SlideShare a Scribd company logo

Evolving international privacy regulations and cross border data transfer - gdpr under schrems ii

Download as PPTX, PDF
Ulf Mattsson
Ulf Mattsson

We will discuss the Evolving International Privacy Regulations. Cross Border Data Transfer for GDPR under Schrems II is now ruled by an EU court that defined what is required. This ruling can be far reaching for many businesses.

Technology
1 of 58
1 1 Evolving International Privacy Regulations and Cross Border Data Transfer - GDPR under "Schrems II"
2 Agenda 1. Convergence ofdataprivacyprinciples,standardsandregulations 2. General DataProtectionRegulation(GDPR) 3. GDPRandCaliforniaConsumerPrivacyAct (CCPA) 4. Whatroledoestechnologiesplayin compliance 5. Use Cases
3 This is What Your Peers AreSaying
4 Risk AversionIs Common
5 What is Privacy? Privacy /ˈprīvəsē/ Definedin Generally AcceptedPrivacyPrinciples (GAPP)as “therightsandobligationsofindividualsandorganizationswithrespect tothecollection, use, retention,disclosure, and disposal of personal information.”
6 Organization’s Top PrivacyRisk Concerns
7 Lessons Learned
8 Source:Gartner Balance Protect datain ways that are transparent tobusiness processes and compliant toregulations Opportunities Risk Management Policies Balance Breaches Regulations Controls
9 9 Governance Trends Source:Gartner Data SecurityGovernanceFramework Data &Security GovernanceMust Converge
10 10 Organization’sRisk Context of Privacy Source:Gartner
11 11 What Are Others Spending on Security?
12 12 Trends in Privacy Regulations
13 Which of the FollowingAspects of Data Privacy AreYou Particularly Concerned About? 13 FTI Consulting—Corporate Data Privacy Today, 2020
14 FactorsImpactingInformation SecurityFunctions in Three to Five Years 14
15 Legal andRegulatory Risks are Exploding 15
16 PrivacyRegulations Sweden, TheDataAct, a nationaldataprotectionlaw wentinto effectin 1974 India is passinga comprehensivedataprotectionbill that includeGDPR-likerequirements Finland's Data ProtectionAct Japanimplementschangesto domesticlegislationto strengthen privacy protectionin thecountry Brazil passinga comprehensivedataprotectionregulation similarto GDPR 1970, Germany passedthe firstnationaldataprotection law, firstdataprotectionlaw in the world TheNew York PrivacyAct wasintroducedin 2019 Source:Forrester CCPA'simpact is expectedto beglobal (12+ %), given California'sstatusasthe fifth largestglobal economy GDPR'simpactis expectedtobeglobal
17 Data and SecurityGovernance(DSG) Converge Source:Gartner
18 The Evolution of Privacy Regulations at an AggressiveRate
19 How Many Privacy Laws Are You Complying With? Source:IAPP GeneralDataProtectionRegulation(EU) 2016/679(GDPR)isaregulationin EU lawondataprotectionandprivacyintheEuropeanUnion(EU) andtheEuropeanEconomic Area(EEA). ItalsoaddressesthetransferofpersonaldataoutsidetheEU and EEA areas. CaliforniaConsumerPrivacyAct ( CCPA)isabill thatenhancesprivacyrightsandconsumerprotectionforresidents ofCalifornia,UnitedStates. By Region
20 20 General DataProtection Regulation (GDPR)
21 GDPR Year 1: Numbers
22 Failureto Comply . . . What are the Consequences ? • Companies liable fora fine ofup tofourper cent (4%) oftheir global turnover with a maximum fine of~$25Million USD. This is for non-compliance with no data breach! • The principles ofprotection should apply toany information concerning an identified or identifiable person. • To determine whether a person is identifiable, account should betaken of allthe means likely reasonably to beused either by the controller orby any other person toidentify the individual. • Theprinciples of dataprotection should notapplytodata rendered anonymous in such a way that the datasubject is no longer identifiable. Why What How
23 GDPR — Data ProtectionPrinciples(Article5) • Personal data shall beprocessed lawfully, fairly and in a transparent mannerinrelation to the data subject • Collected for specified, explicit and legitimate purposes only • Adequate, relevant and limited to what is necessary in relation to thepurposes for which theyareprocessed (‘data minimization’) • Accurateand, wherenecessary, kept up to date, erased or rectified without delay • Kept ina form whichpermits identification of data subjects for nolonger than is necessary for thepurposes for which the personal data are processed • Processed in a mannerthat ensures appropriate security of the personal data 88Pages(99Articles) of Detailed DataProtectionRequirements
24 GDPR under "SchremsII" • No transfer of data but nevertheless a riskof access by U.S. authorities because the EU-basedprocessor is a subsidiaryof a U.S. company. • Thehosting of health data by a company bound byU.S. law was incompatible with theGDPR under"SchremsII"and violated the provisions of the GDPR, due on the one hand, to the possibility of a transfer to the U.S. of the data collected by Doctolib throughits processor, and on the other hand,even in theabsence of data transfer, to the risk of access requests by U.S. authorities to the processor, AWS. • Thecourtnoted for the purposes of hosting its data, Doctolib uses the services of the Luxemburg companyAWSSarl, the data is hosted in data centers located in France and in Germany, and the contract concluded between Doctolib and AWSSarl does not provide for the transfer of datato the U.S. • However, because it is a subsidiary of a companyunderU.S. law, the court considered AWS Sarl inLuxemburg maybe subject to access requests byU.S.authorities in the frameworkof U.S. monitoringprograms based on Article702of the Foreign IntelligenceSurveillanceAct or Executive Order 12333. • Conseil considered that the level of protection offered was sufficient due to the manysafeguards https://iapp.org/news/a/why-this-french-court-decision-has-far-reaching-consequences-for-many-businesses/
25 GDPR under "SchremsII" Conseil considered that the level of protection offered was sufficient due to the manysafeguards inplace, which are thefollowing. Legal safeguards: • Thejudgenoted the contract concluded between Doctolib and AWSSarl provides for a specific procedure in theevent of an access request by a foreign authority; notably, AWS Sarl guarantees in its contract with Doctolib that it will challenge anygeneral access request from a public authority. Technicalsafeguards: • Thejudgealso noted technically the data hosted by AWS Sarl is encrypted and the keyis held by a trusted third party in France,not by AWS, to prevent data from being read by third parties. Other guaranteestaken: • No health data: Thecourt also took into accountthat contraryto what was alleged by the plaintiffs, data transmitted to Doctolib within the frameworkof the vaccination campaign does not concerninformation onthe reason whytheperson is eligible in priority for vaccination becauseof a specific pathology. Thedata hosted relates only to the identification of individuals for the purpose of makingappointments. • Data is deleted after threemonths https://iapp.org/news/a/why-this-french-court-decision-has-far-reaching-consequences-for-many-businesses/
26 GDPR SecurityRequirements Framework Encryption and Tokenization Discover Data Assets Security by Design Source:IBM
27 Organizations needs to look at how the datawas captured,whois accountable for it, where it islocated and who has access. Data Flow MappingUnder GDPR • If there is not already a documented workflow in place in yourorganization,it can be worthwhile for a team tobe sent out toidentify how the data is being gathered. • This willenable you tosee how your data flow is different from reality and what needs tobedone Source:BigID
28 Find Your Sensitive Data in Cloud and On-Premise 28 Source:Protegrity
29 RecommendationNo.1
30 GDPRand CaliforniaConsumer Privacy Act (CCPA)
31 GDPRand CaliforniaConsumer Privacy Act (CCPA)
32 Regulatory Activities in Privacy 2021 vs 2020 Gartner The CCPA Effect
33 The CCPA Effect California Privacy Rights Act (CPRA) 1. On November 3, 2020, Californians voted to approve Proposition 24, a ballot measure that creates the California Privacy Rights Act (CPRA). 2. The CPRA amends and expands the California Consumer Privacy Act (CCPA). 3. Most of the CPRA’s substantive provisions will not take effect until January 1, 2023, providing covered businesses with two years of valuable ramp-up time. 4. Notably, however, the CPRA’s expansion of the “Right to Know” impacts personal information (PI) collected during the ramp-up period, on or after January 1, 2022. See https://en.wikipedia.org/wiki/2020_California_Proposition_24
34 34 Use Cases & Standards
35 PrivacyStandards 11Published InternationalPrivacyStandards(ISO) Techniques Management Cloud Framework Impact Requirements Process 20889 IS Privacyenhancingde-identificationterminologyandclassificationoftechniques 27701 IS Securitytechniques-ExtensiontoISO/IEC27001 andISO/IEC 27002 forprivacyinformationmanagement -Requirementsand guidelines 27018 IS CodeofpracticeforprotectionofPIIinpubliccloudsacting as PIIprocessors 29100 IS Privacyframework 29101 IS Privacyarchitectureframework 29134 IS GuidelinesforPrivacyimpactassessment 29190 IS Privacycapabilityassessmentmodel 29191 IS Requirementsforpartiallyanonymous,partiallyunlinkableauthentication 29151 IS CodeofPracticeforPIIProtection 19608 TSGuidancefordevelopingsecurityandprivacyfunctionalrequirementsbasedon15408 27550 TRPrivacyengineeringforsystemlifecycleprocesses
