The document discusses protecting customer privacy with SaaS solutions and the cloud. It provides an overview of speakers Aurelie Pols and Blair Reeves and their discussion on balancing measurement needs with privacy. Key topics covered include existing and emerging private sector privacy laws, expectations around privacy legislation, and challenges around customer data and the cloud.
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalDr. Donald Macfarlane
The document summarizes an IBM breakfast briefing on data protection, security, and regulatory updates. The briefing covered the changing EU General Data Protection Regulations and implications for organizations, including increased fines for noncompliance. It also discussed privacy rights for individuals, such as the "right to be forgotten" and access to their own data. The briefing addressed how analytics can help adhere to new rules and regulations.
Presentation by Aurélie Pols at Superweek Hungary 2014. This presentation is NOT about security and goes beyond the over-blown cookie debate in order to highlight how the upcoming EU Personal Data Protection Regulation will influence digital analytics to hopefully start embracing Privacy by Design ways of working.
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Financial Poise
There is no federal law governing privacy and data security applicable to all US citizens. Rather, individual states and regulatory agencies have created a patchwork of protections that may overlap in certain industries.
This webinar provides an overview of the many privacy and data security laws and regulations which may impact your business, from the state law protecting personal information to regulations covering the financial services industry to state breach notification laws.
To view the accompanying webinar, go to: https://www.financialpoise.com/financial-poise-webinars/introduction-to-us-privacy-and-data-security-2020/
The document discusses several legal, ethical and social issues related to e-commerce, including intellectual property, privacy, taxation, encryption and security, contracts, marketing and advertising. It provides background on key concepts like ethics, privacy, intellectual property laws around copyright and trademarks. It also outlines objectives, challenges and recommendations around topics like online profiling, protection of personal data, and developing trust with customers.
This document discusses several key legal and moral issues surrounding e-commerce:
1. The Data Protection Act protects individual privacy and sets standards for handling personal data. It was updated in 1998 and 2000 to incorporate EU directives.
2. The Copyright Act protects copyrighted works including software, music, and literature. It is illegal to copy, distribute, or transmit pirated software.
3. The Computer Misuse Act criminalizes unauthorized access to computer systems and data as well as hacking in response to issues in the 1980s.
4. Civil liberties groups advocate for privacy, free expression, and access to information online, while addressing issues like access to personal data and forced software upgrades.
This presentation talks about the Legal instrumentation in e-commerce industry in International market. It draws attention towards major legal issues in this industry and I have tried to find out the best solutions of some of them
From the FinTech Webinar Series. Explores:
1. Storage and Processing of Data in “the Cloud”
2. Mobile Devices and Mobile Apps
3. “Big Data”
4. Security and Privacy Issues in Third-Party Contracts
5. Data Security and Corporate Governance
6. International Privacy and Data Security
7. Data Security as a National Security Concern: Legislation and Executive Initiatives
eMetrics Summit Boston 2014 - Big Data for Marketing - Privacy Principles & P...Aurélie Pols
Advertisers are collecting as much data as possible in order to sell finely targeted audiences to corporations. Privacy advocates are trying to wake up the populace to the continuous loss of civil liberties. Marketers are just trying to use the best tools to sell more stuff without alienating the public. Aurélie offers up a global view privacy rules and regulations to highlight how the upcoming European Union Personal Data Protection Regulation will influence digital analytics around the world. Then David identifies key data collection and usage issues and discusses ways to obtain the data we need while maintaining the trust and confidence of those we need to reach.
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalDr. Donald Macfarlane
The document summarizes an IBM breakfast briefing on data protection, security, and regulatory updates. The briefing covered the changing EU General Data Protection Regulations and implications for organizations, including increased fines for noncompliance. It also discussed privacy rights for individuals, such as the "right to be forgotten" and access to their own data. The briefing addressed how analytics can help adhere to new rules and regulations.
Presentation by Aurélie Pols at Superweek Hungary 2014. This presentation is NOT about security and goes beyond the over-blown cookie debate in order to highlight how the upcoming EU Personal Data Protection Regulation will influence digital analytics to hopefully start embracing Privacy by Design ways of working.
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Financial Poise
There is no federal law governing privacy and data security applicable to all US citizens. Rather, individual states and regulatory agencies have created a patchwork of protections that may overlap in certain industries.
This webinar provides an overview of the many privacy and data security laws and regulations which may impact your business, from the state law protecting personal information to regulations covering the financial services industry to state breach notification laws.
To view the accompanying webinar, go to: https://www.financialpoise.com/financial-poise-webinars/introduction-to-us-privacy-and-data-security-2020/
The document discusses several legal, ethical and social issues related to e-commerce, including intellectual property, privacy, taxation, encryption and security, contracts, marketing and advertising. It provides background on key concepts like ethics, privacy, intellectual property laws around copyright and trademarks. It also outlines objectives, challenges and recommendations around topics like online profiling, protection of personal data, and developing trust with customers.
This document discusses several key legal and moral issues surrounding e-commerce:
1. The Data Protection Act protects individual privacy and sets standards for handling personal data. It was updated in 1998 and 2000 to incorporate EU directives.
2. The Copyright Act protects copyrighted works including software, music, and literature. It is illegal to copy, distribute, or transmit pirated software.
3. The Computer Misuse Act criminalizes unauthorized access to computer systems and data as well as hacking in response to issues in the 1980s.
4. Civil liberties groups advocate for privacy, free expression, and access to information online, while addressing issues like access to personal data and forced software upgrades.
This presentation talks about the Legal instrumentation in e-commerce industry in International market. It draws attention towards major legal issues in this industry and I have tried to find out the best solutions of some of them
From the FinTech Webinar Series. Explores:
1. Storage and Processing of Data in “the Cloud”
2. Mobile Devices and Mobile Apps
3. “Big Data”
4. Security and Privacy Issues in Third-Party Contracts
5. Data Security and Corporate Governance
6. International Privacy and Data Security
7. Data Security as a National Security Concern: Legislation and Executive Initiatives
eMetrics Summit Boston 2014 - Big Data for Marketing - Privacy Principles & P...Aurélie Pols
Advertisers are collecting as much data as possible in order to sell finely targeted audiences to corporations. Privacy advocates are trying to wake up the populace to the continuous loss of civil liberties. Marketers are just trying to use the best tools to sell more stuff without alienating the public. Aurélie offers up a global view privacy rules and regulations to highlight how the upcoming European Union Personal Data Protection Regulation will influence digital analytics around the world. Then David identifies key data collection and usage issues and discusses ways to obtain the data we need while maintaining the trust and confidence of those we need to reach.
The document summarizes key points about privacy in e-commerce from a presentation given by Aleksandr Yampolskiy, head of security and compliance at Gilt Groupe. It discusses how much personal information is readily available online, the difference between privacy and security, why people disclose personal information, challenges with privacy in e-commerce, and solutions companies can implement like having a clear privacy policy and controlling access to customer data.
This document discusses the legal, ethical, and social impacts of electronic commerce. It covers topics such as privacy and data collection, intellectual property issues, unsolicited advertising, censorship and free speech, fraud prevention, virtual communities, and the future of e-commerce. The key issues addressed include balancing privacy and data use, combating piracy and protecting copyrights/trademarks, legislation around spam and pop-ups, ensuring free expression online, and addressing the digital divide.
