AI for humans - the future of your digital selfSpeck&Tech
ABSTRACT: In this talk, George will demonstrate the extent and power of personal data collected by technology companies. He will explore the potential of personal data to do both good and bad, the dangers of giving up your "digital DNA", and the value these companies extract from this data.
Data rights are finally legally recognised. With the combination of GDPR & rising awareness of personal data abuse, we might eventually be able to control our data, or at least understand as much about our digital footprint as profit-driven companies do.
AI is only possible because it has data. Imagine your data being used to benefit you, instead of targeting you with gambling adverts. Imagine the potential for next-generation research to understand our society, which can only happen if we break data out from being locked in corporate databases. Data rights are just the start, now we need to use them.
BIO: George Punter holds a first class Masters degree from Imperial College London in Electronics & Information Engineering. He co-founded Ethi (ethi.me), a startup that aims to make controlling your personal data easier, and allow users to use their personal data for their own benefit, or for social good. Ethi is currently partnering with a cyber security firm, TurgenSec, to help create next-generation, user-centred security.
1. Hillary Clinton used a personal email account for work while Secretary of State, like her predecessors. She cooperated fully with investigations and turned over over 30,000 emails to the State Department.
2. No information in Hillary's emails was marked classified at the time she sent or received them. She viewed classified materials through other secure means, not email.
3. Republican candidates like Jeb Bush and Bobby Jindal also used private emails for work but are now criticizing Hillary for it. The ongoing Benghazi committee investigation into Hillary's emails has become a partisan witch hunt.
Collecting Social Media as Digital Evidence - PageFreezer WebinarMichael Riedijk
Today, social media content is widely used as digital evidence in legal investigations and lawsuits; but with the multifaceted and ever-evolving nature of social media platforms, there are little-known challenges associated with collecting reliable evidence.
What are these challenges, and what are the best-practices for managing them moving forward? How can one gather reliable social media evidence that undeniably meets court expectations?
These are the slides from “Collecting Social Media Records as Digital Evidence” - an exclusive webinar presented by Michael Riedyk, CEO of PageFreezer - the leading tool for social media and website evidence collection.
Information privacy and Government RegulationsMay Moftah
This document discusses information privacy and government regulations. It defines privacy as a complex concept involving control over personal information. It also discusses how the government collects information through laws like the Foreign Intelligence Surveillance Act and the Privacy Act. The document concludes that while complete privacy cannot be guaranteed, government has established some rules around personal information collection and privacy. It asks for opinions on recent changes to privacy laws and regulations.
General Data Protection Regulation specifies how customers data can be used and protected. The primary objective of the GDPR is to give citizens control of their personal data. Failing to comply with GDPR can cost you 4% of global turnover or €20 million or whichever is greater.
This document summarizes key UK legal issues related to data protection and cybersecurity. It outlines several relevant laws including the Data Protection Act 2018, General Data Protection Regulations 2018, Computer Misuse Act 1990, Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000, Fraud Act 2006, and Health and Safety at Work etc. Act 1974. It then provides more detail on the principles of lawfulness, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality from the GDPR.
AI for humans - the future of your digital selfSpeck&Tech
ABSTRACT: In this talk, George will demonstrate the extent and power of personal data collected by technology companies. He will explore the potential of personal data to do both good and bad, the dangers of giving up your "digital DNA", and the value these companies extract from this data.
Data rights are finally legally recognised. With the combination of GDPR & rising awareness of personal data abuse, we might eventually be able to control our data, or at least understand as much about our digital footprint as profit-driven companies do.
AI is only possible because it has data. Imagine your data being used to benefit you, instead of targeting you with gambling adverts. Imagine the potential for next-generation research to understand our society, which can only happen if we break data out from being locked in corporate databases. Data rights are just the start, now we need to use them.
BIO: George Punter holds a first class Masters degree from Imperial College London in Electronics & Information Engineering. He co-founded Ethi (ethi.me), a startup that aims to make controlling your personal data easier, and allow users to use their personal data for their own benefit, or for social good. Ethi is currently partnering with a cyber security firm, TurgenSec, to help create next-generation, user-centred security.
