Presentation at the Silicon Flatirons Center at the University of Colorado School of Law. Providing an update on the latest issues and trends in data privacy and data security in the US. Focusing on recent actions of the FTC and state governments.
Philippine Data Privacy Act of 2012 (RA 10173)Kirk Go
Republic Act 10173 otherwise known as the Data Privacy Act of 2012. This version presents Implementing Rules and Regulations (IRR) for the Act. It outlines provisions, scope, privacy principles, lawful processing of data, security measures, rights of data subject, accountability, penalties, and others.
Republic Act 10173 Data Privacy Act of 2012 (DPA)
“An act protecting individual personal information in information and communications systems in the government and the private sector, creating for this purpose a National Privacy Commission, and for other purposes”
Data Privacy Act of 2012 implication to cooperativesjo bitonio
Whether the cooperatives registered under the Cooperative Development Authority (CDA) are covered by the DPA;
If indeed the cooperatives are covered by the law, determine the following:
Obligations of cooperatives
Reportorial requirements to be submitted to the NPC
Compliance period for such requirements
Penalties for non-compliance; and
Where cooperatives may course through or communicate other concerns regarding data privacy.
Philippine Data Privacy Act of 2012 (RA 10173)Kirk Go
Republic Act 10173 otherwise known as the Data Privacy Act of 2012. This version presents Implementing Rules and Regulations (IRR) for the Act. It outlines provisions, scope, privacy principles, lawful processing of data, security measures, rights of data subject, accountability, penalties, and others.
Republic Act 10173 Data Privacy Act of 2012 (DPA)
“An act protecting individual personal information in information and communications systems in the government and the private sector, creating for this purpose a National Privacy Commission, and for other purposes”
Data Privacy Act of 2012 implication to cooperativesjo bitonio
Whether the cooperatives registered under the Cooperative Development Authority (CDA) are covered by the DPA;
If indeed the cooperatives are covered by the law, determine the following:
Obligations of cooperatives
Reportorial requirements to be submitted to the NPC
Compliance period for such requirements
Penalties for non-compliance; and
Where cooperatives may course through or communicate other concerns regarding data privacy.
Clyrofor webinar series consists of several webinar sessions, brought together by highlighting various Cyber Security topics and hosting sessions through out the year on a quarterly basis. the POPIA Readiness Webinar session was our very first kick off session, where we had our guest Speaker Mr Nemasisi (Executive: PAIA) give us a brief break down of the POPI act and it's requirements. This slide gives clear details on what was discussed during our webinar session.
Philippine Data Privacy Law is in Republic Act No. 10173, otherwise known as the " Data Privacy Act of 2012".
In summary:
1) Processing of personal information is allowed – so long as it complies with the law.
2) As much as possible, consent should be obtained from the Data Subject for the processing of personal information.
3) The confidentiality, integrity, and availability of the personal information should be ensured.
4) Sensitive and personal information are prohibited – unless in exceptional cases.
5) Philippine Data Privacy Law has extraterritorial application and thus violations may be penalized even if done outside the Philippines.
Data Privacy - Security of Personal InformationJDP Consulting
Philippine Data Privacy Law (R.A. 10173) requires observance of Security of Personal Information.
Summary of Presentation:
1) Security of Personal Information is mandated of Personal Information Controller and their engaged Contractors (or 3rd Parties).
2) The standards for protection measures are two-fold: reasonable and appropriate.
3) Measures should be organizational, physical, and technical.
4) Strict confidentiality is required to be observed by: PIC Employees, PIC Agents, and PIC Representatives.
5) Notification requirement is mandated upon compromise of sensitive personal information and identity-fraud enabler information.
The Rights of the Data Subject encompasses all rights or interests over to personal information that has been collected, processed, and analyzed. Non-compliance with the rights results in liabilities, particularly on indemnity for damages.
Overview of the Egyptian Personal Data Protection LawFatmaAkram2
Egypt has recently enacted the first Personal Data Protection Law (PDPL), which has been published in the Official Gazette on 15 July 2020 and has entered into force on 16 October 2020. The PDPL reflects many of the requirements of the EU’s General Data Protection Regulation (GDPR). The Executive Regulations of the PDPL shall be issued within six (6) months from the entry into force of the PDPL. Organizations shall comply with the provisions of the PDPL and its Executive Regulations within a grace period of one (1) year from the issuance of the Executive Regulations.
The PDPL covers almost all aspects of personal data protection stated under the GDPR. In this presentation, you will find a summary of the important data protection provisions stipulated under the PDPL, and the similarities and differences between the GDPR and the PDPL.
Data Privacy - Penalties for Non-ComplianceJDP Consulting
Stiff penalties are provided in the Philippine Data Privacy Law for non-compliance
Summary:
1) Data Privacy Law has severe penalties for non-compliance.