36 Different Data Protection Techniques Data Store DynamicMasking 2-way 1-way FormatPreserving Computingonencrypteddata FormatPreserving Tokenization FormatPreserving Encryption (FPE) HomomorphicEncryption (HE) Hashing Static Masking DifferentialPrivacy (DP) K-anonymityModel Random Algorithmic NoiseAdded Fast Slow VerySlow Fast Fast Fastest ClearText SyntheticData Derivation Fast Anonymization Of Attributes Pseudonymization Of Identifiers
37 Example of Use-Cases & DataPrivacy Techniques 37 Vault-less tokenization Masking Vault-less tokenization Gateway CallCenterApplication PaymentApplication Payment Data Policy,Tokenization,Encryptionand Keys Salesforce Payment Network SecurityOfficer Data Warehouse AnalyticsApplication PI* Data PI* Data DifferentialPrivacy AndK-anonymity Dev/testSystems PI* Data VotingApplication ElectionData MicrosoftElectionGuard
38 Tokenization Data Store DynamicMasking 2-way FormatPreserving Tokenization FormatPreserving Encryption (FPE) Random Algorithmic Fast Slow Fastest ClearText Pseudonymization Of Identifiers
39 Randomized Tokenization Data Store DynamicMasking 2-way FormatPreserving Computingonencrypteddata Tokenization FormatPreserving Encryption (FPE) HomomorphicEncryption (HE) Random Algorithmic Fast Slow VerySlow Fastest ClearText Pseudonymization Of Identifiers Quantum Computers? • Quantum computers and other strong computers can break algorithms and patterns in encrypted data. • We can instead use random numbers to secure sensitive data. • Random numbers are not based on an algorithm or pattern that computers can break. Tech giants are building their own machines and speeding to make them available to the world as a cloud computing service. In the competition: IBM, Google, Microsoft, Intel, Amazon, IonQ, Quantum Circuits, Rigetti Computing
40 Data Store DynamicMasking 1-way FormatPreserving Hashing Static Masking DifferentialPrivacy (DP) K-anonymityModel NoiseAdded Fast Fast Anonymization Of Attributes Example of Data Generalization Non-reversable Data Transformations
41 Secure AI– Use Case withSyntheticData 41
42 Original Data Fully Synthetic Data Partially Synthetic Data Artificially generated new data points Artificially generated new data points Synthetic Data
43 6 Differential PrivacyModels In differential privacy,the concern is about privacyas the relative difference in the result whether aspecific individual or entity is includedin the input or excluded Random Differential Privacy Probabilistic Differential Privacy Concentrated Differential Privacy Approximate Differential Privacy Computational Differential Privacy Multiparty Differential Privacy Noiseisverylow. Usedinpractice. Moreusefulanalysiscanbeperformed. Well-studied. Widelyused Canensuretheprivacyofindividualcontributions. Aggregationisperformedlocally. Strongdegreeofprotection. Highaccuracy Apuremodelprovidesprotectionevenagainstattackers withunlimitedcomputationalpower. Canleadtounlikelyoutputs. Tailoredtolargenumbersofcomputations.
44 Area Timing Focus Comments Use Case: Bank Requirements Short Internal requirements International regulations Cloud Short Machine Learning Startwithbasic ML trainingand inference on sensitivedata in cloud Competition Short Competitive advantage MLand NLP-powered servicescan give banks a competitiveedge Data Short Encrypted data Important Long Synthetic data Computing cost? Analytics Medium AML/KYC Whatare otherLarge banks doing? Short Analytics Initial focus Short Operational on encrypted data Computing on sensitivedata tothe cloud. Trade-offswithperformance, protection and utility? Industry Short Industry dialog Workinggroups instandard bodies (ANSI X9, Cloud Security Alliance,Homomorphic Encryption Org) Model Short Encrypted model Important Pilot Short Experimentation Whatare otherLarge banks doing? Short ScotiaBankCase Study QuerysolutionforAML/KYC Proven Medium Fastfollower Whatare some proven solutions? Quantum Short Homomorphic Encryption post- Lattice-basedcryptography isa promising post-quantumcryptography family,both in termsof foundational propertiesaswell as itsapplicationto both traditionaland homomorphic encryption Medium Quantum Plan forquantum safealgorithms Long Quantum Plan forquantum MLalgorithms Sharing Short Secure Multi-partyComputing (SMPC) Withoutrevealingtheir ownprivateinputsand outputs. Encrypteddata and encryptionkeys never comingledwilecomputationon the encrypted dataisoccurringor an encryption key is splitintoshares Solutions Short Vendor positioning Nonlinear MLregressionneeded? LinearRegressionisone of the fundamental supervised-ML. Linearand non-linearcreditscoring by combininglogisticregressionand support vector machines Short Frameworkintegration Important 3rd Party Long 3rd party integration Miningfirst TrainingML Long Federated learning Complicated Long TEE Emerging
45 Data Protection Techniques:Deploying On-premisesand Clouds Privacy enhancing data de-identification terminology and classification of technique DataWarehouse Centralized Distributed On-premises PublicCloud PrivateCloud De-identification techniques Tokenization Vault-basedtokenization Y Y Vault-lesstokenization Y Y Y Y Y Y Cryptographic Tools Format preservingencryption Y Y Y Y Y Homomorphic encryption Y Y Y Suppression techniques Masking Y Y Y Y Y Y Hashing Y Y Y Y Y Y Formalprivacy measurementmodels DifferentialPrivacy ServerModel Y Y Y Y Y Y LocalModel Y Y Y Y Y Y K-anonymity model L-diversity Y Y Y Y Y Y T-closeness Y Y Y Y Y Y
46 Example of Cross Border Data-centric Securityusing tokenization SecurityOfficer • ProtectingPersonally Identifiable Information (PII), includingnames, addresses,phone,email, policyand accountnumbers • Compliance with EU CrossBorderDataProtectionLaws • UtilizingDataTokenization, andcentralizedpolicy, key management, auditing,and reporting Data Warehouse Completepolicy-enforcedde- identificationofsensitivedata acrossall bankentities DataSources AustrianData GermanData OtherSource Data Austrian Data German Data Other Source Data
47 TheCustomerisResponsiblefor theDataacrossallCloudService Models Shared ResponsibilitiesAcross Cloud Service Models Source:Microsoft
48 GTP Cloud SecurityCore Topic Coverage
49 AcronymsDefined
50 CloudSecurityLogical Architecture
51 CASBs Are to SaaS as FirewallsAre to Data Centers
52 A Data SecurityGatewayCan Protect Sensitive Data in Cloud and On- premise
53 Protection of Data in AWS S3 with Separation of Duties Protect data before landing Enterprise Policies Appsusingde-identified data Sensitivedatastreams Enterprise on-prem Data lifted to S3 is protected before use S3 SecurityOfficer • Applications can use de-identified data ordata in the clear based on policies • Protection ofdata in AWS S3 before landing in a S3 bucket PolicyEnforcementPoint(PEP) Separation of Duties EncryptionKeyManagement
54 Big Data Protection with GranularFieldLevel Protection for Google Cloud Protectionthroughout the lifecycleof data in Hadoop BigData Protectortokenizes or encryptssensitivedata fields Enterprise Policies Policiesmaybe managedon- premorGoogleCloudPlatform (GCP) PolicyEnforcementPoint Protecteddatafields U Separation of Duties EncryptionKeyManagem. Security Officer
55 Multi-Cloud Considerations Source:Securosis,2019 Consistency • Mostfirmsarequitefamiliarwiththeiron-premises encryptionand key managementsystems,sotheyoftenprefertoleveragethe same tooland skills across multipleclouds. • Firmsoftenadopta “best of breed”cloud approach. Trust • Some customerssimplydo nottrusttheirvendors. Vendor Lock-in and Migration • A commonconcern is vendorlock-in, andan inabilitytomigratetoanothercloud serviceprovider. • Some nativecloudencryptionsystemsdo not allow customer keys to move outside the system, andcloudencryptionsystemsare basedonproprietaryinterfaces. • Thegoal is to maintainprotection regardless of where data resides, moving between cloud vendors. Cloud Gateway Google Cloud AWS Cloud Azure Cloud
56 MajorFinancialInstitution Global UseCase
57 References 1. California ConsumerPrivacyAct, OCT4, 2019, https://www.csoonline.com/article/3182578/california-consumer-privacy-act-what-you-need-to-know-to-be-compliant.html 2. GDPR andTokenizing Data,https://tdwi.org/articles/2018/06/06/biz-all-gdpr-and-tokenizing-data-3.aspx 3. GDPR VS CCPA, https://wirewheel.io/wp-content/uploads/2018/10/GDPR-vs-CCPA-Cheatsheet.pdf 4. GeneralDataProtection Regulation, https://en.wikipedia.org/wiki/General_Data_Protection_Regulation 5. IBMFrameworkHelps Clients Preparefor theEU's GeneralDataProtection Regulation, https://ibmsystemsmag.com/IBM-Z/03/2018/ibm-framework-gdpr 6. INTERNATIONALSTANDARDISO/IEC20889,https://webstore.ansi.org/Standards/ISO/ISOIEC208892018?gclid=EAIaIQobChMIvI-k3sXd5gIVw56zCh0Y0QeeEAAYASAAEgLVKfD_BwE 7. MachineLearningandAI in a BraveNewCloud World https://www.brighttalk.com/webcast/14723/357660/machine-learning-and-ai-in-a-brave-new-cloud-world 8. EmergingDataPrivacy andSecurity forCloud https://www.brighttalk.com/webinar/emerging-data-privacy-and-security-for-cloud/ 9. NewApplication andDataProtection Strategieshttps://www.brighttalk.com/webinar/new-application-and-data-protection-strategies-2/ 10. The DayWhen3rd PartySecurityProviders Disappearinto Cloud https://www.brighttalk.com/webinar/the-day-when-3rd-party-security-providers-disappear-into-cloud/ 11. AdvancedPII/PI DataDiscovery https://www.brighttalk.com/webinar/advanced-pii-pi-data-discovery/ 12. EmergingApplication andDataProtection forCloud https://www.brighttalk.com/webinar/emerging-application-and-data-protection-for-cloud/ 13. Practical DataSecurity andPrivacy forGDPR andCCPA, ISACAJournal,May2020 14. DataSecurity:OnPremise orin theCloud, ISSAJournal,December 2019,ulf@ulfmattsson.com 15. DataPrivacy: De-IdentificationTechniques, ISSAJournal, May2020
58 58 Thank You

