Regulations
Vietnam Amends Tax, Labour and VAT RegulationsVietnam Amends Tax, Labour and VAT Regulations
Vietnam Amends Tax, Labour and VAT RegulationsNair and Co.
 
India Announces New Corporate Social Responsibility Rules
India Announces New Corporate Social Responsibility RulesIndia Announces New Corporate Social Responsibility Rules
India Announces New Corporate Social Responsibility RulesNair and Co.
 
United Kingdom – Budget 2014 Announced
United Kingdom – Budget 2014 AnnouncedUnited Kingdom – Budget 2014 Announced
United Kingdom – Budget 2014 AnnouncedNair and Co.
 
Philippines Introduces New Permit for 9(g) Pre-arranged Employment Visa Appli...
Philippines Introduces New Permit for 9(g) Pre-arranged Employment Visa Appli...Philippines Introduces New Permit for 9(g) Pre-arranged Employment Visa Appli...
Philippines Introduces New Permit for 9(g) Pre-arranged Employment Visa Appli...Nair and Co.
 
Argentina Clarifies Income Tax Provisions
Argentina Clarifies Income Tax ProvisionsArgentina Clarifies Income Tax Provisions
Argentina Clarifies Income Tax ProvisionsNair and Co.
 
China Eases Tax Exemption for E-commerce
China Eases Tax Exemption for E-commerceChina Eases Tax Exemption for E-commerce
China Eases Tax Exemption for E-commerceNair and Co.
 
Belgium Introduces Changes to Employment Law Regulations
Belgium Introduces Changes to Employment Law RegulationsBelgium Introduces Changes to Employment Law Regulations
Belgium Introduces Changes to Employment Law RegulationsNair and Co.
 
Germany Updates Minimum Salary Qualifications for EU Blue Card Holders
Germany Updates Minimum Salary Qualifications for EU Blue Card HoldersGermany Updates Minimum Salary Qualifications for EU Blue Card Holders
Germany Updates Minimum Salary Qualifications for EU Blue Card HoldersNair and Co.
 
Australia Increases Super (Superannuation Guarantee), the Required Employer R...
Australia Increases Super (Superannuation Guarantee), the Required Employer R...Australia Increases Super (Superannuation Guarantee), the Required Employer R...
Australia Increases Super (Superannuation Guarantee), the Required Employer R...Nair and Co.
 
Belgium Changes Withholding Tax Rates
Belgium Changes Withholding Tax RatesBelgium Changes Withholding Tax Rates
Belgium Changes Withholding Tax RatesNair and Co.
 
Sir Alan Collins to Honour “Magical Team” at The Churchill Club Awards Ceremony
Sir Alan Collins to Honour “Magical Team” at The Churchill Club Awards CeremonySir Alan Collins to Honour “Magical Team” at The Churchill Club Awards Ceremony
Sir Alan Collins to Honour “Magical Team” at The Churchill Club Awards CeremonyNair and Co.
 
Australia Announces Changes to Unfair Dismissal Related Thresholds
Australia Announces Changes to Unfair Dismissal Related ThresholdsAustralia Announces Changes to Unfair Dismissal Related Thresholds
Australia Announces Changes to Unfair Dismissal Related ThresholdsNair and Co.
 
South Korea Enacts Tax Revision Bill: Update from International Tax Complianc...
South Korea Enacts Tax Revision Bill: Update from International Tax Complianc...South Korea Enacts Tax Revision Bill: Update from International Tax Complianc...
South Korea Enacts Tax Revision Bill: Update from International Tax Complianc...Nair and Co.
 
Australian Federal Court Clarifies that Reasonable Performance Management is ...
Australian Federal Court Clarifies that Reasonable Performance Management is ...Australian Federal Court Clarifies that Reasonable Performance Management is ...
Australian Federal Court Clarifies that Reasonable Performance Management is ...Nair and Co.
 