This document discusses major legal and ethical issues in electronic commerce, including privacy, intellectual property, free speech, taxation, and consumer protection. It covers how private information is collected online through cookies, site registration, and other methods. Key principles of privacy protection and the EU's Data Privacy Directive are examined. Issues relating to intellectual property such as copyrights, patents, trademarks, and censorship are also summarized. The rise of mobile commerce and location-based commerce are then outlined, along with attributes, drivers, and generations of mobile networks including 3G and its capabilities and adoption. Finally, obstacles to mobile and location-based commerce are briefly noted.
The Politics of IT Security: Laptop Theft in the Public SectorLapSafe Products
In today’s fast-paced world where quick access to information is key, laptops, netbooks and tablets have become vital tools for public sector professionals. The use of mobile IT can increase flexibility and opportunities for remote working, but these desirable and costly devices are increasingly becoming the targets for organised and opportunistic theft. In 2011 alone, the Information Commissioner’s Office (ICO) has reported 22 laptops lost or stolen from public sector organisations and has fined some of the bodies responsible a total of £150,000.
This white paper examines IT security within the public sector, including the problem of repeated laptop thefts, and offers practical advice for professionals to help them keep their mobile electronic devices safe.
1. Some businesses engage in unethical practices like spamming to increase sales, as there are limited online laws and enforcement is done by users.
2. It is important for businesses to have ethical policies and protect customer privacy and security in order to build trust with online customers.
3. Laws aim to protect children's privacy and safety online by restricting data collection and requiring schools to use filtering software. Parents can also monitor children's internet use.
This document discusses some of the legal challenges of e-commerce, including unfair terms, cybercrime, and jurisdictional issues. Specifically, it outlines how unfair standard form contracts can negatively impact consumers and businesses. It also examines how cybercrime has increased with the rise of e-commerce and poses a challenge, citing statistics on financial losses from a Norton cybercrime report. Additionally, the document reviews some international and regional efforts to combat cybercrime, such as through organizations like Interpol, APEC, and the Council of Europe.
IBM Smarter Commerce Florida 2014 The Furture of Privacy by Aurélie Pols & Bl...FLUZO
In a data driven economy, analysts must be concerned with how data is collected, processed and subsequently used to improve online customer experiences, during those moments that matter.
Unlocking Value & Controlling Risk by #MindYourPrivacy
Does your company adequately manage and control the Data Life Cycle? Are you aware of European Privacy fines? Did the Target security breach that emanated through a 3rd party worry you and make you wonder about where to start?
art - MM Transformer - CIO Council (09-16) v1Marlon Moodley
This document discusses the legal risks and responsibilities that CIOs face. It contains several articles that address topics like:
- How CIOs need to understand laws related to both technology and business operations since technology and business are now intertwined. This means CIOs must comply with a wide range of legislation.
- Upcoming laws in South Africa that CIOs need to be aware of, such as the Protection of Personal Information Act, Cybercrimes and Cybersecurity Bill, and King IV corporate governance principles.
- Specific actions a CIO could take that could result in criminal charges or jail time, as defined in the South African Companies Act. CIOs have access to privileged information and
Personal Data Privacy and Information SecurityCharles Mok
The document discusses personal data protection, privacy, and information security issues in Hong Kong. It provides an overview of Hong Kong's Personal Data Protection Ordinance, which regulates the handling of personal data and establishes six data protection principles. It notes incidents of data leakage in Hong Kong and emerging issues around topics like social media, online anonymity, and information security threats potentially posed by governments. Resources on privacy and information security in Hong Kong are also listed.
The document discusses several legal and ethical issues related to technology and the internet. It covers topics like privacy, intellectual property, free speech, taxation, computer crimes, consumer protection, and other legal issues. It also discusses frameworks for analyzing ethical issues, protecting privacy and intellectual property, debates around free speech and censorship, protecting children online, controlling spam, and computer crimes.
This document summarizes a presentation on electronic commerce regulation in Africa. It discusses how countries can benefit from electronic commerce by assessing their policy and legal frameworks. It provides an overview of global electronic commerce trends and regulations, including models from UNCITRAL, the African Union, SADC, ECOWAS, and various countries. The presentation explores issues around developing enabling environments for e-commerce and regulating areas like electronic transactions, data protection, cybercrime, and intellectual property. It also discusses challenges African countries face in developing appropriate ICT policies and legal frameworks to promote regional economic integration and access to the global digital economy.
This document provides a summary of 3 key chapters from the 8th edition of the textbook "e-commerce, business. technology. society" by Kenneth C. Laudon and Carol Guercio Traver.
The first chapter discusses ethics, law, and e-commerce in virtual worlds like Second Life, including what constitutes mischief, banned behaviors, and debates around enforcing real-world laws. The second chapter covers understanding ethical issues in e-commerce related to privacy, intellectual property, governance, and public safety. The third chapter examines legal and technological approaches to protecting privacy, including the types of data collected online, profiling and behavioral targeting, and the FTC's evolving privacy framework.
social, legal and ethical issues of e-commerce..home based
The document discusses several ethical and legal issues related to e-commerce, including privacy, intellectual property, taxation, contracts, and more. It notes that ethics are principles used to determine right and wrong actions, and that individuals and organizations should be responsible, accountable, and subject to liability under due process. It also summarizes key concepts around privacy, information collection, cookies, profiling, and recommendations to ensure transparency and user choice regarding personal data. Finally, it provides an overview of intellectual property, copyright, and the goal of balancing public and private interests.
Aurélie Pols en Strata Conference: Digital analytics & privacy - it’s not the...FLUZO
This is Aurélie Pols presentation at Strata London Conference last 11-13 November.
It is in English and starts by revisiting the common best practices related to digital analytics in order to measure digital asset’s effectiveness to increase conversion, common data feeds between tools and possibly data flows between continents for analysis.
These practices are then put in parallel with legal requirements, showing which steps need to be undertaken to assure legal compliance of said practices, how digital responsibles should be trained in data protection matters and what contracts are needed with both data providers & collectors so as to assure minimal liability for these routinely undertaken tasks.
This presentation is NOT about security and goes beyond the over-blown cookie debate in order to highlight how the upcoming EU Personal Data Protection Regulation will influence digital analytics to hopefully start embracing Privacy by Design ways of working.
Digital analytics & privacy: it's not the end of the worldOReillyStrata
This document discusses digital analytics and privacy. It begins by noting expectations around a lack of new privacy legislation. It then discusses privacy as a human right and how public opinion around privacy is changing. It notes concerns around democracy being in danger since the passage of laws like the Patriot Act. The document is authored by Aurélie Pols and discusses bridging analytics and data protection in Europe under upcoming regulations. It stresses the importance of a risk-based approach, identifying intersections between professionals, and developing a privacy culture.