2) Penalties are harsher when violations involve sensitive personal information compared to personal information.
3) Public officers and employees, as well as private individuals who are responsible officers in juridical entities, are made liable.
4) The law provides for a combination or series of acts that could result in increasing the penalty.
5) Maximum penalty is imposed for large scale offense when at least 100 persons are harmed, affected, or involved.
Clyrofor webinar series consists of several webinar sessions, brought together by highlighting various Cyber Security topics and hosting sessions through out the year on a quarterly basis. the POPIA Readiness Webinar session was our very first kick off session, where we had our guest Speaker Mr Nemasisi (Executive: PAIA) give us a brief break down of the POPI act and it's requirements. This slide gives clear details on what was discussed during our webinar session.
Philippine Data Privacy Law is in Republic Act No. 10173, otherwise known as the " Data Privacy Act of 2012".
In summary:
1) Processing of personal information is allowed – so long as it complies with the law.
2) As much as possible, consent should be obtained from the Data Subject for the processing of personal information.
3) The confidentiality, integrity, and availability of the personal information should be ensured.
4) Sensitive and personal information are prohibited – unless in exceptional cases.
5) Philippine Data Privacy Law has extraterritorial application and thus violations may be penalized even if done outside the Philippines.
Data Privacy - Security of Personal InformationJDP Consulting
Philippine Data Privacy Law (R.A. 10173) requires observance of Security of Personal Information.
Summary of Presentation:
1) Security of Personal Information is mandated of Personal Information Controller and their engaged Contractors (or 3rd Parties).
2) The standards for protection measures are two-fold: reasonable and appropriate.
3) Measures should be organizational, physical, and technical.
4) Strict confidentiality is required to be observed by: PIC Employees, PIC Agents, and PIC Representatives.
5) Notification requirement is mandated upon compromise of sensitive personal information and identity-fraud enabler information.
The Rights of the Data Subject encompasses all rights or interests over to personal information that has been collected, processed, and analyzed. Non-compliance with the rights results in liabilities, particularly on indemnity for damages.
Overview of the Egyptian Personal Data Protection LawFatmaAkram2
Egypt has recently enacted the first Personal Data Protection Law (PDPL), which has been published in the Official Gazette on 15 July 2020 and has entered into force on 16 October 2020. The PDPL reflects many of the requirements of the EU’s General Data Protection Regulation (GDPR). The Executive Regulations of the PDPL shall be issued within six (6) months from the entry into force of the PDPL. Organizations shall comply with the provisions of the PDPL and its Executive Regulations within a grace period of one (1) year from the issuance of the Executive Regulations.
The PDPL covers almost all aspects of personal data protection stated under the GDPR. In this presentation, you will find a summary of the important data protection provisions stipulated under the PDPL, and the similarities and differences between the GDPR and the PDPL.
Data Privacy - Penalties for Non-ComplianceJDP Consulting
Stiff penalties are provided in the Philippine Data Privacy Law for non-compliance
Summary:
1) Data Privacy Law has severe penalties for non-compliance.
2) Penalties are harsher when violations involve sensitive personal information compared to personal information.
3) Public officers and employees, as well as private individuals who are responsible officers in juridical entities, are made liable.
4) The law provides for a combination or series of acts that could result in increasing the penalty.
5) Maximum penalty is imposed for large scale offense when at least 100 persons are harmed, affected, or involved.
Government or Private Sector: The Future of Asia's Healthcare InfrastructureIris Thiele Isip-Tan
Presentation delivered as a panelist at the Health and Social Policy Panel of the Harvard Project for Asian and International Relations (HPAIR) meeting. 24 Aug 2015, Shangrila Makati.
The “Privacy Today” presentation was written for the IAPP by Professor Peter Swire of the Moritz College of Law of the Ohio State University. The materials cover the definition of privacy, ways to protect privacy, privacy harms, and fair information practices. The “Privacy Today” presentation is designed for college and university students.
Licensed under Creative Commons Attribution 3.0 Unported
Presentation ncsl - mobile privacy enforcement 130502 (as presented)Jason Haislmaier
Presentation to the National Conference of State Legislators (NCSL) Spring Conference in Denver, CO on May 2, 2013. Covering mobile app privacy policy and enforcement at the federal and state levels. Highlighting actions taken by the Attorney General of the State of California. Copyright 2013 Jason Haislmaier
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Financial Poise
The United States has no federal data security or privacy law covering all businesses or all U.S. citizens. Instead, federal agencies and individual states have created their own patchwork of laws and regulations which must be evaluated for their application to a business.