India Notifies Rules for ‘Voluntary Compliance Encouragement Scheme’: Update ...
India Notifies Rules for ‘Voluntary Compliance Encouragement Scheme’: Update ...India Notifies Rules for ‘Voluntary Compliance Encouragement Scheme’: Update ...
India Notifies Rules for ‘Voluntary Compliance Encouragement Scheme’: Update ...Nair and Co.
 
India passes finance bill for 2013 14- updates from international tax consult...
India passes finance bill for 2013 14- updates from international tax consult...India passes finance bill for 2013 14- updates from international tax consult...
India passes finance bill for 2013 14- updates from international tax consult...Nair and Co.
 
Argentina Introduces New Systems for Recording Overseas Payments: Update from...
Argentina Introduces New Systems for Recording Overseas Payments: Update from...Argentina Introduces New Systems for Recording Overseas Payments: Update from...
Argentina Introduces New Systems for Recording Overseas Payments: Update from...Nair and Co.
 

More from Nair and Co. (20)

Sweden Proposes Budget 2014
Sweden Proposes Budget 2014Sweden Proposes Budget 2014
Sweden Proposes Budget 2014
 
Russia Adopts Amended Tax Code
Russia Adopts Amended Tax CodeRussia Adopts Amended Tax Code
Russia Adopts Amended Tax Code
 
India Enacts Further Sections of the Companies Act, 2013
India Enacts Further Sections of the Companies Act, 2013India Enacts Further Sections of the Companies Act, 2013
India Enacts Further Sections of the Companies Act, 2013
 
Vietnam Amends Tax, Labour and VAT Regulations
Vietnam Amends Tax, Labour and VAT RegulationsVietnam Amends Tax, Labour and VAT Regulations
Vietnam Amends Tax, Labour and VAT Regulations
 
India Announces New Corporate Social Responsibility Rules
India Announces New Corporate Social Responsibility RulesIndia Announces New Corporate Social Responsibility Rules
India Announces New Corporate Social Responsibility Rules
 
United Kingdom – Budget 2014 Announced
United Kingdom – Budget 2014 AnnouncedUnited Kingdom – Budget 2014 Announced
United Kingdom – Budget 2014 Announced
 
Philippines Introduces New Permit for 9(g) Pre-arranged Employment Visa Appli...
Philippines Introduces New Permit for 9(g) Pre-arranged Employment Visa Appli...Philippines Introduces New Permit for 9(g) Pre-arranged Employment Visa Appli...
Philippines Introduces New Permit for 9(g) Pre-arranged Employment Visa Appli...
 
Argentina Clarifies Income Tax Provisions
Argentina Clarifies Income Tax ProvisionsArgentina Clarifies Income Tax Provisions
Argentina Clarifies Income Tax Provisions
 
China Eases Tax Exemption for E-commerce
China Eases Tax Exemption for E-commerceChina Eases Tax Exemption for E-commerce
China Eases Tax Exemption for E-commerce
 
Belgium Introduces Changes to Employment Law Regulations
Belgium Introduces Changes to Employment Law RegulationsBelgium Introduces Changes to Employment Law Regulations
Belgium Introduces Changes to Employment Law Regulations
 
Germany Updates Minimum Salary Qualifications for EU Blue Card Holders
Germany Updates Minimum Salary Qualifications for EU Blue Card HoldersGermany Updates Minimum Salary Qualifications for EU Blue Card Holders
Germany Updates Minimum Salary Qualifications for EU Blue Card Holders
 
Australia Increases Super (Superannuation Guarantee), the Required Employer R...
Australia Increases Super (Superannuation Guarantee), the Required Employer R...Australia Increases Super (Superannuation Guarantee), the Required Employer R...
Australia Increases Super (Superannuation Guarantee), the Required Employer R...
 
