Presentation on the 8th SEEITA – 7th SEE ICT Forum Meeting & 7th MASIT Open Days Conference.
http://www.seeita.org/
http://www.seeita.org/?conference_agenda
Who Goes There? Demystifying Digital Identity for All (1/2)Aurélie Pols
Who goes there? It’s a question as old as time that is asked at the beginning of most transactions. In order for people and organizations to do business they must first ask – Who are you? How can I trust you?
Digital identity is becoming the most important challenge to solve at the intersection of people, process, and technology. Ask people about digital identity and they might think of a password and user ID to access services. But it’s much more. Digital identity is the digital representation of you – the Facebook you, Twitter you, and Google you.
Why is digital identity challenging? Perhaps because digital identity must intertwine with existing and evolving governance and cultural norms. Notions of privacy and sharing can vary greatly from person to person and from culture to culture.
This workshop explores what it means to be you in the digital world. We’ll uncover the forces and influences that impact the digital you – for better or for worse. Attendees will gain introductory insights about how digital identities and digital relationships connect and interact within a society. Join us to learn how Canada will advance digital identity for the socio-economic good of all.
https://fwd50.com/session/demystifying-digital-identity-for-all-1-2/
Interoperability in Digital will take a Global VillageAurélie Pols
It's a never ending game of whack-a-mole, where Peter Swire already talked about technological escalation wars back in 2012 when chairing the W3C DNT efforts.
It used to be "it's not PII hence privacy legislation doesn't apply". The scope of action with respect to data privacy legislation has broadened, on both sides of the Atlantic.
Yet similar dodging techniques are now also being applied to actual existing and enforced legislation. Under the CCPA, the California Consumer Privacy Act, it's about not going beyond 25 million $ a year in revenue, avoiding employee data and this US based legislation not being applicable to governmental institutions (hail to surveillance capitalism fed by public authorities!).
We've long talked about ePrivacy being unclear while the legislator does move towards applying the GDPR also to digital data.
Those are the legislative loopholes but then also come the technical techniques Simo is going to talk about as we both come to the same conclusion: players are influencing the data, possibly seeing a way to compete not on analytics but on privacy?
As companies, even US based ones such as Apple and Microsoft, recognise privacy to be a fundamental right, let's explore which risks companies are facing and what some of the emerging best practices could look like.
From GDPR to ePrivacy: what does it mean to the advertising sector?Aurélie Pols
The GDPR which comes into force in May 2018 includes 6 ways to assure lawfulness of processing, of which consent
and legitimate interests. The ePrivacy Regulation, a lex specialis of the GDPR, remains in draft mode, waiting for trialogue.
This presentation will explain what a risk based approach means for the advertising sector, taking the angle of media and
communication agencies, vendors of tools as well as their end clients, the advertisers.
State of EU legislation: GDPR & ePrivacy for SuperweekAurélie Pols
Building on 3 years worth of presentations on Privacy in the digital data ecosystem for Superweek, tackling transparency and sensitive data, this one addresses data subject rights while grounding the European project into the Charter of Fundamental Rights of the European Union. It includes a word of caution with respect to legitimate interests: not an easy choice to uphold!
The GDPR is here. So do you know what the courts are saying?Aurélie Pols
While the ink is dry on the final text of the GDPR since May 2016, the same can not be said for the courts. They are busier than ever with respect to data protection litigation! (there hasn't been a lot before to be honest as the legal instruments weren't as adequate)
One could say former legal student Max Schrems partially paved the way by getting the European Court of Justice (ECJ) to declare SafeHarbour invalid and today again with his not-for-profit NOYB.eu. (that's for Non of Your Business)
While we might discuss Cambridge Analitica in light of a potential class action against Facebook in Belgium, this presentation will mainly walk the audience through those case laws (Digital Rights Ireland, Google Spain, Schrems, Wirtschatfstsakademie) that are shaping the interpretation of the previous Data Protection Directive and the GDPR. Hopefully this would allow us to better understands where those clear red lines are being drawn in the sand, for now.