This webinar will help you navigate the overlapping and sometimes confusing system of laws and regulations which may impact your business, ranging from emerging state-level privacy legislation to the numerous data breach notification statutes to cybersecurity regulations with extraterritorial effect.
To view the accompanying webinar, go to: https://www.financialpoise.com/financial-poise-webinars/introduction-to-us-privacy-and-data-security-regulations-and-requirements-2021/
Introduction to US Privacy and Data Security: Regulations and RequirementsFinancial Poise
The United States has no federal data security or privacy law covering all businesses or all U.S. citizens. Instead, federal agencies and individual states have created their own patchwork of laws and regulations which must be evaluated for their application to a business.
This webinar will help you navigate the overlapping and sometimes confusing system of laws and regulations which may impact your business, ranging from emerging state-level privacy legislation to the numerous data breach notification statutes to cybersecurity regulations with extraterritorial effect.
Part of the webinar series: CYBERSECURITY & DATA PRIVACY 2022
See more at https://www.financialpoise.com/webinars/
Trending Topics in Data Collection & Targeted MarketingcdasLLP
Slideshow to accompany co-sponsored panel from IAB Ad Lab and Cowan, DeBaets, Abrahams & Sheppard LLP. Participants: Joshua B. Sessler, Eleanor M. Lackman, Sarah Hudgins. For more entertainment and digital media law analysis, go to: http://cdas.com/legal/
California Consumer Privacy Act: What your brand needs to knowOgilvy Health
Joe Youssef provides an insightful overview of the California Consumer Privacy Act (CCPA) that will take into effect in 2020. This presentation explores the key principles of the CCPA and how brands can prepare to ensure they are compliant with the policy.
Cyber Security for Your Clients: Business Lawyers Advising Business ClientsShawn Tuma
This presentation focused on cyber security protections for businesses and other law firm clients. Cybersecurity and data privacy attorney Shawn Tuma presented this continuing legal education session on March 10, 2017. It was delivered live at the TexasBarCLE presents the 8th Annual Course
Essentials of Business Law:Four Modules for a Robust Practice Cosponsored by the Business Law Section of the State Bar of Texas.
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...Diana Maier
No matter what kind of law practice you have, you need to comply with privacy laws generally and lawyers' ethical duties with respect to privacy, specifically. In this presentation, legal ethics counsel Sarah Banola (Cooper, White and Cooper, LLP) and employment and privacy attorney Diana Maier (Law Offices of Diana Maier) deliver a primer on privacy law and teach you the key areas of privacy law and associated ethical obligations.
MyComplianceOffice presents our Oct 26th webinar, “ Prepare Your Firm for GDPR", co-hosted by MCO and Emily Mahoney a Technology Lawyer at Mason Hayes & Curran
Data Confidentiality, Security and Recent Changes to the ABA Model Rulessaurnou
Continuing legal education (CLE) presentation regarding data confidentiality, information security, computer forensics and legal ethics in light of technology-related changes made to the American Bar Association's Model Rules of Professional Conduct.
Data Privacy Trends in 2021: Compliance with New RegulationsPECB
The pandemic has changed the way the world works, shops, and interact; the consequences of this have included an increased reliance on technology for all of these activities and a corresponding increased sharing of personal information through technological mediums. Even before the pandemic, a global push was on to strengthen the protection of personal and health information and the results of these various influences has been an enhancement of privacy legislations globally. Compliance with global security laws is now also a larger concern for organizations everywhere.
The webinar will cover:
Global trends in privacy legislations
Some commonalities between privacy laws
Compliance requirements which can affect your organization
Recorded webinar > https://www.youtube.com/watch?v=BKWf6GTlgAM&feature=youtu.be
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001...
https://pecb.com/en/education-and-cer...
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternat...
Slideshare: http://www.slideshare.net/PECBCERTIFI...
Cybersecurity Legal Issues: What You Really Need to KnowShawn Tuma
Presentation delivered at the Cybersecurity for the Board & C-Suite "What You Need to Know" Cyber Security Summit Sponsored by the Tarleton State University School of Criminology, Criminal Justice, and Strategic Studies' Institute for Homeland Security, Cybercrime and International Criminal Justice. Shawn Tuma, Cybersecurity & Data Privacy lawyer at Scheef & Stone, LLP in Frisco and Dallas, Texas.
The presentation date was September 13, 2016.
As a cybersecurity and privacy attorney, Shawn Tuma spends much of his time assisting clients proactively prepare for the legal aspects of cybersecurity incidents and respond to incidents when they occur. His work with management, legal, as well as the technology departments, and focus on the legal aspects of cybersecurity, gives him unique insight into how the non-technical areas of companies understand and evaluate cybersecurity.