This chapter discusses privacy and the laws that protect personal information. It covers topics like identity theft, consumer profiling, data breaches, and workplace monitoring. Laws discussed include the Fair Credit Reporting Act, Health Insurance Portability and Accountability Act, Children's Online Privacy Protection Act, and others. The chapter also examines ethical issues around electronic discovery, responsible treatment of consumer data, and advanced surveillance technologies.
This document discusses several legal, ethical and social issues related to electronic commerce (EC). It covers topics such as privacy and protecting personal information, intellectual property rights, unsolicited electronic ads/spam, free speech vs censorship, taxation of online businesses, and how laws and regulations are still developing to address challenges from EC. The key issues involve balancing consumer protection vs business interests, as well as countries establishing consistent privacy, IP and other legal frameworks for digital/online activities.
Ethical, Social, and Political Issues in E-commerceNor Ayuzi Deraman
Internet, like other technologies, can:
Enable new crimes
Affect environment
Threaten social values
Costs and benefits must be carefully considered, especially when there are no clear-cut legal or cultural guidelines
This document discusses several legal and ethical issues related to online marketing and e-commerce. It covers topics such as privacy laws regarding collection and use of consumer data, monitoring of employee internet usage, intellectual property laws, taxation of online sales, and revenue recognition standards for internet companies. Specific acts and laws addressed include the Financial Services Modernization Act, the Children's Online Privacy Protection Act, the Digital Millennium Copyright Act, and standards from the Financial Accounting Standards Board regarding internet business accounting.
This document provides information on cemented carbide grades, properties, and applications recommended by Jinan Xinyu Cemented Carbide Co.,Ltd. It includes tables that list cemented carbide products for applications such as coal cutting, mining, geological prospecting, snow plow tips, oil drilling, and shield construction. The document discusses the company's integrated production system, strong research and development capabilities, and advanced equipment. It also provides photos of the company's facilities.
The document summarizes key points about privacy in e-commerce from a presentation given by Aleksandr Yampolskiy, head of security and compliance at Gilt Groupe. It discusses how much personal information is readily available online, the difference between privacy and security, why people disclose personal information, challenges with privacy in e-commerce, and solutions companies can implement like having a clear privacy policy and controlling access to customer data.
This document discusses the legal, ethical, and social impacts of electronic commerce. It covers topics such as privacy and data collection, intellectual property issues, unsolicited advertising, censorship and free speech, fraud prevention, virtual communities, and the future of e-commerce. The key issues addressed include balancing privacy and data use, combating piracy and protecting copyrights/trademarks, legislation around spam and pop-ups, ensuring free expression online, and addressing the digital divide.
This document discusses major legal and ethical issues in electronic commerce, including privacy, intellectual property, free speech, taxation, and consumer protection. It covers how private information is collected online through cookies, site registration, and other methods. Key principles of privacy protection and the EU's Data Privacy Directive are examined. Issues relating to intellectual property such as copyrights, patents, trademarks, and censorship are also summarized. The rise of mobile commerce and location-based commerce are then outlined, along with attributes, drivers, and generations of mobile networks including 3G and its capabilities and adoption. Finally, obstacles to mobile and location-based commerce are briefly noted.
The Politics of IT Security: Laptop Theft in the Public SectorLapSafe Products
In today’s fast-paced world where quick access to information is key, laptops, netbooks and tablets have become vital tools for public sector professionals. The use of mobile IT can increase flexibility and opportunities for remote working, but these desirable and costly devices are increasingly becoming the targets for organised and opportunistic theft. In 2011 alone, the Information Commissioner’s Office (ICO) has reported 22 laptops lost or stolen from public sector organisations and has fined some of the bodies responsible a total of £150,000.
This white paper examines IT security within the public sector, including the problem of repeated laptop thefts, and offers practical advice for professionals to help them keep their mobile electronic devices safe.
1. Some businesses engage in unethical practices like spamming to increase sales, as there are limited online laws and enforcement is done by users.
2. It is important for businesses to have ethical policies and protect customer privacy and security in order to build trust with online customers.
3. Laws aim to protect children's privacy and safety online by restricting data collection and requiring schools to use filtering software. Parents can also monitor children's internet use.
This document discusses some of the legal challenges of e-commerce, including unfair terms, cybercrime, and jurisdictional issues. Specifically, it outlines how unfair standard form contracts can negatively impact consumers and businesses. It also examines how cybercrime has increased with the rise of e-commerce and poses a challenge, citing statistics on financial losses from a Norton cybercrime report. Additionally, the document reviews some international and regional efforts to combat cybercrime, such as through organizations like Interpol, APEC, and the Council of Europe.
IBM Smarter Commerce Florida 2014 The Furture of Privacy by Aurélie Pols & Bl...FLUZO
In a data driven economy, analysts must be concerned with how data is collected, processed and subsequently used to improve online customer experiences, during those moments that matter.
Unlocking Value & Controlling Risk by #MindYourPrivacy
Does your company adequately manage and control the Data Life Cycle? Are you aware of European Privacy fines? Did the Target security breach that emanated through a 3rd party worry you and make you wonder about where to start?
art - MM Transformer - CIO Council (09-16) v1Marlon Moodley
This document discusses the legal risks and responsibilities that CIOs face. It contains several articles that address topics like:
- How CIOs need to understand laws related to both technology and business operations since technology and business are now intertwined. This means CIOs must comply with a wide range of legislation.
- Upcoming laws in South Africa that CIOs need to be aware of, such as the Protection of Personal Information Act, Cybercrimes and Cybersecurity Bill, and King IV corporate governance principles.
- Specific actions a CIO could take that could result in criminal charges or jail time, as defined in the South African Companies Act. CIOs have access to privileged information and
Personal Data Privacy and Information SecurityCharles Mok
The document discusses personal data protection, privacy, and information security issues in Hong Kong. It provides an overview of Hong Kong's Personal Data Protection Ordinance, which regulates the handling of personal data and establishes six data protection principles. It notes incidents of data leakage in Hong Kong and emerging issues around topics like social media, online anonymity, and information security threats potentially posed by governments. Resources on privacy and information security in Hong Kong are also listed.
The document discusses several legal and ethical issues related to technology and the internet. It covers topics like privacy, intellectual property, free speech, taxation, computer crimes, consumer protection, and other legal issues. It also discusses frameworks for analyzing ethical issues, protecting privacy and intellectual property, debates around free speech and censorship, protecting children online, controlling spam, and computer crimes.
This document summarizes a presentation on electronic commerce regulation in Africa. It discusses how countries can benefit from electronic commerce by assessing their policy and legal frameworks. It provides an overview of global electronic commerce trends and regulations, including models from UNCITRAL, the African Union, SADC, ECOWAS, and various countries. The presentation explores issues around developing enabling environments for e-commerce and regulating areas like electronic transactions, data protection, cybercrime, and intellectual property. It also discusses challenges African countries face in developing appropriate ICT policies and legal frameworks to promote regional economic integration and access to the global digital economy.
This document provides a summary of 3 key chapters from the 8th edition of the textbook "e-commerce, business. technology. society" by Kenneth C. Laudon and Carol Guercio Traver.