1. Hillary Clinton used a personal email account for work while Secretary of State, like her predecessors. She cooperated fully with investigations and turned over over 30,000 emails to the State Department.
2. No information in Hillary's emails was marked classified at the time she sent or received them. She viewed classified materials through other secure means, not email.
3. Republican candidates like Jeb Bush and Bobby Jindal also used private emails for work but are now criticizing Hillary for it. The ongoing Benghazi committee investigation into Hillary's emails has become a partisan witch hunt.
Collecting Social Media as Digital Evidence - PageFreezer WebinarMichael Riedijk
Today, social media content is widely used as digital evidence in legal investigations and lawsuits; but with the multifaceted and ever-evolving nature of social media platforms, there are little-known challenges associated with collecting reliable evidence.
What are these challenges, and what are the best-practices for managing them moving forward? How can one gather reliable social media evidence that undeniably meets court expectations?
These are the slides from “Collecting Social Media Records as Digital Evidence” - an exclusive webinar presented by Michael Riedyk, CEO of PageFreezer - the leading tool for social media and website evidence collection.
Information privacy and Government RegulationsMay Moftah
This document discusses information privacy and government regulations. It defines privacy as a complex concept involving control over personal information. It also discusses how the government collects information through laws like the Foreign Intelligence Surveillance Act and the Privacy Act. The document concludes that while complete privacy cannot be guaranteed, government has established some rules around personal information collection and privacy. It asks for opinions on recent changes to privacy laws and regulations.
General Data Protection Regulation specifies how customers data can be used and protected. The primary objective of the GDPR is to give citizens control of their personal data. Failing to comply with GDPR can cost you 4% of global turnover or €20 million or whichever is greater.
This document summarizes key UK legal issues related to data protection and cybersecurity. It outlines several relevant laws including the Data Protection Act 2018, General Data Protection Regulations 2018, Computer Misuse Act 1990, Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000, Fraud Act 2006, and Health and Safety at Work etc. Act 1974. It then provides more detail on the principles of lawfulness, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality from the GDPR.
The Privacy Law Landscape: Issues for the research communityARDC
Presentation by Anna Johnston of Salinger Privacy to ARDC's 'GDPR and NDB scheme: Intersection with the Australian research sector' webinar on 13 September 2018
Public records contain information about individuals that is available for public view and can be obtained legally. Reasons to lookup public records include hiring employees, learning about romantic partners or suspicious individuals, or locating lost friends. Online public records searches have made the process hassle-free and cost-efficient, as many websites provide records for free or low fees. Caution should be taken as some non-authorized websites may contain fake information.
Laptop Theft Recovery Cases from Absolute Software – Case Number 8F6Z9Absolute LoJack
Laptop recovery story of How the Absolute recovery team recovered a stolen laptop from Virginia USA. Visit: http://www3.absolute.com/lojackforlaptops/ to recover and track your stolen laptops or mac.
This document provides an overview of social media, law, and privacy. It begins with a prayer related to social media and the internet. It then discusses definitions of privacy, including a person's right to control their personal information and what constitutes an invasion of privacy. It outlines several privacy issues with social media, such as what information is collected and how it is used. It also discusses the terms of use of major social media platforms and privacy settings. Finally, it provides an example of the many federal and state privacy laws that could be violated by posting private information on social media.
How to implement GDPR for the public sector, December 2017Browne Jacobson LLP
The clock has started on the biggest change to data protection law for a generation. With public authorities regularly handling personal data – and at times sensitive (or special category) data - in relation to the delivery of public services, we've brought together a panel of public sector experts to help you prepare for May 2018 as the General Data Protection Regulation (GDPR) comes into force.
With the new regulation comes significant change, including the basis on which public authorities can process personal data for HR and public functions. Patrick O’Connell and Dmitrije Sirovica explore how the GDPR will impact the way that you communicate with individuals and collect, hold and process their personal information. Patrick and Dmitrije take a closer look at whether public bodies can ever use consent – if so, when and what’s needed? Similarly, they explore whether public bodies can use 'legitimate interests’ to process personal information – again, if so, when?
