Evolving international privacy regulations and cross border data transfer - g...Ulf Mattsson
We will discuss the Evolving International Privacy Regulations. Cross Border Data Transfer for GDPR under Schrems II is now ruled by an EU court that defined what is required. This ruling can be far reaching for many businesses.
Come cambia la cybersecurity con il regolamento privacy europeoGiulio Coraggio
Il regolamento privacy europeo (GDPR) richiede di adottare un nuovo approccio in materia di cyber security a causa del rischio di sanzioni e gli obblighi regolatori applicabili
New opportunities and business risks with evolving privacy regulationsUlf Mattsson
In the shadow of the global pandemic and the associated economic downturn, organizations are focused on cost optimization, which often leads to impulsive decisions to deprioritize compliance with all nonrevenue programs.
Regulators have evolved to adapt with the notable increase in data subject complaints and are getting more serious about organizations that don’t properly protect consumer data. Marriott was hit with a $124 million fine while Equifax agreed to pay a minimum of $575 million for its breach. The US Federal Trade Commission, the US Consumer Financial Protection Bureau (CFPB), and all 50 U.S. states and territories sued over the company’s failure to take “reasonable steps” to secure its sensitive personal data.
Privacy and data protection are enforced by a growing number of regulations around the world and people are actively demanding privacy protection — and legislators are reacting. More than 60 countries have introduced privacy laws in response to citizens’ cry for transparency and control. By 2023, 65% of the world’s population will have its personal information covered under modern privacy regulations, up from 10% today, according to Gartner. There is a convergence of data privacy principles, standards and regulations on a common set of fundamental principles.
The opportunities to use data are growing exponentially, but so too are the business and financial risks as the number of data protection and privacy regulations grows internationally.
Join this webinar to learn more about:
- Trends in modern privacy regulations
- The impact on organizations to protect and use sensitive data
- Data privacy principles
- The impact of General Data Protection Regulation (GDPR) and data transfer between US and EU
- The evolving CCPA, the new PCI DSS version 4 and new international data privacy laws or regulations
- Data privacy best practices, use cases and how to control sensitive personal data throughout the data life cycle
Evolving international privacy regulations and cross border data transfer - g...Ulf Mattsson
We will discuss the Evolving International Privacy Regulations. Cross Border Data Transfer for GDPR under Schrems II is now ruled by an EU court that defined what is required. This ruling can be far reaching for many businesses.
Come cambia la cybersecurity con il regolamento privacy europeoGiulio Coraggio
Il regolamento privacy europeo (GDPR) richiede di adottare un nuovo approccio in materia di cyber security a causa del rischio di sanzioni e gli obblighi regolatori applicabili
New opportunities and business risks with evolving privacy regulationsUlf Mattsson
In the shadow of the global pandemic and the associated economic downturn, organizations are focused on cost optimization, which often leads to impulsive decisions to deprioritize compliance with all nonrevenue programs.
Regulators have evolved to adapt with the notable increase in data subject complaints and are getting more serious about organizations that don’t properly protect consumer data. Marriott was hit with a $124 million fine while Equifax agreed to pay a minimum of $575 million for its breach. The US Federal Trade Commission, the US Consumer Financial Protection Bureau (CFPB), and all 50 U.S. states and territories sued over the company’s failure to take “reasonable steps” to secure its sensitive personal data.
Privacy and data protection are enforced by a growing number of regulations around the world and people are actively demanding privacy protection — and legislators are reacting. More than 60 countries have introduced privacy laws in response to citizens’ cry for transparency and control. By 2023, 65% of the world’s population will have its personal information covered under modern privacy regulations, up from 10% today, according to Gartner. There is a convergence of data privacy principles, standards and regulations on a common set of fundamental principles.
The opportunities to use data are growing exponentially, but so too are the business and financial risks as the number of data protection and privacy regulations grows internationally.
Join this webinar to learn more about:
- Trends in modern privacy regulations
- The impact on organizations to protect and use sensitive data
- Data privacy principles
- The impact of General Data Protection Regulation (GDPR) and data transfer between US and EU
- The evolving CCPA, the new PCI DSS version 4 and new international data privacy laws or regulations
- Data privacy best practices, use cases and how to control sensitive personal data throughout the data life cycle
Marketing under the GDPR: What You Can and Cannot Do [Webinar Slides]TrustArc
Watch the free webinar on-demand NOW: https://info.trustarc.com/marketing-under-gdpr-webinar.html
Practical advice on what marketing activities can and can’t be done.
Marketing is an area that will be highly impacted by changes required under the GDPR, but there is a lack of clear guidance as to what the compliance requirements mean in practice. Do you need consent for everything? How can direct marketing practices comply with the GDPR and still meet business objectives?
This on-demand webinar will support privacy and marketing teams by providing practical advice on what marketing activities can and cannot be done.
#trustarcGDPRevents
Webinar Speakers
James Koons
Senior Privacy Consultant, TrustArc
To register for upcoming/on-demand webinars visit: https://www.trustarc.com/events/webinar-schedule/
The GDPR changes are fast approaching and time is running out to prepare yourself and your data. GDPR is an important topic that you will need to know inside out for your business and marketing to succeed. CommuniGator can help you get fully prepared for its arrival.
We are here to answer YOUR GDPR questions to arm you with everything you need to ensure you are compliant come May 2018.
Find out how the new data law will affect your B2B marketing abilities. We answer all your questions with a Q&A section from our experts in the field – so you can really get to grips with the changes.
We cover:
- The good the bad and the ugly of GDPR
- Your own checklist to becoming compliant
- How to get your existing data ‘double opted-in’
- Answers to your burning questions!
Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...TrustArc
Watch the webinar on-demand: https://info.trustarc.com/mastering-article-30-compliance-webinar.html
78% of companies need help with conducting a data inventory.
As businesses grapple with the requirements of the GDPR one of the most challenging is the need to create a comprehensive record of all of your data processing activities as required under Article 30 of the GDPR. Recent research from Dimensional Research/TrustArc found that 78% of companies said they needed help with conducting a data inventory. With a project of this scale why re-invent the wheel when you can learn from other privacy professionals who have gone through the process of scoping, communicating, managing and delivering a comprehensive data inventory and mapping project.
Watch this webinar on-demand to hear from in-house privacy professionals and consultants how to:
- build a business case for the data inventory
- involve other departments across the business
- understand benefits of different methodologies – such as a systems or process-based approach
- review the tools and technologies available to help for you
- maintain the inventory over time
To register for upcoming/on-demand webinars visit: https://www.trustarc.com/events/webinar-schedule/
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...Trivadis
In Big Data we focus on the 4 V's: Volume, Velocity, Varity and Veracity. But another important topic is often not in the focus: Privacy and Security. Yet as important and if not considered from the beginning it might put your Big Data project at risk. Learn about most important Privacy and Security fundamentals in Big Data, you should take into account in your next Big Data project.
In this work we highlighted some of the concepts of data privacy, techniques used in data privacy, and some techniques used in data privacy in the cloud plus some new research trends.
Best Practices for Managing Individual Rights under the GDPR [Webinar Slides]TrustArc
Watch the webinar on-demand: https://info.trustarc.com/best-practices-for-managing-individual-rights-under-gdpr-webinar.html
Insights and best practices for managing individual rights under the GDPR.
