Privacy Overview
What is private data
Privacy requirements by jurisdiction
PIPEDA-Canada
GDPR-Europe
Blockchains and Privacy
Data storage
Privacy crypto currencies
A review of current blockchain technologies, from a point of view of an Information Security practitioner and as per standing Information Security practices. Unlike most blockchain reviews that address purpose and function as evaluation basis, this session looks at public blockchain technology implementations as just another IT System that needs to be characterized, analysed and reviewed by Information Security practitioners.
The entire Blockchain certification program is divided into different modules, which will let you explore Blockchain technology and its use cases in cybersecurity.
Role of blockchain technology in critical infrastructure securityGlobal Tech Council
Blockchain is a distributed ledger system that was once referred to as Bitcoin's underlying exchange technology, but has now widened its field and emerged as a mainstream technology that embraces other innovations such as artificial intelligence, machine learning, data science, big data, and more.
Second line of defense for cybersecurity : BlockchainAhmed Banafa
With the fact that cybercrime and cyber security attacks hardly seem to be out of the news these days and the threat is growing globally.
Nobody would appear immune to malicious and offensive acts targeting computer networks, infrastructures and personal computer devices.
Firms clearly must invest to stay resilient.
Gauging the exact size of cybercrime and putting a precise US dollar value on it is nonetheless tricky.
A review of current blockchain technologies, from a point of view of an Information Security practitioner and as per standing Information Security practices. Unlike most blockchain reviews that address purpose and function as evaluation basis, this session looks at public blockchain technology implementations as just another IT System that needs to be characterized, analysed and reviewed by Information Security practitioners.
The entire Blockchain certification program is divided into different modules, which will let you explore Blockchain technology and its use cases in cybersecurity.
Role of blockchain technology in critical infrastructure securityGlobal Tech Council
Blockchain is a distributed ledger system that was once referred to as Bitcoin's underlying exchange technology, but has now widened its field and emerged as a mainstream technology that embraces other innovations such as artificial intelligence, machine learning, data science, big data, and more.
Second line of defense for cybersecurity : BlockchainAhmed Banafa
With the fact that cybercrime and cyber security attacks hardly seem to be out of the news these days and the threat is growing globally.
Nobody would appear immune to malicious and offensive acts targeting computer networks, infrastructures and personal computer devices.
Firms clearly must invest to stay resilient.
Gauging the exact size of cybercrime and putting a precise US dollar value on it is nonetheless tricky.
How To Become A Certified Blockchain Security Professional? 101 Blockchains
Blockchain is regarded as one of the top-tier technologies that can combat cyber-attacks effortlessly. But is the technology really that secured? In reality, blockchain also comes with its fair share of shortcomings. Thus, every company developing or experimenting with blockchain technology is looking for a certified blockchain security professional, who can get rid of all the issues.
But before you can become a certified blockchain security expert, you need to master some specific skills and learn about blockchain security elements thoroughly. Mastering the techniques of cryptography, understanding the network security architecture of different blockchain platforms, gaining a strong knowledge of various programming languages and techniques, etc. are some of the skills you will need.
Thus, to help you in your journey to becoming a certified blockchain security professional, we at 101 Blockchains are offering various enterprise blockchain certification courses with updated and simplified information. Starting with our Certified Blockchain Security Expert (CBSE) course will be the best choice as this course will offer you a certification that you can showcase during your interviews.
Learn more about the course from here -->
https://academy.101blockchains.com/courses/certified-blockchain-security-expert
We also have other certification courses that you can check out --->
Certified Enterprise Blockchain Professional (CEBP) course
https://academy.101blockchains.com/courses/blockchain-expert-certification
Certified Enterprise Blockchain Architect (CEBA) course
https://academy.101blockchains.com/courses/certified-enterprise-blockchain-architect
We also offer additional blockchain courses that can help you enrich your resume and become an expert in no time.