So, Right to be Forgotten: is it still comparable to "book burning in the Nazi period" or can we move beyond to find better ways to balance technological opportunities with societal needs, for the benefit of all?
CPDP: Data ownership, Innovation and Privacy: looking for an approach on both...Aurélie Pols
In a democratic society, it is always essential to search for the mechanisms contributing to a greater protection of citizens’ fundamental rights. For years we have been witnessing a debate, on both sides of the Atlantic, about the relevance of the formulation of a right of ownership of personal data.
It is interesting to analyse how the creation of this new right has different implications in different legal systems. In this panel we will consider the following questions:
- Can the right of ownership of personal data contribute to reinforcing the right to data protection and the right to privacy?
- What would be the impact of the formulation of a right of ownership of personal data in the field of data-driven innovation?
- Can this right contribute to the development of technological innovations based on data?
- Can the vision based on a property right in our personal data fit in a context of the defence of a fundamental right in our democratic societies?
- Can personal data be an asset that may be subject to commercial and / or economic operations?
- Is the legal view about data ownership shared on both sides of the Atlantic?
Video of the entire panel here: https://www.youtube.com/watch?v=YA8kMGM_kWU
Technical Consequences of the Data Subject's RightsAurélie Pols
In her keynote speech Aurélie will focus on data subject's rights and the technical consequences of these obligations.
As the General Data Protection Regulation (GDPR) has come into force on May 25th 2018, data subject’s rights are being re-introduced and reinforced, building the ground work for a more balanced approaches towards data uses within our increasingly digitised societies.
Aurélie dives into the practical perspective of how to manage these new GDPR data subject rights, what it means for your processes and IT systems and when or to what type of data they apply.
Who Goes There? Demystifying Digital Identity for All (1/2)Aurélie Pols
Who goes there? It’s a question as old as time that is asked at the beginning of most transactions. In order for people and organizations to do business they must first ask – Who are you? How can I trust you?
Digital identity is becoming the most important challenge to solve at the intersection of people, process, and technology. Ask people about digital identity and they might think of a password and user ID to access services. But it’s much more. Digital identity is the digital representation of you – the Facebook you, Twitter you, and Google you.
Why is digital identity challenging? Perhaps because digital identity must intertwine with existing and evolving governance and cultural norms. Notions of privacy and sharing can vary greatly from person to person and from culture to culture.
This workshop explores what it means to be you in the digital world. We’ll uncover the forces and influences that impact the digital you – for better or for worse. Attendees will gain introductory insights about how digital identities and digital relationships connect and interact within a society. Join us to learn how Canada will advance digital identity for the socio-economic good of all.
https://fwd50.com/session/demystifying-digital-identity-for-all-1-2/
Interoperability in Digital will take a Global VillageAurélie Pols
It's a never ending game of whack-a-mole, where Peter Swire already talked about technological escalation wars back in 2012 when chairing the W3C DNT efforts.
It used to be "it's not PII hence privacy legislation doesn't apply". The scope of action with respect to data privacy legislation has broadened, on both sides of the Atlantic.
Yet similar dodging techniques are now also being applied to actual existing and enforced legislation. Under the CCPA, the California Consumer Privacy Act, it's about not going beyond 25 million $ a year in revenue, avoiding employee data and this US based legislation not being applicable to governmental institutions (hail to surveillance capitalism fed by public authorities!).
We've long talked about ePrivacy being unclear while the legislator does move towards applying the GDPR also to digital data.
Those are the legislative loopholes but then also come the technical techniques Simo is going to talk about as we both come to the same conclusion: players are influencing the data, possibly seeing a way to compete not on analytics but on privacy?
As companies, even US based ones such as Apple and Microsoft, recognise privacy to be a fundamental right, let's explore which risks companies are facing and what some of the emerging best practices could look like.
From GDPR to ePrivacy: what does it mean to the advertising sector?Aurélie Pols
The GDPR which comes into force in May 2018 includes 6 ways to assure lawfulness of processing, of which consent
and legitimate interests. The ePrivacy Regulation, a lex specialis of the GDPR, remains in draft mode, waiting for trialogue.