The digital forensic examinations and criminal investigationsICFECI
The results of forensic science is likely the number one factor in solving cold cases. Image for over 30 years, having an unsolved criminal case hanging over your head. One of the largest serial crimes was solved by the use of computer forensic services. ICFECI could be the key that provides the answers that are desperately needed.
The document discusses various topics relating to privacy and computer technology, including key aspects of privacy such as freedom from intrusion and control over personal information. It covers new risks to privacy from government and private databases, as well as data mining and other tools used for surveillance. Finally, it discusses principles for data collection and use, as well as diverse privacy topics such as marketing, location tracking, and protecting privacy through technology and laws.
Smartphone Encryption and the FBI DemystifiedMichael Sexton
The document discusses how Apple and Android have implemented stronger default encryption on smartphones that limits law enforcement access to user data even with a warrant. This shift has concerned the FBI director but protects users from potential exploitation of any backdoor access. While encryption has prevented access to a small percentage of authorized intercepts so far, this number will likely rise as more users opt into the stronger protections. The development raises questions about balancing privacy rights with government access that require serious political discussion.
- The recent action taken by the US against St. Lucia under the Leahy Law may be connected to the 2011 revocation of former housing minister Richard Frederick's visa.
- Frederick's visa was likely revoked due to false information supplied by members of the opposition St. Lucia Labour Party in an effort to damage his reputation.
- The US investigation into Frederick's visa revocation uncovered that certain officials may have been misled by St. Lucians in order to revoke his visa, and some officials have faced discipline as a result. However, the full circumstances have not been clarified.
Is it safe to share your location on Foursquare, Gowalla, Facebook, Twitter? Shouldn't we all share more, since only wrongdoers have something to hide? Is it even possible to opt out of sharing in a connected society?
The Firecat Studio First Friday Coworking and Brownbag lunch topic of May, 2011 covered these examples and currently proposed legislation.
Justin Harvey - Apple vs DOJ: Privacy in Today's Enterprisecentralohioissa
The document summarizes key events in the Apple v. DOJ case regarding privacy and encryption. It discusses the FBI's request that Apple help unlock an iPhone used by one of the San Bernardino shooters. It then outlines the timeline of events, including Apple opposing the FBI's order in court. The document also discusses interpretations of privacy rights and surveillance, as well as the challenges companies face in balancing security, privacy and legal obligations.
The document discusses several myths about privacy rights and digital assets of deceased persons. It summarizes that Canadian privacy law still protects some personal information of deceased individuals. However, there is no clear law around access to their digital accounts and assets by executors. Social media sites have their own varied policies around privacy and access after death. The document calls for clarification of executors' rights and better digital estate planning to address challenges around deceased persons' digital legacies.
Who ownes the customer? Privacy in the connected age.jatharrison
The document discusses how customer data ownership has evolved over time as technology has advanced. In the 1980s, customers' personal data was owned by few entities like the government, doctors, and phone directories. With the rise of the internet, data became dispersed across many websites. Now with social media, customers share vast amounts of personal data, but often don't truly own it despite generating value for companies. The document argues that for a fair future, customers should own and manage their own personal data stores, choosing which companies can access it in exchange for valuable services. Laws must evolve to protect privacy and give customers control over their data.
GDPR KickOff Presentation - Getting EVERYONE UP TO SPEEDJoe Orlando
Here is a compilation of thoughts and reference points around the effort required to become compliant with the EU General Data Protection Regulation (GDPR)
We Know What You Did Last Summer (and Last Night) - ForgeRock Identity Live A...ForgeRock
Stacey Higginbotham - Journalist - As we add the internet to more devices, we're also making more information about ourselves available online. Not necessarily to the public, but to family, marketers, and even law enforcement. What are we sharing? With whom? And what should we do about it?