Learn more about these courses from here ->
How to Build Your Career in Enterprise Blockchains Course
https://academy.101blockchains.com/courses/career-in-blockchain
Getting Started with Hyperledger Fabric Course
https://academy.101blockchains.com/courses/getting-started-with-hyperledger-fabric/
Beginner's Guide to Corda Development Course
https://academy.101blockchains.com/courses/beginners-guide-to-corda-development
Ethereum Development Fundamentals Course
https://academy.101blockchains.com/courses/ethereum-development-fundamentals
Blockchain for AI: Review and Open. Research Challenges K. SALAH, M. H. REHMA...eraser Juan José Calderón
Blockchain for AI: Review and Open. Research Challenges
K. SALAH, M. H. REHMAN, N. NIZAMUDDIN and A. Al-Fuqaha
ABSTRACT
Recently, Artificial Intelligence (AI) and blockchain have become two of the most trending and disruptive technologies. Blockchain technology has the ability to automate payment in cryptocurrency and to provide access to a shared ledger of data, transactions, and logs in a decentralized, secure, and trusted manner. Also with smart contracts, blockchain has the ability to govern interactions among participants with no intermediary or a trusted third party. AI, on the other hand, offers intelligence and decision- making capabilities for machines similar to humans. In this paper, we present a detailed survey on blockchain applications for AI. We review the literature, tabulate, and summarize the emerging blockchain applications, platforms, and protocols specifically targeting AI area. We also identify and discuss open research challenges of utilizing blockchain technologies for AI.
Hackbama Presentation
Presenter: Jason Cuneo
Abstract: The revolution of blockchain centered technologies provides security practitioners with a unique opportunity to participate in shaping the future of secure networking and has the potential to redefine how organizations and society transact and determine value. The objective of this discussion is to introduce how blockchains are disrupting the status quo and how they can be used to improve the Cybersecurity landscape.
Blockchain Defined Perimeter (BDP) - Maximum cybersecurity for critical syste...Floyd DCosta
Blockchain Defined Perimeter (BDP) is an enhanced Software-Defined Perimeter - that renders critical systems / cloud servers invisible; thereby making it near impossible for hackers to discover and attack, while providing a secure communication channel for legitimate users.
How To Plan Successful Encryption StrategyClickSSL
Nowadays, almost every digital device is connected to the internet. There are many benefits of staying online such as receiving information on real time, mobility, and affordability. Previously there was limited functionality available on the online platform such as browsing news, information and watching videos.
In this presentation I'm providing reasons why you should consider privacy by design and protect the personal information of your customers using proven technology solutions and best practices.
Blockchains: Opportunities & Risks for Law Firms [RelativityFest 2018]Kroll
With a dramatic increase in high-profile receiverships, regulatory fact finding, and class action lawsuits, it’s clear that cases involving blockchain technology are on the rise—and so is the risk these engagements bring to your firm. Learn what you can do to recognize when digital assets (such as Bitcoin and Ethereum) are involved in an engagement, how to reduce your exposure to risk with proper collection and review processes, and how to uncover and understand all the relevant information.
Presented by Josh McDougall, Director, Cyber Risk at Kroll during RelativityFest 2018
With the growing use of Blockchain technology across different business segments, it becomes important for companies to hire trained Blockchain expert and Blockchain developers. Whether you are a working professional or a fresher, Blockchain certification is going to be beneficial for you.
It will be a quick intro about Cloud Security Alliance (CSA). Overview of current cloud security research, events and other opportunities are covered. We will touch cloud security related certifications (for professionals and companies that provide cloud offerings)/ CSA Lviv Chapter membership and active participation will be discussed as well.
How To Become A Certified Blockchain Security Professional? 101 Blockchains
Blockchain is regarded as one of the top-tier technologies that can combat cyber-attacks effortlessly. But is the technology really that secured? In reality, blockchain also comes with its fair share of shortcomings. Thus, every company developing or experimenting with blockchain technology is looking for a certified blockchain security professional, who can get rid of all the issues.
But before you can become a certified blockchain security expert, you need to master some specific skills and learn about blockchain security elements thoroughly. Mastering the techniques of cryptography, understanding the network security architecture of different blockchain platforms, gaining a strong knowledge of various programming languages and techniques, etc. are some of the skills you will need.