The GDPR introduces new individual rights for consumers such as the right of deletion, rectification and data portability - and non-compliance can lead to the highest level of fines. Many regulators are planning consumer campaigns that are likely to increase awareness and action on these new data subject access rights once the GDPR comes into effect on May 25th. What are your obligations? What volume of requests should a company prepare for? What best practices and tools are available to support these new requirements?
This on-demand webinar will provide insights and best practices for managing individual rights under the GDPR.
#trustarcGDPRevents
To register for upcoming/on-demand webinars visit: https://www.trustarc.com/events/webinar-schedule/
Digital Forensics 101 – How is it used to protect an Organization’s Data?PECB
Digital forensics is the use of analytical and investigative techniques to identify, collect, examine and report on digital evidence or information. Digital evidence can provide valuable insights during investigations of theft of intellectual property involving multi-party collusion and the misappropriation of organizational assets and resources.
During this session participants will learn various methods of mitigating the “insider threats” to an organization’s digital data and methods of investigating digital evidence contained on computer and mobile systems during internal investigations.
Main points covered:
• Learn how to mitigate and investigate the theft of Intellectual Property from your company by adding digital forensic components into your Risk Management and Compliance programs.
• Learn and understand how Digital Forensics can augment your internal investigations.
• Learn where you and your organization fit into the Digital Forensic workflow, and when to call for help.
Presenter:
Our presenter for this webinar, Ryan Duquette is a seasoned digital forensic examiner with many years of experience in law enforcement and the private sector. He took his zest for “focusing on the facts” from his days in Law Enforcement and founded Hexigent Consulting, a firm focusing on digital investigations, cyber security consulting services and litigation support.
Ryan works closely with clients involved in workplace investigations and civil litigation matters including intellectual property theft, HR investigation and data breaches. During his days in Law Enforcement, he conducted digital investigations on a variety of criminal cases including homicide, child pornography, fraud, missing persons, and sexual assault cases.
He is a Sessional Lecturer at the University of Toronto teaching digital forensics, holds a Master of Science degree in Digital Forensics Management, and several digital forensics and fraud certifications.
Ryan is a Director for the Toronto chapter of the Association of Certified Fraud Examiners, has been qualified as an “expert witness” on numerous occasions, and is a frequent presenter at fraud, digital forensics, cybersecurity and investigative conferences worldwide.
Link of recorded webinar:
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianPECB
Short description:
In this webinar, we will be exploring the current trends, predictions and other things of relevance to GDPR enforcement. Further, we will touch on the big fines such as Facebook, Google, Experian as well as guide you how to stay out of trouble with the regulation.
Main points covered:
• A summary of ICO enforcement action in the UK over the past 12 months
• What organizations got wrong?
• The big fines – Facebook and Experian
• Trends and predictions
• How to keep out of trouble with the regulator
Presenter:
Our presenter for this webinar, James Castro-Edwards is a partner and Head of Data Protection at Wedlake Bell LLP. James advises domestic and multinational organizations on data protection issues. His experience includes managing global data protection compliance projects for multinationals and advising domestic companies on complex data protection issues. He has also developed and delivered innovative data protection training programs for multinational clients, including a data protection officers’ training course which was accredited by a European government. James leads the firm’s outsourced data protection officer service, ProDPO.
James frequently speaks on data protection and cybersecurity issues and is widely published, having written articles for a wide variety of titles including The Times and The Guardian, and wrote The Law Society textbook on the General Data Protection Regulation (GDPR).
Recorded Webinar: https://youtu.be/QAF1XXTBFyg
It, Legal, Marketing and sales departments are all affected by the European Union's General Data Protection Regulation (EU GDPR). EU GDPR is more than an IT governance issue, it impacts the IT architecture and the user journey of your online and offline data capture processes.
For more information visit https://www.brightpay.ie or https://www.thesaurus.ie
Given recent cyber-attacks, an updated security process is definitely required to protect the personal data that we manage. GDPR is not a new concept, it is simply a data protection process that is being upgraded to protect all individuals. Essentially, GDPR is an overhaul of the way we process, manage and store individual’s personal data.
This webinar will uncover the ins and outs of the impact of GDPR on your payroll processing, highlighting the biggest areas of concern including emailing payslips, employee consent and your legal obligation.
We will walk you through some important steps to achieve GDPR compliance by examining the following topics:
Agenda
What does GDPR mean for your payroll processing?
- Understanding GDPR
- The contract between accountants & clients
- Template Data Processor Agreement
- Proof of compliance
- Securely storing employee data
Payslips & GDPR Compliance
- Employee consent
- Emailing payslips
- Recommended self-service access
Breaching GDPR
- Data breach plan of action
- Non-compliance and penalties
BrightPay & GDPR
- BrightPay Connect - online self-service portal
- Enhanced security measures
Geek Sync | Tackling Key GDPR Challenges with Data Modeling and GovernanceIDERA Software
You can watch the replay for this Geek Sync webcast in the IDERA Resource Center: http://ow.ly/tLtr50A5b4b
The General Data Protection Regulation (GDPR) is inevitable and goes live in the EU beginning May 25th 2018. It touches all technical and organizational measures as well as the design of internal systems and processes, and affects all companies around the world that have customers in the EU.
Join IDERA and Dr. Sultan Shiffa as he focuses on how data modeling, governance and collaboration help Executives, IT Managers, Architects, DBAs and Developers tackle the key challenges around data protection by design and by default, individual rights to access and erasure, valid consent, data protection roles and accountabilities, data breach notifications, and auditing the records of data processing activities. This session will also explore best practices and examples for how to master those challenges and assess the data protection impact. After this session, you can be prepared to become GDPR compliant ahead of the deadline and beyond.
Building the Governance Ready Enterprise for GDPR Compliance December 2017Index Engines Inc.
The EU General Data Protection Regulation (GDPR) fundamentally changes how organizations manage personal data. Giving citizens the right to access, rectify, erase, restrict, and migrate their personal content existing in any data center that does business in the European Union.
Index Engines' technology delivers extensive search and management solutions that empower you to find all personal data under management with considerable precision and meet or exceed the requirements of the regulation through implementation of powerful indexing technology. Index Engines supports all classes of data from primary storage to legacy backup data.
Where data security and value of data meet in the cloud brighttalk webinar ...Ulf Mattsson
BrightTALK webinar January 14 2015
The biggest challenge in this new paradigm of the cloud and an interconnected world, is merging data security with data value and productivity. What’s required is a seamless, boundless security framework to maximize data utility while minimizing risk. In this webinar, you’ll learn about value-preserving data-centric security methods, how to keep track of your data and monitor data access outside the enterprise, and best practices for protecting data and privacy in the perimeter-less enterprise.
GDPR and evolving international privacy regulationsUlf Mattsson
Convergence of data privacy principles, standards and regulations
General Data Protection Regulation (GDPR)
GDPR and California Consumer Privacy Act (CCPA)
What role does technologies play in compliance
Use Cases
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
Key Discussion Pointers:
1. Introduction to Data Privacy
- What is data privacy
- Privacy laws around the globe
- DPDPA Journey
2. Understanding the New Indian DPDPA 2023
- Objectives
- Principles of DPDPA
- Applicability
- Rights & Duties of Individuals
- Principals
- Legal implications/penalties
3. A practical approach to DPDPA compliance
- Personal data Inventory
- DPIA
- Risk treatment
Marketing under the GDPR: What You Can and Cannot Do [Webinar Slides]TrustArc
Watch the free webinar on-demand NOW: https://info.trustarc.com/marketing-under-gdpr-webinar.html
Practical advice on what marketing activities can and can’t be done.