The Data Protection Act 1998 protects people's personal information. O2 mobile customers in the UK were inadvertently sharing their phone numbers with websites they visited. This privacy breach could allow site owners to collect numbers for marketing calls and texts without consent. The Information Commissioner's Office is considering investigating further, but a phone number alone is not currently classified as personal identifying information under the Act.
Data mining involves extracting and analyzing large amounts of data to find patterns. While it provides benefits to companies, some view it as an invasion of privacy. There is little regulation in the US on data mining. The government has broad powers to collect data under laws like the Patriot Act. Data breaches have compromised over 800 million records, revealing sensitive personal information. Retailers use data mining to target customers, while gamers mine data to learn about new game content. More regulation may be needed to protect personal privacy as data mining becomes more widespread.
E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course T...Cengage Learning
E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course Technology Computing Conference
Presenter: Amelia Phillips, Highline Community College
E-discovery is defined as “gathering electronically stored information (ESI) for use in litigation”. At first glance, this appears to be a straightforward statement, but upon further examination one finds that it encompasses a broad range of items. Over 90% of documents produced by companies now are electronic. Older paper files have been converted to microfiche or PDF files. Add to this email, text messages, social media (yes, even the IRS has a Facebook page) and you have an idea of the amount of information that becomes this new term called “Big Data”. Terabytes of data will soon become petabytes of data. Are we ready? Are our students prepared for this new era? E-Discovery is a field that affects not only the lawyers, but the IT support staff, and how companies do business. In this talk you will be introduced to some of the new technology in the field such as predictive coding, forensic linguistics, and social media archiving. You will also be shown some of the new tools on the market that you can use in your classrooms to prepare your students and yourself for this fast evolving arena. What does a company need to do when a litigation hold is in place? What response needs to come from the legal staff, the IT support staff, the managers, and the average employee? How does this affect the BYOD (Bring Your Own Device) policies? Which comes first - employee privacy, freedom of information or corporate security? You will walk away from this talk with a methodology to incorporate this new topic into your curriculum. You will also be given ideas of how to make this affordable for your labs, what foundations your students need, and how to deliver this in a way that appeals to the business, IT or legal oriented student. This topic affects them all. Come and find out why this is something they need to be successful in tomorrow's market.
Companies collect vast amounts of personal data from various sources such as social media logins, online quizzes, purchases, internet activity, and IoT devices. This data is used for targeted ads, product customization, insurance rates, and credit reports. However, data can also be abused, such as for political targeting, identity theft if breached, or changing credit scores based on behaviors. Individuals can take steps to secure their data by controlling profiles and opting out of data collection, but the US third party doctrine allows government collection of data shared with companies without warrants.
The Privacy Law Landscape: Issues for the research communityARDC
Presentation by Anna Johnston of Salinger Privacy to ARDC's 'GDPR and NDB scheme: Intersection with the Australian research sector' webinar on 13 September 2018
Public records contain information about individuals that is available for public view and can be obtained legally. Reasons to lookup public records include hiring employees, learning about romantic partners or suspicious individuals, or locating lost friends. Online public records searches have made the process hassle-free and cost-efficient, as many websites provide records for free or low fees. Caution should be taken as some non-authorized websites may contain fake information.
Laptop Theft Recovery Cases from Absolute Software – Case Number 8F6Z9Absolute LoJack
Laptop recovery story of How the Absolute recovery team recovered a stolen laptop from Virginia USA. Visit: http://www3.absolute.com/lojackforlaptops/ to recover and track your stolen laptops or mac.
This document provides an overview of social media, law, and privacy. It begins with a prayer related to social media and the internet. It then discusses definitions of privacy, including a person's right to control their personal information and what constitutes an invasion of privacy. It outlines several privacy issues with social media, such as what information is collected and how it is used. It also discusses the terms of use of major social media platforms and privacy settings. Finally, it provides an example of the many federal and state privacy laws that could be violated by posting private information on social media.
How to implement GDPR for the public sector, December 2017Browne Jacobson LLP
The clock has started on the biggest change to data protection law for a generation. With public authorities regularly handling personal data – and at times sensitive (or special category) data - in relation to the delivery of public services, we've brought together a panel of public sector experts to help you prepare for May 2018 as the General Data Protection Regulation (GDPR) comes into force.
