We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byAusten Colt
Modified about 1 year ago
S-1 © RGP & UW-CISA 2010 Business & Technology Environment Summer 2010 Robert G Parker
S-2 © RGP & UW-CISA 2010 Business & Technology Environment Summer 2010 Robert G Parker
S-3 © RGP & UW-CISA 2010 Crisis Management Privacy Social Networks eDiscovery / eEvidence Cloud Computing Parallel Programming Agenda
S-4 © RGP & UW-CISA 2010 Privacy
S-5 © RGP & UW-CISA 2010 Privacy USA: Supreme Court Canada: No Jail Time
S-6 © RGP & UW-CISA 2010 Privacy As patrons enter a bar they’ll have their ID cards swiped through a data reader and their photo taken. If the patron causes trouble in the bar, an “alert” will be placed on file are shared with other bars Times Colonist – July 2009
S-7 © RGP & UW-CISA 2010 Privacy Privacy Commissioner David Loukidelis ruled earlier this week that the technology used by about 100 bars and clubs involved in Barwatch across the province violates section 7(2) of the B.C. Personal information protection Act Times Colonist – August 8, 2009
S-8 © RGP & UW-CISA 2010 Privacy Bars can still scan driver’s licences but can only collect the name, photo, birthdate and gender. They can no longer collect driver’s licence numbers. Information must be destroyed within 24 hours unless the patron is determined to be violent or unsafe Protecting Society vs. Protecting Individual Rights
S-9 © RGP & UW-CISA 2010 Privacy Social Worker took home paper lists of 1,400 welfare recipients Breach discovered but “victims” not notified for 6 months Breach not disclosed to the provincial Privacy Commissioner Canada Lacks Privacy Breach Notification Laws
S-10 © RGP & UW-CISA 2010 Privacy Social Worker “Richard Perran” was actually “Richard Ernest Wainwright” who had a criminal record for credit card fraud and counterfeiting. Call were made for increased background checks and increased due diligence in hiring practices Identity Theft Issues The Impact of Criminal Convictions on Future Employment
S-11 © RGP & UW-CISA 2010 Privacy Backlash! Reputational Damage Government bureaucracy not usually affected Public sentiment was stirred Was it enough to bring changes?
S-12 © RGP & UW-CISA 2010 Privacy Breach Notification Laws are proposed for PIPEDA Are they Robust enough to protect the victims? Will have to report to the Federal Privacy Commissioner if they have experienced a material data breach of personal information: Factors to determine materiality Sensitivity of information Number of customers affected Internal assessment that the breach is not the result of a systemic problem The threshold to compel institutions to notify customers will be higher. Public notification must occur “when the organization deems the breach to pose a real risk of significant harm, such as identity theft or fraud, or damage to reputation In the US (State law) there is no threshold – they MUST be transparent
S-13 © RGP & UW-CISA 2010 Privacy Numbered Swiss bank accounts may no longer be private The law does have some interesting aspects Cash hoarded away by corrupt politicians will be seized by Swiss officials and redistributed to aid agencies. Ferdinand Marcos –Philippine’s Sani Abacha – Nigeria Valdimiro Montesunoe – Peru Jean-Claude ‘baby-Doc” Duvalier - Haiti Assets Seized: Who determines if they are corrupt? Could this be extended to corrupt business officials ?
S-14 © RGP & UW-CISA 2010 Privacy Identity theft and privacy breaches continue to go unreported because of current Canadian privacy laws. Canadian organizations such as Winners provided transparency after TJ Max in the USA had done so following a privacy breach involving Winners customers' date.
S-15 © RGP & UW-CISA 2010 Privacy Most of may us have experienced some discomfort from immigration and customs officials Well! Not all immigration and customs officials are unfriendly ,607 Complaints ,421 Complaints
S-16 © RGP & UW-CISA 2010 Privacy Entered Canada at 5:00 pm on October 18, 2009 Four hours later she received a “Friend” request on Facebook Not knowing the person she ignored the Facebook “Friend “ request Next day the same person asked why she had ignored his “Friend “ request She wrote him back asking how he knew her He responded “I don’t mean to creep you out. I met you and thought you were stunning. I think we kinda shared chemistry.” He went to describe her! An investigation revealed that the guard had captured images and names of female travellers as he conducted primary processing and sent the information to his personal
S-17 © RGP & UW-CISA 2010 Privacy The press wants access to various court documents, including search warrants Time is involved in obtaining and providing such documents Some judges do not release documents to court clerks and therefore are unavailable The process is inconsistent amongst court houses
S-18 © RGP & UW-CISA 2010 Privacy The press start a campaign to get access The courts start to charge $6.00 per request
S-19 © RGP & UW-CISA 2010 Privacy Press Wanted: Free access for the press Consistent availability throughout the court system Ability to print court proceedings Privacy of the individual who was the subject of an erroneous search warrant Privacy of individuals given the presumption of innocent until proven guilty Privacy Issues
S-20 © RGP & UW-CISA 2010 Privacy By an 8-1 margin, the bench concluded that the press – in a world of tweeters and bloggers – is an ill defined group and to grant wholesale constitutional immunity “ would blow a giant hole in law enforcement” Solicitor client privilege and police informants are among the few class privileges that exist in Canada and courts have been cool to broaden the field Does this open up to police, and the courts, the ability to obtain evidence from the “tweeter” (via their service providers, etc) rather than only from traditional media?