Marketing is an area that will be highly impacted by changes required under the GDPR, but there is a lack of clear guidance as to what the compliance requirements mean in practice. Do you need consent for everything? How can direct marketing practices comply with the GDPR and still meet business objectives?
This on-demand webinar will support privacy and marketing teams by providing practical advice on what marketing activities can and cannot be done.
#trustarcGDPRevents
Webinar Speakers
James Koons
Senior Privacy Consultant, TrustArc
To register for upcoming/on-demand webinars visit: https://www.trustarc.com/events/webinar-schedule/
The GDPR changes are fast approaching and time is running out to prepare yourself and your data. GDPR is an important topic that you will need to know inside out for your business and marketing to succeed. CommuniGator can help you get fully prepared for its arrival.
We are here to answer YOUR GDPR questions to arm you with everything you need to ensure you are compliant come May 2018.
Find out how the new data law will affect your B2B marketing abilities. We answer all your questions with a Q&A section from our experts in the field – so you can really get to grips with the changes.
We cover:
- The good the bad and the ugly of GDPR
- Your own checklist to becoming compliant
- How to get your existing data ‘double opted-in’
- Answers to your burning questions!
Mastering Article 30 Compliance: Conducting, Maintaining & Reporting on your ...TrustArc
Watch the webinar on-demand: https://info.trustarc.com/mastering-article-30-compliance-webinar.html
78% of companies need help with conducting a data inventory.
As businesses grapple with the requirements of the GDPR one of the most challenging is the need to create a comprehensive record of all of your data processing activities as required under Article 30 of the GDPR. Recent research from Dimensional Research/TrustArc found that 78% of companies said they needed help with conducting a data inventory. With a project of this scale why re-invent the wheel when you can learn from other privacy professionals who have gone through the process of scoping, communicating, managing and delivering a comprehensive data inventory and mapping project.
Watch this webinar on-demand to hear from in-house privacy professionals and consultants how to:
- build a business case for the data inventory
- involve other departments across the business
- understand benefits of different methodologies – such as a systems or process-based approach
- review the tools and technologies available to help for you
- maintain the inventory over time
To register for upcoming/on-demand webinars visit: https://www.trustarc.com/events/webinar-schedule/
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...Trivadis
In Big Data we focus on the 4 V's: Volume, Velocity, Varity and Veracity. But another important topic is often not in the focus: Privacy and Security. Yet as important and if not considered from the beginning it might put your Big Data project at risk. Learn about most important Privacy and Security fundamentals in Big Data, you should take into account in your next Big Data project.
In this work we highlighted some of the concepts of data privacy, techniques used in data privacy, and some techniques used in data privacy in the cloud plus some new research trends.
Best Practices for Managing Individual Rights under the GDPR [Webinar Slides]TrustArc
Watch the webinar on-demand: https://info.trustarc.com/best-practices-for-managing-individual-rights-under-gdpr-webinar.html
Insights and best practices for managing individual rights under the GDPR.
The GDPR introduces new individual rights for consumers such as the right of deletion, rectification and data portability - and non-compliance can lead to the highest level of fines. Many regulators are planning consumer campaigns that are likely to increase awareness and action on these new data subject access rights once the GDPR comes into effect on May 25th. What are your obligations? What volume of requests should a company prepare for? What best practices and tools are available to support these new requirements?
This on-demand webinar will provide insights and best practices for managing individual rights under the GDPR.
#trustarcGDPRevents
To register for upcoming/on-demand webinars visit: https://www.trustarc.com/events/webinar-schedule/
Digital Forensics 101 – How is it used to protect an Organization’s Data?PECB
Digital forensics is the use of analytical and investigative techniques to identify, collect, examine and report on digital evidence or information. Digital evidence can provide valuable insights during investigations of theft of intellectual property involving multi-party collusion and the misappropriation of organizational assets and resources.
During this session participants will learn various methods of mitigating the “insider threats” to an organization’s digital data and methods of investigating digital evidence contained on computer and mobile systems during internal investigations.
Main points covered:
• Learn how to mitigate and investigate the theft of Intellectual Property from your company by adding digital forensic components into your Risk Management and Compliance programs.
• Learn and understand how Digital Forensics can augment your internal investigations.
• Learn where you and your organization fit into the Digital Forensic workflow, and when to call for help.
Presenter:
Our presenter for this webinar, Ryan Duquette is a seasoned digital forensic examiner with many years of experience in law enforcement and the private sector. He took his zest for “focusing on the facts” from his days in Law Enforcement and founded Hexigent Consulting, a firm focusing on digital investigations, cyber security consulting services and litigation support.
Ryan works closely with clients involved in workplace investigations and civil litigation matters including intellectual property theft, HR investigation and data breaches. During his days in Law Enforcement, he conducted digital investigations on a variety of criminal cases including homicide, child pornography, fraud, missing persons, and sexual assault cases.
He is a Sessional Lecturer at the University of Toronto teaching digital forensics, holds a Master of Science degree in Digital Forensics Management, and several digital forensics and fraud certifications.
Ryan is a Director for the Toronto chapter of the Association of Certified Fraud Examiners, has been qualified as an “expert witness” on numerous occasions, and is a frequent presenter at fraud, digital forensics, cybersecurity and investigative conferences worldwide.
Link of recorded webinar:
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianPECB
Short description:
In this webinar, we will be exploring the current trends, predictions and other things of relevance to GDPR enforcement. Further, we will touch on the big fines such as Facebook, Google, Experian as well as guide you how to stay out of trouble with the regulation.
Main points covered:
• A summary of ICO enforcement action in the UK over the past 12 months
• What organizations got wrong?
• The big fines – Facebook and Experian
• Trends and predictions
• How to keep out of trouble with the regulator
Presenter:
Our presenter for this webinar, James Castro-Edwards is a partner and Head of Data Protection at Wedlake Bell LLP. James advises domestic and multinational organizations on data protection issues. His experience includes managing global data protection compliance projects for multinationals and advising domestic companies on complex data protection issues. He has also developed and delivered innovative data protection training programs for multinational clients, including a data protection officers’ training course which was accredited by a European government. James leads the firm’s outsourced data protection officer service, ProDPO.
James frequently speaks on data protection and cybersecurity issues and is widely published, having written articles for a wide variety of titles including The Times and The Guardian, and wrote The Law Society textbook on the General Data Protection Regulation (GDPR).
Recorded Webinar: https://youtu.be/QAF1XXTBFyg
It, Legal, Marketing and sales departments are all affected by the European Union's General Data Protection Regulation (EU GDPR). EU GDPR is more than an IT governance issue, it impacts the IT architecture and the user journey of your online and offline data capture processes.
For more information visit https://www.brightpay.ie or https://www.thesaurus.ie
Given recent cyber-attacks, an updated security process is definitely required to protect the personal data that we manage. GDPR is not a new concept, it is simply a data protection process that is being upgraded to protect all individuals. Essentially, GDPR is an overhaul of the way we process, manage and store individual’s personal data.
This webinar will uncover the ins and outs of the impact of GDPR on your payroll processing, highlighting the biggest areas of concern including emailing payslips, employee consent and your legal obligation.
We will walk you through some important steps to achieve GDPR compliance by examining the following topics:
Agenda
What does GDPR mean for your payroll processing?