In his presentation, Tuma will explain how, in his experience, the traditional fear, uncertainty, and doubt – the fear -- that has been used to “sell” cybersecurity has now gone too far and has created a feeling of hopelessness in many companies that has led many to simply quit trying. Instead of always focusing on the fear, he will explain how cybersecurity professionals should help empower companies to do what they can, even if they can’t do everything, so that they can at least improve their cybersecurity posture even if they can’t become “secure.”
Tuma will explain how recent legal and regulatory compliance developments encourage companies to take this approach by doing what is reasonable and provide specific action items that virtually all companies can implement to better themselves in this regard – especially if they find themselves in an incident response situation.
After completing this session, you will:
• Understand why cybersecurity is as much a legal issue as it is a business or technology issue.
• Understand how most legal and regulatory compliance actions support a “take reasonable measures” approach instead of a “strict liability” approach to companies’ pre-breach activities.
• Understand the need to, and how to, focus on the basics of risk and preparation for mitigating such risk.
• Understand the 2 primary legal and regulatory compliance areas that pose the most risk to companies and key action items that can help mitigate that risk.
• Know the 3 pre-breach must-haves for every company to have in place.
• Understand the importance of cybersecurity and privacy focused contractual agreements have on companies and how such agreements can be negotiated.
• Understand why selling the FUD impedes all of these objectives and harms companies’ cybersecurity posture more than it helps.
General Data Protection Regulation (GDPR) tidal wave that has hit, are you ready? Is your organization prepared for the extensive privacy requirements GDPR puts forth for any organization handling EU Data Subjects' personal Data? At this point, organizations must have a complete inventory of personal data and have conducted a DPIA against it. A handful of supervisory authorities have issued compliance guidelines, but your organizations must be able to assess compliance with this ambiguous regulation at any time.
Many aspects of GDPR define the distinction between a data collector and a data processor, their respective responsibilities and compliance requirements. Those responsibilities will have an effect on the contracts you negotiate with third parties, the way in which you evaluate the risks involved with establishing a business relationship and the policies you develop to maintain compliance to the regulations.
Join this webinar to learn:
*More information about GDPR and what the industry is experiencing to date
*What minimum requirements you should have had in place by May 25, 2018
*What you should plan to do for the next 12-18 months if you are not completely ready
*What the SEC Privacy Shield program is and why you should self-certify
*How to continuously monitor vendor risk KPIs
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Shawn Tuma
This presentation was delivered by Shawn E. Tuma, Cybersecurity and Data Privacy Attorney, to the Joint Meeting of ISACA and IIA North Texas on January 12, 2017.
This presentation was significantly updated from past presentations and included a discussion of the groundbreaking New York Department of Financial Services (NYDFS) Cybersecurity Requirements for Financial Services Companies.
The main points of this presentation are:
(1) Cybersecurity events create a crisis situation and should be treated as such;
(2) Cybersecurity incidents are as much legal events as they are IT or Business / Public Relations events;
(3) Companies must have a cybersecurity breach response plan in place and tested, in advance;
(4) While consumer class action data breach litigation is a significant threat to companies and their leadership, it is not as great of a threat as regulatory enforcement by agencies such as the FTC and SEC, or the shareholder derivative claims for officer and director liability; and
(5) The odds are that all company will be breached, but preparation and diligence can help minimize the likelihood that such a breach from being a catastrophic event.
This presentation addresses the role of attorneys as the first responders in leading their clients through cybersecurity and data loss crisis events. The discussion begins by looking at the risk business have of being the victim of a cybersecurity or data loss incident and examining the nature of such incidents and the crisis environment they create. Then, because of this crisis environment, the need for leadership in helping keep the parties calm, rational, and making deliberate, calculated decisions.
The discussion then explains why cybersecurity events are legal events and legal counsel is the natural leader that should fulfill this role and how they can do so. It will then discuss the process legal counsel will take, including assembling the key players in such an event, both internally and externally. It discusses the obligations for responding to such an event, the steps that must be taken, those that must be considered, and certain factors that go into the decision-making process. It briefly addresses the costs of such an incident and the liability issues that can arise from such an incident and failing to properly respond to the incident. This section includes a discussion of the cybersecurity lawsuit landscape, cybersecurity regulatory landscape, and the issue of cybersecurity-related officer and director liability stemming from shareholder derivative lawsuits based on cybersecurity incidents.
It concludes with a discussion of the steps that companies can take to prepare for and be in a better position to respond to and mitigate the negative repercussions of such an incident.
When Past Performance May Be Indicative of Future Results - The Legal Implica...Jason Haislmaier
Presentation to the ABA Cyberspace Law Committee 2014 Winter Meeting in Denver, CO. Bruce Antley and Jason Haislmaier. Covering legal issues in location based services and the use of predictive analytics.