S-21 © RGP & UW-CISA 2010 Privacy We are seeing increased video surveillance by police and others Personal video cameras have captured police actions Video cameras are becoming accepted “protection” for both parties in law enforcement Retention and Disclosure are the Issues
S-22 © RGP & UW-CISA 2010 Privacy Little public input into privacy This person went to great detail: Right of access to records in control of a public body. Except in limited specific cases Controls in the manner in which public bodies collect, use and disclose personal information Individuals, except in limited circumstances, should have the right to have access to information about them held by public bodies Individuals should have the right to request corrections to information about them held by public bodies Individuals should the right to an independent review of decisions made by a public body public bodies under the legislation
S-23 © RGP & UW-CISA 2010 Privacy Section 215: Only Requires a “Process” for FBI Increasing “privacy” protection from the Patriot Act in the US
S-24 © RGP & UW-CISA 2010 Privacy Privacy has not really caught on in Canada Canadians, in general, do not display “emotions” about privacy breaches or misuse of their information. Canadians appear ambivalent to increased use of video cameras and video recording at public events Canadian “Do Not Call” legislation allows significant unwanted contact Changes to PIPEDA will not address key deficiencies Lack of transparency rules Does not address non-commercial activities Does not address human resources Niche groups, civil liberties groups, etc are the most active in taking stands against use of personal information in Canada The private sector is still not embracing privacy standards based on “fair information practices”
S-25 © RGP & UW-CISA 2010 Privacy Service opportunities may exist for the profession to assist clients, but without : Stronger privacy legislation Public awareness of their privacy rights; and the will to protect those rights A compelling event Privacy seems like a smouldering issue which has yet to capture the interest of Canadians Professionals can assist business in addressing privacy through: Creating an appropriate privacy organization Conducting risk management reviews over personal information, particularly security Creating processes to operationalize an entity’s privacy policies
Legal Issues in Information Security Chapter 5. Objectives Understand U.S. Criminal Law Understand U.S. Criminal Law Understand State Laws Understand.
PLANNING THE AUDIT Individual audits must be properly planned to ensure: Appropriate and sufficient evidence is obtained to support the auditors opinion;
TECHNO-TONOMY Privacy & Autonomy in a Networked World Learning Module 2: Legislating Privacy: Your Rights.
Department of Commerce Privacy Awareness. August 1, What is privacy protection? Privacy protection includes the protection of the personal privacy.
Company LOGO Data Protection Fundamentals Sensitisation MQA By : Mrs. Pravina DODAH Mr. Hemrajsingh BHUGOWON Date : 09 Nov 2012.
Breach vs. Incident – a Guided Discussion Sharon Blanton, PhD Craig Schiller, CISSP-ISSMP, ISSAP Chief Information Officer Chief Information Security Officer.
NAHU Ethics In Business. Good Ethics is Good Business Why? Maybe its because the insurance industry is so highly regulated. Maybe its because NAHU makes.
1 Toronto Head Office: 350 Bay Street Suite 1000 Toronto, Ontario M5H 2S6 Mississauga Office: 2 Robert Speck Pkwy. Suite 750 Mississauga, Ontario L4Z 1H8.
1 IAPP Privacy Certification Workplace Privacy Certified Information Privacy Professional (CIPP) James Koenig Practice Co-leader, Privacy Strategy and.
The USA Patriot Act Aaron Nishina Jon Gerard Ricky Sood.
Ethics for Alaskas Executive Branch A Self-Guided Training Tool.
Getting Legal: Building the ISO/Legal Counsel Relationship through GLB Dr. Dan Manson Cal Poly Pomona
Civil Rights Division U.S. DEPARTMENT of Justice.
1 Data Handling at Purdue. Section I The Importance of Data Security (slides 4 – 5) Laws and Policies (Slides 7 – 18) - Federal - State - Purdue Section.
Underwriting Coverage & Analysis Session Presented by: Peter J. Elliott, CPCU, President & CEO Telcom Insurance Group Owned by Those we Serve
The Charter of Rights and Freedoms protects the rights of the individual by limiting the actions of the government The Charter does not apply to private.
Being Proactive: Identifying Weaknesses and Opportunities in Your Privacy Program IAPP Canadian Privacy Summit May 2008.
Red Flag Rules WELCOME Iowa State University Identity Theft Prevention Program.
Customer Proprietary Network Information (CPNI) NCTIA Training Session May 23, 2007.
1 Gramm-Leach-Bliley Act (GLBA) Implementation of the Safeguards Rule Information Security Program University of Minnesota (Adapted from the Federal Trade.
PRESS “F5” ON YOUR KEY BOARD TO PROPERLY START THIS TRAINING MODULE. Then, click the arrow at the bottom right of this slide to begin the training module.
Diversity College Diversity College 2006 Virtual Case Study Committee for Facebook and Cyber Community Issues Florida International University Members.
An Overview of Mental Health & Consent Law in Ontario Michael Bay JURIS DOCTOR Education Consultation Dispute Resolution Health.
BCI Issuers Quoted in the U.S. Over-the-Counter Markets You are About to be Thrown into BC Waters – Are You Ready? Venture Law Corporation November.
Logical IT Security By Prashant Mali.
Anatomy of a HIPAA Breach Maureen DAgostino SVP, Quality, Service and Performance Excellence Colleen McClorey Associate General Counsel, University of.
Identity Theft A Core Risk of HIPAA Security Lapses Gail Sausser.
IACCAC FALL TRAINING INSTITUTE NOVEMBER 8, 2012 INDIANAPOLIS, INDIANA Prison Rape Elimination Act (PREA) An Introduction to the Law Kevin Mulroony, IDOC.
1 GROUP WORK 2: Deciding What to Share Groups: by the number on your badge Sharing Scenario cards: Health/Social Care agency to another Relatives, friends,
1 DATA PROTECTION FREEDOM OF INFORMATION AND CONTRACTS training for GOLDSMITHS COLLEGE by Sue Cullen Amberhawk Training Limited July 2010
© 2016 SlidePlayer.com Inc. All rights reserved.