Thus, to help you in your journey to becoming a certified blockchain security professional, we at 101 Blockchains are offering various enterprise blockchain certification courses with updated and simplified information. Starting with our Certified Blockchain Security Expert (CBSE) course will be the best choice as this course will offer you a certification that you can showcase during your interviews.
Learn more about the course from here -->
https://academy.101blockchains.com/courses/certified-blockchain-security-expert
We also have other certification courses that you can check out --->
Certified Enterprise Blockchain Professional (CEBP) course
https://academy.101blockchains.com/courses/blockchain-expert-certification
Certified Enterprise Blockchain Architect (CEBA) course
https://academy.101blockchains.com/courses/certified-enterprise-blockchain-architect
We also offer additional blockchain courses that can help you enrich your resume and become an expert in no time.
Learn more about these courses from here ->
How to Build Your Career in Enterprise Blockchains Course
https://academy.101blockchains.com/courses/career-in-blockchain
Getting Started with Hyperledger Fabric Course
https://academy.101blockchains.com/courses/getting-started-with-hyperledger-fabric/
Beginner's Guide to Corda Development Course
https://academy.101blockchains.com/courses/beginners-guide-to-corda-development
Ethereum Development Fundamentals Course
https://academy.101blockchains.com/courses/ethereum-development-fundamentals
Blockchain for AI: Review and Open. Research Challenges K. SALAH, M. H. REHMA...eraser Juan José Calderón
Blockchain for AI: Review and Open. Research Challenges
K. SALAH, M. H. REHMAN, N. NIZAMUDDIN and A. Al-Fuqaha
ABSTRACT
Recently, Artificial Intelligence (AI) and blockchain have become two of the most trending and disruptive technologies. Blockchain technology has the ability to automate payment in cryptocurrency and to provide access to a shared ledger of data, transactions, and logs in a decentralized, secure, and trusted manner. Also with smart contracts, blockchain has the ability to govern interactions among participants with no intermediary or a trusted third party. AI, on the other hand, offers intelligence and decision- making capabilities for machines similar to humans. In this paper, we present a detailed survey on blockchain applications for AI. We review the literature, tabulate, and summarize the emerging blockchain applications, platforms, and protocols specifically targeting AI area. We also identify and discuss open research challenges of utilizing blockchain technologies for AI.
Hackbama Presentation
Presenter: Jason Cuneo
Abstract: The revolution of blockchain centered technologies provides security practitioners with a unique opportunity to participate in shaping the future of secure networking and has the potential to redefine how organizations and society transact and determine value. The objective of this discussion is to introduce how blockchains are disrupting the status quo and how they can be used to improve the Cybersecurity landscape.
Blockchain Defined Perimeter (BDP) - Maximum cybersecurity for critical syste...Floyd DCosta
Blockchain Defined Perimeter (BDP) is an enhanced Software-Defined Perimeter - that renders critical systems / cloud servers invisible; thereby making it near impossible for hackers to discover and attack, while providing a secure communication channel for legitimate users.
How To Plan Successful Encryption StrategyClickSSL
Nowadays, almost every digital device is connected to the internet. There are many benefits of staying online such as receiving information on real time, mobility, and affordability. Previously there was limited functionality available on the online platform such as browsing news, information and watching videos.
In this presentation I'm providing reasons why you should consider privacy by design and protect the personal information of your customers using proven technology solutions and best practices.
Blockchains: Opportunities & Risks for Law Firms [RelativityFest 2018]Kroll
With a dramatic increase in high-profile receiverships, regulatory fact finding, and class action lawsuits, it’s clear that cases involving blockchain technology are on the rise—and so is the risk these engagements bring to your firm. Learn what you can do to recognize when digital assets (such as Bitcoin and Ethereum) are involved in an engagement, how to reduce your exposure to risk with proper collection and review processes, and how to uncover and understand all the relevant information.