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Financial Poise
There is no federal law governing privacy and data security applicable to all US citizens. Rather, individual states and regulatory agencies have created a patchwork of protections that may overlap in certain industries.
This webinar provides an overview of the many privacy and data security laws and regulations which may impact your business, from the state law protecting personal information to regulations covering the financial services industry to state breach notification laws.
To view the accompanying webinar, go to: https://www.financialpoise.com/financial-poise-webinars/introduction-to-us-privacy-and-data-security-2020/
Similar to Crash Course on Data Privacy (December 2012) (20)
Mobile Apps - Legal and Practical ConsiderationsJason Haislmaier
Presentation by Jason Haislmaier and Matt McKinney at the 2014 Rock Mountain Intellectual Property and Technology Institute in Denver Colorado. Covering the legal and practical considerations involved with developing, releasing, and maintaining software applications for mobile devices.
Presentation - Mobile Medical Applications Guidance for Industry and Food and...Jason Haislmaier
Presentation to PrIME Health Collaborative at Galvanize in Denver, Colorado on October 29, 2013 covering an overview of the FDA "Mobile Medical Applications Guidance for Industry and Food and Drug Administration Staff."
Presentation - gener8tor - Data Privacy, Security, and Rights 130627Jason Haislmaier
Data privacy, security and rights presentation given to the Gener8tor companies on June 27, 2013. Covering data privacy and data security rights issues relevant to startups and the evolution of the value of data.
Data Property Rights (Rocky Mountain IP and Technology Institute 2013) (May 2...Jason Haislmaier
Presentation at the 2012 Rocky Mountain IP and Technology Institute. Covering the emerging rights in "data" and the sources for legal protection of data.
"Crash Course" on Open Source Silicon Flatirons Center (2012) Jason Haislmaier
2012 "crash course" presentation to the Silicon Flatirons Center at the University of Colorado School of Law. Covering an overview of legal issues involving open source software
2011 presentation on open source software provided through the University of Colorado Silicon Flatirons Center for Law and Technology "Crash Course" series.
2011 Silicon Flatirons IP (Crash Course) For EntrepreneurersJason Haislmaier
Intellectual Property Crash Course for Entrepreneurs (February 22, 2011) presentation at the Wolf Law Building at the University of Colorado (Boulder, CO)
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
Crash Course on Data Privacy (December 2012)
1. December 6, 2012
““Crash Course”Crash Course”
onon
Data Privacy and SecurityData Privacy and Security
Jason Haislmaier
jason.haislmaier@bryancave.com
@haislmaier
13. • EU Data Protection Directive (95/46/EC)
• Regulates the processing of personal data of EU subjects
– Broad scope of “personal data”
– Restricts processing unless stated conditions are met
– Prohibits transfer to countries not offering adequate levels of protection
• US Department of Commerce-negotiated “Safe Harbor Principles” enable
transfers to US companies
– Self-certification regime
– Allows US companies to register as compliant
– FTC oversight
• Proposed overhaul in the works (announced Jan. 25, 2012)
Longstanding EU Regulations
Legal Landscape
14. • State consumer protection statutes
– All 50 states
– Prohibitions on “unfair or deceptive” trade practices
• Data breach notification statutes
– At least 46 states (DC and various US territories)
– Notification of state residents (and perhaps regulators) affected by unauthorized
access to sensitive personal information
• Data safeguards statutes
– (Significant) minority of states
– Safeguards to secure consumer information from unauthorized access
• Data privacy statutes
– Online privacy policies covering use and sharing of consumer information
– Use of personal information for direct marketing purposes
Growing Array of Relevant State Laws
Legal Landscape
15. • Consumer credit - Fair Credit Reporting Act (FCRA)
• Financial services - Gramm Leach Bliley Act (GLBA)
• Healthcare providers - Health Insurance Portability and Accountability Act
(HIPAA)
• Children (under 13) - Children’s Online Privacy Protection Act (COPPA)
• Video content - Video Privacy Protection Act
• Others statutes covering education, payment processing, etc.