With the new regulation comes significant change, including the basis on which public authorities can process personal data for HR and public functions. Patrick O’Connell and Dmitrije Sirovica explore how the GDPR will impact the way that you communicate with individuals and collect, hold and process their personal information. Patrick and Dmitrije take a closer look at whether public bodies can ever use consent – if so, when and what’s needed? Similarly, they explore whether public bodies can use 'legitimate interests’ to process personal information – again, if so, when?
The digital forensic examinations and criminal investigationsICFECI
The results of forensic science is likely the number one factor in solving cold cases. Image for over 30 years, having an unsolved criminal case hanging over your head. One of the largest serial crimes was solved by the use of computer forensic services. ICFECI could be the key that provides the answers that are desperately needed.
The document discusses various topics relating to privacy and computer technology, including key aspects of privacy such as freedom from intrusion and control over personal information. It covers new risks to privacy from government and private databases, as well as data mining and other tools used for surveillance. Finally, it discusses principles for data collection and use, as well as diverse privacy topics such as marketing, location tracking, and protecting privacy through technology and laws.
Smartphone Encryption and the FBI DemystifiedMichael Sexton
The document discusses how Apple and Android have implemented stronger default encryption on smartphones that limits law enforcement access to user data even with a warrant. This shift has concerned the FBI director but protects users from potential exploitation of any backdoor access. While encryption has prevented access to a small percentage of authorized intercepts so far, this number will likely rise as more users opt into the stronger protections. The development raises questions about balancing privacy rights with government access that require serious political discussion.
- The recent action taken by the US against St. Lucia under the Leahy Law may be connected to the 2011 revocation of former housing minister Richard Frederick's visa.
- Frederick's visa was likely revoked due to false information supplied by members of the opposition St. Lucia Labour Party in an effort to damage his reputation.
- The US investigation into Frederick's visa revocation uncovered that certain officials may have been misled by St. Lucians in order to revoke his visa, and some officials have faced discipline as a result. However, the full circumstances have not been clarified.
Is it safe to share your location on Foursquare, Gowalla, Facebook, Twitter? Shouldn't we all share more, since only wrongdoers have something to hide? Is it even possible to opt out of sharing in a connected society?
The Firecat Studio First Friday Coworking and Brownbag lunch topic of May, 2011 covered these examples and currently proposed legislation.
Justin Harvey - Apple vs DOJ: Privacy in Today's Enterprisecentralohioissa
The document summarizes key events in the Apple v. DOJ case regarding privacy and encryption. It discusses the FBI's request that Apple help unlock an iPhone used by one of the San Bernardino shooters. It then outlines the timeline of events, including Apple opposing the FBI's order in court. The document also discusses interpretations of privacy rights and surveillance, as well as the challenges companies face in balancing security, privacy and legal obligations.
The document discusses several myths about privacy rights and digital assets of deceased persons. It summarizes that Canadian privacy law still protects some personal information of deceased individuals. However, there is no clear law around access to their digital accounts and assets by executors. Social media sites have their own varied policies around privacy and access after death. The document calls for clarification of executors' rights and better digital estate planning to address challenges around deceased persons' digital legacies.
Who ownes the customer? Privacy in the connected age.jatharrison
The document discusses how customer data ownership has evolved over time as technology has advanced. In the 1980s, customers' personal data was owned by few entities like the government, doctors, and phone directories. With the rise of the internet, data became dispersed across many websites. Now with social media, customers share vast amounts of personal data, but often don't truly own it despite generating value for companies. The document argues that for a fair future, customers should own and manage their own personal data stores, choosing which companies can access it in exchange for valuable services. Laws must evolve to protect privacy and give customers control over their data.
GDPR KickOff Presentation - Getting EVERYONE UP TO SPEEDJoe Orlando
Here is a compilation of thoughts and reference points around the effort required to become compliant with the EU General Data Protection Regulation (GDPR)
We Know What You Did Last Summer (and Last Night) - ForgeRock Identity Live A...ForgeRock
Stacey Higginbotham - Journalist - As we add the internet to more devices, we're also making more information about ourselves available online. Not necessarily to the public, but to family, marketers, and even law enforcement. What are we sharing? With whom? And what should we do about it?