Presented by Josh McDougall, Director, Cyber Risk at Kroll during RelativityFest 2018
With the growing use of Blockchain technology across different business segments, it becomes important for companies to hire trained Blockchain expert and Blockchain developers. Whether you are a working professional or a fresher, Blockchain certification is going to be beneficial for you.
It will be a quick intro about Cloud Security Alliance (CSA). Overview of current cloud security research, events and other opportunities are covered. We will touch cloud security related certifications (for professionals and companies that provide cloud offerings)/ CSA Lviv Chapter membership and active participation will be discussed as well.
The webinar covers:
• The origin and need for security and privacy in IoT devices
• Elements of the IoT Trust Framework
• Plans for implementation and certification
This webinar was presented by Scott S. Perry CPA and Online Trust Alliance:
Scott Perry is Principle of Scott S. Perry CPA, an expert with more than 25 years of experience as a manager, senior manager and director on the audit firms. A national consulting firm has led him to drive his own licensed, nationally operating CPA firm based in Bellevue, Washington specializing in Cybersecurity Audits.
Craig Spiezle is Executive director of Online Trust Alliance (OTA), a recognized authority on trust and the convergence of privacy, security and interactive marketing promoting a privacy practices, balanced public policy, end-to-end security and data stewardship. Currently Craig is on board Identity Theft Council and a member of InfraGuard a partnership between the Federal Bureau of Investigation and private sector.
Link of the recorded session published on YouTube: https://youtu.be/K3KZHWHO8bg
Top 10 reasons to get a blockchain expert certificationBlockchain Council
blockchain expert certification that stands out is the Certified Blockchain Expert certification offered by the Blockchain Council. Blockchain Council operates on the mission of educating people and creating awareness among businesses, enterprises, developers, and society in the blockchain sphere.
You can choose the Blockchain certification course offered by Blockchain Council. These online certification programs are a great way to ensure that you become a part of the ever-changing and growing technologies.
Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater.
Learning Outcomes:
This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training.
It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role.
Webinar 9
• Why and how to conduct a data mapping exercise.
• The rights of data subjects.
• Giving and withdrawing consent.
Custom Blockchain vs. Public Blockchains Choosing the Right Path for Your Bus...Prolitus Technologies
Unlock the Future: Navigating the Blockchain Landscape 🚀✨ Dive into the dynamic world of blockchain technology with our latest blog! 🌐🔗 Explore the crucial decision between Custom Blockchain and Public Blockchains and discover the perfect path for your business success. 💼💡 Join us on a journey of innovation and strategic decision-making in the realm of decentralized solutions. 🌍💻 Don't miss out on shaping the future of your business—read now! https://www.prolitus.com/blog/custom-blockchain-vs-public-blockchains-choosing-the-right-path-for-your-business/ #BlockchainDecisions #BusinessInnovation #TechTrends
Cut The Clutter: What You Have, What You Need, and What You Can Safely Get Ri...Symantec
Simple Facts- Information is growing at alarming rates, Organizations fear the consequences of eliminating even the most trivial data and these fears have been heightened by the retention requirements of Dodd-Frank, FINRA 10-06 and other troubling laws and regulations. In this hangout learn how to identify the data that you need to collect and manage versus the data that you can safely get rid of. In addition, attendees can understand how to limit exposure and storage costs by implementing a defensible deletion plan for both active and archived content.
Watch the Google+ Hangout recording: http://bit.ly/17by3e6
If you are looking for Blockchain certification programs in human resource, law, digital marketing or any other field, then Blockchain Council is offering a certification program in all these fields.
How blockchain technology help you to enhance your business in 2020Blockchain Council
. Blockchain Council is one of the leading platforms offering certification courses in Blockchain. So, if you are also willing to learn more about Blockchain, then you must enroll for the Blockchain certification program.
Say Good-Bye to Zero-Sum: Say Hello to Privacy and Marketing, by Designbradley_g
A presentation by Commissioner Cavoukian to the Canadian Institute Advertising and Marketing Law Conference on how Privacy by Design can give a sustainable competitive advantage in advertising and marketing.