Industry-specific Federal Statutes
Legal Landscape
16. Federal Trade Commission Act (FTCA)
(15 U.S.C. 41, et seq)
Legal Landscape
“Unfair or deceptive acts or practices”
17. • No specific privacy or security requirements
– Broad prohibition on “unfair or deceptive acts or practices in or affecting
commerce” (Section 5)
• Failures to implement “reasonable and appropriate” data security measures
• Deceptive data privacy policies and promises
– Constituting unfair or deceptive acts or practices
• Increasingly active enforcement
– More than 40 actions to date
• More than 25 in the last 6 years
• Many more investigated but not brought
– Covering largely electronically stored data and information
– Targeting security breaches as well as privacy violations
Federal Trade Commission Act (FTCA)
Legal Landscape
19. • 20 year term
• Cease misrepresentations regarding practices for information security,
privacy, confidentiality, and integrity
• Conduct assessment of reasonably-foreseeable, material security risks
• Establish comprehensive written information security and privacy program
• Designate employee(s) to coordinate and be accountable for the program
• Implement employee training
• Conduct biannual independent third party audits to assess security and
privacy practices
• Implement multiple record-keeping requirements
• Implement regular testing, monitoring, and assessment
• Undergo periodic reporting and compliance requirements
• Impose requirements on service providers
Emerging Model for Settlement and Compliance
FTC Compliance
21. Jon Leibowitz
Chairman of the FTC
Speaking on the settlement
“Facebook is obligated to keep the promises
about privacy that it makes to its hundreds
of millions of users.”
FTC Compliance
22. Jon Leibowitz
Chairman of the FTC
Speaking on the settlement
“Innovation does not have to come at the
expense of consumer privacy.”
FTC Compliance
23. Speaking on the settlement
“We've made a bunch of mistakes.”
Mark Zuckerberg
CEO of Facebook
FTC Compliance
28. • States have defined “sensitive information” to include SSN, drivers license
number, and financial account information
• FTC has broadened this definition to include
– Health information
– Information regarding children
– Geo-location information
• Trend is toward more activity in these areas
• Practical considerations
– Know when/where you collect sensitive information
– Consider seeking consent when using sensitive data for marketing purposes
– Ensure that WISPs appropriately protect sensitive information
• Note that these categories of sensitive information may not trigger a data
breach notification requirement under state laws
Sensitive Information
FTC Compliance
30. • The “Safeguards Rule” under GLBA requires implementation of “written
information security plans”
– Describing the company’s program to protect customer information
– Appropriate to the company, nature and scope activities, and level of sensitivity
of information
• FTC consent orders now generally impose similar requirements
– Implementation comprehensive information security program
– Fully documented in writing
– Reasonably designed to protect the security and privacy of covered information
– Containing controls and procedures appropriate to the
• Size and complexity of the business
• Nature and scope of activities
• Sensitivity of the covered information
• Mass. state regs. also now require WISPs
WISPs
FTC Compliance
32. U.S. v. RockYou, Inc.
(N.D. Cal. Mar. 26, 2012)
FTC Compliance
In the Matter of UPromise, Inc.
(FTC File No. 102 3116, Jan. 5,
2012)
In the Matter of Complete, Inc.
(FTC File No. 102 3155, Oct. 22, 2012)
33. • Settlements provide guidance on what is not reasonable or appropriate
– Collecting PII from consumers unnecessarily
– Not taking steps to avoid collection of PII
– Failing to test applications to ensure they are not collecting PII
– Not training employees about security risks
– Transmitting or storing sensitive information in unencrypted form
– Failing to segment servers
– Leaving systems susceptible to hacking (e.g., SQL injection attacks)
– Failing to ensure that service providers use reasonable and appropriate security
• They also raise practical considerations
– Understand the data you are collecting, storing, accessing, and sharing
– Draft WISPs to prohibit unreasonable practices
– Educate and train employees
– Enforce and update applicable policies
Reasonable and Appropriate Security
FTC Compliance
35. United States of America v. Artist Arena, LLC
(U.S. Dist., SDNY Oct. 2, 2012)
FTC Compliance
36. • Artist Arena to pay $1 MM civil penalty to settle FTC complaint for
COPPA violations
– Operates fans sites: BieberFever.com; SelenaGomez.com; RihannaNow.com;
DemiLovatoFanClub.com
– Permitted users to join fan club, create profiles and post on members’ walls
– FTC: knowingly registered over 25,000 children under age 13 and collected
and maintained personal information from almost 75,000 additional children
who began, but did not complete the registration process.
• “Marketers need to know that even a bad case of Bieber Fever doesn’t
excuse their legal obligation to get parental consent before collecting
personal information from children,” said FTC Chairman Jon Leibowitz
• “The FTC is in the process of updating the COPPA Rule to ensure that it
continues to protect kids growing up in the digital age.”