The Data Protection Act 1998 protects people's personal information. O2 mobile customers in the UK were inadvertently sharing their phone numbers with websites they visited. This privacy breach could allow site owners to collect numbers for marketing calls and texts without consent. The Information Commissioner's Office is considering investigating further, but a phone number alone is not currently classified as personal identifying information under the Act.
Data mining involves extracting and analyzing large amounts of data to find patterns. While it provides benefits to companies, some view it as an invasion of privacy. There is little regulation in the US on data mining. The government has broad powers to collect data under laws like the Patriot Act. Data breaches have compromised over 800 million records, revealing sensitive personal information. Retailers use data mining to target customers, while gamers mine data to learn about new game content. More regulation may be needed to protect personal privacy as data mining becomes more widespread.
E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course T...Cengage Learning
E-Discovery: How do Litigation Hold, BYOD, and Privacy Affect You? - Course Technology Computing Conference
Presenter: Amelia Phillips, Highline Community College
E-discovery is defined as “gathering electronically stored information (ESI) for use in litigation”. At first glance, this appears to be a straightforward statement, but upon further examination one finds that it encompasses a broad range of items. Over 90% of documents produced by companies now are electronic. Older paper files have been converted to microfiche or PDF files. Add to this email, text messages, social media (yes, even the IRS has a Facebook page) and you have an idea of the amount of information that becomes this new term called “Big Data”. Terabytes of data will soon become petabytes of data. Are we ready? Are our students prepared for this new era? E-Discovery is a field that affects not only the lawyers, but the IT support staff, and how companies do business. In this talk you will be introduced to some of the new technology in the field such as predictive coding, forensic linguistics, and social media archiving. You will also be shown some of the new tools on the market that you can use in your classrooms to prepare your students and yourself for this fast evolving arena. What does a company need to do when a litigation hold is in place? What response needs to come from the legal staff, the IT support staff, the managers, and the average employee? How does this affect the BYOD (Bring Your Own Device) policies? Which comes first - employee privacy, freedom of information or corporate security? You will walk away from this talk with a methodology to incorporate this new topic into your curriculum. You will also be given ideas of how to make this affordable for your labs, what foundations your students need, and how to deliver this in a way that appeals to the business, IT or legal oriented student. This topic affects them all. Come and find out why this is something they need to be successful in tomorrow's market.
Companies collect vast amounts of personal data from various sources such as social media logins, online quizzes, purchases, internet activity, and IoT devices. This data is used for targeted ads, product customization, insurance rates, and credit reports. However, data can also be abused, such as for political targeting, identity theft if breached, or changing credit scores based on behaviors. Individuals can take steps to secure their data by controlling profiles and opting out of data collection, but the US third party doctrine allows government collection of data shared with companies without warrants.
Consumers care deeply about privacy but take few steps to protect themselves. Most Americans want control over their personal data and what is collected about them, yet few change their online behaviors to avoid tracking. Stolen identities and data records are frequently bought and sold on the dark web, with social security numbers sold for just $1. The average cost of a data breach for large companies is $6.5 million. As more devices and records are connected, privacy risks grow substantially without comprehensive privacy laws or protections.
Privacy is defined as an individual's right to control information associated with them. Authentication is key to privacy, as it allows an individual to prove their identity and assert control over their data. While some definitions of privacy focus on secrecy or isolation, a better definition recognizes an individual's right to determine what happens to data about them. For privacy to be effective, a national authentication system is needed to identify individuals and enable them to secure their information, rather than relying on for-profit companies to handle authentication. Laws with strict penalties are also needed to enforce individual privacy rights and hold responsible any entities that fail to protect personal data.