Recommended

May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...
Ulf Mattsson
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulations
Ulf Mattsson
 
GDPR - 5 Months On!
GDPR - 5 Months On!GDPR - 5 Months On!
GDPR - 5 Months On!
BrightPay Payroll and Auto Enrolment Software
 
Gdpr action plan - ISSA
Gdpr action plan - ISSAGdpr action plan - ISSA
Gdpr action plan - ISSA
Ulf Mattsson
 
Beginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) JourneyBeginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) Journey
Microsoft Österreich
 
Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?
Ulf Mattsson
 
Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)
Acquia
 
Ensuring GDPR Compliance - A Zymplify Guide
Ensuring GDPR Compliance - A Zymplify GuideEnsuring GDPR Compliance - A Zymplify Guide
Ensuring GDPR Compliance - A Zymplify Guide
Zymplify
 

Recommended

May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...
Ulf Mattsson
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulations
Ulf Mattsson
 
GDPR - 5 Months On!
GDPR - 5 Months On!GDPR - 5 Months On!
GDPR - 5 Months On!
BrightPay Payroll and Auto Enrolment Software
 
Gdpr action plan - ISSA
Gdpr action plan - ISSAGdpr action plan - ISSA
Gdpr action plan - ISSA
Ulf Mattsson
 
Beginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) JourneyBeginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) Journey
Microsoft Österreich
 
Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?
Ulf Mattsson
 
Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)
Acquia
 
Ensuring GDPR Compliance - A Zymplify Guide
Ensuring GDPR Compliance - A Zymplify GuideEnsuring GDPR Compliance - A Zymplify Guide
Ensuring GDPR Compliance - A Zymplify Guide
Zymplify
 
Quick Introduction to the EU GDPR by Sami Zahran
Quick Introduction to the EU GDPR by Sami ZahranQuick Introduction to the EU GDPR by Sami Zahran
Quick Introduction to the EU GDPR by Sami Zahran
Dr. Sami Zahran
 
Gdpr action plan
Gdpr action plan Gdpr action plan
Gdpr action plan
Ulf Mattsson
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection Regulation
BCC - Solutions for IBM Collaboration Software
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection Regulation
Vicky Dallas
 
GDPR and Hadoop
GDPR and HadoopGDPR and Hadoop
GDPR and Hadoop
Janosch Woschitz
 
GDPR: Training Materials by Qualsys
GDPR: Training Materials by QualsysGDPR: Training Materials by Qualsys
GDPR: Training Materials by Qualsys
Qualsys Ltd
 
GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for Dummies
Caroline Boscher
 
GDPR: Your Journey to Compliance
GDPR: Your Journey to ComplianceGDPR: Your Journey to Compliance
GDPR: Your Journey to Compliance
Cobweb
 
