4. 1. Cloud Act USA 2018
a) Erodes Privacy?
2. Data Privacy Frameworks
a) Frameworks gives guidance
3. Data Regulation per Geographical Area
a) Regulations around the world are similar
5. 1. Cloud Act USA
• What is the Cloud Act?
• The Act has two main parts.
• First, the legislation grants U.S. law enforcement more direct access to sensitive,
personal information kept by US tech companies. This helps countries globally
gain access to data on people around the world.
• Second, the international exchange and sharing of personal data just got much
easier. Perhaps the most striking change within this legislation is that it allows for
a global partnership in sharing the intimate personal data which has been
compiled on individuals around the world.
• The CLOUD Act erodes privacy protections by allowing the transfer of private
data from U.S. servers when requested by authorities in other countries.
• This legislation allows for a global partnership in sharing the intimate personal
data which has been compiled on individuals around the world.
1. Source: https://restoreprivacy.com/cloud-act/
2. Source https://officialblogofunio.com/2018/11/15/the-us-cloud-act-and-eu-law/#_edn2
6. 2. Data Privacy Frameworks?
1. NIST Privacy Framework
a. The relationship between cybersecurity and privacy risk
b. Bridging the gap between security and privacy
c. Privacy risk and organizational risk
d. Key privacy risk management practices
2. ISO/IEC 27701:2019
a. Provides requirements and helps organizations manage privacy risks
related to personally identifiable information (PII).
b. Extends the security efforts to cover privacy management. This
includes processing of PII to demonstrate compliance with data
protection regulations such as GDPR.
1. Source: https://www.nist.gov/privacy-framework/privacy-framework
2. Source: https://www.iso.org/standard/71670.html
7. 3. Data Regulation per Geographic Area
Americas Europe Middle East Africa Asia Pacific
USA CCPA EU GDPR UAE Legislation ZA POPI Australia CDR
Brazil LGPD UK GDPR Saudi Legislation Africa Legislation Pacific Legislation
Source: https://unctad.org/page/data-protection-and-privacy-legislation-
worldwide#:~:text=132%20out%20of%20194%20countries,23%20are%20least%20developed%20countries.
9. Data Privacy Challenges for Organizations
• Tracking what data is being collected and used
• Protecting private, confidential information
• Balancing the need to share information for business purposes
without sharing too much
• Protecting data once it’s loaded into SaaS applications
• Knowing what data to collect
• Obtaining clear, lawful consent for storing and using information
10. II. Data Privacy in the Cloud
1. Data Anonymization
a) Data anonymization is the process of changing data that will be used or published
in a way that prevents the identification of key information. ... Anonymized
data can be stored in a cloud and processed without concern that other individuals
may capture the data.
2. Tokenization
a) Cloud-based tokenization is the method of exchanging sensitive data for an
irreversible, non-sensitive placeholder, called a token, and securely storing the
original, sensitive data outside of the internal systems. It can be more affordable
and easier to integrate than traditional on-premises tokenization.
3. Encryption
a) Data encryption in the cloud is the process of transforming or
encoding data before it's moved to cloud storage. Typically cloud service
providers offer encryption services — ranging from an encrypted connection to
limited encryption of sensitive data — and provide encryption keys to decrypt
the data as needed