- Understanding GDPR
- The contract between accountants & clients
- Template Data Processor Agreement
- Proof of compliance
- Securely storing employee data
Payslips & GDPR Compliance
- Employee consent
- Emailing payslips
- Recommended self-service access
Breaching GDPR
- Data breach plan of action
- Non-compliance and penalties
BrightPay & GDPR
- BrightPay Connect - online self-service portal
- Enhanced security measures
Geek Sync | Tackling Key GDPR Challenges with Data Modeling and GovernanceIDERA Software
You can watch the replay for this Geek Sync webcast in the IDERA Resource Center: http://ow.ly/tLtr50A5b4b
The General Data Protection Regulation (GDPR) is inevitable and goes live in the EU beginning May 25th 2018. It touches all technical and organizational measures as well as the design of internal systems and processes, and affects all companies around the world that have customers in the EU.
Join IDERA and Dr. Sultan Shiffa as he focuses on how data modeling, governance and collaboration help Executives, IT Managers, Architects, DBAs and Developers tackle the key challenges around data protection by design and by default, individual rights to access and erasure, valid consent, data protection roles and accountabilities, data breach notifications, and auditing the records of data processing activities. This session will also explore best practices and examples for how to master those challenges and assess the data protection impact. After this session, you can be prepared to become GDPR compliant ahead of the deadline and beyond.
Building the Governance Ready Enterprise for GDPR Compliance December 2017Index Engines Inc.
The EU General Data Protection Regulation (GDPR) fundamentally changes how organizations manage personal data. Giving citizens the right to access, rectify, erase, restrict, and migrate their personal content existing in any data center that does business in the European Union.
Index Engines' technology delivers extensive search and management solutions that empower you to find all personal data under management with considerable precision and meet or exceed the requirements of the regulation through implementation of powerful indexing technology. Index Engines supports all classes of data from primary storage to legacy backup data.
Where data security and value of data meet in the cloud brighttalk webinar ...Ulf Mattsson
BrightTALK webinar January 14 2015
The biggest challenge in this new paradigm of the cloud and an interconnected world, is merging data security with data value and productivity. What’s required is a seamless, boundless security framework to maximize data utility while minimizing risk. In this webinar, you’ll learn about value-preserving data-centric security methods, how to keep track of your data and monitor data access outside the enterprise, and best practices for protecting data and privacy in the perimeter-less enterprise.
GDPR and evolving international privacy regulationsUlf Mattsson
Convergence of data privacy principles, standards and regulations
General Data Protection Regulation (GDPR)
GDPR and California Consumer Privacy Act (CCPA)
What role does technologies play in compliance
Use Cases
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
Key Discussion Pointers:
1. Introduction to Data Privacy
- What is data privacy
- Privacy laws around the globe
- DPDPA Journey
2. Understanding the New Indian DPDPA 2023
- Objectives
- Principles of DPDPA
- Applicability
- Rights & Duties of Individuals
- Principals
- Legal implications/penalties
3. A practical approach to DPDPA compliance
- Personal data Inventory
- DPIA
- Risk treatment
General Data Protection Regulation (GDPR) tidal wave that has hit, are you ready? Is your organization prepared for the extensive privacy requirements GDPR puts forth for any organization handling EU Data Subjects' personal Data? At this point, organizations must have a complete inventory of personal data and have conducted a DPIA against it. A handful of supervisory authorities have issued compliance guidelines, but your organizations must be able to assess compliance with this ambiguous regulation at any time.
Many aspects of GDPR define the distinction between a data collector and a data processor, their respective responsibilities and compliance requirements. Those responsibilities will have an effect on the contracts you negotiate with third parties, the way in which you evaluate the risks involved with establishing a business relationship and the policies you develop to maintain compliance to the regulations.
Join this webinar to learn:
*More information about GDPR and what the industry is experiencing to date
*What minimum requirements you should have had in place by May 25, 2018
*What you should plan to do for the next 12-18 months if you are not completely ready
*What the SEC Privacy Shield program is and why you should self-certify
*How to continuously monitor vendor risk KPIs
Impact of GDPR on Third Party and M&A SecurityEQS Group
GDPR impact has been dissected and examined to death - however, M&A activities, as well as third-party security posture, can be greatly affected as well, and this aspect has not been very often pursued. This session hopes to be useful for that.
Keep Calm and Comply: 3 Keys to GDPR SuccessSirius
Recent surveys benchmarking the status of U.S. companies' efforts to meet the May 25 deadline for the EU Global Data Protection Regulation (GDPR) have revealed a startling lack of preparedness.
Companies not yet in compliance are likely to violate the directive if they don’t take immediate action, and fines can amount to 2-4 percent of a company’s annual gross revenue. Do you have the resources and information you need to comply?
View to learn:
--What GDPR means to your business
--Short, medium, and long-term actions you can take to protect regulated data and achieve compliance
--How you can streamline incident response and third-party risk management capabilities
--How to streamline the resources and technology needed to keep up with the evolving regulatory landscape
Don't fall behind on these compliance regulations. Take the steps needed to protect the data you collect.
GDPR - Top 10 AWS Security and Compliance Best PracticesAhmad Khan
AWS Cloud GDPR challenges solved, this webinar (see our youtube channel). We show you exactly which Articles you need to worry about and how to address the data security using automation and top 10 best practices to implement step by step.
Privacy by Design and by Default + General Data Protection Regulation with Si...Peter Procházka
My presentation for SUG Hungary presented on 26.06.2018 with topic Privacy by Design and by Default and General Data Protection Regulation with Sitecore
Protecting Data Privacy in Analytics and Machine LearningUlf Mattsson
In this session, we will discuss a range of new emerging technologies for privacy and confidentiality in machine learning and data analytics. We will discuss how to use open source tools to put these technologies to work for databases and other data sources.
When we think about developing AI responsibly, there’s many different activities that we need to think about. In this session, we will discuss technologies that help protect people, preserve privacy, and enable you to do machine learning confidentially.
This session discusses industry standards and emerging privacy-enhanced computation techniques, secure multiparty computation, and trusted execution environments. We will discuss Zero Trust philosophy fundamentally changes the way we approach security since trust is a vulnerability that can be exploited particularly when working remotely and increasingly using cloud models. We will also discuss the “why, what, and how” of techniques for privacy preserving computing.
We will review how different industries are taking opportunity of these privacy preserving techniques. A retail company used secure multi-party computation to be able to respect user privacy and specific regulations and allow the retailer to gain insights while protecting the organization’s IP. Secure data-sharing is used by a healthcare organization to protect the privacy of individuals and they also store and search on encrypted medical data in cloud.
We will also review the benefits of secure data-sharing for financial institutions including a large bank that wanted to broaden access to its data lake without compromising data privacy but preserving the data’s analytical quality for machine learning purposes.
The Evolution of Data Privacy: 3 Things You Need To ConsiderSymantec
The European Union’s proposed General Data Protection Regulation (GDPR) has left even the most informed confused. This new regulation has been designed
to update the current directive which was drafted in a time that was in technology terms, prehistoric. It’s time to evolve.
The engaging white paper delivers the core facts you need to understand the fundamental nature of the GDPR regulations and what it means for your business and the management of its data.
