SlideShare ist ein Scribd-Unternehmen logo

Cloud primer

Z
Zeno Idzerda
TechnologieBusiness
1 von 19
Downloaden Sie, um offline zu lesen
Cloud Computing: A Primer on Legal Issues, Including Privacy and Data Security Concerns Privacy and Information Management Practice / Washington, DC
www.hoganlovells.com 2 Disclaimer • THIS PRESENTATION IS TO ASSIST IN A GENERAL UNDERSTANDING OF THE LEGAL ISSUES SURROUNDING CLOUD COMPUTING. IT IS NOT INTENDED, NOR SHOULD IT BE REGARDED, AS LEGAL ADVICE. COMPANIES OR INDIVIDUALS CONTEMPLATING ENTRY INTO A CLOUD COMPUTING CONTRACT OR HAVING PARTICULAR QUESTIONS SHOULD SEEK THE ADVICE OF COUNSEL.
www.hoganlovells.com 3 Overview • Privacy and Data Security Concerns • Privacy and Data Security Laws and Regulations – Federal Laws • Compelled Governmental Disclosure • Data Security and Breach Issues • Section 5 of the FTC Act – State Laws • Data Security Issues • Data Breach Issues • Data Breaches/Breach Responsibility • Information Ownership and Control • How Cloud Customers Can Manage Risk
www.hoganlovells.com 4 Privacy and Data Security Concerns • Major cloud computing privacy concerns: – Compelled disclosure to the government • Information stored on the cloud is subject to different protections than information stored in-house – Data security and disclosure of breaches • Generally, how does a cloud provider protect a customer’s data? • When the law imposes data security requirements on a customer, how can the customer ensure its compliance when storing information on the cloud? • If the cloud’s security is breached, must the cloud give notice of the breach? – Transfer of, access to, and retention of data • Will companies and consumers have access to data on the cloud? Can the cloud confirm the destruction of data or return it? – Location of data • The physical location of the server storing the data may have legal implications – Consumer notice and choice • For companies who will store consumers’ data on the cloud
www.hoganlovells.com 5 Privacy and Data Security Laws and Regulations • Compelled disclosure to the government – Electronic Communications Privacy Act (ECPA); Stored Communications Act (SCA) – USA Patriot Act (including National Security Letters; FISA warrants) – Warrants and Subpoenas Generally • Data security issues and data breach notification – Family Educational Rights and Privacy Act (FERPA) – Gramm-Leach-Bliley Act (GLBA) – Health Insurance Portability and Accountability Act (HIPAA) – Health Information Technology for Economic and Clinical Health (HITECH) Act – Sarbanes Oxley – State Laws and Regulations – Section 5 of the FTC Act (for companies who will store consumer information on the cloud)
www.hoganlovells.com 6 Compelled Disclosure to the Government – ECPA (Including SCA) • Enacted in 1986 – No one was thinking of cloud computing • Protects electronic communications while in transit and while held in storage from disclosure – Gives different levels of protection to electronic data based on outdated distinctions like whether it is stored in ―electronic storage,‖ or by a ―remote computing service‖ and how old the data is – For example, information stored on a ―remote computing service‖ that is older than 180 days is subject to Gov’t search with just an administrative subpoena • Problems arise with how to characterize cloud computing activity
www.hoganlovells.com 7 Compelled Disclosure to the Government – USA Patriot Act • Originally enacted in 2001, amended in 2005 • Allows FBI access to certain business records with a court order • Also provides for use of National Security Letters (form of administrative subpoena) to obtain records • The law limits the ability of cloud providers to reveal that they received an order – Cloud users may not even know about a disclosure
www.hoganlovells.com 8 Data Security Issues – Federal Laws, Regulations, and Standards • Federal laws & regulations: – Certain Federal laws and regulations impose industry-specific data security and/or breach notification obligations • Financial institutions (GLBA) • Educational institutions (FERPA) • Health care (HIPAA and HITECH) • Publicly traded companies (SOX) – Generally, an entity cannot contract away its obligation to comply with these industry-specific regimes – Some of these statutes, however, require an entity to pass these obligations to cloud providers by contract • Federal administrative guidance – White House CIO Council, which released data security guidelines for federal agency use of cloud computing and • Industry standards – Payment Card Industry Data Security Standards (PCI DSS) for credit card data
www.hoganlovells.com 9 White House CIO Council – Federal Administrative Guidance • Released as a draft on November 2, 2010 – Final version to be released after public comments • Produced by the Federal Risk and Authorization Management Program (FedRAMP) – Interagency effort aimed at consolidating risk management activities related to cloud computing • Proposes standards for cloud computing – Common security baseline – Continuous monitoring
www.hoganlovells.com 10 Data Security Issues – Federal Laws, Regulations, and Standards (continued) • Some cloud service providers offer ―take it or leave it contracts‖ • Some cloud providers offer no transparency into their security programs • Without notice, transparency and communication, it may be impossible for a cloud user to know if it’s complying with data security and breach notification requirements imposed by federal statutes and regulations