Blockchain is helping in shaping the industry like never before. You can find so many use cases of this technology, and because of the overwhelming results which Blockchain is offering, it has become the technology of the future.
Digital data storage is the Blockchain notion. Picture the digitalization of travel information. Due to the unmodified connections in the block. If the data package is tied to this block, other data blocks may not be modified. Again, all users were shown and accessible by blockchain.
How is blockchain technology making the supply chain smarter Blockchain Council
The research on improvising this technology is increasing, and so is the need for Blockchain expert who can bring this change. By enrolling for Blcockhain certification program, one can get a complete insight into this technology and understand its implementation.
Top 7 industries That Will Be Quickly Disrupted By BlockchainBlockchain Council
These are the seven industries where Blockchain is finding active usage. Thus it has also become a great career option. If you too are willing to make a career in this field, then you must go for Blockchain certification by Blockchain Council.
Become a blockchain expert and join the blockchain revolutionBlockchain Council
A blockchain expert is one who specializes in blockchain technology and helps businesses improve their business processes and models by incorporating blockchain in their businesses.Click here @http://bit.ly/2XbGczl
In this webinar Prof. Banafa will discuss in details the use of Blockchain in the following businesses: Insurance; Payments; Internet-of-Things (IoT); Supply Chain; Healthcare; Government; Identity; Advertising; Marketing; Banking.
Similar to Cyber security privacy-and-blockchain-perspective-14 nov2018-v01-public (20)
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
2. Secunoid Systems Inc.
http://www.secunoid.com
Sarakinov Consulting Inc.
https://sarakinovconsulting.com
Disclaimer & License
Disclaimer
The views and opinions expressed in this presentation are those of the authors. They do not purport to reflect the policies,
views, opinions or positions of any other agency, entity, organization, employer or company.
License
This presentation is licensed under the Creative Commons Attribution 4.0 International (CC BY 4.0).
You are free to:
• Share , copy and redistribute the material in any medium or format
• Adapt , remix, transform, and build upon the material for any purpose, even commercially
• Under the following terms of Attribution: You must give appropriate credit, provide a link to the license, and indicate if
changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor
endorses you or your use.
License details: https://creativecommons.org/licenses/by/4.0/legalcode
2
3. Secunoid Systems Inc.
http://www.secunoid.com
Sarakinov Consulting Inc.
https://sarakinovconsulting.com
Topics
• Intro
• Privacy Overview
• What is Private Data?
• Privacy by jurisdiction (We will focus on Canada, the EU and the USA)
• Privacy Considerations
• Conclusion
• Q&A
3
4. Secunoid Systems Inc.
http://www.secunoid.com
Sarakinov Consulting Inc.
https://sarakinovconsulting.com
BIO’s
Shahid Sharif
CCSK, CISA, CISSP, CRISC, CSSP, PCIP, PMP
IT Security professional with over 20 years of experience in various
industries in differentroles.Some ofthe highlights include:
• Application Security Assessments
• Security Architecture advisory pertaining to Mobile Devices,
Networks,Applications,& Systems
• Extensive experience in managing and supporting audits related
to PCI-DSS, SSAE16. CSAE3416, 5025,SOC2, and SOX
• In-depth knowledge and experience on implementing
Governance, Risk,& Compliance and supporting frameworks like
COBIT 5, NIST, ISO, etc
• Extensive experience in creating procedures,policies and
standards
• In-depth knowledge ofBusiness ContinuityManagementwhich
includes BCP,DRP, and Crisis Management.
• Private/Public Blockchain technologies
LinkedIn: https://www.linkedin.com/in/shahidsharif/
Goni Sarakinov
SCF, CISSP, CIPM, CIPT
CEO, Sarakinov Consulting Inc., Director of Information
Security & Privacy at Libra Enterprises, Inc. is a SABSA
Chartered Security Architect, Certified Information System
Security Professional (CISSP), Certified Information Privacy
Manager (CIPM) and a Certified Information Privacy
Technologist (CIPT). Over 20 years’ experience on advising
both public and private sector organizations on identifying,
developing and deploying solutions to address privacy
regulations in Canada, USA and EU, plan and roll-out
successful programs encompassing information security and
privacy capabilities.