Aggressive COPPA Enforcement
FTC Compliance
37. • Expands definition of “personal information” to include:
– Persistent Identifiers (i.e., IP addresses, Device ID’s)
– Customer numbers held in cookies
– Geo-location information
• Requires more effective means of obtaining parental consent (i.e. “no
more email plus”)
• Data minimization requirement
• Requires all operators of an online service or website to provide contact
information
– Ad networks
– Analytics providers
– Other content providers
FTC Issues Revised COPPA Regulations
FTC Compliance
38. • Practical Implications for Sites/Apps “targeted to children”
– Apps that utilize device ID’s could violate COPPA unless advance parental
consent
– Must think creatively to ensure effective parental consent
– Must justify data retention and implement effective data disposal policies and
procedures
– Know your partners (analytics companies, third party marketing partners) and
ensure downstream controls through contractual provisions
• Intense industry criticism
– “The 90’s called and they want their apps back”
Revised COPPA Regulations
FTC Compliance
40. • FTC settlements require contractual restrictions on third party
service providers
Requirements for Service Providers
In the Matter of Google, Inc. (FTC File No. 102-3136, March 30, 2011)
FTC Compliance
41. • FTC settlements require contractual restrictions on third party
service providers
• Parallel newly effective Mass. regulation (201 CMR 17.03)
– Requiring companies providing service providers with personal information
about Mass. residents to contractually require the providers to “implement and
maintain . . . appropriate security measures”
– Went into full effect on March 1, 2012
• Practical implications
– Understand what service providers you are using
– Revise and amend form agreements (develop form paragraphs)
– Maintain a WISP with applicable policies
– Conduct risk employee training
– Investigate incidents and document follow-up action
Requirements for Service Providers
FTC Compliance
43. FTC Compliance
U.S. v. Google, Inc.
(Case No. 5:12-cv-04177-HRL, N.D.Cal. August 9, 2012)
44. • U.S. v. Google, Inc., Case No. 5:12-cv-04177-HRL, N.D.Cal. (August 9,
2012)
• FTC charged Google with violation of Google (Buzz) Consent Order
– Privacy policy permitted opt out
– Google exploited loophole in Safari browser default DNT settings to drop
Doubleclick tracking cookies
• Google to pay $22.5mm to settle charges
• Remediation measures
• Self-reporting of compliance with remediation
Respecting Consumer Choice on Privacy
FTC Compliance
45. Where are we headed?
. . . and what should you do?
47. • Based on a yearlong series of privacy roundtables held by the FTC
• Extensive comment period (more than 450 comments received)
• Provides best practices for the protection of consumer privacy
• Applicable to both traditional (offline) and online businesses
• Intended to assist Congress as it considers privacy legislation
• Not intended to serve as a template for law enforcement actions
(but what about plaintiffs attorneys?)
Background
FTC Report
48. Privacy Framework
• Proposed framework is based on several core concepts
– Simplified consumer choice
FTC Report
49. • Proposed framework is based on several core concepts
– Simplified consumer choice
– Transparency
Privacy Framework
FTC Report
50. • Proposed framework is based on several core concepts
– Simplified consumer choice
– Transparency
– Privacy by design
Privacy Framework
FTC Report
51. • Continued expansion of “personal information”
• Codification of the definitions used in FTC settlements
• Shades of the definition in the EU Data Protection Directive
• Blurring of the line between PII and non-PII
• When is information not PII?
Scope of Personal Information
FTC Report
52. • Data is not PII if it is not reasonably linkable to a specific consumer,
computer or other device
• Breaking the link
– Take reasonable measures to ensure that data is de-identified
– Publicly commit to not try to re-identify
– Contractually prohibit downstream recipients from trying to re-identify
– Take measures to silo de-identified data from PII
• Cannot remove concerns by simply envisioning the sharing of only
“de-identified” or anonymous data
• Must actually follow FTC guidance
– Prohibitions in privacy policies against re-identification
– Provisions in vendor contracts regarding re-identification
– Systems designed to silo off de-identified data
De-Identification of Personal Information
FTC Report
53. • Historically, divergent privacy policies and practices regarding information
sharing with corporate affiliates and subsidiaries
• FTC Report views affiliates as “third parties” unless the affiliate
relationship is “clear to consumers”
• Common branding is cited as sufficient to make a relationship clear
• Uncertainty remains
• Practical implications
– Disclose affiliate sharing in privacy policy
– Consider opt-in for sharing sensitive information with affiliates
– Opt-out for non-sensitive information
Requirements for Affiliates and Subsidiaries
FTC Report
55. • Combined effort of the White House, Department of Commerce, and
the FTC
• Provides a framework for consumer privacy protections
• Establishes principles covering personal data
• Proposes voluntary industry “codes of conduct” for privacy and security
– Encourages inclusive and transparent process