This presentation will explain what a risk based approach means for the advertising sector, taking the angle of media and
communication agencies, vendors of tools as well as their end clients, the advertisers.
State of EU legislation: GDPR & ePrivacy for SuperweekAurélie Pols
Building on 3 years worth of presentations on Privacy in the digital data ecosystem for Superweek, tackling transparency and sensitive data, this one addresses data subject rights while grounding the European project into the Charter of Fundamental Rights of the European Union. It includes a word of caution with respect to legitimate interests: not an easy choice to uphold!
The GDPR is here. So do you know what the courts are saying?Aurélie Pols
While the ink is dry on the final text of the GDPR since May 2016, the same can not be said for the courts. They are busier than ever with respect to data protection litigation! (there hasn't been a lot before to be honest as the legal instruments weren't as adequate)
One could say former legal student Max Schrems partially paved the way by getting the European Court of Justice (ECJ) to declare SafeHarbour invalid and today again with his not-for-profit NOYB.eu. (that's for Non of Your Business)
While we might discuss Cambridge Analitica in light of a potential class action against Facebook in Belgium, this presentation will mainly walk the audience through those case laws (Digital Rights Ireland, Google Spain, Schrems, Wirtschatfstsakademie) that are shaping the interpretation of the previous Data Protection Directive and the GDPR. Hopefully this would allow us to better understands where those clear red lines are being drawn in the sand, for now.
So, Right to be Forgotten: is it still comparable to "book burning in the Nazi period" or can we move beyond to find better ways to balance technological opportunities with societal needs, for the benefit of all?
CPDP: Data ownership, Innovation and Privacy: looking for an approach on both...Aurélie Pols
In a democratic society, it is always essential to search for the mechanisms contributing to a greater protection of citizens’ fundamental rights. For years we have been witnessing a debate, on both sides of the Atlantic, about the relevance of the formulation of a right of ownership of personal data.
It is interesting to analyse how the creation of this new right has different implications in different legal systems. In this panel we will consider the following questions:
- Can the right of ownership of personal data contribute to reinforcing the right to data protection and the right to privacy?
- What would be the impact of the formulation of a right of ownership of personal data in the field of data-driven innovation?
- Can this right contribute to the development of technological innovations based on data?
- Can the vision based on a property right in our personal data fit in a context of the defence of a fundamental right in our democratic societies?
- Can personal data be an asset that may be subject to commercial and / or economic operations?
- Is the legal view about data ownership shared on both sides of the Atlantic?
Video of the entire panel here: https://www.youtube.com/watch?v=YA8kMGM_kWU
Technical Consequences of the Data Subject's RightsAurélie Pols
In her keynote speech Aurélie will focus on data subject's rights and the technical consequences of these obligations.
As the General Data Protection Regulation (GDPR) has come into force on May 25th 2018, data subject’s rights are being re-introduced and reinforced, building the ground work for a more balanced approaches towards data uses within our increasingly digitised societies.
Aurélie dives into the practical perspective of how to manage these new GDPR data subject rights, what it means for your processes and IT systems and when or to what type of data they apply.
A copy of a presentation given today (16-02-2012) to year three graphic design students at University of Wales Newport as an introduction to designing e-magazines for the iPad
The Different Dimensions of E-commerce Security
•
•
•
•
•
•
Integrity
◦ The ability to ensure that information being displayed on a web
site or transmitted or received over the internet has not been
altered in any way by an unauthorized party
Nonrepudiation
◦ The ability to ensure that e-commerce participants do not deny (i.e.
repudiate) their online actions
Authenticity
◦ The ability to identify the identity of a person or entity with whom
you are dealing in the internet
Confidentiality
◦ The ability to ensure that messages and data are available only to
those who are authorized to view them
Privacy
◦ The ability to control the use of information about oneself
Availability
◦ The ability to ensure that an e-commerce site continues top
function as intended.