The first chapter discusses ethics, law, and e-commerce in virtual worlds like Second Life, including what constitutes mischief, banned behaviors, and debates around enforcing real-world laws. The second chapter covers understanding ethical issues in e-commerce related to privacy, intellectual property, governance, and public safety. The third chapter examines legal and technological approaches to protecting privacy, including the types of data collected online, profiling and behavioral targeting, and the FTC's evolving privacy framework.
social, legal and ethical issues of e-commerce..home based
The document discusses several ethical and legal issues related to e-commerce, including privacy, intellectual property, taxation, contracts, and more. It notes that ethics are principles used to determine right and wrong actions, and that individuals and organizations should be responsible, accountable, and subject to liability under due process. It also summarizes key concepts around privacy, information collection, cookies, profiling, and recommendations to ensure transparency and user choice regarding personal data. Finally, it provides an overview of intellectual property, copyright, and the goal of balancing public and private interests.
Aurélie Pols en Strata Conference: Digital analytics & privacy - it’s not the...FLUZO
This is Aurélie Pols presentation at Strata London Conference last 11-13 November.
It is in English and starts by revisiting the common best practices related to digital analytics in order to measure digital asset’s effectiveness to increase conversion, common data feeds between tools and possibly data flows between continents for analysis.
These practices are then put in parallel with legal requirements, showing which steps need to be undertaken to assure legal compliance of said practices, how digital responsibles should be trained in data protection matters and what contracts are needed with both data providers & collectors so as to assure minimal liability for these routinely undertaken tasks.
This presentation is NOT about security and goes beyond the over-blown cookie debate in order to highlight how the upcoming EU Personal Data Protection Regulation will influence digital analytics to hopefully start embracing Privacy by Design ways of working.
Digital analytics & privacy: it's not the end of the worldOReillyStrata
This document discusses digital analytics and privacy. It begins by noting expectations around a lack of new privacy legislation. It then discusses privacy as a human right and how public opinion around privacy is changing. It notes concerns around democracy being in danger since the passage of laws like the Patriot Act. The document is authored by Aurélie Pols and discusses bridging analytics and data protection in Europe under upcoming regulations. It stresses the importance of a risk-based approach, identifying intersections between professionals, and developing a privacy culture.
This chapter discusses privacy and the laws that protect personal information. It covers topics like identity theft, consumer profiling, data breaches, and workplace monitoring. Laws discussed include the Fair Credit Reporting Act, Health Insurance Portability and Accountability Act, Children's Online Privacy Protection Act, and others. The chapter also examines ethical issues around electronic discovery, responsible treatment of consumer data, and advanced surveillance technologies.
This document discusses several legal, ethical and social issues related to electronic commerce (EC). It covers topics such as privacy and protecting personal information, intellectual property rights, unsolicited electronic ads/spam, free speech vs censorship, taxation of online businesses, and how laws and regulations are still developing to address challenges from EC. The key issues involve balancing consumer protection vs business interests, as well as countries establishing consistent privacy, IP and other legal frameworks for digital/online activities.
Ethical, Social, and Political Issues in E-commerceNor Ayuzi Deraman
Internet, like other technologies, can:
Enable new crimes
Affect environment
Threaten social values
Costs and benefits must be carefully considered, especially when there are no clear-cut legal or cultural guidelines
This document discusses several legal and ethical issues related to online marketing and e-commerce. It covers topics such as privacy laws regarding collection and use of consumer data, monitoring of employee internet usage, intellectual property laws, taxation of online sales, and revenue recognition standards for internet companies. Specific acts and laws addressed include the Financial Services Modernization Act, the Children's Online Privacy Protection Act, the Digital Millennium Copyright Act, and standards from the Financial Accounting Standards Board regarding internet business accounting.
This document provides information on cemented carbide grades, properties, and applications recommended by Jinan Xinyu Cemented Carbide Co.,Ltd. It includes tables that list cemented carbide products for applications such as coal cutting, mining, geological prospecting, snow plow tips, oil drilling, and shield construction. The document discusses the company's integrated production system, strong research and development capabilities, and advanced equipment. It also provides photos of the company's facilities.
Este currículum vitae presenta los datos personales y académicos de Rubén Pedrajas Martínez, nacido en 1990 en Elche. Se incluye su dirección, teléfonos y correo electrónico de contacto, así como sus estudios de Graduado Escolar, Bachillerato en Humanidades y la actual Licenciatura en Publicidad y RRPP en la Universidad de Alicante. Además, detalla su nivel de idiomas como el castellano, valenciano e inglés, sus conocimientos informáticos y otros datos como el permiso de conducir
Oferujemy programy wellness w organizacjach w celu wspierania dobrego samopoczucia pracowników i menedżerów. Pracując z zespołami zapewniamy uczenie się eksperymentalne, praktyczne wskazówki oraz holistyczne podejście do zrównoważonego zdrowia.
The document provides summaries of important historical events:
- The Great Depression began with the 1929 stock market crash in the US and escalated into an international economic catastrophe.
- The Russo-Japanese War resulted in a Japanese victory that established Japan's sphere of influence over Manchuria. Japan then renamed Manchuria as Manchukuo after establishing it as a colony.
- Germany and Japan signed the Anti-Comintern Pact against communism, forming an early alliance that would grow stronger during World War II.
- World War II saw alliances form between the Allied Powers including Britain, France, the Soviet Union and US, against the Axis Powers of Germany, Italy and Japan.
Alexandra Tomley is applying for legal jobs. She has a law degree from the University of Law with expected distinction and has completed legal training programs. She has work experience in legal offices assisting solicitors and barristers and observing court cases. Additionally, she has teaching experience and has volunteered extensively with a special athletes organization.
El documento describe el proceso de roscado, que consiste en mecanizar espirales en superficies externas o agujeros para crear tornillos o tuercas. El roscado puede realizarse con máquinas herramientas como taladradoras o fresadoras, o manualmente con herramientas como machos y terrajas. Los machos se usan para roscar el interior de agujeros, mientras que las terrajas sirven para roscar la parte externa de tornillos y pernos.
Hip & Knee Replacement Infections: Lawsuit Informationlawsuitlegal
Joint implant patient? Post-surgical complications suffered by hip & knee replacement patients have have been caused by the forced-air warming blanket used during your operation. Hip and knee infections are among claims made in recent lawsuit complaints brought against 3M and their Bair Hugger patient warming device.
If you suffered a deep joint infection, it can require multiple revision surgeries to ex-plant the contaminated device, result in loss of mobility, amputation and even death.
In the following guide we rundown the case infection lawsuit attorneys are making against in court, what some of the important research on the matter says, and review the case against liability being made.
If you suffered a serious infection post-surgery, we encourage you to come forward and share what happened, adding your voice to the ongoing investigation. Review the information in the guide, and then share what happened with our Bair Hugger attorneys to learn your legal options now.
Shawshank Redemption Lessons on Crisis CommunicationLubomir Tuchscher
Have you seen the motion picture Shawshank Redemtion? The great one. You can also learn lessons on crisis communication from it. Follow my presentation with original quotes and visuals from the motion picture associated with my experiences in crisis communication and outcomes from the survey made with cooperation of the Slovak Spokespersons Association in 2015.
