Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privacy, Personal Data and the Cloud Billy Hawkes Data Protection Commissioner Public Affairs Ireland Conference Dublin, 30 June 2011.

Published byChristina Lindsey Modified over 8 years ago

Similar presentations

Presentation on theme: "Privacy, Personal Data and the Cloud Billy Hawkes Data Protection Commissioner Public Affairs Ireland Conference Dublin, 30 June 2011."— Presentation transcript:

1 Privacy, Personal Data and the Cloud Billy Hawkes Data Protection Commissioner Public Affairs Ireland Conference Dublin, 30 June 2011

2 Back to the Future…….?

3 Key Messages Data Protection is not a block on Cloud Computing Data Protection Law caters for outsourcing to a Cloud Provider (CP) and for international transfers of personal data Challenge as for any outsourcing:  Can you rely on the CP to process your data safely?  Is your data safe if it moves outside of the EU?

4 Using a CP: Law (1) Data Controller must enter into a written contract with the Data Processor (Cloud Provider) providing that:  CP only carries out processing on instructions of Data Controller  CP must adopt appropriate security measures against unauthorised access to, or unauthorised alteration, disclosure or destruction of, the data

5 Using a CP: Law (2) Data Controller must:  ensure that the CP provides sufficient guarantees in respect of the technical security measures, and organisational measures, governing the processing  take reasonable steps to ensure compliance with those measures

6 Location of Personal Data? OK if transferred within EU/EEA. Also OK if:  To Approved countries: Switzerland, Canada, Argentina, Isle of Man, Guernsey, Jersey, Faroe Islands, Israel, USA [“Safe Harborites” & PNR data only] [soon New Zealand]  Covered by Model Contracts or Binding Corporate Rules (BCRs)

7 Data Security “….the cloud’s economies of scale and flexibility are both a friend and a foe from a security point of view. The massive concentrations of resources and data present a more attractive target to attackers, but cloud-based defences can be more robust, scalable and cost-effective”  European Network and Information Security Agency (ENISA) Report on Cloud Computing, November 2009 http://www.enisa.europa.eu/act/rm/files/deliverables/cloud- computing-risk-assessment

8 Data Protection Challenge “Cloud computing poses several data protection risks for cloud customers and providers. In some cases, it may be difficult for the cloud customer (in its role as data controller) to effectively check the data handling practices of the cloud provider and thus to be sure that the data is handled in a lawful way. This problem is exacerbated in cases of multiple transfers of data, e.g., between federated clouds. On the other hand, some cloud providers do provide information on their data handling practices. Some also offer certification summaries on their data processing and data security activities and the data controls they have in place, e.g., SAS70 certification”  ENISA Report, November 2009

9 Challenges for Outsourcer Are you satisfied your data will be secure in the “cloud”?  security certification: ISO 27001, SAS 70/SSAE16  Access controls, data recoverability, data breaches Does your contract with the CP give you sufficient control?  Data Portability “Ultimately, you can outsource responsibility but you can't outsource accountability” (ENISA)

10 Challenges for Cloud Provider Are you willing to take on the separate data security obligations under EU Data Protection Law?  Is this reflected in your contracts? Are you willing to accommodate EU restrictions on international data transfers?  Clarity on location of data?

11 Future Prospects Ireland well placed as cloud computing centre  Climate, legal environment  Robust Data Protection Law Focus on accountability of data controllers rather than bureaucratic prescription – in line with likely shape of revised EU Law

12 Key Messages Data Protection is not a block on Cloud Computing Data Protection Law caters for outsourcing to a Cloud Provider (CP) and for international transfers of personal data Challenge as for any outsourcing:  Can you rely on the CP to process your data safely?  Is your data safe if it moves outside of the EU?

13 Thank You Office of the Data Protection Commissioner Canal House Station Road Portarlington Co Laois Phone: LoCall 1890 252231 057 8684800 Fax: 057 8684757 Email: info@dataprotection.ie Website: www.dataprotection.ie

Download ppt "Privacy, Personal Data and the Cloud Billy Hawkes Data Protection Commissioner Public Affairs Ireland Conference Dublin, 30 June 2011."

Similar presentations

Public Administration use of Social Networks - Data Protection Implications European Public Administration Network, Dublin Castle, 5 April 2013 Billy Hawkes.