GDPR & Your Cloud Provider - What You Need to KnowRachel Roach
Learn from our cloud compliance and GDPR experts as they cover:
- Key steps for managing your Data Processors
- How to validate GDPR compliant services
- GDPR requirements for cloud backup, DRaaS and IaaS
- The required contract terms, reporting and certifications
While 25th of May is coming, more and more myths around and about the GDPR appear. Many of them are considering the cloud as a ‘safe harbor’ from the GDPR requirements. Still, standards of the data protection established by the Regulation will be covering also a personal data which is storaged in the cloud. The legal and organizational steps should be taken in order to ensure compliance of cloud services with the GDPR will be considered.
The General Data Protection Regulation and the DAMA DMBOK – Tools you can use for Compliance
Abstract: The General Data Protection Regulation will be the law governing data privacy in Europe in 2018. Surveys show that less than 50% of organisations are aware of the changes within the legislation, and even fewer have any plan for achieving compliance. In this session, Daragh O Brien takes us on a high level overview of the GDPR and how the disciplines of the DMBOK can help compliance.
Notes: DMBOK is an abbreviation for the "Data Management Book of Knowledge" which is published by DAMA International (The Data Management Association)
Full GDPR toolkit: https://quality.eqms.co.uk/gdpr-general-data-protection-regulation-eu-toolkit
This free online training presentation provides you with information about how to comply with the General Data Protection Regulation, managing breaches, engaging employees, key requirements and more.
Similar to May 6 evolving international privacy regulations and cross border data transfer 2021 may 5 (20)
Jun 29 new privacy technologies for unicode and international data standards ...Ulf Mattsson
Protecting the increasing use International Unicode characters is required by a growing number of Privacy Laws in many countries and general Privacy Concerns with private data. Current approaches to protect International Unicode characters will increase the size and change the data formats. This will break many applications and slow down business operations. The current approach is also randomly returning data in new and unexpected languages. New approach with significantly higher performance and a memory footprint can be customizable and fit on small IoT devices.
We will discuss new approaches to achieve portability, security, performance, small memory footprint and language preservation for privacy protecting of Unicode data. These new approaches provide granular protection for all Unicode languages and customizable alphabets and byte length preserving protection of privacy protected characters.
Old Approaches
Major Issues
Protecting the increasing use International Unicode characters is required by a growing number of Privacy Laws in many countries and general Privacy Concerns with private data.
Old approaches to protect International Unicode characters will typically increase the size and change the data formats.
This will break many applications and slow down business operations. This is an example of an old approach that is also randomly returning data in new and unexpected languages
Book about
Quantum Computing Blockchain Reversable Protection Privacy by Design, Applications and APIs Privacy, Risks, and Threats Machine Learning and Analytics Non-Reversable Protection International Unicode Secure Multi-party Computing Computing on Encrypted Data Internet of Things II. Data Confidentiality and Integrity Standards and Regulations IV. Applications VI. Summary Best Practices, Roadmap, and Vision Trends, Innovation, and Evolution Hybrid Cloud , CASB and SASE Appendix A B C D E I. Introduction and Vision Section Access Control Zero Trust Architecture Trusted Execution Environments III. Users and Authorization Governance, Guidance, and Frameworks V. Platforms Data User App Innovation 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 Chapter Discovery and Search Glossary
qubit-conference-new-york-2021: https://nyc.qubitconference.com/
Cybersecurity: Get ready for the unpredictable
Create a sound cybersecurity strategy based on the right technology & budgetary insights, proven practices, and processes for SMEs.
This virtual event will equip CxOs and cybersecurity teams with the right intel to create a sound cybersecurity strategy based on the right technology & budgetary insights, proven practices, and processes specially tailored for SMEs.
Find out how to bring the smart design of cybersecurity architecture and processes, what to automate & how to properly set up internal and external ownership.
The proven cybersecurity strategy fit for your environment can go a long way. Know what to do in-house, what to outsource, set up your budgets right, and get help from the right cybersecurity specialists.
Secure analytics and machine learning in cloud use casesUlf Mattsson
Table of Contents:
Secure Analytics and Machine Learning in Cloud ......................................................................................... 2
Use case #1 in Financial Industry .............................................................................................................. 2
Data Flow .............................................................................................................................................. 2
The approach can be used for other Use-cases .................................................................................... 2
Homomorphic Encryption for Secure Machine Learning in Cloud ............................................................... 3
Evolving Homomorphic Encryption .......................................................................................................... 3
Performance Examples – HE, RSA and AES ........................................................................................... 3
Performance Examples – FHE, NTRU, ECC, RSA and AES ...................................................................... 3
Some popular HE schemes .................................................................................................................... 4
Examples of HE Libraries used by IBM, Duality, and Microsoft ............................................................ 4
Fast Homomorphic Encryption for Secure Analytics in Cloud ...................................................................... 4
Use case #2 in Health Care ........................................................................................................................ 5
Provable security for untrusted environments ..................................................................................... 5
Comparison to multiparty computation and trusted execution environments ................................... 5
Time and memory requirements of HE ................................................................................................ 5
Managing Data Security in Hybrid Cloud ...................................................................................................... 8
Data Security Policy and Zero Trust Architecture ..................................................................................... 8
The future of encryption will change in the Post-Quantum Era: .............................................................. 8
Managing Data Security in a Hybrid World ................................................................................................... 9
Evolving Privacy Regulations ....................................................................................................................... 10
New Ruling in GDPR under "Schrems II" ................................................................................................. 10
The new California Privacy Rights Act (CPRA)
Data encryption and tokenization for international unicodeUlf Mattsson
Unicode is an information technology standard for the consistent encoding, representation, and handling of text expressed in most of the world's writing systems. The standard is maintained by the Unicode Consortium, and as of March 2020, it has a total of 143,859 characters, with Unicode 13.0 (these characters consist of 143,696 graphic characters and 163 format characters) covering 154 modern and historic scripts, as well as multiple symbol sets and emoji. The character repertoire of the Unicode Standard is synchronized with ISO/IEC 10646, each being code-for-code identical with the other.
The Unicode Standard consists of a set of code charts for visual reference, an encoding method and set of standard character encodings, a set of reference data files, and a number of related items, such as character properties, rules for normalization, decomposition, collation, rendering, and bidirectional text display order (for the correct display of text containing both right-to-left scripts, such as Arabic and Hebrew, and left-to-right scripts). Unicode's success at unifying character sets has led to its widespread and predominant use in the internationalization and localization of computer software. The standard has been implemented in many recent technologies, including modern operating systems, XML, Java (and other programming languages), and the .NET Framework.
Unicode can be implemented by different character encodings. The Unicode standard defines Unicode Transformation Formats (UTF) UTF-8, UTF-16, and UTF-32, and several other encodings. The most commonly used encodings are UTF-8, UTF-16, and UCS-2 (a precursor of UTF-16 without full support for Unicode)
The future of data security and blockchainUlf Mattsson
Discussion of Post-Quantum Cryptography and other technologies:
Data Security Techniques
Secure Multi-Party Computation (SMPC)
Homomorphic encryption (HE)
Differential Privacy (DP) and K-Anonymity
Pseudonymization and Anonymization
Synthetic Data
Zero trust architecture (ZTA)
Zero-knowledge proofs (ZKP)
Private Set Intersection (PSI)
Trusted execution environments (TEE)
Post-Quantum Cryptography
Blockchain
Regulations and Standards in Data Privacy
Privacy preserving computing and secure multi-party computation ISACA AtlantaUlf Mattsson
A major challenge that many organizations faces, is how to address data privacy regulations such as CCPA, GDPR and other emerging regulations around the world, including data residency controls as well as enable data sharing in a secure and private fashion. We will present solutions that can reduce and remove the legal, risk and compliance processes normally associated with data sharing projects by allowing organizations to collaborate across divisions, with other organizations and across jurisdictions where data cannot be relocated or shared.