Belgium Changes Withholding Tax Rates
Belgium Changes Withholding Tax RatesBelgium Changes Withholding Tax Rates
Belgium Changes Withholding Tax Rates
 
Sir Alan Collins to Honour “Magical Team” at The Churchill Club Awards Ceremony
Sir Alan Collins to Honour “Magical Team” at The Churchill Club Awards CeremonySir Alan Collins to Honour “Magical Team” at The Churchill Club Awards Ceremony
Sir Alan Collins to Honour “Magical Team” at The Churchill Club Awards Ceremony
 
Australia Announces Changes to Unfair Dismissal Related Thresholds
Australia Announces Changes to Unfair Dismissal Related ThresholdsAustralia Announces Changes to Unfair Dismissal Related Thresholds
Australia Announces Changes to Unfair Dismissal Related Thresholds
 
South Korea Enacts Tax Revision Bill: Update from International Tax Complianc...
South Korea Enacts Tax Revision Bill: Update from International Tax Complianc...South Korea Enacts Tax Revision Bill: Update from International Tax Complianc...
South Korea Enacts Tax Revision Bill: Update from International Tax Complianc...
 
Australian Federal Court Clarifies that Reasonable Performance Management is ...
Australian Federal Court Clarifies that Reasonable Performance Management is ...Australian Federal Court Clarifies that Reasonable Performance Management is ...
Australian Federal Court Clarifies that Reasonable Performance Management is ...
 
India Notifies Rules for ‘Voluntary Compliance Encouragement Scheme’: Update ...
India Notifies Rules for ‘Voluntary Compliance Encouragement Scheme’: Update ...India Notifies Rules for ‘Voluntary Compliance Encouragement Scheme’: Update ...
India Notifies Rules for ‘Voluntary Compliance Encouragement Scheme’: Update ...
 
India passes finance bill for 2013 14- updates from international tax consult...
India passes finance bill for 2013 14- updates from international tax consult...India passes finance bill for 2013 14- updates from international tax consult...
India passes finance bill for 2013 14- updates from international tax consult...
 
Argentina Introduces New Systems for Recording Overseas Payments: Update from...
Argentina Introduces New Systems for Recording Overseas Payments: Update from...Argentina Introduces New Systems for Recording Overseas Payments: Update from...
Argentina Introduces New Systems for Recording Overseas Payments: Update from...
 

Recently uploaded

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 

Recently uploaded (20)

