Presentation is loading. Please wait.

Presentation is loading. Please wait.

Communications Briefing: Navigating the clouds Sam Parr and Ian Walden Wednesday 21 October 2009, 12.00 – 2.00 pm.

Published byShannon Knight Modified over 9 years ago

Similar presentations

Presentation on theme: "Communications Briefing: Navigating the clouds Sam Parr and Ian Walden Wednesday 21 October 2009, 12.00 – 2.00 pm."— Presentation transcript:

1 Communications Briefing: Navigating the clouds Sam Parr and Ian Walden Wednesday 21 October 2009, 12.00 – 2.00 pm

2 ©2009 Baker & McKenzie 2 Data security considerations –“In the good old days, the bad guys needed to steal your laptop to get access to your secrets. Now they just need a username and password.” –For users, data security is paramount operationally (eg business requirements, competitive advantage) and legally (eg contractual obligations, regulatory obligations) –Increased impact of supplier failure/insolvency. Users less likely to have back up. –As if to make the point.... 13 October 2009: Sidekick data security failure.

3 ©2009 Baker & McKenzie 3 Data security solutions –No easy answer –Users may wish to consider using encryption technologies? –Who controls the encryption? –Contractual protections –Audit rights –Penetration testing –Key point for users: Think about what you are putting into the cloud. Contractual protections are not a substitute for a proper risk assessment.

4 ©2009 Baker & McKenzie 4 Availability –The cloud suffers outages just like everyone else: –January 2009: Salesforce 1 hour outage – 1m subs affected –5 October 2009: Bitbucket / Amazon Elastic Compute Cloud (EC2) 14 hour outage –Bitbucket/Amazon was a network failure, not a server failure. –Inherent weakness in using internet to deliver services? –Reliability of telco providers v Internet providers

5 ©2009 Baker & McKenzie 5 Availability / Service Levels –Story so far: standard products, standard SLA, low business criticality, little/no negotiation –Not appropriate for business critical services/functions? –The future for the cloud is more critical services, but... –Dangerous to offer meaningful SLA, as do not have end-to-end control –Users will need to be educated –Will “usual” service credits be acceptable to either party?

6 ©2009 Baker & McKenzie 6 –Data Protection Directive (95/46/EC) –Communications Privacy Directive (02/58/EC) –Regulation of Investigatory Powers Act 2000 –Privacy and Electronic Communications Regulations 2003 –Privacy relationships –Confidential information –Controller – processor –Terms & conditions of supply –Swift case –State –i.e. law enforcement requirements Privacy and Data Protection

7 ©2009 Baker & McKenzie 7 Data transfers –Exporting data outside the EEA –i.e. Knowing where(ish) your data is located! –e.g. Amazon Web Services –‘adequate level of protection’ –Art. 25 (compliance) or 26 (derogations) route? –Security measures –e.g. encryption –Sufficient? –Model contracts

8 ©2009 Baker & McKenzie 8 Data retention –Documents (things written) & records (events) –e.g. memos and meta-data –Why retain? –Organisation need & regulatory requirements –Obligations and risks –Revenue, disclosure, data protection & limitation –Public procurement rules & FOIA –Solving the multi-jurisdictional problem –One-size-doesn’t fit!

9 ©2009 Baker & McKenzie 9 Data retention –Communications data –Directive 06/24/EC –From 6-24 months –Home Office notification & negotiated arrangements –Regulated activity? –‘Electronic communications services’ & ‘information society services’ –Distinguishing services –Jurisdictional reach? –e.g. UK: “data are generated or processed in the United Kingdom”

10 ©2009 Baker & McKenzie 10 Law enforcement –Public & private law enforcement –Serving civil & criminal orders –e.g. Twitter –Access –Searching remote data –Council of Europe Cybercrime Convention, art. 32 –“lawful and voluntary consent” –Failure to comply –Specific performance, fines & imprisonment –CSR and publicity concerns

11 Communications Briefing: Navigating the clouds Sam Parr and Ian Walden Baker & McKenzie LLP is a limited liability partnership registered in England and Wales with registered number OC311297. A list of members' names is open to inspection at its registered office and principal place of business, 100 New Bridge Street, London, EC4V 6JA. Baker & McKenzie LLP is a member of Baker & McKenzie International, a Swiss Verein with member law firms around the world. In accordance with the terminology commonly used in professional service organisations, reference to a "partner" means a person who is a member, partner, or equivalent, in such a law firm. Similarly, reference to an "office" means an office of any such law firm. Baker & McKenzie LLP is regulated by the Solicitors Regulation Authority of England and Wales. Further information regarding the regulatory position is available at http://www.bakernet.com/London/Regulation.