We will discuss secure multi-party computation where organizations want to securely share sensitive data without revealing their private inputs. We will review solutions that are driving faster time to insight by the use of different techniques for privacy-preserving computing including homomorphic encryption, k-anonymity and differential privacy. We will present best practices and how to control privacy and security throughout the data life cycle. We will also review industry standards, implementations, policy management and case studies for hybrid cloud and on-premises.
Safeguarding customer and financial data in analytics and machine learningUlf Mattsson
Digital Transformation and the opportunities to use data in Analytics and Machine Learning are growing exponentially, but so too are the business and financial risks in Data Privacy. The increasing number of privacy incidents and data breaches are destroying brands and customer trust, and we will discuss how business prioritization can be benefit from a finance-based data risk assessment (FinDRA).
More than 60 countries have introduced privacy laws and by 2023, 65% of the world’s population will have its personal information covered under modern privacy regulations. We will discuss use cases in financial services that are finding a balance between new technology impact, regulatory compliance, and commercial business opportunity. Several privacy-preserving and privacy-enhanced techniques can provide practical security for data in use and data sharing, but none universally cover all use cases. We will discuss what tools can we use mitigate business risks caused by security threats, data residency and privacy issues. We will discuss how technologies like pseudonymization, anonymization, tokenization, encryption, masking and privacy preservation in analytics and business intelligence are used in Analytics and Machine Learning.
Organizations are increasingly concerned about data security in processing personal information in external environments, such as the cloud; and information sharing. Data is spreading across hybrid IT infrastructure on-premises and multi-cloud services and we will discuss how to enforce consistent and holistic data security and privacy policies. Increasing numbers of data security, privacy and identity access management products are in use, but they do not integrate, do not share common policies, and we will discuss use cases in financial services of different techniques to protect and manage data security and privacy.
Protecting data privacy in analytics and machine learning ISACA London UKUlf Mattsson
ISACA London Chapter webinar, Feb 16th 2021
Topic: “Protecting Data Privacy in Analytics and Machine Learning”
Abstract:
In this session, we will discuss a range of new emerging technologies for privacy and confidentiality in machine learning and data analytics. We will discuss how to put these technologies to work for databases and other data sources.
When we think about developing AI responsibly, there’s many different activities that we need to think about.
This session also discusses international standards and emerging privacy-enhanced computation techniques, secure multiparty computation, zero trust, cloud and trusted execution environments. We will discuss the “why, what, and how” of techniques for privacy preserving computing.
We will review how different industries are taking opportunity of these privacy preserving techniques. A retail company used secure multi-party computation to be able to respect user privacy and specific regulations and allow the retailer to gain insights while protecting the organization’s IP. Secure data-sharing is used by a healthcare organization to protect the privacy of individuals and they also store and search on encrypted medical data in cloud.
We will also review the benefits of secure data-sharing for financial institutions including a large bank that wanted to broaden access to its data lake without compromising data privacy but preserving the data’s analytical quality for machine learning purposes.
What is tokenization in blockchain - BCS LondonUlf Mattsson
BCS North London Branch in association with Central London Branch webinar (by GoToWebinar) Date: 2nd December 2020 Time: 18.00 to 19.30 Event title: Blockchain tokenization “What is tokenization in Blockchain?”
Agenda
Blockchain
What is Blockchain?
Use cases, trends and risks
Vendors and platforms
Data protection techniques and scalability
Tokenization
Digital business
Convert a digital value into a digital token
Local and central models
Cloud
Tokenization in Hybrid cloud
Protecting data privacy in analytics and machine learning - ISACAUlf Mattsson
In this session, we will discuss a range of new emerging technologies for privacy and confidentiality in machine learning and data analytics. We will discuss how to put these technologies to work for databases and other data sources.
When we think about developing AI responsibly, there’s many different activities that we need to think about.
This session also discusses international standards and emerging privacy-enhanced computation techniques, secure multiparty computation, zero trust, cloud and trusted execution environments. We will discuss the “why, what, and how” of techniques for privacy preserving computing.
We will review how different industries are taking opportunity of these privacy preserving techniques. A retail company used secure multi-party computation to be able to respect user privacy and specific regulations and allow the retailer to gain insights while protecting the organization’s IP. Secure data-sharing is used by a healthcare organization to protect the privacy of individuals and they also store and search on encrypted medical data in cloud.
We will also review the benefits of secure data-sharing for financial institutions including a large bank that wanted to broaden access to its data lake without compromising data privacy but preserving the data’s analytical quality for machine learning purposes.
Nov 2 security for blockchain and analytics ulf mattsson 2020 nov 2bUlf Mattsson
Blockchain
- What is Blockchain?
- Blockchain trends
Emerging data protection techniques
- Secure multiparty computation
- Trusted execution environments
- Use cases for analytics
- Industry Standards
Tokenization
- Convert a digital value into a digital token
- Tokenization local or in a centralized model
- Tokenization and scalability
Cloud
- Analytics in Hybrid cloud
Unlock the potential of data security 2020Ulf Mattsson
Explore challenges of managing and protecting data. We'll share best practices on establishing the right balance between privacy, security, and compliance
Tokenization on Blockchain is a steady trend. It seems that everything is being tokenized on Blockchain from paintings, diamonds and company stocks to real estate. Thus, we took an asset, tokenized it and created its digital representation that lives on Blockchain. Blockchain guarantees that the ownership information is immutable.
Unfortunately, some problems need to be solved before we can successfully tokenize real-world assets on Blockchain. Main problem stems from the fact that so far, no country has a solid regulation for cryptocurrency. For example, what happens if a company that handles tokenization sells the property? They have no legal rights on the property and thus are not protected by the law. Another problem is that this system brings us back some sort of centralization. The whole idea of Blockchain and especially smart contracts is to create a trustless environment.
Tokenization is a method that converts a digital value into a digital token. Tokenization can be used as a method that converts rights to an asset into a digital token.
The tokenization system can be implemented local to the data that is tokenized or in a centralized model. We will discuss tokenization implementations that can provide scalability across hybrid cloud models. This session will position different data protection techniques, use cases for blockchain, and protecting blockchain.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
5. 5
What is Privacy?
Privacy
/ˈprīvəsē/
Definedin Generally AcceptedPrivacyPrinciples (GAPP)as
“therightsandobligationsofindividualsandorganizationswithrespect tothecollection, use, retention,disclosure, and disposal of
personal information.”
16. 16
PrivacyRegulations
Sweden, TheDataAct, a nationaldataprotectionlaw wentinto effectin
1974
India is passinga comprehensivedataprotectionbill that
includeGDPR-likerequirements
Finland's Data ProtectionAct
Japanimplementschangesto domesticlegislationto strengthen
privacy protectionin thecountry
Brazil passinga comprehensivedataprotectionregulation
similarto GDPR
1970, Germany passedthe firstnationaldataprotection
law, firstdataprotectionlaw in the world
TheNew York PrivacyAct wasintroducedin 2019
Source:Forrester
CCPA'simpact is expectedto beglobal
(12+ %), given California'sstatusasthe
fifth largestglobal economy
GDPR'simpactis expectedtobeglobal
19. 19
How Many Privacy Laws Are You Complying With?