Building a register of data processing
Building a register of data processingBuilding a register of data processing
Building a register of data processing
Tim Gough
 
Data Privacy
Data PrivacyData Privacy
Data Privacy
Home
 
Getting Started with GDPR Compliance
Getting Started with GDPR ComplianceGetting Started with GDPR Compliance
Getting Started with GDPR Compliance
DATAVERSITY
 
GDPR Guide: The ICO's 12 Recommended Steps To Take Now
GDPR Guide: The ICO's 12 Recommended Steps To Take NowGDPR Guide: The ICO's 12 Recommended Steps To Take Now
GDPR Guide: The ICO's 12 Recommended Steps To Take Now
HackerOne
 
GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!
Fintan Swanton
 
GDPR The New Data Protection Law coming into effect May 2018. What does it me...
GDPR The New Data Protection Law coming into effect May 2018. What does it me...GDPR The New Data Protection Law coming into effect May 2018. What does it me...
GDPR The New Data Protection Law coming into effect May 2018. What does it me...
eHealth Forum
 
Preparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must KnowPreparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must Know
Integrate
 
General Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readinessGeneral Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readiness
Omo Osagiede
 
A practical guide to GDPR preparation
A practical guide to GDPR preparationA practical guide to GDPR preparation
A practical guide to GDPR preparation
Promapp Solutions
 
GDPR Presentation slides
GDPR Presentation slidesGDPR Presentation slides
GDPR Presentation slides
Naomi Holmes
 
Do You Have a Roadmap for EU GDPR Compliance? Article
Do You Have a Roadmap for EU GDPR Compliance? ArticleDo You Have a Roadmap for EU GDPR Compliance? Article
Do You Have a Roadmap for EU GDPR Compliance? Article
Ulf Mattsson
 
VMTN6642E - GDPR Slide Deck
VMTN6642E - GDPR Slide DeckVMTN6642E - GDPR Slide Deck
VMTN6642E - GDPR Slide Deck
Kyle Davies
 
GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulations
Ulf Mattsson
 
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Priyanka Aash
 

More Related Content

What's hot

Quick Introduction to the EU GDPR by Sami Zahran
Quick Introduction to the EU GDPR by Sami ZahranQuick Introduction to the EU GDPR by Sami Zahran
Quick Introduction to the EU GDPR by Sami Zahran
Dr. Sami Zahran
 
Gdpr action plan
Gdpr action plan Gdpr action plan
Gdpr action plan
Ulf Mattsson
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection Regulation
BCC - Solutions for IBM Collaboration Software
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection Regulation
Vicky Dallas
 
GDPR and Hadoop
GDPR and HadoopGDPR and Hadoop
GDPR and Hadoop
Janosch Woschitz
 
GDPR: Training Materials by Qualsys
GDPR: Training Materials by QualsysGDPR: Training Materials by Qualsys
GDPR: Training Materials by Qualsys
Qualsys Ltd
 
GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for Dummies
Caroline Boscher
 
GDPR: Your Journey to Compliance
GDPR: Your Journey to ComplianceGDPR: Your Journey to Compliance
GDPR: Your Journey to Compliance
Cobweb
 
Building a register of data processing
Building a register of data processingBuilding a register of data processing
Building a register of data processing
Tim Gough
 
Data Privacy
Data PrivacyData Privacy
Data Privacy
Home
 
Getting Started with GDPR Compliance
Getting Started with GDPR ComplianceGetting Started with GDPR Compliance
Getting Started with GDPR Compliance
DATAVERSITY
 
GDPR Guide: The ICO's 12 Recommended Steps To Take Now
GDPR Guide: The ICO's 12 Recommended Steps To Take NowGDPR Guide: The ICO's 12 Recommended Steps To Take Now
GDPR Guide: The ICO's 12 Recommended Steps To Take Now
HackerOne
 
GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!
Fintan Swanton
 
GDPR The New Data Protection Law coming into effect May 2018. What does it me...
GDPR The New Data Protection Law coming into effect May 2018. What does it me...GDPR The New Data Protection Law coming into effect May 2018. What does it me...
GDPR The New Data Protection Law coming into effect May 2018. What does it me...
eHealth Forum
 
Preparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must KnowPreparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must Know
Integrate
 
General Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readinessGeneral Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readiness
Omo Osagiede
 
A practical guide to GDPR preparation
A practical guide to GDPR preparationA practical guide to GDPR preparation
A practical guide to GDPR preparation
Promapp Solutions
 
GDPR Presentation slides
GDPR Presentation slidesGDPR Presentation slides
GDPR Presentation slides
Naomi Holmes
 
Do You Have a Roadmap for EU GDPR Compliance? Article
Do You Have a Roadmap for EU GDPR Compliance? ArticleDo You Have a Roadmap for EU GDPR Compliance? Article
Do You Have a Roadmap for EU GDPR Compliance? Article
Ulf Mattsson
 
VMTN6642E - GDPR Slide Deck
VMTN6642E - GDPR Slide DeckVMTN6642E - GDPR Slide Deck
VMTN6642E - GDPR Slide Deck
Kyle Davies
 

What's hot (20)

Quick Introduction to the EU GDPR by Sami Zahran
Quick Introduction to the EU GDPR by Sami ZahranQuick Introduction to the EU GDPR by Sami Zahran
Quick Introduction to the EU GDPR by Sami Zahran
 
Gdpr action plan
Gdpr action plan Gdpr action plan
Gdpr action plan
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection Regulation
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection Regulation
 
GDPR and Hadoop
GDPR and HadoopGDPR and Hadoop
GDPR and Hadoop
 
GDPR: Training Materials by Qualsys
GDPR: Training Materials by QualsysGDPR: Training Materials by Qualsys
GDPR: Training Materials by Qualsys
 
GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for Dummies
 
GDPR: Your Journey to Compliance
GDPR: Your Journey to ComplianceGDPR: Your Journey to Compliance
GDPR: Your Journey to Compliance
 
Building a register of data processing
Building a register of data processingBuilding a register of data processing
Building a register of data processing
 
Data Privacy
Data PrivacyData Privacy
Data Privacy
 
Getting Started with GDPR Compliance
Getting Started with GDPR ComplianceGetting Started with GDPR Compliance
Getting Started with GDPR Compliance
 
GDPR Guide: The ICO's 12 Recommended Steps To Take Now
GDPR Guide: The ICO's 12 Recommended Steps To Take NowGDPR Guide: The ICO's 12 Recommended Steps To Take Now
GDPR Guide: The ICO's 12 Recommended Steps To Take Now
 
GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!
 
GDPR The New Data Protection Law coming into effect May 2018. What does it me...
GDPR The New Data Protection Law coming into effect May 2018. What does it me...GDPR The New Data Protection Law coming into effect May 2018. What does it me...
GDPR The New Data Protection Law coming into effect May 2018. What does it me...
 
Preparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must KnowPreparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must Know
 
General Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readinessGeneral Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readiness
 
A practical guide to GDPR preparation
A practical guide to GDPR preparationA practical guide to GDPR preparation
A practical guide to GDPR preparation
 
GDPR Presentation slides
GDPR Presentation slidesGDPR Presentation slides
GDPR Presentation slides
 
Do You Have a Roadmap for EU GDPR Compliance? Article
Do You Have a Roadmap for EU GDPR Compliance? ArticleDo You Have a Roadmap for EU GDPR Compliance? Article
Do You Have a Roadmap for EU GDPR Compliance? Article
 
VMTN6642E - GDPR Slide Deck
VMTN6642E - GDPR Slide DeckVMTN6642E - GDPR Slide Deck
VMTN6642E - GDPR Slide Deck
 

Similar to Evolving international privacy regulations and cross border data transfer - gdpr under schrems ii

GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulations
Ulf Mattsson
 
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Priyanka Aash
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready?
SecurityScorecard
 
GDPR - Top 10 AWS Security and Compliance Best Practices
GDPR - Top 10 AWS Security and Compliance Best PracticesGDPR - Top 10 AWS Security and Compliance Best Practices
GDPR - Top 10 AWS Security and Compliance Best Practices
Ahmad Khan
 
A Brave New World Of Data Protection. Ready? Counting down to GDPR.
A Brave New World Of Data Protection. Ready? Counting down to GDPR. A Brave New World Of Data Protection. Ready? Counting down to GDPR.
A Brave New World Of Data Protection. Ready? Counting down to GDPR.
dan hyde
 
How MongoDB can accelerate a path to GDPR compliance
How MongoDB can accelerate a path to GDPR complianceHow MongoDB can accelerate a path to GDPR compliance
How MongoDB can accelerate a path to GDPR compliance
MongoDB
 
Ivan Horodyskyy - Сloud and GDPR Legal and Organizational Steps to be Taken
Ivan Horodyskyy - Сloud and GDPR Legal and Organizational Steps to be TakenIvan Horodyskyy - Сloud and GDPR Legal and Organizational Steps to be Taken
Ivan Horodyskyy - Сloud and GDPR Legal and Organizational Steps to be Taken
Cloud Security Alliance Lviv Chapter
 
My presentation- Ala about privacy and GDPR
My presentation- Ala about privacy and GDPRMy presentation- Ala about privacy and GDPR
My presentation- Ala about privacy and GDPR
zayadeen2003
 
ISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniquesISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniques
Ulf Mattsson
 
Data Protection Post-Brexit: Can the UK Craft a Credible New Approach?
Data Protection Post-Brexit: Can the UK Craft a Credible New Approach?Data Protection Post-Brexit: Can the UK Craft a Credible New Approach?
Data Protection Post-Brexit: Can the UK Craft a Credible New Approach?
David Erdos
 
Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...
Peter Procházka
 
Protecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine LearningProtecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine Learning
Ulf Mattsson
 
The Meaning and Impact of the General Data Protection Regulation
The Meaning and Impact of the General Data Protection RegulationThe Meaning and Impact of the General Data Protection Regulation
The Meaning and Impact of the General Data Protection Regulation
Jake DiMare
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPR
Tim Hyman LLB
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPR
Tim Hyman LLB
 
BigID Data Sheet: LGPD Compliance Automated
BigID Data Sheet: LGPD Compliance AutomatedBigID Data Sheet: LGPD Compliance Automated
BigID Data Sheet: LGPD Compliance Automated
BigID Inc
 
Impact of GDPR on Third Party and M&A Security
Impact of GDPR on Third Party and M&A SecurityImpact of GDPR on Third Party and M&A Security
Impact of GDPR on Third Party and M&A Security
EQS Group
 
Safe Harbor Webinar
Safe Harbor WebinarSafe Harbor Webinar
Safe Harbor Webinar
Ethisphere
 
GDPR: Protecting Your Data
GDPR: Protecting Your DataGDPR: Protecting Your Data
GDPR: Protecting Your Data
Ulf Mattsson
 
Isaca new delhi india - privacy and big data
Isaca new delhi india - privacy and big dataIsaca new delhi india - privacy and big data
Isaca new delhi india - privacy and big data
Ulf Mattsson
 

Similar to Evolving international privacy regulations and cross border data transfer - gdpr under schrems ii (20)

GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulations
 
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready?
 
GDPR - Top 10 AWS Security and Compliance Best Practices
GDPR - Top 10 AWS Security and Compliance Best PracticesGDPR - Top 10 AWS Security and Compliance Best Practices
GDPR - Top 10 AWS Security and Compliance Best Practices
 
A Brave New World Of Data Protection. Ready? Counting down to GDPR.
A Brave New World Of Data Protection. Ready? Counting down to GDPR. A Brave New World Of Data Protection. Ready? Counting down to GDPR.
A Brave New World Of Data Protection. Ready? Counting down to GDPR.
 
How MongoDB can accelerate a path to GDPR compliance
How MongoDB can accelerate a path to GDPR complianceHow MongoDB can accelerate a path to GDPR compliance
How MongoDB can accelerate a path to GDPR compliance
 
Ivan Horodyskyy - Сloud and GDPR Legal and Organizational Steps to be Taken
Ivan Horodyskyy - Сloud and GDPR Legal and Organizational Steps to be TakenIvan Horodyskyy - Сloud and GDPR Legal and Organizational Steps to be Taken
Ivan Horodyskyy - Сloud and GDPR Legal and Organizational Steps to be Taken
 
My presentation- Ala about privacy and GDPR
My presentation- Ala about privacy and GDPRMy presentation- Ala about privacy and GDPR
My presentation- Ala about privacy and GDPR
 
ISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniquesISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniques
 
Data Protection Post-Brexit: Can the UK Craft a Credible New Approach?
Data Protection Post-Brexit: Can the UK Craft a Credible New Approach?Data Protection Post-Brexit: Can the UK Craft a Credible New Approach?
Data Protection Post-Brexit: Can the UK Craft a Credible New Approach?
 
Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...
 
Protecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine LearningProtecting Data Privacy in Analytics and Machine Learning
Protecting Data Privacy in Analytics and Machine Learning
 
The Meaning and Impact of the General Data Protection Regulation
The Meaning and Impact of the General Data Protection RegulationThe Meaning and Impact of the General Data Protection Regulation
The Meaning and Impact of the General Data Protection Regulation
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPR
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPR
 
BigID Data Sheet: LGPD Compliance Automated
BigID Data Sheet: LGPD Compliance AutomatedBigID Data Sheet: LGPD Compliance Automated
BigID Data Sheet: LGPD Compliance Automated
 
Impact of GDPR on Third Party and M&A Security
Impact of GDPR on Third Party and M&A SecurityImpact of GDPR on Third Party and M&A Security
Impact of GDPR on Third Party and M&A Security
 
Safe Harbor Webinar
Safe Harbor WebinarSafe Harbor Webinar
Safe Harbor Webinar
 
GDPR: Protecting Your Data
GDPR: Protecting Your DataGDPR: Protecting Your Data
GDPR: Protecting Your Data
 
Isaca new delhi india - privacy and big data
Isaca new delhi india - privacy and big dataIsaca new delhi india - privacy and big data
Isaca new delhi india - privacy and big data
 

More from Ulf Mattsson

Jun 29 new privacy technologies for unicode and international data standards ...
Jun 29 new privacy technologies for unicode and international data standards ...Jun 29 new privacy technologies for unicode and international data standards ...
Jun 29 new privacy technologies for unicode and international data standards ...
Ulf Mattsson
 
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Ulf Mattsson
 
Book
BookBook
Book
Ulf Mattsson
 
Qubit conference-new-york-2021
Qubit conference-new-york-2021Qubit conference-new-york-2021
Qubit conference-new-york-2021
Ulf Mattsson
 
Secure analytics and machine learning in cloud use cases
Secure analytics and machine learning in cloud use casesSecure analytics and machine learning in cloud use cases
Secure analytics and machine learning in cloud use cases
Ulf Mattsson
 