Download ppt "Communications Briefing: Navigating the clouds Sam Parr and Ian Walden Wednesday 21 October 2009, 12.00 – 2.00 pm."

Similar presentations

Lawful Access in the EU: The Pipe to the Cloud? Professor Peter Swire Ohio State University & Future of Privacy Forum Georgetown Law School Conference.

Lawful Access in the EU: The Pipe to the Cloud? Professor Peter Swire Ohio State University & Future of Privacy Forum Georgetown Law School Conference.
Driving change in information risk within the financial services industry Subtitle Date.

Driving change in information risk within the financial services industry Subtitle Date.
3Kites Consulting/Kemp IT Law Breakfast Seminar Law Firms and the Cloud: Balancing Benefits and Risks London, 10 September 2014 Contracting for the Cloud:

3Kites Consulting/Kemp IT Law Breakfast Seminar Law Firms and the Cloud: Balancing Benefits and Risks London, 10 September 2014 Contracting for the Cloud:
The Gathering Cloud computing - Legal considerations David Goodbrand, Partner 28 February 2013 Aberdeen Edinburgh Glasgow.

The Gathering Cloud computing - Legal considerations David Goodbrand, Partner 28 February 2013 Aberdeen Edinburgh Glasgow.
The View of European Business Stuart Popham 14 March 2008 Survey Results.

The View of European Business Stuart Popham 14 March 2008 Survey Results.
1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,

1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,
Cross Border Internal Investigations Roger Best 06 July 2011.

Cross Border Internal Investigations Roger Best 06 July 2011.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.

Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
Data Privacy: Third Parties, Vendors, & Nonprofits Baron Rodriguez (PTAC), Michael Hawes (DoED), & Mike Tassey (PTAC)

Data Privacy: Third Parties, Vendors, & Nonprofits Baron Rodriguez (PTAC), Michael Hawes (DoED), & Mike Tassey (PTAC)
Property of Common Sense Privacy - all rights reserved 01875340890 THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.
Audiences NI Data Protection Workshop

Audiences NI Data Protection Workshop
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Keeping on top of the Cloud - Compliance from a Regulator’s Perspective Henry Chang, IT Advisor Office of the Privacy Commissioner for Personal Data, Hong.

Keeping on top of the Cloud - Compliance from a Regulator’s Perspective Henry Chang, IT Advisor Office of the Privacy Commissioner for Personal Data, Hong.
Streamlining the EIA Process for Hydro Development 23 October 2012 Presented by Jennifer Ballantyne.

Streamlining the EIA Process for Hydro Development 23 October 2012 Presented by Jennifer Ballantyne.
INLA Inter-Jura Congress 2014 Nuclear New Build Contracts – Effective Incentivisation Mechanisms Graham Alty Partner Pinsent Masons

INLA Inter-Jura Congress 2014 Nuclear New Build Contracts – Effective Incentivisation Mechanisms Graham Alty Partner Pinsent Masons
Handling information 14 Standard.

Handling information 14 Standard.
Baker & McKenzie Presented by Gabriela Vendlova 3 December 2002 Intellectual Property Rights: Importance of Trademark Protection in the Digital World.

Baker & McKenzie Presented by Gabriela Vendlova 3 December 2002 Intellectual Property Rights: Importance of Trademark Protection in the Digital World.
Company Confidential How to implement privacy and security requirements in practice? Tobias Bräutigam, OTT Senior Legal Counsel, Nokia 8 October 2012 1.

Company Confidential How to implement privacy and security requirements in practice? Tobias Bräutigam, OTT Senior Legal Counsel, Nokia 8 October
Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.

Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.
WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, 2013 11:30 am – 12:30 pm.

WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, :30 am – 12:30 pm.

Similar presentations

Ads by Google