Identity theft occurs when someone steals personal information like names, addresses, birth dates, social security numbers, etc. and uses it to impersonate the victim. This can be used to open credit cards and bank accounts, take loans, get medical treatment, and more all in the victim's name. Victims can face damaged credit, financial losses, and spend significant time repairing their credit and good name. Common ways identity thieves get information include dumpster diving, phishing emails/calls, hacking computers and networks, and data breaches at companies. Laws like the Identity Theft and Assumption Deterrence Act and the Information Technology Act in India make identity theft a crime and provide punishments. Victims should monitor accounts,
2017 has seen some of the most considerable changes and fraud threats in the field of digital identity. With Equifax Data breach affecting millions of consumer data, it is imperative to understand the issues arising from digital identity theft.
The presentation probes deep into the basics of digital identity and its characteristics. A significant emphasis is laid on the drivers of digital identity theft and guidelines to not fall victim to it.
How your nonprofit can avoid data breaches and ensure privacyTechSoup Canada
Increasingly, nonprofits hold large quantities of digital assets (such as donor information, grant application details, financial records, etc.). Organizations of all sizes and industries are being targeted by cyber criminals. Cyber-attacks will often devastate an organization’s operations and have significant financial, legal and reputational consequences.
In this webinar, Imran Ahmad of Miller Thomson, LLP will explain how implementing best practices from a pre-breach standpoint can go a long way to mitigate the negative consequences of a cyber-attack.
What you will learn:
- what the cyber threat landscape looks like
- how to ensure privacy of your digital assets
- steps to take in the aftermath of a cyber-attack
This document provides an overview of data privacy for governmental organizations. It discusses what data privacy is, the risks associated with it such as identity theft, and common laws around data privacy including California state laws. It recommends that organizations take an inventory of their data, develop privacy policies and training, and ensure proper system monitoring and controls. The document emphasizes being proactive on data privacy issues.
Privacy & Data Security for InHouse Counselamprivacy
This document provides an overview of privacy and data security issues for in-house counsel. It begins with an outline of topics to be discussed, including labor and employment law, litigation, real estate, corporate compliance, and corporate transactions. Specific issues that will be covered include employee privacy in email and social media, data breach response plans, and regulatory disclosure requirements. Solutions proposed include conducting risk assessments, training employees, and appointing a privacy officer to develop policies with privacy and security in mind. The goal is to help in-house counsel navigate increasing regulation and litigation in this area.
Identity Theft: Fallout, Investigation, and Preventionfmi_igf
This document summarizes a panel discussion on identity theft held by the Financial Management Institute. The panel discussed Jennifer Fiddian-Green's experience becoming a victim of mortgage fraud, where criminals took out loans in her name for two properties totaling $494,060. Detective Ian Nichol discussed how identity theft is usually a group effort involving brokers obtaining personal information, forgers, and money laundering. He noted recent identity theft investigations against criminal organizations in Canada. The panel aimed to educate attendees on preventing identity theft and the fallout of becoming a victim.
Similar to The Blockchain and Identity -- Grant Fondo, Goodwin Proctor (20)
Securing BGP: Operational Strategies and Best Practices for Network Defenders...APNIC
Md. Zobair Khan,
Network Analyst and Technical Trainer at APNIC, presented 'Securing BGP: Operational Strategies and Best Practices for Network Defenders' at the Phoenix Summit held in Dhaka, Bangladesh from 23 to 24 May 2024.
Discover the benefits of outsourcing SEO to Indiadavidjhones387
"Discover the benefits of outsourcing SEO to India! From cost-effective services and expert professionals to round-the-clock work advantages, learn how your business can achieve digital success with Indian SEO solutions.
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...APNIC
Adli Wahid, Senior Internet Security Specialist at APNIC, delivered a presentation titled 'Honeypots Unveiled: Proactive Defense Tactics for Cyber Security' at the Phoenix Summit held in Dhaka, Bangladesh from 23 to 24 May 2024.
HijackLoader Evolution: Interactive Process HollowingDonato Onofri
CrowdStrike researchers have identified a HijackLoader (aka IDAT Loader) sample that employs sophisticated evasion techniques to enhance the complexity of the threat. HijackLoader, an increasingly popular tool among adversaries for deploying additional payloads and tooling, continues to evolve as its developers experiment and enhance its capabilities.