Data encryption and tokenization for international unicode
Data encryption and tokenization for international unicodeData encryption and tokenization for international unicode
Data encryption and tokenization for international unicode
Ulf Mattsson
 
The future of data security and blockchain
The future of data security and blockchainThe future of data security and blockchain
The future of data security and blockchain
Ulf Mattsson
 
New technologies for data protection
New technologies for data protectionNew technologies for data protection
New technologies for data protection
Ulf Mattsson
 
Privacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA AtlantaPrivacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA Atlanta
Ulf Mattsson
 
Safeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningSafeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learning
Ulf Mattsson
 
Protecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UKProtecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UK
Ulf Mattsson
 
What is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS LondonWhat is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS London
Ulf Mattsson
 
Protecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACAProtecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACA
Ulf Mattsson
 
What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?
Ulf Mattsson
 
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2bNov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Ulf Mattsson
 
Unlock the potential of data security 2020
Unlock the potential of data security 2020Unlock the potential of data security 2020
Unlock the potential of data security 2020
Ulf Mattsson
 
What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?
Ulf Mattsson
 
ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...
Ulf Mattsson
 
Isaca atlanta - practical data security and privacy
Isaca atlanta - practical data security and privacyIsaca atlanta - practical data security and privacy
Isaca atlanta - practical data security and privacy
Ulf Mattsson
 
Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...
Ulf Mattsson
 

More from Ulf Mattsson (20)

Jun 29 new privacy technologies for unicode and international data standards ...
Jun 29 new privacy technologies for unicode and international data standards ...Jun 29 new privacy technologies for unicode and international data standards ...
Jun 29 new privacy technologies for unicode and international data standards ...
 
Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...Jun 15 privacy in the cloud at financial institutions at the object managemen...
Jun 15 privacy in the cloud at financial institutions at the object managemen...
 
Book
BookBook
Book
 
Qubit conference-new-york-2021
Qubit conference-new-york-2021Qubit conference-new-york-2021
Qubit conference-new-york-2021
 
Secure analytics and machine learning in cloud use cases
Secure analytics and machine learning in cloud use casesSecure analytics and machine learning in cloud use cases
Secure analytics and machine learning in cloud use cases
 
Data encryption and tokenization for international unicode
Data encryption and tokenization for international unicodeData encryption and tokenization for international unicode
Data encryption and tokenization for international unicode
 
The future of data security and blockchain
The future of data security and blockchainThe future of data security and blockchain
The future of data security and blockchain
 
New technologies for data protection
New technologies for data protectionNew technologies for data protection
New technologies for data protection
 
Privacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA AtlantaPrivacy preserving computing and secure multi-party computation ISACA Atlanta
Privacy preserving computing and secure multi-party computation ISACA Atlanta
 
Safeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learningSafeguarding customer and financial data in analytics and machine learning
Safeguarding customer and financial data in analytics and machine learning
 
Protecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UKProtecting data privacy in analytics and machine learning ISACA London UK
Protecting data privacy in analytics and machine learning ISACA London UK
 
What is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS LondonWhat is tokenization in blockchain - BCS London
What is tokenization in blockchain - BCS London
 
Protecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACAProtecting data privacy in analytics and machine learning - ISACA
Protecting data privacy in analytics and machine learning - ISACA
 
What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?
 
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2bNov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2b
 
Unlock the potential of data security 2020
Unlock the potential of data security 2020Unlock the potential of data security 2020
Unlock the potential of data security 2020
 
What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?
 
ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...ISACA Houston - How to de-classify data and rethink transfer of data between ...
ISACA Houston - How to de-classify data and rethink transfer of data between ...
 
Isaca atlanta - practical data security and privacy
Isaca atlanta - practical data security and privacyIsaca atlanta - practical data security and privacy
Isaca atlanta - practical data security and privacy
 
Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...Jul 16 isaca london data protection, security and privacy risks - on premis...
Jul 16 isaca london data protection, security and privacy risks - on premis...
 

Recently uploaded

UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 

Recently uploaded (20)

UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 

Evolving international privacy regulations and cross border data transfer - gdpr under schrems ii