www.hoganlovells.com 11 Section 5 of the FTC Act (if applicable)—Will the FTC Take Lead on Privacy and Security in the Cloud? • The FTC has not done a lot in the cloud computing area • The FTC’s December 2010 draft report on privacy highlighted cloud computing as one of the technologies that makes changes to the existing privacy framework necessary – But it does not offer prescriptive advice for what sort of notice and choice must be given to consumers by entities who store consumer information on the cloud • However, entities that store consumer information on the cloud face the threat of FTC enforcement if their representations to consumers about where and how information is stored and secured do not match their actual practices
www.hoganlovells.com 12 Data Security Issues – State Laws • Many states also impose data security requirements on entities operating in the state or who hold data about state residents – State data protection laws – State data breach laws • Much like the federal statutes discussed, some state laws obligate entities to receive contractual guarantees that technology vendors will provide adequate information security
www.hoganlovells.com 13 State Laws: Massachusetts • Massachusetts has an extensive data security legal regime • Regulations provide that businesses must ―take reasonable steps to select and retain‖ third-party service providers • Regulators have not clarified or explained what this means – It potentially could be read to impose an audit or assessment requirement before a business can use a cloud provider
www.hoganlovells.com 14 State Laws: Data Breach Notification • Data breach notification – 46 states, DC, Puerto Rico, and the U.S. Virgin Islands have data breach notification statutes for breaches of sensitive information – State law varies: 37 states have some risk of harm threshold; each state has its own definition of protected information – Usually requires notification of all affected individuals if sensitive information is lost or exposed in a manner that creates a risk of identity theft – Notification must be made in a reasonable period of time, though in certain circumstances may be delayed by a government investigation into the breach
www.hoganlovells.com 15 Data Breach Responsibility • Under state data breach laws, the data host (cloud provider) is responsible for breach notification (hacking, lost data, unauthorized access) to the data owner, but not to individuals – The data owner is ultimately responsible for the breach – The parties can agree by contract on who will perform notification duties and functions • The parties can agree about who will be financially responsible for the breach – This might include: notification costs, legal costs (indemnification), investigation costs (such as IT forensic firms), and reputational costs
www.hoganlovells.com 16 Information Ownership and Control Issues • Who owns data on the cloud? • Can a cloud provider use the data for its own purposes? What if it’s de-identified or aggregated? • When and under what circumstances can the customer obtain a copy of information stored on the cloud? • When a customer leaves the cloud, what obligations does the provider have to assist in the transition? • What happens when service to the cloud is interrupted?
www.hoganlovells.com 17 How to Deal with Cloud Computing Legal Issues • Contract! Almost all issues can be dealt with contractually: – Where data can be stored – What security standards the cloud provider will adhere to • Is customer data segregated • Does the cloud conform to industry standards • Do outside auditors confirm its security practices – Who is liable for a data breach – Regulatory compliance and indemnification responsibilities – Ownership and control of information and availability and maintenance of the cloud – See the checklist for more at (hyperlink)
www.hoganlovells.com 18 What if I can’t negotiate? • Perform a cost/benefit analysis when choosing a provider – What is the reputational risk to the cloud provider if something goes wrong? • Consider the company’s current reputation for quality, compliance, and best practice – What is the reputational risk to your company if something goes wrong? • What data will you store on the cloud? • How sensitive is this data?
www.hoganlovells.com Hogan Lovells has offices in: Abu Dhabi Alicante Amsterdam Baltimore Beijing Berlin Boulder Brussels Budapest* Caracas Colorado Springs Denver Dubai Dusseldorf Frankfurt Hamburg Hanoi Ho Chi Minh City Hong Kong Houston Jeddah* London Los Angeles Madrid Miami Milan Moscow Munich New York Northern Virginia Paris Philadelphia Prague Riyadh* Rome San Francisco Shanghai Silicon Valley Singapore Tokyo Ulaanbaatar* Warsaw Washington DC Zagreb* "Hogan Lovells" or the "firm" refers to the international legal practice comprising Hogan Lovells International LLP, Hogan Lovells US LLP, Hogan Lovells Worldwide Group (a Swiss Verein), and their affiliated businesses, each of which is a separate legal entity. Hogan Lovells International LLP is a limited liability partnership registered in England and Wales with registered number OC323639. Registered office and principal place of business: Atlantic House, Holborn Viaduct, London EC1A 2FG. Hogan Lovells US LLP is a limited liability partnership registered in the District of Columbia. The word "partner" is used to refer to a member of Hogan Lovells International LLP or a partner of Hogan Lovells US LLP, or an employee or consultant with equivalent standing and qualifications, and to a partner, member, employee or consultant in any of their affiliated businesses who has equivalent standing. Rankings and quotes from legal directories and other sources may refer to the former firms of Hogan & Hartson LLP and Lovells LLP. Where case studies are included, results achieved do not guarantee similaroutcomes for other clients. New York State Notice: Attorney Advertising. © Copyright Hogan Lovells 2010. All rights reserved. * Associated offices