Presentation held by Mr.Anastas Mishev as a part of the - Cooperation between academia and ICT businesses Session at the 8th SEEITA and 7th MASIT Open Days Conference, 14th-15th October, 2010
A copy of a presentation given today (16-02-2012) to year three graphic design students at University of Wales Newport as an introduction to designing e-magazines for the iPad
The Different Dimensions of E-commerce Security
•
•
•
•
•
•
Integrity
◦ The ability to ensure that information being displayed on a web
site or transmitted or received over the internet has not been
altered in any way by an unauthorized party
Nonrepudiation
◦ The ability to ensure that e-commerce participants do not deny (i.e.
repudiate) their online actions
Authenticity
◦ The ability to identify the identity of a person or entity with whom
you are dealing in the internet
Confidentiality
◦ The ability to ensure that messages and data are available only to
those who are authorized to view them
Privacy
◦ The ability to control the use of information about oneself
Availability
◦ The ability to ensure that an e-commerce site continues top
function as intended.
Presentation held by Mr.Anastas Mishev as a part of the - Cooperation between academia and ICT businesses Session at the 8th SEEITA and 7th MASIT Open Days Conference, 14th-15th October, 2010
Presentation held by Mr. Goran Lazarevski as a part of the Corporate Social Responsibility Session at the 8th SEEITA and 7th MASIT Open Days Conference, 14th-15th October, 2010
Presentation held by Ms.Nikica Kushinkova as a part of the The Corporate Social Responsibility at the 8th SEEITA and 7th MASIT Open Days Conference, 14th-15th October, 2010
Presentation held by Mr.Milan Davidovic as a part of the Certification Session at the 8th SEEITA and 7th MASIT Open Days Conference, 14th-15th October, 2010
Increasing competitiveness of macedonian businesses through csrMASIT MACEDONIA
Presentation held by Ms. Katerina Spasovska as a part of the The Corporate Social Responsibility Session at the 8th SEEITA and 7th MASIT Open Days Conference, 14th-15th October, 2010
Presentation held by Ms.Beti Popova as a part of the Corporate Social Responsibility Session at the 8th SEEITA and 7th MASIT Open Days Conference, 14th-15th October, 2010
Presentation held by Ms.Nadezda Dimitrovska as a part of the Corporate Social Responsibility at the 8th SEEITA and 7th MASIT Open Days Conference, 14th-15th October, 2010
Presentation held by Mr.Goran Mitreski as a part of the Digital Divide Session at the 8th SEEITA and 7th MASIT Open Days Conference, 14th-15th October, 2010
Digital divide and broadband territorial coverageMASIT MACEDONIA
Presentation held by Ms.Katica Neceva as a part of The Digital Divide Session at the 8th SEEITA and 7th MASIT Open Days Conference, 14th-15th October, 2010
Presentation held by Ms. Violeta Atanasovska- Ministry of education and science as a part of the WINS ICT Call7 Session at the 8th SEEITA and 7th MASIT Open Days Conference, 14th-15th October, 2010
Presentation held by Mr.Jos Huizer as a part of The Road to better Broadband Session at the 8th SEEITA and 7th MASIT Open Days Conference, 14th-15th October, 2010
Presentation held by Ms. Vjolca Cavolli as a part of the ICT the enabler for business development in the region Session at the 8th SEEITA and 7th MASIT Open Days Conference, 14th-15th October, 2010
Building an international infrastructure for research data - Jisc Digital Fes...Jisc
Research data infrastructures exist at the national and international level and with the increasing amount of international research collaboration it is crucial that these are joined up.
This session showcased collaborative work that Jisc and its partners are undertaking to create a pan-European e-infrastructure solution through the EC funded EUDAT project.
SURFSara outlined the approach to research data infrastructure in the Netherlands alongside Jisc's approach for a UK infrastructure.
The Internet Services, Web and Mobile Applications, Pervasive Communication widely available today that are meeting many of our needs have stimulated production of tremendous amounts of data (call metadata, texts, emails, social media updates, photos, videos, location, etc.). The computing power available today in conjunction with trending technologies like Data Mining and Analytics, Machine Learning and Computational Linguistics provide an opportunity business and government organizations to manage, search, analyze, and visualize vast amount of data as information.