Source:IAPP
GeneralDataProtectionRegulation(EU) 2016/679(GDPR)isaregulationin EU lawondataprotectionandprivacyintheEuropeanUnion(EU)
andtheEuropeanEconomic Area(EEA). ItalsoaddressesthetransferofpersonaldataoutsidetheEU and EEA areas.
CaliforniaConsumerPrivacyAct ( CCPA)isabill thatenhancesprivacyrightsandconsumerprotectionforresidents
ofCalifornia,UnitedStates.
By Region
22. 22
Failureto Comply . . .
What are the Consequences ?
• Companies liable fora fine ofup tofourper cent (4%) oftheir global turnover with a maximum fine of~$25Million USD. This is for non-compliance with no
data breach!
• The principles ofprotection should apply toany information concerning an identified or identifiable person.
• To determine whether a person is identifiable, account should betaken of allthe means likely reasonably to beused either by the controller orby any
other person toidentify the individual.
• Theprinciples of dataprotection should notapplytodata rendered anonymous in such a way that the datasubject is no longer identifiable.
Why What How
23. 23
GDPR — Data ProtectionPrinciples(Article5)
• Personal data shall beprocessed lawfully, fairly and in a transparent mannerinrelation to the data subject
• Collected for specified, explicit and legitimate purposes only
• Adequate, relevant and limited to what is necessary in relation to thepurposes for which theyareprocessed (‘data minimization’)
• Accurateand, wherenecessary, kept up to date, erased or rectified without delay
• Kept ina form whichpermits identification of data subjects for nolonger than is necessary for thepurposes for which the personal data
are processed
• Processed in a mannerthat ensures appropriate security of the personal data
88Pages(99Articles) of Detailed DataProtectionRequirements
24. 24
GDPR under "Schrems II" – Lacking “Additional Safeguards”
https://www.jdsupra.com/legalnews/navigating-eu-data-transfers-effects-of-8348955/
X
• InMarch2021,the Bavarian DPA found therewas an unlawfultransfer
of personal data from a Germancontroller to the e-mail marketing
service Mailchimp inthe U.S.
• Failedtoassess whetheranysupplementarymeasures wereneededin
relationtothetransferofpersonaldatatoMailchimp.
• InApril 2021,the PortugueseDPA ordered a public authority to suspend
all transfers of personal data to the U.S. and other thirdcountries.
• Cloudflarewereinsufficienttoprotectthedata(which includedreligiousand
healthdata),andthepartiesdid notimplementany supplementarymeasures
toprovideadequateprotectionforthedata.
• Suspend thetransferofdatatotheU.S. oranyotherthirdcountry without
firstestablishingadequateprotectionforthedata.
25. 25
GDPR under "SchremsII“ – France,March2021
• Notransfer of data but nevertheless a risk of access byU.S. authorities because the EU-based processor is a subsidiaryof a U.S. company.
• Thehostingofhealthdatabya company boundbyU.S.lawwasincompatiblewiththeGDPRunder"SchremsII" andviolatedtheprovisionsoftheGDPR, due ontheone hand,
tothepossibilityofatransfertotheU.S.ofthedatacollectedby Doctolibthroughitsprocessor,andontheotherhand,evenin theabsenceofdatatransfer,totheriskofaccess
requestsbyU.S.authoritiestotheprocessor,AWS.
• Thecourtnotedforthepurposesofhostingitsdata, Doctolibuses theservicesoftheLuxemburg company AWSSarl,thedataishostedin datacenterslocatedin France
and inGermany, andthecontractconcludedbetweenDoctolibandAWS Sarldoesnotprovideforthetransferof datatotheU.S.
• However,becauseitisasubsidiaryofacompany under U.S.law,thecourtconsideredAWS Sarlin Luxemburgmay besubject toaccess requestsby U.S. authoritiesin the
frameworkofU.S.monitoringprogramsbasedonArticle702oftheForeignIntelligenceSurveillanceAct orExecutive Order12333.
• Thelevel of protection offered was sufficient due to the manysafeguards
https://iapp.org/news/a/why-this-french-court-decision-has-far-reaching-consequences-for-many-businesses/
26. 26
https://iapp.org/news/a/why-this-french-court-decision-has-far-
reaching-consequences-for-many-businesses/
GDPR under"SchremsII"
Legal safeguards:
• AWS Sarlguarantees in its contract with Doctolib, a French company, that it will
challenge anygeneral access request froma public authority.
Technical safeguards:
• Technically the data hosted byAWS Sarlis encrypted.
• AWS Sarl,a Luxembourg registeredcompany.
• The key is held by a trusted thirdpartyin France, not by AWS.
Other guarantees taken:
• No health data.
• Thedatahostedrelatesonlyto the identificationof individualsforthepurposeof making
appointments.
• Data is deleted after three months.
Doctolib
AWS Sarl
AWS will challenge any general
access request from a public
authority
27. 27
Big Data Protection with GranularFieldLevel Protection for Google
Cloud Protectionthroughout the lifecycleof data in Hadoop
BigData Protectortokenizes or
encryptssensitivedata fields
Enterprise
Policies
Policiesmaybe managedon-
premorGoogleCloudPlatform
(GCP)
PolicyEnforcementPoint
Protecteddatafields
U
Separation of Duties
EncryptionKeyManagem.
Security Officer
30. 30
Organizations needs to look at how the datawas captured,whois accountable for it, where it islocated and who has
access.
Data Flow MappingUnder GDPR
• If there is not already a documented workflow in place in yourorganization,it can be worthwhile for a team tobe sent out toidentify how the data
is being gathered.
• This willenable you tosee how your data flow is different from reality and what needs tobedone
Source:BigID
36. 36
The CCPA Effect
California Privacy Rights Act (CPRA)
1. On November 3, 2020, Californians voted to approve Proposition 24, a ballot measure
that creates the California Privacy Rights Act (CPRA).
2. The CPRA amends and expands the California Consumer Privacy Act (CCPA).
3. Most of the CPRA’s substantive provisions will not take effect until January 1, 2023,
providing covered businesses with two years of valuable ramp-up time.
4. Notably, however, the CPRA’s expansion of the “Right to Know” impacts personal
information (PI) collected during the ramp-up period, on or after January 1, 2022.