The AD620 is a low cost, low power instrumentation amplifier that requires only one external resistor to set gains between 1 and 10,000. It has excellent dc specifications including 50uV max input offset voltage and 0.6uV/°C max offset drift. The AD620 is suitable for applications such as precision data acquisition, medical devices, and portable equipment due to its low noise, low power consumption of 1.3mA max, and small packaging.
Data protection & security breakfast briefing master slides 28 june-finalDr. Donald Macfarlane
The document summarizes an IBM breakfast briefing on data protection, security, and regulatory updates. The briefing covered the changing EU General Data Protection Regulations and implications for organizations, including increased fines for noncompliance. It also discussed practical strategies for organizations to build a culture of data protection compliance, including data discovery, classification, retention, and disposal. Speakers included experts from IBM, law firms, and other companies to discuss analytics and best practices to help organizations adhere to new rules and regulations.
Smarter comm"The Future of Privacy". Aurélie Pols at IBM Smarter Commerce Glo...FLUZO
In a data driven economy, analysts must be concerned with how data is collected, processed and subsequently used to improve online customer experiences, during those moments that matter.
Unlocking Value & Controlling Risk by #MindYourPrivacy
Storm on the Horizon: Data Governance & Security vs. Employee PrivacyAurélie Pols
Defining the SAM Pro’s Role in Data Privacy
As software and IT asset managers gather increasing amounts of data about employee use of company systems, concerns arise over employee privacy. How can the need to monitor access to software and systems be balanced with local legislation designed to protect employees' privacy rights in the work place?
This is the concern attendees at the 2014 SAM Summit London will discuss in a keynote session with European privacy and digital analytics specialist Aurélie Pols, co-founder and chief visionary officer at Mind Your Privacy.
"As more employers let workers bring their own devices to the office or access company data in the cloud from home, software asset managers are faced with a new task," says Pols. "They have to ensure that the measurements and controls put in place to secure data and license compliance, are not violating employee privacy."
An employee's right to privacy is defined in local law, posing a challenge for companies that operate throughout Europe. Spain has one of the strictest data protection laws in Europe, notes Pols, who is based in Madrid. "When it comes to fines issued by data protection authorities in Europe, Spain accounts for 80 percent of them," she says. This has turned Spain into a country where corporate lawyers, and IT managers, make sure they have the right processes in place to avoid the legal risks surrounding improper data collection and use.
The Spanish model has become the ideal to apply to client environments throughout Europe, notes Pols. " We try to find the best and most homogenous set of data governance practices that will work worldwide to ensure minimal risk—and maximum compliance."
Best practices of data use
The first data governance challenge for software and IT asset management professionals is to define what kind of data they are collecting from their workforce and how it will be used.
"Of course the software asset manager wants to track employee usage to ensure that data is not leaked or improperly accessed, but a subset of this activity is that suddenly you have data about what employees are doing," notes Pols. "This can run afoul of privacy laws unless there's close collaboration with the HR department."
Companies are now faced with the question: Do we want to use this data on employee activity, and if so, for what purpose? Do we want to use it within certain teams to assess whether certain employees are productive? Do we want to use this to assure that they are using the right processes?
"Before you measure, you need to know what and why you’re measuring," says Pols. "Although the software asset manager isn’t going to be looking at this employee data, they do need to ensure that any data collected is done in accordance with local laws."
1. The GDPR significantly changes data protection requirements for companies doing business in the EU and increases obligations for advertisers and networks/publishers who can now be jointly liable. It comes into effect in May 2018 with fines up to 4% of global revenue.
2. Under the GDPR, personal data is more broadly defined and users have more rights around consent, access, and removal of their data. Requirements around ad profiling and tracking remain unclear as guidance is still pending.
3. Companies should map their data flows, review consents and policies, and engage regulators to understand impacts on their business from the GDPR. Industry alignment with the FTC is also discussed.
Is it legal or illegal to use american cloud services in Europe?
Patricia Ayojedi presentation about the controversial between USA an Europe regarding cloud business.
The document provides an overview of ethics, legislation, and privacy issues related to big data. It discusses the necessity of regulating big data and the differences between privacy and data protection. It also provides details on the General Data Protection Regulation (GDPR), including its goals, requirements for companies, and individual rights it aims to protect.
The Evolution of Data Privacy: 3 things you didn’t knowSymantec
The European Union’s proposed General Data Protection Regulation (GDPR) has left even the most informed confused. This new regulation has been designed to update the current directive which was drafted in a time that was in technology terms, prehistoric. It’s time to evolve.
The document discusses data privacy, ownership, and the Internet of Things (IoT). It notes that while companies own data collected and correlations made, users have rights to control their personal data. Laws like GDPR protect personally identifiable information (PII), and breaches can result in costly class actions, clean-up costs, and fines if PII is collected without consent. The document recommends mitigating risks by following privacy- and security-by-design practices and obtaining user consent in privacy policies.
Explain your algorithmic decisions for gdprPierre Feillet
What are the challenges of GDPR coming in 2018? We share an overview of the regulation, and zoom on its algorithmic aspects. We present best practices in decision automation to place symbolic AI in complement of ML, and then introduce eXplainable AI.
Erkan Kahraman, Chief Trust Officer at Projectplace, gave a presentation on cloud services and security. He discussed Projectplace's security program and ecosystem which covers all aspects of cloud risks. Top customer concerns with cloud include legislation, privacy, security, and data ownership. The chief threats to cloud security are data breaches, loss, and account hijacking. Security measures discussed included encryption, access control, and monitoring. Ensuring customer trust requires considering location of data, terms of service, retention policies, and other factors. Government access to data varies by country and transparency reports provide some insight into requests.
Presented by The National Underwriter Company, and brought to you by FC&S Legal:
Insurance coverage experts Anjali C. Das and Jerold Oshinsky provide a timely presentation on cyber liability insurance--offering practical tools and guidance on key insurance coverage issues.
Also included: The latest cyber policies—including a discussion of key policy provisions and leading cases that have interpreted the new policies.
Viewers will also find vital information on:
• Examples of the kinds of claims asserted for data breach and privacy
• Coverage under traditional policies: ISO Pre-2001 CGL; ISO Post-2001 CGL
• The evolution of case law for coverage under traditional policies
• Why corporate boards should pay attention to cyber risk, including statistics, D&O Exposure, and D&O Policies
The document discusses requirements and challenges around complying with the General Data Protection Regulation (GDPR). It provides an overview of GDPR, how it will apply, relevant technology for compliance including redaction and pseudonymization, and 5 use cases where GDPR intersects with eDiscovery. Text mining technology can help identify personal data for redaction or anonymization to ensure data can be safely transferred. Pseudonymization is encouraged under GDPR to protect personal data.
Presentación del Webinar de nuestra hermana Mind Your Privacy y Cardinal Path
En el actual escenario digital, más que nunca los analistas, marketeros y demás profesionales de datos deben conocer los cambios en las normativas nacionales e internacionales así como una serie de principios básicos para respetar la privacidad y la protección de los que sus datos recogen.