Empfohlen

Privacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidancePrivacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidanceAmy Purcell
 
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Financial Poise
 
Personal Data Privacy and Information Security
Personal Data Privacy and Information SecurityPersonal Data Privacy and Information Security
Personal Data Privacy and Information SecurityCharles Mok
 
Privacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
Privacy Practice Fundamentals: Understanding Compliance Regimes and RequirementsPrivacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
Privacy Practice Fundamentals: Understanding Compliance Regimes and RequirementsAnitafin
 
Getting to Accountability Karbaliotis and Patrikios-Oct 22 2015
Getting to Accountability Karbaliotis and Patrikios-Oct 22 2015Getting to Accountability Karbaliotis and Patrikios-Oct 22 2015
Getting to Accountability Karbaliotis and Patrikios-Oct 22 2015Constantine Karbaliotis
 
ALERT: Health Care Cybersecurity Reform and Regulations on the Horizon
ALERT: Health Care Cybersecurity Reform and Regulations on the HorizonALERT: Health Care Cybersecurity Reform and Regulations on the Horizon
ALERT: Health Care Cybersecurity Reform and Regulations on the HorizonPatton Boggs LLP
 
Introduction to EU General Data Protection Regulation: Planning, Implementati...
Introduction to EU General Data Protection Regulation: Planning, Implementati...Introduction to EU General Data Protection Regulation: Planning, Implementati...
Introduction to EU General Data Protection Regulation: Planning, Implementati...Financial Poise
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Financial Poise
 

Empfohlen

Privacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidancePrivacy and Data Security: Risk Management and Avoidance
Privacy and Data Security: Risk Management and AvoidanceAmy Purcell
 
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...
Cybersecurity & Data Privacy 2020 - Introduction to US Privacy and Data Secur...Financial Poise
 
Personal Data Privacy and Information Security
Personal Data Privacy and Information SecurityPersonal Data Privacy and Information Security
Personal Data Privacy and Information SecurityCharles Mok
 
Privacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
Privacy Practice Fundamentals: Understanding Compliance Regimes and RequirementsPrivacy Practice Fundamentals: Understanding Compliance Regimes and Requirements
Privacy Practice Fundamentals: Understanding Compliance Regimes and RequirementsAnitafin
 
Getting to Accountability Karbaliotis and Patrikios-Oct 22 2015
Getting to Accountability Karbaliotis and Patrikios-Oct 22 2015Getting to Accountability Karbaliotis and Patrikios-Oct 22 2015
Getting to Accountability Karbaliotis and Patrikios-Oct 22 2015Constantine Karbaliotis
 
ALERT: Health Care Cybersecurity Reform and Regulations on the Horizon
ALERT: Health Care Cybersecurity Reform and Regulations on the HorizonALERT: Health Care Cybersecurity Reform and Regulations on the Horizon
ALERT: Health Care Cybersecurity Reform and Regulations on the HorizonPatton Boggs LLP
 
Introduction to EU General Data Protection Regulation: Planning, Implementati...
Introduction to EU General Data Protection Regulation: Planning, Implementati...Introduction to EU General Data Protection Regulation: Planning, Implementati...
Introduction to EU General Data Protection Regulation: Planning, Implementati...Financial Poise
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Financial Poise
 
Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1Dione McBride, CISSP, CIPP/E
 
GDPR- GENERAL DATA PROTECTION REGULATION
GDPR- GENERAL DATA PROTECTION REGULATIONGDPR- GENERAL DATA PROTECTION REGULATION
GDPR- GENERAL DATA PROTECTION REGULATIONSaurabh Pandey
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
General Data Protection Regulation for Ops
General Data Protection Regulation for OpsGeneral Data Protection Regulation for Ops
General Data Protection Regulation for OpsKamil Rextin
 
U.S. Quarterly Privacy Update
U.S. Quarterly Privacy UpdateU.S. Quarterly Privacy Update
U.S. Quarterly Privacy UpdateTrustArc
 
Preparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must KnowPreparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must KnowIntegrate
 
GDPR Introduction and overview
GDPR Introduction and overviewGDPR Introduction and overview
GDPR Introduction and overviewJane Lambert
 
Consumer Privacy
Consumer PrivacyConsumer Privacy
Consumer PrivacyAshish Jain
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy IntroductionG Prachi
 
Cybersecurity and Data Privacy Whistleblower Protections
Cybersecurity and Data Privacy Whistleblower ProtectionsCybersecurity and Data Privacy Whistleblower Protections
Cybersecurity and Data Privacy Whistleblower ProtectionsZuckerman Law Whistleblower Protection Law Firm
 