Companies named data brokers collect consumer data including behavioral and private and then sell to companies those use this data for personalized marketing and selling. There is no doubt that this is good for businesses, but is this same good for consumers? Is this just positively affects buying experience of customers? How much does reliable this kind data event for companies? How to keep a balance between new opportunities derived by Big Data to companies and privacy concern it brings to consumers?
In proposed speech we will try to find out some of the answers to these and other questions.
Similar to Information Security for increased usage of e-services - Masit Open Days 2010 (20)
Assessing the institutionalisation of knowledge in an automotive factory at FiatAna Meskovska
Assessing the institutionalisation of knowledge in an automotive factory at Fiat.Coordinated by Mr. Giuliano Maielli:
-Maielli, G. (2005). “Spot-Welding Technology and the Development of Robotics at Fiat, 1972-1987. A Case of Production Management Discontinuity?” Business History, Volume 47, N 1 January).
E-educational games in formal education - ePrototype Bazaar 2011Ana Meskovska
E-educational games in formal education is a proposals for innovative eBusiness idea and software prototypes developed and presented on the Professor Rene W. Wagenaar ePrototype Bazaar, a regular session that is part of the 24th Bled eConference.
(http://www.bledconference.org/index.php/eConference/2011/announcement/view/31)
Presentation from the 5th itSMF SEE Regional Event on title: KEY ITSM DRIVERS FOR BUSINESS SUCCESS.The conference covered more than 30 inspiring and thought-provoking sessions, and as such it was the biggest and best-ever IT Service Management programme of seminars, panel discussions and keynotes in South East Europe. (http://www.itsmf.org.rs/drupal/content/itsmf-see-2011-programme)
Online version of the presentation - http://prezi.com/lstdrvohprmp/belgrad-prezentacija/
Increasing trust towards governmental e-servicesAna Meskovska
Research paper from the
21th Annual IIMA Conference in Utrecht, The Netherlands, 17 – 20 October 2010.
The International Information Management Association (IIMA) annual conferences promote the dynamic exchange of ideas among leading researchers, educators, developers and practitioners who share their research and disseminate innovations in education, business and government. The 21st Annual Conference of the IIMA was devoted to presenting and examining information technology issues that create new innovative and sustainable opportunities in our current economical climate.
Increasing trust towards government e-servicesAna Meskovska
Presentation of the research paper "Increasing trust towards government e-services" for the 21th Annual Conference International Information Management Association (IIMA 2010, www.iima.org) that took take place from 17 – 20 October in Utrecht, The Netherlands.
Topic: Increasing Cross-border e-Region Competitiveness by Exploiting e-Solutions and e-Services
"Proposal for cross border cooperation between the companies from Slovakia, Macedonia and the Czech Republic"
This presentation is focused on ITSM qualifications and certification schemes.
Shows the difference between Certifications for Organizations (ISO 20000 Certification schemes) and Certifications for Professionals (ISO 20000 Qualifications, ITIL Version 3 Qualifications).
Practical aspects of Connection and relationships between relevant ICT standards (ISO 9001, ISO 27001, ISO 20000 and ITIL) and their integration.
Contents:
- Importance of the ICT standards
- Overview of the ISO standards relevant for ICT industry
- Integration of the ISO standards relevant for ICT
2. 8th
SEEITA – 7th
SEE ICT Forum Meeting & 7th
MASIT Open Days Conference
14-15 October 2010, Ohrid www.seeita.org
About me
• Consultant and Trainer in Trajkovski & Partners
Consulting
• Quality and Information Security Manager
• B.Sc. in Electrical Engineering
• Master student – e-Business management
• ICMCI Certified Management Consultant – CMC
• ECQA certified IT Security and e-Security Manager
• Member of Board of Directors and Chairman of the
Committee for Events of itSMF Macedonia
9. 8th
SEEITA – 7th
SEE ICT Forum Meeting & 7th
MASIT Open Days Conference
14-15 October 2010, Ohrid www.seeita.org
Citizens using the Internet and e-
Government
Figure 1. Percentage of citizens using the Internet and e-Government (Source: Eurostat 2009)
Overall progress in
citizen using
governmental e-
services between
2004 and 2008:
• 4% - 7% for
EU15
• 3% - 4% for
EU12
10. 8th
SEEITA – 7th
SEE ICT Forum Meeting & 7th
MASIT Open Days Conference
14-15 October 2010, Ohrid www.seeita.org
WHY, not to use e-services?
