This document discusses privacy and regulatory issues related to the internet. It addresses the concepts of privacy and internet privacy threats such as data breaches. It then covers various internet regulations including compliance standards, laws governing internet and cloud contracts, and important Spanish laws related to the internet and e-commerce. Specific regulatory bodies and compliance standards discussed include the Cloud Security Alliance, European Network and Information Security Agency, Spanish LSSI/CE and LOPD laws.
2. 2
NetworkingServices&infr.//MasterinICTStrategicManagement
NSI– MSISM 1st Edition 20 / 11 / 2012Josep Bardallo
Privacy
Privacy is the ability of an individual or group to seclude themselves or
information about themselves and thereby reveal themselves selectively.
Privacy is the ability of an individual or group to seclude themselves or
information about themselves and thereby reveal themselves selectively.
11. 11
NetworkingServices&infr.//MasterinICTStrategicManagement
NSI– MSISM 1st Edition 20 / 11 / 2012Josep Bardallo
Compliance: Other regulations
Cloud Providers must have Audit certifications (like SAS
70)
Some ISO about Security (ISO 27000), Service
Managent (ISO 20000) or Business continuities
Vertical regulations like SOX, NIST, PCI, FISMA, HIPAA,
GMP, ….
New regulations in Cloud like Trusted Cloud Initiative ..
Country Specific regulations (LOPD, Privacy Act…)
……..
12. 12
NetworkingServices&infr.//MasterinICTStrategicManagement
NSI– MSISM 1st Edition 20 / 11 / 2012Josep Bardallo
Regulation in Internet / cloud contracts
From CSA (Cloud Security Alliance)
Confidentiality
Intellectual property (IP)
Responsibility
How to cancel contract before time
Privacy, law in the contract
Audit and tracking
Security
SLA (Service Level agreement)
13. 13
NetworkingServices&infr.//MasterinICTStrategicManagement
NSI– MSISM 1st Edition 20 / 11 / 2012Josep Bardallo
Regulation in Internet / Cloud contracts
From ENISA (european Network and Information
Security Agency)
Data Privacy
Confidentiality
IP (Intellectual property)
Negligence
Outsourcing of services or part of services
14. 14
NetworkingServices&infr.//MasterinICTStrategicManagement
NSI– MSISM 1st Edition 20 / 11 / 2012Josep Bardallo
Regulation in Internet / Cloud contracts
From INTECO (Instituto nacional tecnologias de las
comunicación)
SLA
Uptime
Performance
Security
Payment
End of service
Support services
Modification of service
Privacy and regulation
15. 15
NetworkingServices&infr.//MasterinICTStrategicManagement
NSI– MSISM 1st Edition 20 / 11 / 2012Josep Bardallo
Important Spanish Laws in Internet / eCommerce
LSSI / CE (59/2003)
Propietary, address, CID … visible in the web if selling services in Spain
User must accept the receipt of commercial information
Service condition defined in the web
ISP must retain 2 years of information about user navigation
Content responsibility
…
LOPD (15/1999)
LPI (Intellectual property)
LGT (Telecommunications)