LGPD is Here: What to know to understand compliance and enforcement action
LGPD is Here: What to know to understand compliance and enforcement actionLGPD is Here: What to know to understand compliance and enforcement action
LGPD is Here: What to know to understand compliance and enforcement actionTrustArc
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)Extentia Information Technology
 
Draft Bill on the Protection of Personal Data
Draft Bill on the Protection of Personal DataDraft Bill on the Protection of Personal Data
Draft Bill on the Protection of Personal DataRenato Monteiro
 
Cybersecurity and Data Privacy
Cybersecurity and Data PrivacyCybersecurity and Data Privacy
Cybersecurity and Data PrivacyWilmerHale
 
Gdpr and usa data privacy issues
Gdpr and usa data privacy issuesGdpr and usa data privacy issues
Gdpr and usa data privacy issuesStefan Schippers
 
*Webinar* CCPA: Get Your Business Ready
*Webinar* CCPA: Get Your Business Ready*Webinar* CCPA: Get Your Business Ready
*Webinar* CCPA: Get Your Business ReadyMoEngage Inc.
 
Francoise Gilbert Proposed EU Data Protection Regulation-20120214
Francoise Gilbert Proposed EU Data Protection Regulation-20120214Francoise Gilbert Proposed EU Data Protection Regulation-20120214
Francoise Gilbert Proposed EU Data Protection Regulation-20120214Francoise Gilbert
 
EU GDPR (training)
EU GDPR (training) EU GDPR (training)
EU GDPR (training) Elizabeth Baker, JD, CRCMP
 
Privacy and Data Protection CLE Presentation for Touro Law Center
Privacy and Data Protection CLE Presentation for Touro Law CenterPrivacy and Data Protection CLE Presentation for Touro Law Center
Privacy and Data Protection CLE Presentation for Touro Law CenterJonathan Ezor
 
Addictive manufacturing
Addictive manufacturingAddictive manufacturing
Addictive manufacturingRudi Pivetta
 
Worse than AIDS
Worse than AIDSWorse than AIDS
Worse than AIDSRubiconMedia
 
Winnable Battle Lymphatic Filariasis presentation
Winnable Battle Lymphatic Filariasis presentationWinnable Battle Lymphatic Filariasis presentation
Winnable Battle Lymphatic Filariasis presentationPublicHealthFoundation
 

Weitere ähnliche Inhalte

Was ist angesagt?

Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1Dione McBride, CISSP, CIPP/E
 
GDPR- GENERAL DATA PROTECTION REGULATION
GDPR- GENERAL DATA PROTECTION REGULATIONGDPR- GENERAL DATA PROTECTION REGULATION
GDPR- GENERAL DATA PROTECTION REGULATIONSaurabh Pandey
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
General Data Protection Regulation for Ops
General Data Protection Regulation for OpsGeneral Data Protection Regulation for Ops
General Data Protection Regulation for OpsKamil Rextin
 
U.S. Quarterly Privacy Update
U.S. Quarterly Privacy UpdateU.S. Quarterly Privacy Update
U.S. Quarterly Privacy UpdateTrustArc
 
Preparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must KnowPreparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must KnowIntegrate
 
GDPR Introduction and overview
GDPR Introduction and overviewGDPR Introduction and overview
GDPR Introduction and overviewJane Lambert
 
Consumer Privacy
Consumer PrivacyConsumer Privacy
Consumer PrivacyAshish Jain
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy IntroductionG Prachi
 
LGPD is Here: What to know to understand compliance and enforcement action
LGPD is Here: What to know to understand compliance and enforcement actionLGPD is Here: What to know to understand compliance and enforcement action
LGPD is Here: What to know to understand compliance and enforcement actionTrustArc
 
Draft Bill on the Protection of Personal Data
Draft Bill on the Protection of Personal DataDraft Bill on the Protection of Personal Data
Draft Bill on the Protection of Personal DataRenato Monteiro
 
Cybersecurity and Data Privacy
Cybersecurity and Data PrivacyCybersecurity and Data Privacy
Cybersecurity and Data PrivacyWilmerHale
 
Gdpr and usa data privacy issues
Gdpr and usa data privacy issuesGdpr and usa data privacy issues
Gdpr and usa data privacy issuesStefan Schippers
 
*Webinar* CCPA: Get Your Business Ready
*Webinar* CCPA: Get Your Business Ready*Webinar* CCPA: Get Your Business Ready
*Webinar* CCPA: Get Your Business ReadyMoEngage Inc.
 