Digital Marketing meets Privacy
IT law : the middle kingdom between east and WestLilian Edwards
This document discusses balancing privacy, security, business interests, and other values. It notes that recent Western experience shows promoting security over privacy can hurt industry by reducing consumer confidence, and that lack of privacy protection can impact business profits from data usage. The document suggests China could learn lessons from this experience, and that global trends show strengthening, not weakening, privacy is important to maintain trust and enable digital innovation.
The Evolution of Data Privacy - A Symantec Information Security Perspective o...Symantec
The European Union’s proposed General Data Protection Regulation (GDPR) has left even the most informed confused. This new regulation is designed to update the current legislation which was drafted in a time that was in technology terms, prehistoric.
The Data Protection Directive, drafted back in 1995, harks back to a time when data processing was more about filing
cabinets than data rack enclosures. It’s time to evolve.
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...IBM Security
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing the Impact of a Breach
Encryption has been viewed as the ultimate way to protect sensitive data for compliance. But it has also been considered very complex to implement. Today, encryption is essential to meet compliance objectives, and has become much simpler to implement. The challenge is knowing when and where to use encryption, how it can simplify compliance, what controls need to be in place, and the options for good encryption key management. This session will cover the options for encryption and key management, what each provides, and their requirements. Encryption and key management topics include application-level encryption for data in use, network encryption of data in motion, and storage encryption for data at rest.
Cybersecurity 2014: The Impact of Policies and Regulations on Companies by Andrea Almeida from the First Semi-Annual Cyber Security Conference in Plano, Texas held September 26-27, 2014.
AI Roles and Risk for election year 2024Aurélie Pols
Are we replacing one tyranny for another? reflexion on 10 years at Superweek, which challenges lie ahead for the digital analytics community this election year as the ink is slowly but surely drying on the AI Act.
Data Privacy and Security in Clinical Data ManagementClinosolIndia
Data privacy and security are of paramount importance in clinical data management to ensure the confidentiality, integrity, and protection of sensitive patient information and research data. Maintaining robust data privacy and security measures is essential for complying with regulatory requirements and maintaining the trust of patients, researchers, and stakeholders. Here's how data privacy and security can be ensured in clinical data management
Similar to Customers in the cloud pulse final (20)
Guia Social Media de Tercera Generación. El fin del experimento, el inicio de...FLUZO
Este documento describe la evolución de las estrategias de medios sociales en España y propone la llegada de una "tercera generación". Argumenta que las primeras empresas en España abordaron los medios sociales como un experimento sin objetivos claros o medición de resultados. Ahora, las empresas deben alinear sus estrategias de medios sociales con sus objetivos generales de negocio y centrarse en crear valor para los clientes, no sólo para aumentar su presencia en las plataformas. El documento también presenta un modelo alternativo para ayudar a las empresas a
The document discusses privacy laws and regulations in different jurisdictions. It compares the approaches to privacy and personal data protection in the US, UK, and EU. It also outlines some of the key differences between common law and continental legal systems as they relate to privacy. Furthermore, it provides an overview of different types of personal information classified as personally identifiable information (PII) in various US states and discusses risk levels for data in the US versus EU contexts.
Monetize your digital channel to prioritize potential opportunitiesFLUZO
Presentation by Aurélie Pols at Superweek 2014 (Hungary). The objectives of the session are to provide a simple and practical approach to classic and reverse monetization and learn how to prioritize your opportunities within your company.
- What are the biggest obstacles companies face to be successful in Digital Analytics?
- Do you want to continue being a reporting monkey?
- How to monetize?
- What if my website doesn´t sell?
- What´s the value of a lead and a visit?
- Monetizing different types of sites behaviors
- Common roadblocks to monetizing behaviors
- and much more ;)
Social Media o Social Data: ¿qué contribuye más a tu negocio? FLUZO
Presentación de René Dechamps en la Jornada Social Media ROI 2013 #SMROI organizada el pasado 3 de diciembre en Madrid por Madrid Emprende y Econred.es
Llega la Guía de Privacidad en el Móvil: ¿cómo se obtiene el consentimiento de los usuarios de apps y web móvil?
Mind Your Group (MYG) y la Mobile Marketing Association en España (MMA) lanzan la primera Guía de Privacidad en el Móvil con el objetivo de poner fin a las lagunas que puedan tener editores, anunciantes, agencias, redes publicitarias y empresas de medición sobre cómo proceder en materia de privacidad.
El documento llega en un momento en el que los usuarios son cada vez más conscientes del uso que se hace de sus datos y empiezan a exigir más transparencia, información y seguridad.
Analítica web y Privacidad (eShow Madrid 2013)FLUZO
El documento habla sobre analítica web y privacidad. Explica que los datos son un activo valioso que puede generar ingresos y por lo tanto es importante manejarlos de forma responsable y cumplir con la legislación de privacidad. También recomienda que los analistas revisen los contratos con proveedores de datos, clasifiquen y obtengan consentimiento para cookies, y consideren dónde se almacenan los datos para asegurar el cumplimiento normativo.
Diseño web: del concepto al resultado. Ricardo Tayar en SEonthebeach 2013FLUZO
Este documento presenta una charla sobre el diseño web y sus principios fundamentales. Explica que el diseño web consiste en elaborar soluciones utilizando internet como medio principal para satisfacer necesidades. Describe 10 principios del buen diseño y 7 principios de usabilidad y diseño web como diseñar para personas, dar feedback, familiaridad, perdón, consistencia, eficiencia, y estructuras cognitivas naturales. Concluye que el diseño debe enfocarse en entender y satisfacer las necesidades de las personas sobre el volumen de tráfico.
La nueva ley de cookies (Conversion Thursday Zaragoza)FLUZO
1) La presentación explica la normativa sobre cookies en España y la Unión Europea, incluyendo sanciones de hasta un millón de euros.
2) Se requiere informar a los usuarios sobre el uso de cookies y obtener su consentimiento de forma clara y accesible.
3) El cumplimiento de la normativa puede optimizar el marketing a través de un enfoque de privacidad centrado en el usuario.
Análisis de Fuentes de Tráfico en Analítica Web (Practitioner Web Analytics m...FLUZO
Presentación de Gemma Muñoz en el Practitioner Web Analytics de BCN (marzo 2013) en la que expone una interesante metodología para estudiar la mejor distribución de inversión en las fuentes de tráfico para un sitio web.
This document discusses upcoming changes to EU privacy regulations and the implications for companies collecting personal data from EU citizens. It notes that the current EU privacy rules are outdated and a new regulation will standardize privacy compliance across all EU member states. The new regulation is expected to be approved in 2013 and will impose much stricter consent requirements for data collection and fines of up to 2% of global revenue for noncompliance. It also discusses new rights like the right to be forgotten and data portability. Companies that do not update their privacy practices risk losing customer trust and facing large fines once the new rules are enforced.
2. Today‟s Speakers
Aurelie Pols
Chief Visionary Officer, Mind Your Privacy
@AureliePols
Blair Reeves
Product Manager, IBM Digital Analytics
@BlairReeves
@IBMEMM
1
3. Please note
IBM‟s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM’s
sole discretion.
Information regarding potential future products is intended to outline our general product direction and it should not be relied
on in making a purchasing decision.
