Communications Briefing: Navigating the clouds Sam Parr and Ian Walden Wednesday 21 October 2009, 12.00 – 2.00 pm.

Slides:

Advertisements

Similar presentations

Lawful Access in the EU: The Pipe to the Cloud? Professor Peter Swire Ohio State University & Future of Privacy Forum Georgetown Law School Conference.

Advertisements

Driving change in information risk within the financial services industry Subtitle Date.

3Kites Consulting/Kemp IT Law Breakfast Seminar Law Firms and the Cloud: Balancing Benefits and Risks London, 10 September 2014 Contracting for the Cloud:

The Gathering Cloud computing - Legal considerations David Goodbrand, Partner 28 February 2013 Aberdeen Edinburgh Glasgow.

The View of European Business Stuart Popham 14 March 2008 Survey Results.

1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,

Cross Border Internal Investigations Roger Best 06 July 2011.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Data Privacy: Third Parties, Vendors, & Nonprofits Baron Rodriguez (PTAC), Michael Hawes (DoED), & Mike Tassey (PTAC)

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

Audiences NI Data Protection Workshop

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Keeping on top of the Cloud - Compliance from a Regulator’s Perspective Henry Chang, IT Advisor Office of the Privacy Commissioner for Personal Data, Hong.

Streamlining the EIA Process for Hydro Development 23 October 2012 Presented by Jennifer Ballantyne.

INLA Inter-Jura Congress 2014 Nuclear New Build Contracts – Effective Incentivisation Mechanisms Graham Alty Partner Pinsent Masons

Handling information 14 Standard.

Baker & McKenzie Presented by Gabriela Vendlova 3 December 2002 Intellectual Property Rights: Importance of Trademark Protection in the Digital World.

Company Confidential How to implement privacy and security requirements in practice? Tobias Bräutigam, OTT Senior Legal Counsel, Nokia 8 October

Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.

WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, :30 am – 12:30 pm.

Finance and Governance Workshop Data Protection and Information Management 10 June 2014.

Strategic Planning for Company Exit Legal considerations Mark Harden, Partner Thrings LLP.

Competition Law in Poland after 1 May 2004 – key issues

Privacy and Security Laws for Health Care Organizations Presented by Robert J. Scott Scott & Scott, LLP

Information Management in FSS: A Legal Perspective Paul Hinton Ian Mason Barlow Lyde & Gilbert LLP 17 September 2009.

© Copyright 2011, Vorys, Sater, Seymour and Pease LLP. All Rights Reserved. Higher standards make better lawyers. ® CISO Executive Network Executive Breakfast.

Data Protection Compliance Professor Ian Walden Institute of Computer and Communications Law, Centre for Commercial Law Studies, Queen Mary, University.

Cloud Computing climate change for legal contracts ? EuroCloud Ireland & Irish Computer Society July 1st 2010 Philip Nolan/ Jeanne Kelly Partners, Mason.

Preparing Russian Companies for UK Bribery Act Enforcement - The Defence of “Adequate Procedures” Nicholas Munday 14 December 2010 Moscow.

International Investigations: Issues to Consider When Conducting or Defending Against an FCPA Investigation Outside the United States Presented by: Sandee.

Baker & McKenzie International is a Swiss Verein with member law firms around the world. In accordance with the common terminology used in professional.

Information Management in Telco: A Legal Perspective Sheila Tormey Barlow Lyde & Gilbert LLP Ronan Lupton Barrister at Law 17 September 2009.

A wide range of clients Housing associations 3 rd sector bodies Private companies supplying services to the public sector Colleges and government bodies.

Session 7 Compliance failure policy. 1 Contents Part 1: COLP and COFA duties Part 2: What do we have to comply with and why does it matter? Part 3: Compliance.

Data protection and compliance in context 19 November 2007 Stewart Room Partner.

Information Management in Retail: A Legal Perspective Chris Hill Barlow Lyde & Gilbert LLP 17 September 2009.

Evolution not revolution Trends in Compliance functions Kirsty Searles.

Delivering Energy Innovations at Scale: Building the Business Case Simon Hobday Birmingham 11 April 2013.

Session 12 Information management and security. 1 Contents Part 1: Introduction Part 2: Legal and regulatory responsibilities Part 3: Our Procedures Part.

Financial Times Matheson is ranked in the FT’s top 10 European law firms Matheson has also been commended by the FT for corporate law,

GCSE ICT Data and you: The Data Protection Act. Loyalty cards Many companies use loyalty cards to encourage consumers to use their shops and services.

© University of Reading Lee Shailer 06 June 2016 Data Protection the basics.

1 TAIEX JHA Workshop on data protection and cloud computing Data transfers to third countries and standard contractual clauses Skopje, 29 May 2014.

Information Sharing & Corporate Governance Dave Parsons, Information Governance Manager, City of Cardiff Council.

Data protection—training materials [Name and details of speaker]

1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.

PDP & Graduate Recruitment. Supporting Lifelong Professional Development.

December 2015 Pamela Forde Data protection officer Royal College of Physicians Data privacy The future for the health sector.

The Privacy Symposium: Transferring Risk of a Privacy Event Paul Paray & Scott Ernst August 20, 2008.

-1- WORKSHOP ON DATA PROTECTION AND DATA TRANSFERS TO THIRD COUNTRIES Technical and organizational security measures Skopje, 16 May - 17 May 2011 María.