Francoise Gilbert Proposed EU Data Protection Regulation-20120214
Francoise Gilbert Proposed EU Data Protection Regulation-20120214Francoise Gilbert Proposed EU Data Protection Regulation-20120214
Francoise Gilbert Proposed EU Data Protection Regulation-20120214Francoise Gilbert
 
Privacy and Data Protection CLE Presentation for Touro Law Center
Privacy and Data Protection CLE Presentation for Touro Law CenterPrivacy and Data Protection CLE Presentation for Touro Law Center
Privacy and Data Protection CLE Presentation for Touro Law CenterJonathan Ezor
 

Was ist angesagt? (19)

Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1
 
GDPR- GENERAL DATA PROTECTION REGULATION
GDPR- GENERAL DATA PROTECTION REGULATIONGDPR- GENERAL DATA PROTECTION REGULATION
GDPR- GENERAL DATA PROTECTION REGULATION
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data Security
 
General Data Protection Regulation for Ops
General Data Protection Regulation for OpsGeneral Data Protection Regulation for Ops
General Data Protection Regulation for Ops
 
U.S. Quarterly Privacy Update
U.S. Quarterly Privacy UpdateU.S. Quarterly Privacy Update
U.S. Quarterly Privacy Update
 
Preparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must KnowPreparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must Know
 
GDPR Introduction and overview
GDPR Introduction and overviewGDPR Introduction and overview
GDPR Introduction and overview
 
Consumer Privacy
Consumer PrivacyConsumer Privacy
Consumer Privacy
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy Introduction
 
Cybersecurity and Data Privacy Whistleblower Protections
Cybersecurity and Data Privacy Whistleblower ProtectionsCybersecurity and Data Privacy Whistleblower Protections
Cybersecurity and Data Privacy Whistleblower Protections
 
LGPD is Here: What to know to understand compliance and enforcement action
LGPD is Here: What to know to understand compliance and enforcement actionLGPD is Here: What to know to understand compliance and enforcement action
LGPD is Here: What to know to understand compliance and enforcement action
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
 
Draft Bill on the Protection of Personal Data
Draft Bill on the Protection of Personal DataDraft Bill on the Protection of Personal Data
Draft Bill on the Protection of Personal Data
 
Cybersecurity and Data Privacy
Cybersecurity and Data PrivacyCybersecurity and Data Privacy
Cybersecurity and Data Privacy
 
Gdpr and usa data privacy issues
Gdpr and usa data privacy issuesGdpr and usa data privacy issues
Gdpr and usa data privacy issues
 
*Webinar* CCPA: Get Your Business Ready
*Webinar* CCPA: Get Your Business Ready*Webinar* CCPA: Get Your Business Ready
*Webinar* CCPA: Get Your Business Ready
 
Francoise Gilbert Proposed EU Data Protection Regulation-20120214
Francoise Gilbert Proposed EU Data Protection Regulation-20120214Francoise Gilbert Proposed EU Data Protection Regulation-20120214
Francoise Gilbert Proposed EU Data Protection Regulation-20120214
 
EU GDPR (training)
EU GDPR (training) EU GDPR (training)
EU GDPR (training)
 
Privacy and Data Protection CLE Presentation for Touro Law Center
Privacy and Data Protection CLE Presentation for Touro Law CenterPrivacy and Data Protection CLE Presentation for Touro Law Center
Privacy and Data Protection CLE Presentation for Touro Law Center
 

Andere mochten auch

Addictive manufacturing
Addictive manufacturingAddictive manufacturing
Addictive manufacturingRudi Pivetta
 
Winnable Battle Lymphatic Filariasis presentation
Winnable Battle Lymphatic Filariasis presentationWinnable Battle Lymphatic Filariasis presentation
Winnable Battle Lymphatic Filariasis presentationPublicHealthFoundation
 
Privacy Concerns and Cloud Computing
Privacy Concerns and Cloud ComputingPrivacy Concerns and Cloud Computing
Privacy Concerns and Cloud ComputingAIIM International
 
Security and Privacy in Cloud Computing - a High-level view
Security and Privacy in Cloud Computing - a High-level viewSecurity and Privacy in Cloud Computing - a High-level view
Security and Privacy in Cloud Computing - a High-level viewragibhasan
 
Addictive printing or 3d printing
Addictive printing or 3d printingAddictive printing or 3d printing
Addictive printing or 3d printingSHUBHAM MORGAONKAR
 
Grow your business by shaping the human impacts of technology
Grow your business by shaping the human impacts of technologyGrow your business by shaping the human impacts of technology
Grow your business by shaping the human impacts of technologyMichael Siepmann, Ph.D.
 