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 

Data Without Borders

  • 1. Data Without Borders Page 1 of 3 ( Sign In/Register for Account | Help ) United States Communities I am a... I want to... Secure Search Products and Services Solutions Downloads Store Support Training Partners About Oracle Technology Network About Profit Magazine Features Profit Magazine For More Information Features Oracle Governance, Risk, and Compliance Solutions Opinion Oracle Master Data Management Solutions Multimedia Gaining Customer Consent Partner News Close Oracle Magazine Archives Profit Magazine Archives Subscribe Write the Editors Data Without Borders With employees and customers in multiple countries, IT Submit an Article managers must answer to a web of privacy laws to keep Advertise international data legal. by Minda Zetlin, February 2012 A company that provides online wellness services landed a contract with a major company with offices in Spain, Germany, and France. It was the kind of sale every executive dreams of. But it came with some very big headaches, too. “Now they’ve got this problem where they have to abide by the privacy regulations in each of these three countries and register with the regulators there,” says Stuart Buglass, director of human capital consulting at Nair & Co., which advises companies on international expansion. The wellness company had walked right into one of the most challenging aspects of international business today: data and privacy laws across international borders. The challenges are considerable. Throughout the world, an evolving mosaic of privacy laws dictate how data must be handled. At issue is personally identifiable information (PII) that can be traced to an individual person (such as name, address, ID number, and job title). Most experts agree that the most-stringent data protection laws are found in the European Union (EU), where the Data Privacy Directive governs all PII use. In general, a company able to deal effectively with the provisions of the EU directive will likely be able to handle privacy laws in other jurisdictions as well. Although the provisions of the Data Privacy Directive hold across the EU, anyone collecting data on European residents must follow the laws of an individual’s country of residency as well—and those laws differ among EU member states. It might seem logical to find the strictest EU privacy laws and comply with those, but the laws are different enough to make that approach impractical. “You can’t have a broad sweep of standards that will satisfy all the different types of legislation,” Buglass says. “You have to actually identify where the data subjects are and which specific legislation applies to them.” Complex Relations One of the EU’s eight “enforceable principles” for privacy protection is that data must not be transferred to countries without adequate legal protection. But that raises the question of what constitutes a data transfer. From a privacy and security standpoint, it makes little difference whether an employee’s name is sent through a network and stored on a server in, say, Russia, or whether a hacker from Russia goes through that same network to view the data while it resides on a server in France. And indeed, the EU defines access to data as a form of transfer, for privacy purposes. While many experts recommend leaving European data in Europe, that strategy is not sufficient to ensure compliance with the law. And it can create unexpected challenges for Americans accustomed to different privacy rules. “Something as innocuous as a personnel directory that can be accessed by company staff outside of Europe can create a problem,” notes Lisa Sotto, head of the privacy and information management practice at Hunton & Williams, a law firm with expertise in intellectual property and international business. To make matters worse, international laws may conflict with each other, especially when it comes to keeping data. In general, European laws require companies to destroy PII as soon as its utility has expired. But in the United States, laws may dictate a different retention period. “If you’ve got a U.S.- based company dealing with data from another country, there may be a conflict,” says Jimma Elliott- Stevens, director of risk assurance services at PwC, a global professional services firm. Meanwhile, the list of nations with strict laws governing the use of PII is growing. In 2011, Costa Rica became the seventh Latin American country to regulate this data. India’s data privacy laws, amended in 2008, are strong enough to draw criticism from U.S. multinationals. But for nations outside the EU, stricter data privacy laws can be good for business. The European Commission has recognized a handful of countries with adequate data privacy protections—among http://www.oracle.com/us/corporate/profit/features/010312-data-1447091.html 2/3/2012
  • 2. Data Without Borders Page 2 of 3 them Canada and Argentina. Data can be transferred to (or accessed from) countries with laws that offer similar protections to the EU directive. E-mail this page Printer View “It’s interesting to note that a lot of countries coming up with robust sets of legislation are those where there’s a lot of offshoring,” Buglass notes. “India’s privacy law is probably even more robust than that in the EU. It isn’t yet a trusted third country, but if India’s government can prove it can actually enforce these rules, it may be soon.” However, the chance of the U.S. gaining the status of a trusted third country are virtually nil. The American approach is to have different regulations apply in different industries (for instance, the healthcare industry is subject to the Health Insurance Portability and Accountability Act, more commonly known as HIPAA) and different states. “I think the U.S. would have to crumble and be rebuilt to change its entire sectoral approach to regulations,” Elliott-Stevens says. “The U.S. cares about data privacy, and we do have strict laws and regulatory bodies in place. But the way we deal with it is to find commonalities and start there. We negotiate and leverage relationships.” Crossing Borders So what are the options for U.S. companies with employees in countries with stricter privacy laws? One way is to keep all personal data within the country or jurisdiction where it is obtained and prevent any access from outside. Another would be to find a way to certify that data transferred outside the jurisdiction will adhere to local legal strictures. (See “Gaining Customer Consent.”) The first of these options