  • 1. 1 1 Evolving International Privacy Regulations and Cross Border Data Transfer - GDPR under "Schrems II"
  • 2. 2 Agenda 1. Convergence ofdataprivacyprinciples,standardsandregulations 2. General DataProtectionRegulation(GDPR) 3. GDPRandCaliforniaConsumerPrivacyAct (CCPA) 4. Whatroledoestechnologiesplayin compliance 5. Use Cases
  • 3. 3 This is What Your Peers AreSaying
  • 5. 5 What is Privacy? Privacy /ˈprīvəsē/ Definedin Generally AcceptedPrivacyPrinciples (GAPP)as “therightsandobligationsofindividualsandorganizationswithrespect tothecollection, use, retention,disclosure, and disposal of personal information.”
  • 8. 8 Source:Gartner Balance Protect datain ways that are transparent tobusiness processes and compliant toregulations Opportunities Risk Management Policies Balance Breaches Regulations Controls
  • 10. 10 10 Organization’sRisk Context of Privacy Source:Gartner
  • 11. 11 11 What Are Others Spending on Security?
  • 13. 13 Which of the FollowingAspects of Data Privacy AreYou Particularly Concerned About? 13 FTI Consulting—Corporate Data Privacy Today, 2020
  • 15. 15 Legal andRegulatory Risks are Exploding 15
  • 16. 16 PrivacyRegulations Sweden, TheDataAct, a nationaldataprotectionlaw wentinto effectin 1974 India is passinga comprehensivedataprotectionbill that includeGDPR-likerequirements Finland's Data ProtectionAct Japanimplementschangesto domesticlegislationto strengthen privacy protectionin thecountry Brazil passinga comprehensivedataprotectionregulation similarto GDPR 1970, Germany passedthe firstnationaldataprotection law, firstdataprotectionlaw in the world TheNew York PrivacyAct wasintroducedin 2019 Source:Forrester CCPA'simpact is expectedto beglobal (12+ %), given California'sstatusasthe fifth largestglobal economy GDPR'simpactis expectedtobeglobal
  • 17. 17 Data and SecurityGovernance(DSG) Converge Source:Gartner
  • 18. 18 The Evolution of Privacy Regulations at an AggressiveRate
  • 19. 19 How Many Privacy Laws Are You Complying With? Source:IAPP GeneralDataProtectionRegulation(EU) 2016/679(GDPR)isaregulationin EU lawondataprotectionandprivacyintheEuropeanUnion(EU) andtheEuropeanEconomic Area(EEA). ItalsoaddressesthetransferofpersonaldataoutsidetheEU and EEA areas. CaliforniaConsumerPrivacyAct ( CCPA)isabill thatenhancesprivacyrightsandconsumerprotectionforresidents ofCalifornia,UnitedStates. By Region
  • 21. 21 GDPR Year 1: Numbers
  • 22. 22 Failureto Comply . . . What are the Consequences ? • Companies liable fora fine ofup tofourper cent (4%) oftheir global turnover with a maximum fine of~$25Million USD. This is for non-compliance with no data breach! • The principles ofprotection should apply toany information concerning an identified or identifiable person. • To determine whether a person is identifiable, account should betaken of allthe means likely reasonably to beused either by the controller orby any other person toidentify the individual. • Theprinciples of dataprotection should notapplytodata rendered anonymous in such a way that the datasubject is no longer identifiable. Why What How
  • 23. 23 GDPR — Data ProtectionPrinciples(Article5) • Personal data shall beprocessed lawfully, fairly and in a transparent mannerinrelation to the data subject • Collected for specified, explicit and legitimate purposes only • Adequate, relevant and limited to what is necessary in relation to thepurposes for which theyareprocessed (‘data minimization’) • Accurateand, wherenecessary, kept up to date, erased or rectified without delay • Kept ina form whichpermits identification of data subjects for nolonger than is necessary for thepurposes for which the personal data are processed • Processed in a mannerthat ensures appropriate security of the personal data 88Pages(99Articles) of Detailed DataProtectionRequirements
  • 24. 24 GDPR under "SchremsII" • No transfer of data but nevertheless a riskof access by U.S. authorities because the EU-basedprocessor is a subsidiaryof a U.S. company. • Thehosting of health data by a company bound byU.S. law was incompatible with theGDPR under"SchremsII"and violated the provisions of the GDPR, due on the one hand, to the possibility of a transfer to the U.S. of the data collected by Doctolib throughits processor, and on the other hand,even in theabsence of data transfer, to the risk of access requests by U.S. authorities to the processor, AWS. • Thecourtnoted for the purposes of hosting its data, Doctolib uses the services of the Luxemburg companyAWSSarl, the data is hosted in data centers located in France and in Germany, and the contract concluded between Doctolib and AWSSarl does not provide for the transfer of datato the U.S. • However, because it is a subsidiary of a companyunderU.S. law, the court considered AWS Sarl inLuxemburg maybe subject to access requests byU.S.authorities in the frameworkof U.S. monitoringprograms based on Article702of the Foreign IntelligenceSurveillanceAct or Executive Order 12333. • Conseil considered that the level of protection offered was sufficient due to the manysafeguards https://iapp.org/news/a/why-this-french-court-decision-has-far-reaching-consequences-for-many-businesses/
  • 25. 25 GDPR under "SchremsII" Conseil considered that the level of protection offered was sufficient due to the manysafeguards inplace, which are thefollowing. Legal safeguards: • Thejudgenoted the contract concluded between Doctolib and AWSSarl provides for a specific procedure in theevent of an access request by a foreign authority; notably, AWS Sarl guarantees in its contract with Doctolib that it will challenge anygeneral access request from a public authority. Technicalsafeguards: • Thejudgealso noted technically the data hosted by AWS Sarl is encrypted and the keyis held by a trusted third party in France,not by AWS, to prevent data from being read by third parties. Other guaranteestaken: • No health data: Thecourt also took into accountthat contraryto what was alleged by the plaintiffs, data transmitted to Doctolib within the frameworkof the vaccination campaign does not concerninformation onthe reason whytheperson is eligible in priority for vaccination becauseof a specific pathology. Thedata hosted relates only to the identification of individuals for the purpose of makingappointments. • Data is deleted after threemonths https://iapp.org/news/a/why-this-french-court-decision-has-far-reaching-consequences-for-many-businesses/
  • 26. 26 GDPR SecurityRequirements Framework Encryption and Tokenization Discover Data Assets Security by Design Source:IBM
  • 27. 27 Organizations needs to look at how the datawas captured,whois accountable for it, where it islocated and who has access. Data Flow MappingUnder GDPR • If there is not already a documented workflow in place in yourorganization,it can be worthwhile for a team tobe sent out toidentify how the data is being gathered. • This willenable you tosee how your data flow is different from reality and what needs tobedone Source:BigID
  • 28. 28 Find Your Sensitive Data in Cloud and On-Premise 28 Source:Protegrity
  • 33. 33 The CCPA Effect California Privacy Rights Act (CPRA) 1. On November 3, 2020, Californians voted to approve Proposition 24, a ballot measure that creates the California Privacy Rights Act (CPRA). 2. The CPRA amends and expands the California Consumer Privacy Act (CCPA). 3. Most of the CPRA’s substantive provisions will not take effect until January 1, 2023, providing covered businesses with two years of valuable ramp-up time. 4. Notably, however, the CPRA’s expansion of the “Right to Know” impacts personal information (PI) collected during the ramp-up period, on or after January 1, 2022. See https://en.wikipedia.org/wiki/2020_California_Proposition_24
  • 34. 34 34 Use Cases & Standards
  • 35. 35 PrivacyStandards 11Published InternationalPrivacyStandards(ISO) Techniques Management Cloud Framework Impact Requirements Process 20889 IS Privacyenhancingde-identificationterminologyandclassificationoftechniques 27701 IS Securitytechniques-ExtensiontoISO/IEC27001 andISO/IEC 27002 forprivacyinformationmanagement -Requirementsand guidelines 27018 IS CodeofpracticeforprotectionofPIIinpubliccloudsacting as PIIprocessors 29100 IS Privacyframework 29101 IS Privacyarchitectureframework 29134 IS GuidelinesforPrivacyimpactassessment 29190 IS Privacycapabilityassessmentmodel 29191 IS Requirementsforpartiallyanonymous,partiallyunlinkableauthentication 29151 IS CodeofPracticeforPIIProtection 19608 TSGuidancefordevelopingsecurityandprivacyfunctionalrequirementsbasedon15408 27550 TRPrivacyengineeringforsystemlifecycleprocesses
  • 36. 36 Different Data Protection Techniques Data Store DynamicMasking 2-way 1-way FormatPreserving Computingonencrypteddata FormatPreserving Tokenization FormatPreserving Encryption (FPE) HomomorphicEncryption (HE) Hashing Static Masking DifferentialPrivacy (DP) K-anonymityModel Random Algorithmic NoiseAdded Fast Slow VerySlow Fast Fast Fastest ClearText SyntheticData Derivation Fast Anonymization Of Attributes Pseudonymization Of Identifiers