Neglected Tropical Diseases
Neglected Tropical DiseasesNeglected Tropical Diseases
Neglected Tropical Diseaseselizabethorczy
 
Security & Privacy In Cloud Computing
Security & Privacy In Cloud ComputingSecurity & Privacy In Cloud Computing
Security & Privacy In Cloud Computingsaurabh soni
 
Lecture01: Introduction to Security and Privacy in Cloud Computing
Lecture01: Introduction to Security and Privacy in Cloud ComputingLecture01: Introduction to Security and Privacy in Cloud Computing
Lecture01: Introduction to Security and Privacy in Cloud Computingragibhasan
 
Elephantiasis.ppt
Elephantiasis.pptElephantiasis.ppt
Elephantiasis.pptShama
 
Lymphatic Filariasis
Lymphatic FilariasisLymphatic Filariasis
Lymphatic Filariasisnyang126
 
Lymphatic filariasis
Lymphatic filariasisLymphatic filariasis
Lymphatic filariasispushpamanjari
 

Andere mochten auch (20)

Addictive manufacturing
Addictive manufacturingAddictive manufacturing
Addictive manufacturing
 
Worse than AIDS
Worse than AIDSWorse than AIDS
Worse than AIDS
 
Winnable Battle Lymphatic Filariasis presentation
Winnable Battle Lymphatic Filariasis presentationWinnable Battle Lymphatic Filariasis presentation
Winnable Battle Lymphatic Filariasis presentation
 
Privacy Concerns and Cloud Computing
Privacy Concerns and Cloud ComputingPrivacy Concerns and Cloud Computing
Privacy Concerns and Cloud Computing
 
Security and Privacy in Cloud Computing - a High-level view
Security and Privacy in Cloud Computing - a High-level viewSecurity and Privacy in Cloud Computing - a High-level view
Security and Privacy in Cloud Computing - a High-level view
 
Addictive printing or 3d printing
Addictive printing or 3d printingAddictive printing or 3d printing
Addictive printing or 3d printing
 
Grow your business by shaping the human impacts of technology
Grow your business by shaping the human impacts of technologyGrow your business by shaping the human impacts of technology
Grow your business by shaping the human impacts of technology
 
Cloud Computing & Security Concerns
Cloud Computing & Security ConcernsCloud Computing & Security Concerns
Cloud Computing & Security Concerns
 
Elephantiasis
ElephantiasisElephantiasis
Elephantiasis
 
Neglected Tropical Diseases
Neglected Tropical DiseasesNeglected Tropical Diseases
Neglected Tropical Diseases
 
Filariasis
FilariasisFilariasis
Filariasis
 
Elephantiasis
ElephantiasisElephantiasis
Elephantiasis
 
Security & Privacy In Cloud Computing
Security & Privacy In Cloud ComputingSecurity & Privacy In Cloud Computing
Security & Privacy In Cloud Computing
 
Lecture01: Introduction to Security and Privacy in Cloud Computing
Lecture01: Introduction to Security and Privacy in Cloud ComputingLecture01: Introduction to Security and Privacy in Cloud Computing
Lecture01: Introduction to Security and Privacy in Cloud Computing
 
Elephantiasis.ppt
Elephantiasis.pptElephantiasis.ppt
Elephantiasis.ppt
 
Lymphatic Filariasis jp
Lymphatic Filariasis jpLymphatic Filariasis jp
Lymphatic Filariasis jp
 
Lymphatic Filariasis
Lymphatic FilariasisLymphatic Filariasis
Lymphatic Filariasis
 
Filariasis
FilariasisFilariasis
Filariasis
 
Filarias
FilariasFilarias
Filarias
 
Lymphatic filariasis
Lymphatic filariasisLymphatic filariasis
Lymphatic filariasis
 

Ähnlich wie Cloud primer

Privacy issues in data analytics
Privacy issues in data analyticsPrivacy issues in data analytics
Privacy issues in data analyticsshekharkanodia
 
Data Privacy Trends in 2021: Compliance with New Regulations
Data Privacy Trends in 2021: Compliance with New RegulationsData Privacy Trends in 2021: Compliance with New Regulations
Data Privacy Trends in 2021: Compliance with New RegulationsPECB
 
Data breach protection from a DB2 perspective
Data breach protection from a DB2 perspectiveData breach protection from a DB2 perspective
Data breach protection from a DB2 perspectiveCraig Mullins
 
12 02-14 information security managers - unannotated
12 02-14 information security managers - unannotated12 02-14 information security managers - unannotated
12 02-14 information security managers - unannotatedwdsnead
 
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...Diana Maier
 
Crash Course on Data Privacy (December 2012)
Crash Course on Data Privacy (December 2012)Crash Course on Data Privacy (December 2012)
Crash Course on Data Privacy (December 2012)Jason Haislmaier
 
Impact of GDPR on Canada May 2016 - Presented at IAPP Canada Symposium
Impact of GDPR on Canada May 2016 - Presented at IAPP Canada SymposiumImpact of GDPR on Canada May 2016 - Presented at IAPP Canada Symposium
Impact of GDPR on Canada May 2016 - Presented at IAPP Canada SymposiumConstantine Karbaliotis
 