In their analysis of a recent HijackLoader sample, CrowdStrike researchers discovered new techniques designed to increase the defense evasion capabilities of the loader. The malware developer used a standard process hollowing technique coupled with an additional trigger that was activated by the parent process writing to a pipe. This new approach, called "Interactive Process Hollowing", has the potential to make defense evasion stealthier.
The Blockchain and Identity -- Grant Fondo, Goodwin Proctor
1. The Blockchain &
Identity -- Privacy
Issues and the
Implications for
Government Oversight
and Control.
Grant Fondo
Goodwin Procter LLP
gfondo@goodwinlaw.com
2. Our Current System of Identity
1
• Pretty Awesome right?
• Different passwords for every darn website I use
• Security questions
• Driver’s license
• Photo Id
• Social Security No.
• Ask yourself
• Do you like it that Google knows more about you than your spouse?
• Does a bartender need to know where I live?
• Does Amazon really need to know my mother’s maiden name? My favorite
pet?
• Why do I need a driver’s license, a SS card, and a passport?
• How easy is it to buy a SS#?
4. Estonia Model
3
• Estonian ID card
• Identity for private uses
• Mortgage information
• Medical information
• Identity for public uses
• Tax information sent for tax returns
• Trains
• Citizens “owns” data, controls access
• Gov’t employee ID needed to access information, logs who
accesses information
5. U.S. Privacy Laws Protect Types of “Information”
Not You
4
• Health Insurance Portability and Accountability Act – Medical
Records
• Stored Communications Act – email content
• Fair Credit Reporting Act – accuracy of financial information
6. Government’s Ability To Access Data
5
• We don’t trust government – 4th Amendment
• NSA & Foreign Intelligence Surveillance Act orders
• NSA given a “court order” for an internal NSA search engine to collect
billions of phone and internet records and contains the unfiltered private
information of millions of Americans.
• Riley v. CA (U.S. 2014):
• Historically police could search cell phones without a search warrant
• Smartphone searched – illegal search and seizure?
• S. Ct: SW needed to search a smartphone
• Phone equivalent to a person’s home office & more
• U.S. v. Apple
• All Writs Act
• San Bernardino killer’s IPhone 5c
• Gov’t tried to compel Apple to help it write software to disable a security
function
7. Government’s Ability To Access Data
6
• Microsoft v. U.S., 14-2985 (2d Cir. 2016)
• Warrant issued for data
• Data stored in Ireland
• U.S. Government had no authority under the Stored Communications Act
(“SCA”) to use a warrant to access data stored overseas.
• Proper nexus for jurisdiction: where the data is stored, rather than the
location of the service provider or the data’s owner.
• U.S. v. Google (EDPA Feb. 2013)
• SCA
• Transferring emails from a foreign server so FBI agents could review them
locally as part of a domestic fraud probe did not qualify as a seizure
• Court: There was "no meaningful interference" with the account holder's
"possessory interest" in the data sought.
• “Though the retrieval of the electronic data by Google from its multiple data
centers abroad has the potential for an invasion of privacy, the actual
infringement of privacy occurs at the time of disclosure in the United States,"
8. Seriously, Do You Really Want A Digital Identity?
Your
Digital
Identity
CIA
Local
Sheriff
IRS
Depart. Of
Homeland
SecurityFBI
Treasury/
FinCEN
9. Digital Identity Would Make Things
Easier For You . . . And the Gov’t
8
One-stop
Shopping
for the
Feds
10. And Hackers?
• Likely harder to breach . . . but
• One-stop shopping for hackers
• Foreign governments
• Criminals
• One mistake = big problem
9
11. Why Do You Think It Is YourDigital Identity?
10
• U.S. Government owns your passport
• CA owns your driver’s license
• Cannot sell your SS card
12. Certainly Benefits
• KYC & AML compliance savings
• Less Id to carry
• Blocking transfers to bad guys easier
• Transparency
• Easy to track transaction records
11