The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver
any material, code or functionality. Information about potential future products may not be incorporated into any contract.
The development, release, and timing of any future features or functionality described for our products remains at our sole
discretion
Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The
actual throughput or performance that any user will experience will vary depending upon many factors, including
considerations such as the amount of multiprogramming in the user‟s job stream, the I/O configuration, the storage
configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve
results similar to those stated here.
@IBMEMM
@BlairReeves
2
4. Privacy in Context
IBM Customer
Experience Suite
(content management)
@BlairReeves
@IBMEMM
3
6. Expectations: no legislation, promised!
Source: http://www.jms-group.com/wp-content/uploads/2011/10/boring-conference.jpg
@IBMEMM
@aureliepols
5
7. My kids in the cloud, perfectly load balanced
@IBMEMM
@aureliepols
6
8. Confessions of a EU digital analyst (& Privacy geek)
Grew up in the Netherlands, Dutch passport
French mother tongue
Most of my friends are bilingual at least
Have Polish & Russian origins
Set-up my 1st start-up in Belgium in 2003
Sold it to Digitas LBi (Publicis), in 2008
Moved to Spain in 2009
Created 2 other start-ups in Spain in 2012
– Mind Your Group, Putting Your Data to Work
– Mind Your Privacy, Data Science Protected
– Yes, a “law firm” but we prefer to say
a bunch of Data Scientists working with a bunch of lawyers
@IBMEMM
@aureliepols
7
10. Privacy, a fundamental right in the EU
European Convention of Human Rights (1953)
– Section I, Rights & Freedoms, Article 8: Right to respect for private
and family life
1. Everyone has the right to respect for his private and family life, his
home and his correspondence.
2. There shall be no interference by a public authority with the exercise
of this right except such as is in accordance with the law and is
necessary in a democratic society in the interests of national
security, public safety or the economic well-being of the country, for
the prevention of disorder or crime, for the protection of health or
morals, or for the protection of the rights and freedoms of others.
Note the national security reference, we’ll get back to it!
US: Samuel Warren and Louis Brandeis talk “the right to be left
alone” in Harvard Law Review in 1890!
@IBMEMM
@aureliepols
9
11. Privacy, a Human Right? Global level
The Right to Privacy in the
Digital Age
Draft resolution, crafted by
Germany & Brazil
Adopted without a vote
December 18th 2013
Next steps
UN High Commissioner Navi
Pillay to submit a report on the
Source: http://rt.com/news/germany-brazil-un-spying-resolution-394/
protection & promotion of the right
to Privacy in the context of
domestic & extraterritorial
surveillance and/or interception of
digital communications & the
collection of personal data
August 25th 2014
@IBMEMM
@aureliepols
10
12. The Rule of Law is the basis for Democracy
US & UK
Common Law
EU
Continental Law
Class actions
Fines
(by DPAs: Data Protection Agencies)
Personal Data Protection
Citizen focused: data belongs to the
visitor/prospect/consumer/citizen
Over-arching EU Directives &
Regulations
Privacy
Business focused
Patchwork of sector based
legislations:
HIPPA, COPPA, VPPA, …
PII varies per state
APEC
Continental
law
influenced
Risk levels: low, medium (profiling),
high (sensitive data), extremely high
(profiling with sensitive data)
@IBMEMM
@aureliepols
11
13. PII list of variables & US states I
Personal Information (based on the definition commonly used by most states)
i
Name, such as full name, maiden name, mother„s maiden name, or alias
ii
Personal identification number, such as social security number (SSN),
passport number, driver„s license number, account and credit card number
iii
Address information, such as street address or email address
iv
Asset information, such as Internet Protocol (IP) or Media Access Control
(MAC)
v
Telephone numbers, including mobile, business, and personal numbers.
Information identifying personally owned property, such as vehicle registration
number or title number and related information
Source: information based on current ongoing analysis (partial results)
@IBMEMM
@aureliepols
12
14. PII list of variables & US states II
Medical information as PII
Financial information as PII
California
Alaska
North Carolina
Arkansas
Iowa
North Dakota
Missouri
Kansas
Oregon
New Hampshire
Massachusetts
South Carolina
North Dakota
Missouri
Vermont
Texas
Nevada
Wisconsin
Virginia
New York*
Wyoming
Passwords information as PII
Biometric information as PII
Georgia
Iowa
Maine
Nebraska
Nebraska
North Carolina
Wisconsin
Source: information based on current ongoing analysis (partial results)
@IBMEMM
@aureliepols
13
15. PII vs. Risk levels
PII
Risk
level
Extremely high
(profiling of sensitive data)
High
(sensitive)
Low
Medium
(profiling)
Data type
Information Security Measures
@IBMEMM
@aureliepols
14
16. Fines?
Spain: responsible for 80% of data protection fines in the EU
Source:
http://www.mindyourpriva
cy.com/download/privacyinfographic.pdf
@IBMEMM
@aureliepols
15
17. Total Privacy fines, penalties & settlements worldwide
Just 6 weeks into 2014, the world total in Privacy damages has
already reached half the level of last year‟s record: $74 million
Source:
http://www.computerworld.com/s/article/9246393/Jay_Cline_U.S._takes_the_gold_in_doling_out_priv
acy_fines?taxonomyId=84&pageNumber=3
@IBMEMM
@aureliepols
16
18. Data ownership? Dutch mobile, more B2B
KPN is a
Dutch Telco
Operations
are in the
Netherlands,
Belgium &
Germany
Brands: Hi,
Simyo,
Telfort &
KPN,
XS4ALL, EPlus & Base
(sold to
Telefonica)
@IBMEMM
@aureliepols
17
19. What are we working on in Europe?
Exists today
– EU Data Protection Directive (95/46/EC)
– ePrivacy Directive 2002/58/EC (as revised by 2009/136/EC)
Coming up
#EUDataP
Source:
www.iabeurope.e
u/files/8813/7882
/1681/IAB_Tuesd
ay_Webinar_Dat
a_Protection_FI
NAL.pdf
@IBMEMM
@aureliepols
18
20. Consolidating: from national DPAs to WP29
Each country has it‟s own Data Protection Agency (DPA)
– The French CNIL, the UK ICO, the Spanish AGPD, the 16 German
länder, the Italians, the Dutch, …
– And they all work differently, with different budgets and different
rules
The Article 29 Data Protection Working Party
– Gives recommendations
– Has no effective power but everybody listens: “an independent
European advisory body on data protection and privacy”.
– Opinion 05/2012 on Cloud Computing, adopted July 1st 2012
(p 20: Guidelines for clients & providers of cloud computing services)
– Influences the current debate about the upcoming Personal Data
Protection Regulation (horizon 2016)
@IBMEMM
@aureliepols
19
22. #EUDataP related to Cloud
Article 4.3. of the EU Personal Data Protection Regulation
distinguished between:
– Service in the cloud
– Storage in the cloud
Recurrent Question: Does it apply to back-ups?