  • 37. 37 Example of Use-Cases & DataPrivacy Techniques 37 Vault-less tokenization Masking Vault-less tokenization Gateway CallCenterApplication PaymentApplication Payment Data Policy,Tokenization,Encryptionand Keys Salesforce Payment Network SecurityOfficer Data Warehouse AnalyticsApplication PI* Data PI* Data DifferentialPrivacy AndK-anonymity Dev/testSystems PI* Data VotingApplication ElectionData MicrosoftElectionGuard
  • 39. 39 Randomized Tokenization Data Store DynamicMasking 2-way FormatPreserving Computingonencrypteddata Tokenization FormatPreserving Encryption (FPE) HomomorphicEncryption (HE) Random Algorithmic Fast Slow VerySlow Fastest ClearText Pseudonymization Of Identifiers Quantum Computers? • Quantum computers and other strong computers can break algorithms and patterns in encrypted data. • We can instead use random numbers to secure sensitive data. • Random numbers are not based on an algorithm or pattern that computers can break. Tech giants are building their own machines and speeding to make them available to the world as a cloud computing service. In the competition: IBM, Google, Microsoft, Intel, Amazon, IonQ, Quantum Circuits, Rigetti Computing
  • 41. 41 Secure AI– Use Case withSyntheticData 41
  • 42. 42 Original Data Fully Synthetic Data Partially Synthetic Data Artificially generated new data points Artificially generated new data points Synthetic Data
  • 43. 43 6 Differential PrivacyModels In differential privacy,the concern is about privacyas the relative difference in the result whether aspecific individual or entity is includedin the input or excluded Random Differential Privacy Probabilistic Differential Privacy Concentrated Differential Privacy Approximate Differential Privacy Computational Differential Privacy Multiparty Differential Privacy Noiseisverylow. Usedinpractice. Moreusefulanalysiscanbeperformed. Well-studied. Widelyused Canensuretheprivacyofindividualcontributions. Aggregationisperformedlocally. Strongdegreeofprotection. Highaccuracy Apuremodelprovidesprotectionevenagainstattackers withunlimitedcomputationalpower. Canleadtounlikelyoutputs. Tailoredtolargenumbersofcomputations.
  • 44. 44 Area Timing Focus Comments Use Case: Bank Requirements Short Internal requirements International regulations Cloud Short Machine Learning Startwithbasic ML trainingand inference on sensitivedata in cloud Competition Short Competitive advantage MLand NLP-powered servicescan give banks a competitiveedge Data Short Encrypted data Important Long Synthetic data Computing cost? Analytics Medium AML/KYC Whatare otherLarge banks doing? Short Analytics Initial focus Short Operational on encrypted data Computing on sensitivedata tothe cloud. Trade-offswithperformance, protection and utility? Industry Short Industry dialog Workinggroups instandard bodies (ANSI X9, Cloud Security Alliance,Homomorphic Encryption Org) Model Short Encrypted model Important Pilot Short Experimentation Whatare otherLarge banks doing? Short ScotiaBankCase Study QuerysolutionforAML/KYC Proven Medium Fastfollower Whatare some proven solutions? Quantum Short Homomorphic Encryption post- Lattice-basedcryptography isa promising post-quantumcryptography family,both in termsof foundational propertiesaswell as itsapplicationto both traditionaland homomorphic encryption Medium Quantum Plan forquantum safealgorithms Long Quantum Plan forquantum MLalgorithms Sharing Short Secure Multi-partyComputing (SMPC) Withoutrevealingtheir ownprivateinputsand outputs. Encrypteddata and encryptionkeys never comingledwilecomputationon the encrypted dataisoccurringor an encryption key is splitintoshares Solutions Short Vendor positioning Nonlinear MLregressionneeded? LinearRegressionisone of the fundamental supervised-ML. Linearand non-linearcreditscoring by combininglogisticregressionand support vector machines Short Frameworkintegration Important 3rd Party Long 3rd party integration Miningfirst TrainingML Long Federated learning Complicated Long TEE Emerging
  • 45. 45 Data Protection Techniques:Deploying On-premisesand Clouds Privacy enhancing data de-identification terminology and classification of technique DataWarehouse Centralized Distributed On-premises PublicCloud PrivateCloud De-identification techniques Tokenization Vault-basedtokenization Y Y Vault-lesstokenization Y Y Y Y Y Y Cryptographic Tools Format preservingencryption Y Y Y Y Y Homomorphic encryption Y Y Y Suppression techniques Masking Y Y Y Y Y Y Hashing Y Y Y Y Y Y Formalprivacy measurementmodels DifferentialPrivacy ServerModel Y Y Y Y Y Y LocalModel Y Y Y Y Y Y K-anonymity model L-diversity Y Y Y Y Y Y T-closeness Y Y Y Y Y Y
  • 46. 46 Example of Cross Border Data-centric Securityusing tokenization SecurityOfficer • ProtectingPersonally Identifiable Information (PII), includingnames, addresses,phone,email, policyand accountnumbers • Compliance with EU CrossBorderDataProtectionLaws • UtilizingDataTokenization, andcentralizedpolicy, key management, auditing,and reporting Data Warehouse Completepolicy-enforcedde- identificationofsensitivedata acrossall bankentities DataSources AustrianData GermanData OtherSource Data Austrian Data German Data Other Source Data
  • 48. 48 GTP Cloud SecurityCore Topic Coverage
  • 51. 51 CASBs Are to SaaS as FirewallsAre to Data Centers
  • 52. 52 A Data SecurityGatewayCan Protect Sensitive Data in Cloud and On- premise
  • 53. 53 Protection of Data in AWS S3 with Separation of Duties Protect data before landing Enterprise Policies Appsusingde-identified data Sensitivedatastreams Enterprise on-prem Data lifted to S3 is protected before use S3 SecurityOfficer • Applications can use de-identified data ordata in the clear based on policies • Protection ofdata in AWS S3 before landing in a S3 bucket PolicyEnforcementPoint(PEP) Separation of Duties EncryptionKeyManagement
  • 54. 54 Big Data Protection with GranularFieldLevel Protection for Google Cloud Protectionthroughout the lifecycleof data in Hadoop BigData Protectortokenizes or encryptssensitivedata fields Enterprise Policies Policiesmaybe managedon- premorGoogleCloudPlatform (GCP) PolicyEnforcementPoint Protecteddatafields U Separation of Duties EncryptionKeyManagem. Security Officer
  • 55. 55 Multi-Cloud Considerations Source:Securosis,2019 Consistency • Mostfirmsarequitefamiliarwiththeiron-premises encryptionand key managementsystems,sotheyoftenprefertoleveragethe same tooland skills across multipleclouds. • Firmsoftenadopta “best of breed”cloud approach. Trust • Some customerssimplydo nottrusttheirvendors. Vendor Lock-in and Migration • A commonconcern is vendorlock-in, andan inabilitytomigratetoanothercloud serviceprovider. • Some nativecloudencryptionsystemsdo not allow customer keys to move outside the system, andcloudencryptionsystemsare basedonproprietaryinterfaces. • Thegoal is to maintainprotection regardless of where data resides, moving between cloud vendors. Cloud Gateway Google Cloud AWS Cloud Azure Cloud
  • 57. 57 References 1. California ConsumerPrivacyAct, OCT4, 2019, https://www.csoonline.com/article/3182578/california-consumer-privacy-act-what-you-need-to-know-to-be-compliant.html 2. GDPR andTokenizing Data,https://tdwi.org/articles/2018/06/06/biz-all-gdpr-and-tokenizing-data-3.aspx 3. GDPR VS CCPA, https://wirewheel.io/wp-content/uploads/2018/10/GDPR-vs-CCPA-Cheatsheet.pdf 4. GeneralDataProtection Regulation, https://en.wikipedia.org/wiki/General_Data_Protection_Regulation 5. IBMFrameworkHelps Clients Preparefor theEU's GeneralDataProtection Regulation, https://ibmsystemsmag.com/IBM-Z/03/2018/ibm-framework-gdpr 6. INTERNATIONALSTANDARDISO/IEC20889,https://webstore.ansi.org/Standards/ISO/ISOIEC208892018?gclid=EAIaIQobChMIvI-k3sXd5gIVw56zCh0Y0QeeEAAYASAAEgLVKfD_BwE 7. MachineLearningandAI in a BraveNewCloud World https://www.brighttalk.com/webcast/14723/357660/machine-learning-and-ai-in-a-brave-new-cloud-world 8. EmergingDataPrivacy andSecurity forCloud https://www.brighttalk.com/webinar/emerging-data-privacy-and-security-for-cloud/ 9. NewApplication andDataProtection Strategieshttps://www.brighttalk.com/webinar/new-application-and-data-protection-strategies-2/ 10. The DayWhen3rd PartySecurityProviders Disappearinto Cloud https://www.brighttalk.com/webinar/the-day-when-3rd-party-security-providers-disappear-into-cloud/ 11. AdvancedPII/PI DataDiscovery https://www.brighttalk.com/webinar/advanced-pii-pi-data-discovery/ 12. EmergingApplication andDataProtection forCloud https://www.brighttalk.com/webinar/emerging-application-and-data-protection-for-cloud/ 13. Practical DataSecurity andPrivacy forGDPR andCCPA, ISACAJournal,May2020 14. DataSecurity:OnPremise orin theCloud, ISSAJournal,December 2019,ulf@ulfmattsson.com 15. DataPrivacy: De-IdentificationTechniques, ISSAJournal, May2020