– Safe harbor status for compliance with an approved code
Consumer Privacy Bill of Rights
White House Privacy Framework
58. • FTC report on Children’s Mobile App’s and Privacy (Feb. 16, 2012)
– Large number of apps (75%) targeted at children (under 13)
– Apps did not provide good privacy disclosures
– Will conduct additional COPPA compliance reviews over the next 6 months
• FCRA Warning letters (Feb. 2012)
– FTC sent letters to marketers of 6 mobile apps
– Warned that apps may violate Fair Credit Reporting Act (FCRA)
– If apps provide a consumer report, must comply with FCRA requirements
• FTC Workshops
– New guidance for advertisers on online and mobile disclosures
– Updates on the 2000 FTC “Dot Com Disclosures” guidelines for online ads
– Emphasizing that consumer protection laws apply online and in mobile
Increasing Activity In Mobile Privacy
Mobile Applications
59. • States have become active as well
• California Attorney General (AG) announced that California state privacy
law (Cal OPPA) applies to mobile applications (February 22, 2012)
• Cal OPPA requires conspicuous posting of privacy policy on mobile
applications
• California AG issued warning letters to 100 mobile app developers in
violation of Cal OPPA (October 24, 2012)
– United Airlines, Delta Airlines, Open Table among those targeted
– Threatens civil penalties of up to $2,500 for each download of non-compliant
app
Mobile Applications
Increasing Activity In Mobile Privacy
61. • Released September 5, 2012
• Reiterates that the mobile market is not different from the Internet
• General “guidelines” or “principles” for mobile app developers
– Tell the Truth About What Your App Can Do
– Disclose Key Information Clearly and Conspicuously
– Build Privacy Considerations in From the Start
– Offer Choices that are Easy to Find and Easy to Use
– Honor Your Privacy Promises
– Protect Kids’ Privacy
– Collect Sensitive Information Only with Consent
– Keep User Data Secure
• Acknowledges there can be no “one-size-fits-all” approach
• But also states that the laws apply to all companies
FTC Guide To Marketing Mobile Apps
Mobile Applications
63. • Unprecedented number of filed cases (both data breach and unauthorized
collection/use of personal information
• Emergence of a dedicated privacy plaintiffs’ bar
• Not all bad news for defendants
– Cases are routinely dismissed at the pleading stage (on Article III standing or
inability to meet “actual injury” element of claim)
– No out-of-pocket damages = No claim
• But the tide seems to be turning in favor of plaintiffs
Current State of Privacy Litigation
Data Breach/Privacy Litigation
64. • Empirical Analysis of Data Breach Litigation, Carnegie Mellon/Temple
University Study (February 19, 2012)
• Monetary recovery/settlement positively correlated with number of records
compromised, actual misuse of data, statutory damages
– 3.5x more likely to draw a lawsuit if financial harm present
– 6x lower when companies provide free credit monitoring
• Mean settlement value of $2,500 per affected individual
• Mean attorneys’ fee figure of $1.2 MM
– Google Buzz: $2.5mm
– TD Ameritrade: $500K (knocked down from $1.8mm)
– Facebook Beacon: $2.8mm (currently on appeal)
– Facebook Sponsored Stories: $10mm?
• Cy pres settlements ranging from $50K to $9.5 MM
Current State of Privacy Litigation
Data Breach/Privacy Litigation
66. • Most comprehensive general liability (CGL) policies do not cover data
losses
– Only insure against claims for "bodily injury", "property damage", and "personal
and advertising injury“
– Many also exclude state unfair practices claims
• Lawsuits by insurers for a determination of non-coverage are becoming
common
• More insurers are offering data breach and “cyber-liability” policies
– Options and alternatives are growing
– Choose wisely as exclusions may limit the benefits of coverage
Does Insurance Cover Losses?
Data Breach/Privacy Litigation
68. • Increasing value means increasing scrutiny
• Enforcement will continue (and may increase)
– Actual security breaches are not required
– Focus is on reasonable and appropriate measures
– Companies held to privacy-related promises
– Scope of personal information is growing
• Enforcement actions are influencing and defining industry expectations
(user and customer expectations too?)
• Your enforcement issue may not come from the FTC, but from a
potential customer, financing source, or acquirer
• Premium on increased transparency into data practices
Lessons Learned
Conclusion
69. • Know your data (map data collection, usage, and sharing)
• Collect the data you need and hold it only as long as you need it
• Institute procedures to secure personal information and sensitive
information
• Implement “privacy by design” concepts
• Prepare for a breach and adopt a written information security plan
(WISP)
• Educate and train employees
• Manage and monitor vendors and contractors
Best Practices
Conclusion
71. • Follow your WISP
• Day 1: Be proactive but with an eye to litigation
– Stop the bleeding
– Preserve forensic evidence
– Document actions
• Day 2: Seek counsel
– Begin to assess whether notification requirement triggered
– Don’t jump the gun on disclosure
– Reach out to law enforcement,
• Day 3 and beyond: Manage the fallout
– Public/investor relations
– Customer retention/communication
– Notification vendors
When the Inevitable (Breach) Happens
Conclusion