Public Administration use of Social Networks - Data Protection Implications European Public Administration Network, Dublin Castle, 5 April 2013 Billy Hawkes.
Data Security Breach Code of Practice. Data Security Concerns Exponential growth in personal data holdings Increased outsourcing 3 rd countries cloud.

Data Security Breach Code of Practice. Data Security Concerns Exponential growth in personal data holdings Increased outsourcing 3 rd countries cloud.
Common Question Who can benefit from Cloud? Every enterprise today can benefit from Cloud.

Common Question Who can benefit from Cloud? Every enterprise today can benefit from Cloud.
3Kites Consulting/Kemp IT Law Breakfast Seminar Law Firms and the Cloud: Balancing Benefits and Risks London, 10 September 2014 Contracting for the Cloud:

3Kites Consulting/Kemp IT Law Breakfast Seminar Law Firms and the Cloud: Balancing Benefits and Risks London, 10 September 2014 Contracting for the Cloud:
The Gathering Cloud computing - Legal considerations David Goodbrand, Partner 28 February 2013 Aberdeen Edinburgh Glasgow.

The Gathering Cloud computing - Legal considerations David Goodbrand, Partner 28 February 2013 Aberdeen Edinburgh Glasgow.
Www.enisa.europa.eu ENISA – Cloud Computing Security Strategy Dr Steve Purser Head of Technical Department European Network and Information Security Agency.

ENISA – Cloud Computing Security Strategy Dr Steve Purser Head of Technical Department European Network and Information Security Agency.
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Sarah Branam Mehmet MunurDino Tsibouris

Sarah Branam Mehmet MunurDino Tsibouris
Data Protection webinar: Using cloud services 4 th June 2014 Welcome. We’re just making the last few preparations for the webinar to start at 11.00. Keep.

Data Protection webinar: Using cloud services 4 th June 2014 Welcome. We’re just making the last few preparations for the webinar to start at Keep.
1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,

1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,
Quebec City February 2005 PUBLIC SECTOR CIO COUNCIL BC - USA Patriot Act Update.

Quebec City February 2005 PUBLIC SECTOR CIO COUNCIL BC - USA Patriot Act Update.
The Good Practice Guide – what we look for during an Audit of a Credit Union Billy Hawkes Data Protection Commissioner Credit Unions.

The Good Practice Guide – what we look for during an Audit of a Credit Union Billy Hawkes Data Protection Commissioner Credit Unions.
Auditor General’s Office One key audit focus area – Compliance with Laws and Regulations.

Auditor General’s Office One key audit focus area – Compliance with Laws and Regulations.
Data Protection webinar: Data Protection & Volunteers 19 th June 2014 Welcome. We’re just making the last few preparations for the webinar to start at.

Data Protection webinar: Data Protection & Volunteers 19 th June 2014 Welcome. We’re just making the last few preparations for the webinar to start at.
Data Protection Rights and Responsibilities. What is it about? Data protection is about your fundamental right to privacy Protection provided by :- –

Data Protection Rights and Responsibilities. What is it about? Data protection is about your fundamental right to privacy Protection provided by :- –
Geneva, Switzerland, 15-16 September 2014 ENISA role in ICT standardization Sławomir Górniak, ENISA ITU Workshop on “ICT.

Geneva, Switzerland, September 2014 ENISA role in ICT standardization Sławomir Górniak, ENISA ITU Workshop on “ICT.
Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Cloud Computing Stuart Dillon-Roberts. “In the simplest terms, cloud computing means storing & accessing data & programs over the Internet instead of.

Cloud Computing Stuart Dillon-Roberts. “In the simplest terms, cloud computing means storing & accessing data & programs over the Internet instead of.
Class 13 Internet Privacy Law European Privacy.

Class 13 Internet Privacy Law European Privacy.
THE CHOICES WE MAKE THAT MATTER – International Data Privacy/Protection JILL L. UREY, ASSISTANT GENERAL COUNSEL MID-ATLANTIC CIO FORUM NOVEMBER 20, 2014.

THE CHOICES WE MAKE THAT MATTER – International Data Privacy/Protection JILL L. UREY, ASSISTANT GENERAL COUNSEL MID-ATLANTIC CIO FORUM NOVEMBER 20, 2014.

Similar presentations

Ads by Google