LinkedIn: https://www.linkedin.com/in/gonisarakinov
4
5. Secunoid Systems Inc.
http://www.secunoid.com
Sarakinov Consulting Inc.
https://sarakinovconsulting.com
Useful Links
● Slide deck
○ GitHub: https://github.com/secunoid/presentations
○ SlideShare: https://www.slideshare.net/ShahidSharif4
● Awareness training
○ https://sarakinovconsulting.com/wp/services-grid/training
5
6. Secunoid Systems Inc.
http://www.secunoid.com
Sarakinov Consulting Inc.
https://sarakinovconsulting.com
Privacy Overview
From the International Association of Privacy Professionals
(IAPP):
“Privacy is the right to be let alone, or freedom from
interference or intrusion. Information Privacy is the right to
have some control over how your personal information is
collected and used.
In Canada the Personal Information Protection and Electronic
Documents Act (PIPEDA):
“Personal information includes any factual or subjective
information, recorded or not, about an identifiable individual”
6
7. Secunoid Systems Inc.
http://www.secunoid.com
Sarakinov Consulting Inc.
https://sarakinovconsulting.com
Jurisdictions
Jurisdiction in which you are doing business matters, for example:
• In Canada the Personal Information Protection and Electronic Documents Act (PIPEDA)
• Recent update the Digital Privacy Act added new requirements particularly:
• Reporting of breaches is mandatory starting November 1st, 2018
• Businesses have to keep a record of *ALL* breaches (whether PII is leaked or not) for 2 years
• Fines have been introduced, up to $100,000 per breach
• Some provinces have privacy legislation that has been deemed similar, for example Quebec, Alberta, British
Columbia
• The European Union General Data Protection Regulation (GDPR)
• The United States of America does not have comprehensive federal data protection legislation, instead:
• Every business is subject to privacy legislation at the Federal and/or State level.
• Some States are more active particularly California
• California passed the California Consumer Privacy Act this summer (2018) to take effect in 2020
• It provides protection for consumers data online and is similar to the EU GDPR
7
8. Secunoid Systems Inc.
http://www.secunoid.com
Sarakinov Consulting Inc.
https://sarakinovconsulting.com
Some examples of Private Data
PIPEDA
● Age
● Name
● ID numbers
● Medical records
● Income
● Ethnic origin
● Opinions
● Evaluations
● Comments
● Social status, or disciplinary actions
● Employee files
● Financial records
GDPR
● Personal Data - Ability to identify an
individual from the data
○ IP Address
○ Email address
○ Address
○ etc.
● Specialcategories of Personal Data
○ Date of birth
○ Religion
○ Gender
○ Personal lifestyle/affiliations
○ Genetic
○ Race
○ Ethnicity
○ Health, etc.
8
9. Secunoid Systems Inc.
http://www.secunoid.com
Sarakinov Consulting Inc.
https://sarakinovconsulting.com
EU GDPR-1/2
GDPR stands for General Data Protection Regulation. It is a regulation in EU
law on data protection and privacy of European Citizens residing in European
Union. It has a global reach with tough sanctions for non conformance. It is all
about providing assurances and rights to EU Citizens residing in EU, whose data
is being collected by businesses to deliver a service or product.
• It has evolved from Data Protection Directive, which came out in 1995
• Adopted in April 2016 with a two year grace period, which came into effect in mid 2018
• Addresses modern use of data
• Respect the individual’s right to their personal data
9
10. Secunoid Systems Inc.
http://www.secunoid.com
Sarakinov Consulting Inc.
https://sarakinovconsulting.com
GDPR-2/2
The French Data Protection Supervisory Authority (the CNIL) is one of the first to
publish initial thoughts on blockchain and GDPR compatibility. They covered 4
topics:
1. What solutions for a responsible use of Blockchain involving personal data?
2. How to minimize risk for data subjects when the processing of their data relies
on a blockchain?
