A solid privacy and security approach Alf Moens
- Slides: 16
A solid privacy and security approach Alf Moens , Corporate Security Officer SURF Evelijn Jeunink , Legal adviser, Corporate Privacy Officer SURF
A set of legal standards Securityframework. Audit Privacy compliance working program
SURFaudit is: o o o A collaboratieve audit-tool A benchmarking proces A maturity model Based on ISO Standards A little privacy added last year
A set of legal standards Securityframework. Audit Privacy compliance working program
After-shock 1: Almost nine in ten (88 percent) ICT decision-makers are changing their cloud buying behaviour, with over one in three (38 percent) amending their procurement conditions for cloud providers • After-shock 2: Only 5 percent of respondents believe location does not matter at all when it comes to storing company data • After-shock 3: More than three in ten (31 percent) ICT decision-makers are moving data to locations where the business knows it will be safe • After-shock 4: Around six in ten (62 percent) of those not currently using cloud feel the revelations have prevented them from moving their ICT into the cloud • After-shock 5: ICT decision-makers now prefer buying a cloud service which is located in their own region, especially EU respondents (97 percent) and US respondents (92 percent) • After-shock 6: Just over half (52 percent) are carrying out greater due diligence on cloud providers than ever before • After-shock 7: One in six (16 percent) is delaying or cancelling contracts with cloud service providers • After-shock 8: More than four fifths (84 percent) feel they need more training on data protection Laws • After-shock 9: 82 percent of all ICT decision-makers globally agree with proposals by Angela Merkel
Time line • • • 1995 Privacy Directive National law (Wbp 2001 The Netherlands) 2011 starting point new regulation 2012 first draft 3132 amendments more privacy Voting in Parliament less privacy neutral • EU Elections (May) • Council (June ? )
“I have a clear message to the council: Any further postponement would be irresponsible, ” said Jan Philipp Albrecht, the rapporteur for the regulation. “The citizens of Europe expect us to deliver a strong EU-wide data protection regulation. If there are some member states which do not want to deliver after two years of negotiations, the majority should go ahead without them. ” EU Justice Commissioner Viviane Reding also voiced strong support for the vote. “The message the European Parliament is sending is unequivocal: This reform is a necessity and now it is irreversible. ”
The EU Parliament's text represents: - a powerful statement in favour of people's ability to control their own data. The Parliament has carefully refined the data protection rights of individuals by trying at all times to put people in a position of power in terms of the uses made of their data; - strengthened protections around data transfers of EU citizens’ data to non-EU countries; - increase of the potential fines to firms in breach of the regulation to € 100 million, or five percent of global turnover, ; - ensure EU citizens have a right to be forgotten and to not be profiled; - reinforcing the so-called accountability principle by requiring • • • the adoption and regular review of compliance policies and procedures bolstering new principles like data protection by design and by default establishing brand new obligations such as the requirement to carry out risk assessments of most processing operations and ongoing data protection compliance reviews - requiring the compulsory appointment of data protection officers
Privacy initiative group: o Community wide working program o Cooperation to be better prepared for the upcoming EU regulation and to fix shortcomings already there o Act as an intermediary for the parties as the DPA o Synergy and quality, but also gain legitimacy for sector wide policies and implementations
Privacy initiative group: Representatives from - universities - colleges - teaching hospitals mix of - lawyers - privacy officers - security officers - Information Managers SURF is doing the project management, provides coordination and support within sector, informs SURF organization and community
A set of legal standards Securityframework. Audit Privacy compliance working program
Legal standard framework for cloud services: o o Confidentiality Privacy Intellectual property continuity
Considerations: o Support and commitment. Support is necessary to acquire a strong negotiating position Privacy and confidentiality are important for SURF. Much research done and involvement. Dutch DPA opinion on cloud computing and report on the Patriot Act. Framework brings this all together. External legal expertise and lawyers from the institutions involved to achieve best practice clauses and – againcommitment
Legal Framework: o Contractual provisions to be included in the contract with the cloud supplier o Contains a differentiation depending on risk analysis o An explanation is included that refers to relevant legislation and common practice
Cvs privacy awareness training answers
Moens korteweg equation
Dr moens
Startersformaliteiten
Microsoft from back doors gov active
Chapter 9 privacy security and ethics
Chapter 9 privacy security and ethics
Chapter 9 privacy security and ethics
Hipaa privacy and security awareness training
Is a destructive event a program is intended to deliver.
Private securty
Mujaddid alf sani and two nation theory
Crystalline vs amorphous
Example of crystalline solid
Crystalline solid
Crystalline solid and amorphous solid
Interfacial angles