How to Leverage Your GDPR Compliance for CCPA, Privacy Shield & More New Requ...
How to Leverage Your GDPR Compliance for CCPA, Privacy Shield & More New Requ...How to Leverage Your GDPR Compliance for CCPA, Privacy Shield & More New Requ...
How to Leverage Your GDPR Compliance for CCPA, Privacy Shield & More New Requ...TrustArc
 
Trending Topics in Data Collection & Targeted Marketing
Trending Topics in Data Collection & Targeted MarketingTrending Topics in Data Collection & Targeted Marketing
Trending Topics in Data Collection & Targeted MarketingcdasLLP
 
Keeping Information Safe: Privacy and Security Issues
Keeping Information Safe: Privacy and Security IssuesKeeping Information Safe: Privacy and Security Issues
Keeping Information Safe: Privacy and Security Issuesipspat
 
Introduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsIntroduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsFinancial Poise
 
EU-US Privacy Shield - Safe Harbor Replacement
EU-US Privacy Shield - Safe Harbor ReplacementEU-US Privacy Shield - Safe Harbor Replacement
EU-US Privacy Shield - Safe Harbor ReplacementGACC_Midwest
 
Technology Law: Regulations on the Internet and Emerging Technologies
Technology Law: Regulations on the Internet and Emerging TechnologiesTechnology Law: Regulations on the Internet and Emerging Technologies
Technology Law: Regulations on the Internet and Emerging TechnologiesInfinity Software Solutions
 
Technology Law: Regulations on the Internet and Emerging Technologies
Technology Law: Regulations on the Internet and Emerging TechnologiesTechnology Law: Regulations on the Internet and Emerging Technologies
Technology Law: Regulations on the Internet and Emerging TechnologiesInfinity Software Solutions
 
Data Confidentiality, Security and Recent Changes to the ABA Model Rules
Data Confidentiality, Security and Recent Changes to the ABA Model RulesData Confidentiality, Security and Recent Changes to the ABA Model Rules
Data Confidentiality, Security and Recent Changes to the ABA Model Rulessaurnou
 
Privacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the RiskPrivacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the Riskduffeeandeitzen
 
Examples of international privacy legislation
Examples of international privacy legislationExamples of international privacy legislation
Examples of international privacy legislationUlf Mattsson
 
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Shawn Tuma
 
2019-06-11 What New US State Laws Mean For Your Business
2019-06-11 What New US State Laws Mean For Your Business2019-06-11 What New US State Laws Mean For Your Business
2019-06-11 What New US State Laws Mean For Your BusinessTrustArc
 

Ähnlich wie Cloud primer (20)

Privacy issues in data analytics
Privacy issues in data analyticsPrivacy issues in data analytics
Privacy issues in data analytics
 
Data Privacy Trends in 2021: Compliance with New Regulations
Data Privacy Trends in 2021: Compliance with New RegulationsData Privacy Trends in 2021: Compliance with New Regulations
Data Privacy Trends in 2021: Compliance with New Regulations
 
Data breach protection from a DB2 perspective
Data breach protection from a DB2 perspectiveData breach protection from a DB2 perspective
Data breach protection from a DB2 perspective
 
12 02-14 information security managers - unannotated
12 02-14 information security managers - unannotated12 02-14 information security managers - unannotated
12 02-14 information security managers - unannotated
 
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
Privacy Best Practices for Lawyers: What Every Law Practice Needs to Know Abo...
 
Crash Course on Data Privacy (December 2012)
Crash Course on Data Privacy (December 2012)Crash Course on Data Privacy (December 2012)
Crash Course on Data Privacy (December 2012)
 
Impact of GDPR on Canada May 2016 - Presented at IAPP Canada Symposium
Impact of GDPR on Canada May 2016 - Presented at IAPP Canada SymposiumImpact of GDPR on Canada May 2016 - Presented at IAPP Canada Symposium
Impact of GDPR on Canada May 2016 - Presented at IAPP Canada Symposium
 
How to Leverage Your GDPR Compliance for CCPA, Privacy Shield & More New Requ...
How to Leverage Your GDPR Compliance for CCPA, Privacy Shield & More New Requ...How to Leverage Your GDPR Compliance for CCPA, Privacy Shield & More New Requ...
How to Leverage Your GDPR Compliance for CCPA, Privacy Shield & More New Requ...
 