3. How to ensure the effective exercise of the data subjects’ rights?
4. What are the security requirements?
10
12. Secunoid Systems Inc.
http://www.secunoid.com
Sarakinov Consulting Inc.
https://sarakinovconsulting.com
Blockchain Strengths
• Note that not all data on a blockchain is encrypted, however data encryption
can be made a default easier.
• Another advantage is that data can be processed without the use of a key.
• Because data on the blockchain is encrypted and split up, getting access is
more complex – the malicious actor need to decrypt all the blocks that the
data is spread over which use a different algorithms for their security.
• Blockchain also has stronger verification controls than traditional models.
• Blockchain use for authenticating identity is particularly high.
• Allows for higher quality of data that is complete, consistent and accurate (for
example, PIPEDA calls for maintaining the accuracy of records)
12
13. Secunoid Systems Inc.
http://www.secunoid.com
Sarakinov Consulting Inc.
https://sarakinovconsulting.com
Blockchain Weaknesses
● Where Blockchain fails is in areas that are considered critical for privacy –
access controls and data destruction
● Access is either all or nothing – i.e. access is public for public blockchains or
permissions are given to select groups of entities on permissioned
blockchains
● Even on permissioned blockchains it not possible to limit access to a part of
the blockchain, they would have access to the whole blockchain
● Once data is on the blockchain it is not possible to destroy it
● It is also not possible for users who interact with the data to remain
anonymous – once data is on the blockchain it’s there forever
13
14. Secunoid Systems Inc.
http://www.secunoid.com
Sarakinov Consulting Inc.
https://sarakinovconsulting.com
Private & Public Blockchains
• Consortiums (Private Blockchains) could rely on off-chain compensating
controls to address Confidentiality issues, as part of Consortium Governance.
• Public blockchains currently lack the controls required to provide forward
looking Confidentiality requirements, and any data stored in a public
blockchain could be considered to be at risk and potentially exposed in the
future.
• A review of use cases, either in public or consortium domains, would reveal
that Database technology is not challenged by blockchain technology when
considering confidentiality and data retention requirements.
14
15. Secunoid Systems Inc.
http://www.secunoid.com
Sarakinov Consulting Inc.
https://sarakinovconsulting.com
Data Classification
● Consideration should be placed on the classification of the data (all of the
data that the business will be handling), specifically around the inclusion of
data elements that require High Confidentiality. For example, this can be
Personal Identifiable Information (PII) or business sensitive:
• Customer information
• Employee information
• Intellectual Property
● Public and Consortium Blockchains may not suitable for sharing data
across parties, when the data needs to remain confidential to those
parties.
15
16. Secunoid Systems Inc.
http://www.secunoid.com
Sarakinov Consulting Inc.
https://sarakinovconsulting.com
Data Protection-1/2
• Storing or managing data requires that you pay attention to data security
requirements. Not doing so could lead to a mis-application of blockchain
technology.
• Use of blockchain technology for storing PII is strongly not recommended, as
it is not likely to comply with evolving privacy legislation:
• Once the data is shared, it can not be unshared
• Data encryption, as a confidentiality control, is exposed to technology obsolesce
• Data that has been shared, and protected with current encryption standards, could
be exposed in the future
• Current technologies don’t address data retention requirements
• Data stored in a blockchain is immutable and cant be updated as per new
encryption standards
16
17. Secunoid Systems Inc.
http://www.secunoid.com
Sarakinov Consulting Inc.
https://sarakinovconsulting.com
Data Protection-2/2
• Depending on the jurisdiction where you will be deploying or using blockchain
technology, they may have privacy requirements and/or recommendations as
they relate to the use of blockchain technology.
17
18. Secunoid Systems Inc.
http://www.secunoid.com
Sarakinov Consulting Inc.
https://sarakinovconsulting.com
Conclusion
• Requirements, Requirements, Requirements
• Know the laws of the Jurisdictions you will be targeting
• Know what data you are collecting
• Know why you are collecting the data
• Know how long you can keep the data
• Document the design
Hint: Consult with qualified Privacy & Security SMEs if you need help.
18