The Dispute Resolution Surprise John Bishop Partner.

"Approaching Anti-corruption Legislation: Threat Assessments & Mitigation Strategies" Peerapan Tungsuwan Date: March 2, 2011 Venue: Four Seasons Hotel.

Information Management in Government: A Legal Perspective

COMP3357 Managing Cyber Risk

Competition Law and its Application: European Union

THE NEW GENERAL DATA PROTECTION REGULATION: A EUROPEAN OR A GLOBAL STANDARD? Bart van der Sloot Senior Researcher Tilburg Institute for Law, Technology,

Data protection headaches: GDPR, brexit AND perimeter risk

Role of Service Providers in Cybercrime Investigations

Securing the Law Firm Myth vs. Reality vs. Practicality:

General Data Protection Regulations Preparing for the upcoming changes in data protection law David Jones & Angharad Williams.

Bob Siegel President Privacy Ref, Inc.

The Public Sector Equality Duty

An Introduction to Cloud Computing

Data transfers to non-EU countries under the new GDPR

The activity of Art. 29. Working Party György Halmos

GDPR & Accountability ISACA Ireland Annual Conference 2018

The Public Sector Equality Duty

“Bankable” Construction Contracts

Presentation transcript:

Communications Briefing: Navigating the clouds Sam Parr and Ian Walden Wednesday 21 October 2009, – 2.00 pm

©2009 Baker & McKenzie 2 Data security considerations –“In the good old days, the bad guys needed to steal your laptop to get access to your secrets. Now they just need a username and password.” –For users, data security is paramount operationally (eg business requirements, competitive advantage) and legally (eg contractual obligations, regulatory obligations) –Increased impact of supplier failure/insolvency. Users less likely to have back up. –As if to make the point October 2009: Sidekick data security failure.

©2009 Baker & McKenzie 3 Data security solutions –No easy answer –Users may wish to consider using encryption technologies? –Who controls the encryption? –Contractual protections –Audit rights –Penetration testing –Key point for users: Think about what you are putting into the cloud. Contractual protections are not a substitute for a proper risk assessment.

©2009 Baker & McKenzie 4 Availability –The cloud suffers outages just like everyone else: –January 2009: Salesforce 1 hour outage – 1m subs affected –5 October 2009: Bitbucket / Amazon Elastic Compute Cloud (EC2) 14 hour outage –Bitbucket/Amazon was a network failure, not a server failure. –Inherent weakness in using internet to deliver services? –Reliability of telco providers v Internet providers

©2009 Baker & McKenzie 5 Availability / Service Levels –Story so far: standard products, standard SLA, low business criticality, little/no negotiation –Not appropriate for business critical services/functions? –The future for the cloud is more critical services, but... –Dangerous to offer meaningful SLA, as do not have end-to-end control –Users will need to be educated –Will “usual” service credits be acceptable to either party?

©2009 Baker & McKenzie 6 –Data Protection Directive (95/46/EC) –Communications Privacy Directive (02/58/EC) –Regulation of Investigatory Powers Act 2000 –Privacy and Electronic Communications Regulations 2003 –Privacy relationships –Confidential information –Controller – processor –Terms & conditions of supply –Swift case –State –i.e. law enforcement requirements Privacy and Data Protection

©2009 Baker & McKenzie 7 Data transfers –Exporting data outside the EEA –i.e. Knowing where(ish) your data is located! –e.g. Amazon Web Services –‘adequate level of protection’ –Art. 25 (compliance) or 26 (derogations) route? –Security measures –e.g. encryption –Sufficient? –Model contracts

©2009 Baker & McKenzie 8 Data retention –Documents (things written) & records (events) –e.g. memos and meta-data –Why retain? –Organisation need & regulatory requirements –Obligations and risks –Revenue, disclosure, data protection & limitation –Public procurement rules & FOIA –Solving the multi-jurisdictional problem –One-size-doesn’t fit!

©2009 Baker & McKenzie 9 Data retention –Communications data –Directive 06/24/EC –From 6-24 months –Home Office notification & negotiated arrangements –Regulated activity? –‘Electronic communications services’ & ‘information society services’ –Distinguishing services –Jurisdictional reach? –e.g. UK: “data are generated or processed in the United Kingdom”

©2009 Baker & McKenzie 10 Law enforcement –Public & private law enforcement –Serving civil & criminal orders –e.g. Twitter –Access –Searching remote data –Council of Europe Cybercrime Convention, art. 32 –“lawful and voluntary consent” –Failure to comply –Specific performance, fines & imprisonment –CSR and publicity concerns

Communications Briefing: Navigating the clouds Sam Parr and Ian Walden Baker & McKenzie LLP is a limited liability partnership registered in England and Wales with registered number OC A list of members' names is open to inspection at its registered office and principal place of business, 100 New Bridge Street, London, EC4V 6JA. Baker & McKenzie LLP is a member of Baker & McKenzie International, a Swiss Verein with member law firms around the world. In accordance with the terminology commonly used in professional service organisations, reference to a "partner" means a person who is a member, partner, or equivalent, in such a law firm. Similarly, reference to an "office" means an office of any such law firm. Baker & McKenzie LLP is regulated by the Solicitors Regulation Authority of England and Wales. Further information regarding the regulatory position is available at