– Yes, this has been specifically specified in the Regulation, following
the WP29‟s 2012 recommendation
Types of cloud computing:
– Private, Public, Hybrid, Community
Service types: IAAS, PAAS, SAAS
@IBMEMM
@aureliepols
21
23. Legal status of participants: controller vs. processor
The customer as data controller
– Determines whether to choose cloud computing (total or partial)
– Determines the type of cloud computing (especially regarding
International Data Transfers)
– Determines the cloud computing service types
Responsible for the processing of personal data
– This can not be delegated
The Cloud Certified Professional (CCP) as data processor
– IBM data centers ISO-27001 & SSAE-16 certified + ITCS104 IBM
security policy
Consequences of the participants‟ legal status:
– Applicable law: national law of controller/customer
– Except national security
@IBMEMM
@aureliepols
22
26. Typical personal data misconceptions
Very often present in technology companies
– We do not identify the user while using the data, so we have no
issues with Privacy law
– We only use the serial # of the users device, so the data is
anonymous and we have no issues with Privacy laws
– We encrypt the data so we are no longer using/sending/receiving
personal data
– We use hashes to replace all serial #, so the data is now
anonymous and we have no issues with Privacy laws
– We anonymize the data, so we are not using personal data
– We can use the user‟s data for anything we want, as long as we
keep the data to ourselves
– Look: big name companies are doing the same, so we are ok
Slide borrowed from @simonhania from TomTom, IAPP congress Brussels, November
2013
@IBMEMM
@aureliepols
25
27. Connected cars? TomTom profiles roads, not people
Slide borrowed from @simonhania from TomTom, IAPP congress Brussels, November
2013
@IBMEMM
@aureliepols
26
28. Consent in Telcos, some go for very granular
Slide borrowed from Stephen John Deadman from Vodafone Group Services Limited,
IAPP congress Brussels, November 2013
@IBMEMM
@aureliepols
27
29. Cloud: So where to start?
Suggested line of thought: WP29‟s Security & Data Protection
Goals
Transparency
Intervenability
Availability
Integrity
Portability
Confidentiality
Isolation
Source: http://ec.europa.eu/justice/data-protection/article-29/documentation/opinionrecommendation/files/2012/wp196_en.pdf
@IBMEMM
@aureliepols
28
30. Data protection requirements in the clientprovider relationship(s) – WP29
1. Compliance with basic principles
– Transparency
– Purpose specification & limitation => consent, opt-in, opt-out
– Erasure of data => anonymization, re-qualification
1. Contractual safeguards of the “controller-processor”
relationship
1. Technical & organizational measures of data protection & data
security
– Isolation (purpose limitation)
– Availability
– Intervenability
– Integrity
– Portability
– Confidentiality
– Accountability
@IBMEMM
@aureliepols
29
31. Compliance with basic principles
Transparency
– Who is controller (data collector) & purpose of data collection (what
are you using the data for exactly?)
– This includes sub-contractors
Purpose specification & limitation
– Data collected for specified, explicit and legitimate purposes & not
not further processed in a way incompatible with those purposes
– Prior to data collection
– Consent: opt-in, opt-out, don‟t ask
Erasure of data
– Legal data retention periods => customer re-qualification (average
30%)
@IBMEMM
@aureliepols
30
32. Trust & creepiness
Consent is about a reasonable expectation of the use of data
– There‟s a fine line
between
feeling charmed
vs.
feeling invaded
– Create win-win situations:
• Customers give company information
• Customers get better service/value for money
@IBMEMM
@aureliepols
31
33. Information Security Measures
Technical & organizational measures of data protection & security
– Availability:
• Timely & reliable access to personal data
• Cloud provider: reasonable measures to cope with risk of disruption
– Integrity:
• No malicious or accidental alteration of the data during
processing, storage or transmission
– Confidentiality:
• Encryption between transit, always & secure remote connections
– Isolation:
• Data storage, memory & networks is often shared => risk!
– Intervenability:
• No obstacles to data subject‟s right to access, rectification, erasure, ..
– Portability
@IBMEMM
@aureliepols
32
34. Techno security is just one piece of the puzzle
Technological security
Processes
Resources
Data Collection
@IBMEMM
@aureliepols
33
36. Balancing Risks & Benefits in the Cloud
Benefits
– Price
– Transfer of
responsibility?
– Availability
(BYOD, strike, natural
disaster, …)
Risks
– Cloud Provider
PIA, (Privacy Impact
Assessment)
– Security evaluation of
your own information
– Nature of your own data
Source:
http://www.labeshops.com/image/cache/data/summitcollection/7918llady-justice-3-feet-statue-800x800.jpg
@IBMEMM
@aureliepols
35
37. From Compliance to Risk Assessment
Achieving 100% compliance is chimera
– Compliance is a journey, not a destination
– Level of required compliance linked to
• Sector
• Personal internal management
• Company risk profile
Risk is a moving target
– Risk of being fined
– Risk of being breached
– Brand perception => subjective
@IBMEMM
@aureliepols
36
38. Leading global reinsurer example
Note: slides blurred for confidentiality reasons
@IBMEMM
@aureliepols
37
39. Metrics & KPIs to follow evolution
Note: slides blurred for confidentiality reasons
@IBMEMM
@aureliepols
38
40. Typical set-up example, International Co
Local
subsidiary
1
Local
subsidiary
1
Local
subsidiary
2
Local
subsidiary
3
Local
subsidiary
4
Terms &
Conditions
Applicable Security Measures???
@aureliepols
@IBMEMM
39
41. What to do? This is your check-list I
1. Know your information structure (cloud)
– Can you exactly draw the previous slide?
2. Cloud inventory (PIA)
– Provider (& sub-contractors)
– Location
• Cloud service HQ
• Servers
– Applicable law: our friend Snowden
– Physical location: earthquakes?
• Any incidents to report?
• In-house control access (risk)
• Terms & Conditions
– Information Security measures
– Related to Privacy
@IBMEMM
@aureliepols
40
42. What to do? This is your check-list II
3. Know your Data structure: data inventory (cloud)
– (Do you know which data can be found where)?
– Have you reviewed your information security measures?
– What happens in case of a breach?
4. Authorization required?
– Approval International Data Transfers (IDT)
– Safe Harbor
– Binding Corporate Rules (BCR)
– User consent
@IBMEMM
@aureliepols
41
43. MYP Information Security Framework
Organizational Data Security measures
Risk classification
Low/medium/high/extreme
Data Lifecycle
Integrity
Availability
Confidentiality
Security
@aureliepols
Authentication
Privacy
@IBMEMM
42
44. Human errors cause most data breaches
Source:
http://www.cooldaily
infographics.com/p
ost/data-andsecurity-breaches
@IBMEMM
@aureliepols
43
45. Harmonizing Security & Privacy cultures
Effective Privacy management depends upon a Risk driven
approach that surpasses compliance needs
– Prepare for legislative changes
– Recognize that just because something is legal, it doesn’t mean
it is a good idea
– Consider how Privacy drives strategic advantage => USP?
Skill requirements & interfaces between professionals
– Identifying intersection and tackling conflict
– Finding a common language
– Developing a Privacy culture
Source:
http://www.rsaconference.com/writable
/presentations/file_upload/grc-w07when-worlds-collide-harmonisinggovernance-between-security-andprivacy.pdf
@IBMEMM
@aureliepols
44