may be the right choice for many multinational companies. Privacy laws do not prevent managers from accessing sales and performance data from outside a territory, as long as IT ensures that PII, such as a customer phone number or employee attendance history, isn’t involved. “Maintaining local management of data is the perfect solution,” Buglass says. “If you haven’t got the luxury of doing that, try to limit the data transfers to certain countries. The risk, obviously, is when you can’t keep track of the data—for instance, if you have a cloud server that jumps from country to country to take advantage of available storage.” Some companies are coping with this by setting up EU-only clouds, he adds. For managers who do need to transfer PII among jurisdictions, there are legal frameworks that make this possible. One is the Safe Harbor arrangement, in which U.S. companies certify that they will abide, for example, by the EU directive when handling PII from an EU country. However, since the EU is counting on the U.S. Federal Trade Commission (FTC) to enforce the Safe Harbor provisions, this option is only available to companies regulated by the FTC. Safe Harbor has been in place for more than a decade, and so far roughly 2,000 U.S. companies have signed on. A second, more difficult option is Binding Corporate Rules, a legal framework in which companies certify that they have put in place corporate rules protecting the privacy of PII. Though created as an alternative to Safe Harbor and model contracts (see below), Binding Corporate Rules is a difficult choice, Sotto says, because it requires getting specific approval for your rules from some individual countries. While many EU countries’ data protection authorities will recognize the blessing of another country’s authority, some EU countries will not. “It’s very hard to implement,” she says. A third solution is to use the model contracts provision of the EU privacy directive. In this case, a contract between European and non-European entities requires the non-European entity to protect the privacy of personal data, Sotto says. Since the European subsidiary of a multinational company is nearly always created as a separate legal entity, the two can sign a binding contract that fulfills the data transfer requirements of the EU privacy directive. “For these solutions, you need to understand the relevant data flows within your company,” Sotto says. “What you’re collecting, the use to which you’re putting the data, and who will have access to it. And ultimately, how and when you will dispose of it.” The Role of IT Inevitably, compliance with global data privacy laws falls to IT—but industry best practices can help. Know your data. Having a precise understanding of the data you have is an essential first step, according to Carolyn Holcomb, partner, risk assurance services, at PwC. “Think about every data element that could be used to identify an individual,” she says. “If you put them all together, there are somewhere in the neighborhood of 60 different elements that are common across the different privacy laws. Make a list of all those data points, and then do a data inventory. Find out exactly where the data resides and what countries it comes from.” Don’t take what you don’t need. “Another practical solution is not to collect the data,” Holcomb says. Of course every company collects some PII from customers and employees. But many have the mindset that the more data they can collect—especially from customers—the better. While that data can be useful for market research, it will make following international data laws much harder. Consider privacy when planning cloud implementations. Buglass notes that cloud providers often move data around among different hosting companies. To address this problem, some are providing EU -only cloud solutions. But that’s not the only option, he says. “If it’s a U.S.-based cloud company, it should be a Safe Harbor adherent, and it should certify that the data won’t go beyond U.S. shores. Yet another option is to bind the cloud vendor with a contract that requires it to treat PII in accordance with the EU directive. But remember that the company that first accepted the data is still legally responsible for what happens to it if the vendor fails to abide by the contract.” Manage international data in a GRC plan. “The same risk tools that help you from being fined for regulatory violations can also help you with the bottom line for reasons unrelated to compliance,” notes Sid Sinha, senior director of governance, risk, and compliance (GRC) product management at Oracle. The same solutions used for compliance with important regulations can also eliminate process errors like finding incorrect or duplicate payments. Oracle GRC applications aid compliance with international privacy laws, as well as U.S., local, and industry regulations and audit requirements. A great time to think about GRC is at the start of a major deployment or upgrade, Sinha adds. “If you’re implementing a new system and defining business processes, that is an ideal opportunity not only to minimize the long-term cost of compliance but to http://www.oracle.com/us/corporate/profit/features/010312-data-1447091.html 2/3/2012
  • 3. Data Without Borders Page 3 of 3 proactively manage the risk of a global IT project. What we hear from many Oracle GRC customers is that they wish they had started sooner and incorporated GRC before they rolled their new system out.” Indeed, tackling international privacy laws in the context of an enterprise resource planning (ERP) system will make the process as painless as possible, says Michael Baccala, partner, risk assurance services, at PwC. “When I think about using technology to deal with these challenges, an ERP solution such as Oracle’s is much better than trying to do it with a legacy or homegrown system,” Baccala says. “Clients with older or unique systems struggle more, as [those systems] are typically not as well integrated with each other. With an ERP solution such as Oracle’s, you have more-consistent controls and more-global enforcement. And once you understand the legally required process, the technology is there to support it.” Minda Zetlin is coauthor of The Geek Gap: Why Business and Technology Professionals Don’t Understand Each Other and Why They Need Each Other to Survive (Prometheus Books, 2006). Subscribe About Oracle Careers Contact Us Site Maps Legal Notices Terms of Use Your Privacy Rights Oracle Mobile http://www.oracle.com/us/corporate/profit/features/010312-data-1447091.html 2/3/2012