• The e-service doesn’t offer any additional
benefits vs. the regular service
• The e-service is not relevant
• It is too complicated
• It is not as quality as the regular service
• A trust issue
• It is not obligatory
• …….
11. 8th
SEEITA – 7th
SEE ICT Forum Meeting & 7th
MASIT Open Days Conference
14-15 October 2010, Ohrid www.seeita.org
Understanding the issues
• Why is trust an issue:
– involvement of sensitive and personal information
– risk from disclosure and misuse of important
information and documents
– absence of physical contact, visual communication
and tangibility
• How to start overcoming this issue?
– Information security
– …….
15. 8th
SEEITA – 7th
SEE ICT Forum Meeting & 7th
MASIT Open Days Conference
14-15 October 2010, Ohrid www.seeita.org
Types of e-services
• E-services that don’t have critical impact on
our lives or business
– e-mails, social networks, chats, blogs,
collaboration workspaces…
• E-services that have crucial impact on our
lives, private and business wise
– e-banking, e-procurement, e-auctions, e-
government, e-healthcare…
16. 8th
SEEITA – 7th
SEE ICT Forum Meeting & 7th
MASIT Open Days Conference
14-15 October 2010, Ohrid www.seeita.org
Example of e-service activities
• registering for user identity - e.g. membership application
• updating user information - e.g. new address
• updating user status - e.g. credit card account balance
• submitting application - e.g. credit card, driving license
• placing order - e.g. buying and selling of stocks and funds
• doing payment transaction - e.g. credit card payment
• searching for information - e.g. business matching
• exchanging information - e.g. chatroom
• receiving information and service - e.g. education notes
• doing survey, etc…
17. 8th
SEEITA – 7th
SEE ICT Forum Meeting & 7th
MASIT Open Days Conference
14-15 October 2010, Ohrid www.seeita.org
What means Information?
• Information is an asset to the organization,
which has value to organization and needs to
be protected appropriately
• Types of information:
– Printed or written on paper
– Electronic
– Send by mail or other electronic connections
– Presented on company’s promotional materials,
web site
– Spoken
18. 8th
SEEITA – 7th
SEE ICT Forum Meeting & 7th
MASIT Open Days Conference
14-15 October 2010, Ohrid www.seeita.org
What means Information
Security?
• Providing confidentiality, integrity and
availability of written, spoken and
electronic information
– Confidentiality - limiting information access and
disclosure to authorized users and preventing
access by or disclosure to unauthorized ones
– Integrity - accuracy and completeness
– Availability - accessibility and usability upon
demand by an authorized entity
20. 8th
SEEITA – 7th
SEE ICT Forum Meeting & 7th
MASIT Open Days Conference
14-15 October 2010, Ohrid www.seeita.org
Implement Information Security
Management System
• Conduct risk assessment
• Define and enforce IS policies
– ISMS policy, Privacy policy, e-Privacy policy
• Define and enforce IS procedures
– Business continuity planning, Access control ….
• Identify and implement relevant IS controls
– firewall, cryptography, SSL, PKI and DC
• Take in consideration best practices and
standards
– ISO 27001, ITIL, ISO 20000, COBIT, ITAF …
22. 8th
SEEITA – 7th
SEE ICT Forum Meeting & 7th
MASIT Open Days Conference
14-15 October 2010, Ohrid www.seeita.org
Raise awareness
• Raise awareness for:
– the purpose of e-service
– the benefits from the e-service
– the need for information security
– how is information security organized and
implemented
– importance and existence of IS controls and tools
among management, employees, clients, users, ….