See https://en.wikipedia.org/wiki/2020_California_Proposition_24
38. 38
PrivacyStandards
11Published InternationalPrivacyStandards(ISO)
Techniques
Management
Cloud
Framework
Impact
Requirements
Process
20889 IS Privacyenhancingde-identificationterminologyandclassificationoftechniques
27701 IS Securitytechniques-ExtensiontoISO/IEC27001 andISO/IEC 27002 forprivacyinformationmanagement -Requirementsand
guidelines
27018 IS CodeofpracticeforprotectionofPIIinpubliccloudsacting as PIIprocessors
29100 IS Privacyframework
29101 IS Privacyarchitectureframework
29134 IS GuidelinesforPrivacyimpactassessment
29190 IS Privacycapabilityassessmentmodel
29191 IS Requirementsforpartiallyanonymous,partiallyunlinkableauthentication
29151 IS CodeofPracticeforPIIProtection
19608 TSGuidancefordevelopingsecurityandprivacyfunctionalrequirementsbasedon15408
27550 TRPrivacyengineeringforsystemlifecycleprocesses
39. 39
Different Data Protection Techniques
Data Store
DynamicMasking
2-way 1-way
FormatPreserving Computingonencrypteddata FormatPreserving
Tokenization
FormatPreserving
Encryption
(FPE)
HomomorphicEncryption
(HE)
Hashing
Static
Masking
DifferentialPrivacy
(DP)
K-anonymityModel
Random Algorithmic NoiseAdded
Fast Slow VerySlow Fast Fast
Fastest
ClearText
SyntheticData
Derivation
Fast
Anonymization
Of Attributes
Pseudonymization
Of Identifiers
40. 40
Example of Use-Cases & DataPrivacy Techniques
40
Vault-less tokenization Masking
Vault-less tokenization
Gateway
CallCenterApplication
PaymentApplication
Payment Data
Policy,Tokenization,Encryptionand
Keys
Salesforce
Payment
Network
SecurityOfficer
Data Warehouse
AnalyticsApplication
PI* Data
PI* Data
DifferentialPrivacy
AndK-anonymity
Dev/testSystems
PI* Data
VotingApplication
ElectionData
MicrosoftElectionGuard
42. 42
Randomized Tokenization
Data Store
DynamicMasking
2-way
FormatPreserving Computingonencrypteddata
Tokenization
FormatPreserving
Encryption
(FPE)
HomomorphicEncryption
(HE)
Random Algorithmic
Fast Slow VerySlow
Fastest
ClearText
Pseudonymization
Of Identifiers
Quantum Computers?
• Quantum computers and other strong
computers can break algorithms and patterns
in encrypted data.
• We can instead use random numbers to secure
sensitive data.
• Random numbers are not based on an
algorithm or pattern that computers can break.
Tech giants are building their own machines and
speeding to make them available to the world as a
cloud computing service. In the competition: IBM,
Google, Microsoft, Intel, Amazon, IonQ, Quantum
Circuits, Rigetti Computing
45. 45
Original Data
Fully Synthetic Data
Partially Synthetic Data
Artificially generated
new data points
Artificially generated
new data points
Synthetic Data
46. 46
6 Differential PrivacyModels
In differential privacy,the
concern is about privacyas
the relative difference in the
result whether aspecific
individual or entity is
includedin the input or
excluded
Random Differential Privacy
Probabilistic Differential Privacy
Concentrated Differential
Privacy
Approximate Differential Privacy
Computational Differential
Privacy
Multiparty Differential Privacy
Noiseisverylow.
Usedinpractice.
Moreusefulanalysiscanbeperformed.
Well-studied.
Widelyused
Canensuretheprivacyofindividualcontributions.
Aggregationisperformedlocally.
Strongdegreeofprotection.
Highaccuracy
Apuremodelprovidesprotectionevenagainstattackers withunlimitedcomputationalpower.
Canleadtounlikelyoutputs.
Tailoredtolargenumbersofcomputations.
47. 47
Area Timing Focus Comments Use Case: Bank
Requirements Short Internal requirements International regulations
Cloud Short Machine Learning Startwithbasic ML trainingand inference on sensitivedata in cloud
Competition Short Competitive advantage MLand NLP-powered servicescan give banks a competitiveedge
Data
Short Encrypted data Important
Long Synthetic data Computing cost?
Analytics
Medium AML/KYC Whatare otherLarge banks doing?
Short Analytics Initial focus
Short Operational on encrypted data Computing on sensitivedata tothe cloud. Trade-offswithperformance, protection and utility?
Industry Short Industry dialog Workinggroups instandard bodies (ANSI X9, Cloud Security Alliance,Homomorphic Encryption Org)
Model Short Encrypted model Important
Pilot
Short Experimentation Whatare otherLarge banks doing?
Short ScotiaBankCase Study QuerysolutionforAML/KYC
Proven Medium Fastfollower Whatare some proven solutions?
Quantum
Short Homomorphic Encryption post-
Lattice-basedcryptography isa promising post-quantumcryptography family,both in termsof foundational propertiesaswell as itsapplicationto both traditionaland homomorphic
encryption
Medium Quantum Plan forquantum safealgorithms
Long Quantum Plan forquantum MLalgorithms
Sharing Short Secure Multi-partyComputing (SMPC)
Withoutrevealingtheir ownprivateinputsand outputs. Encrypteddata and encryptionkeys never comingledwilecomputationon the encrypted dataisoccurringor an encryption key is
splitintoshares
Solutions
Short Vendor positioning
Nonlinear MLregressionneeded? LinearRegressionisone of the fundamental supervised-ML. Linearand non-linearcreditscoring by combininglogisticregressionand support vector
machines
Short Frameworkintegration Important
3rd Party Long 3rd party integration Miningfirst
TrainingML
Long Federated learning Complicated
Long TEE Emerging
48. 48
Data Protection Techniques:Deploying On-premisesand Clouds
Privacy enhancing data de-identification terminology
and classification of technique
DataWarehouse Centralized Distributed On-premises PublicCloud PrivateCloud
De-identification
techniques
Tokenization
Vault-basedtokenization Y Y
Vault-lesstokenization Y Y Y Y Y Y
Cryptographic Tools
Format preservingencryption Y Y Y Y Y
Homomorphic encryption Y Y Y
Suppression techniques
Masking Y Y Y Y Y Y
Hashing Y Y Y Y Y Y
Formalprivacy
measurementmodels
DifferentialPrivacy
ServerModel Y Y Y Y Y Y
LocalModel Y Y Y Y Y Y
K-anonymity model
L-diversity Y Y Y Y Y Y
T-closeness Y Y Y Y Y Y
49. 49
Example of Cross Border Data-centric Securityusing tokenization
SecurityOfficer
• ProtectingPersonally Identifiable Information (PII), includingnames,
addresses,phone,email, policyand accountnumbers
• Compliance with EU CrossBorderDataProtectionLaws
• UtilizingDataTokenization, andcentralizedpolicy, key management,
auditing,and reporting
Data
Warehouse
Completepolicy-enforcedde-
identificationofsensitivedata
acrossall bankentities
DataSources
AustrianData
GermanData
OtherSource
Data
Austrian
Data
German
Data
Other
Source
Data
56. 56
Protection of Data in AWS S3 with Separation of Duties
Protect data before
landing
Enterprise
Policies
Appsusingde-identified
data
Sensitivedatastreams
Enterprise
on-prem
Data lifted to S3 is
protected before use
S3
SecurityOfficer
• Applications can use de-identified
data ordata in the clear based on
policies
• Protection ofdata in AWS S3 before
landing in a S3 bucket
PolicyEnforcementPoint(PEP)
Separation of Duties
EncryptionKeyManagement
57. 57
Multi-Cloud Considerations
Source:Securosis,2019
Consistency
• Mostfirmsarequitefamiliarwiththeiron-premises encryptionand key
managementsystems,sotheyoftenprefertoleveragethe same tooland
skills across multipleclouds.
• Firmsoftenadopta “best of breed”cloud approach.
Trust
• Some customerssimplydo nottrusttheirvendors.
Vendor Lock-in and Migration
• A commonconcern is vendorlock-in, andan inabilitytomigratetoanothercloud
serviceprovider.
• Some nativecloudencryptionsystemsdo not allow customer keys to move outside
the system, andcloudencryptionsystemsare basedonproprietaryinterfaces.
• Thegoal is to maintainprotection regardless of where data resides, moving between
cloud vendors.
Cloud Gateway
Google Cloud AWS Cloud Azure Cloud