Trending Topics in Data Collection & Targeted Marketing
Trending Topics in Data Collection & Targeted MarketingTrending Topics in Data Collection & Targeted Marketing
Trending Topics in Data Collection & Targeted Marketing
 
Cloud Security Law Issues--an Overview
Cloud Security Law Issues--an OverviewCloud Security Law Issues--an Overview
Cloud Security Law Issues--an Overview
 
Keeping Information Safe: Privacy and Security Issues
Keeping Information Safe: Privacy and Security IssuesKeeping Information Safe: Privacy and Security Issues
Keeping Information Safe: Privacy and Security Issues
 
Introduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsIntroduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and Requirements
 
EU-US Privacy Shield - Safe Harbor Replacement
EU-US Privacy Shield - Safe Harbor ReplacementEU-US Privacy Shield - Safe Harbor Replacement
EU-US Privacy Shield - Safe Harbor Replacement
 
Technology Law: Regulations on the Internet and Emerging Technologies
Technology Law: Regulations on the Internet and Emerging TechnologiesTechnology Law: Regulations on the Internet and Emerging Technologies
Technology Law: Regulations on the Internet and Emerging Technologies
 
Technology Law: Regulations on the Internet and Emerging Technologies
Technology Law: Regulations on the Internet and Emerging TechnologiesTechnology Law: Regulations on the Internet and Emerging Technologies
Technology Law: Regulations on the Internet and Emerging Technologies
 
Data Confidentiality, Security and Recent Changes to the ABA Model Rules
Data Confidentiality, Security and Recent Changes to the ABA Model RulesData Confidentiality, Security and Recent Changes to the ABA Model Rules
Data Confidentiality, Security and Recent Changes to the ABA Model Rules
 
Privacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the RiskPrivacy and Technology in Your Practice: Why it Matters & Where is the Risk
Privacy and Technology in Your Practice: Why it Matters & Where is the Risk
 
Examples of international privacy legislation
Examples of international privacy legislationExamples of international privacy legislation
Examples of international privacy legislation
 
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
Cybersecurity Legal and Compliance Issues Business & IT Leaders Must Know -- ...
 
2019-06-11 What New US State Laws Mean For Your Business
2019-06-11 What New US State Laws Mean For Your Business2019-06-11 What New US State Laws Mean For Your Business
2019-06-11 What New US State Laws Mean For Your Business
 

Kürzlich hochgeladen

(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 

Kürzlich hochgeladen (20)

(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 

Cloud primer

  • 1. Cloud Computing: A Primer on Legal Issues, Including Privacy and Data Security Concerns Privacy and Information Management Practice / Washington, DC
  • 2. www.hoganlovells.com 2 Disclaimer • THIS PRESENTATION IS TO ASSIST IN A GENERAL UNDERSTANDING OF THE LEGAL ISSUES SURROUNDING CLOUD COMPUTING. IT IS NOT INTENDED, NOR SHOULD IT BE REGARDED, AS LEGAL ADVICE. COMPANIES OR INDIVIDUALS CONTEMPLATING ENTRY INTO A CLOUD COMPUTING CONTRACT OR HAVING PARTICULAR QUESTIONS SHOULD SEEK THE ADVICE OF COUNSEL.
  • 3. www.hoganlovells.com 3 Overview • Privacy and Data Security Concerns • Privacy and Data Security Laws and Regulations – Federal Laws • Compelled Governmental Disclosure • Data Security and Breach Issues • Section 5 of the FTC Act – State Laws • Data Security Issues • Data Breach Issues • Data Breaches/Breach Responsibility • Information Ownership and Control • How Cloud Customers Can Manage Risk
  • 4. www.hoganlovells.com 4 Privacy and Data Security Concerns • Major cloud computing privacy concerns: – Compelled disclosure to the government • Information stored on the cloud is subject to different protections than information stored in-house – Data security and disclosure of breaches • Generally, how does a cloud provider protect a customer’s data? • When the law imposes data security requirements on a customer, how can the customer ensure its compliance when storing information on the cloud? • If the cloud’s security is breached, must the cloud give notice of the breach? – Transfer of, access to, and retention of data • Will companies and consumers have access to data on the cloud? Can the cloud confirm the destruction of data or return it? – Location of data • The physical location of the server storing the data may have legal implications – Consumer notice and choice • For companies who will store consumers’ data on the cloud
  • 5. www.hoganlovells.com 5 Privacy and Data Security Laws and Regulations • Compelled disclosure to the government – Electronic Communications Privacy Act (ECPA); Stored Communications Act (SCA) – USA Patriot Act (including National Security Letters; FISA warrants) – Warrants and Subpoenas Generally • Data security issues and data breach notification – Family Educational Rights and Privacy Act (FERPA) – Gramm-Leach-Bliley Act (GLBA) – Health Insurance Portability and Accountability Act (HIPAA) – Health Information Technology for Economic and Clinical Health (HITECH) Act – Sarbanes Oxley – State Laws and Regulations – Section 5 of the FTC Act (for companies who will store consumer information on the cloud)
  • 6. www.hoganlovells.com 6 Compelled Disclosure to the Government – ECPA (Including SCA) • Enacted in 1986 – No one was thinking of cloud computing • Protects electronic communications while in transit and while held in storage from disclosure – Gives different levels of protection to electronic data based on outdated distinctions like whether it is stored in ―electronic storage,‖ or by a ―remote computing service‖ and how old the data is – For example, information stored on a ―remote computing service‖ that is older than 180 days is subject to Gov’t search with just an administrative subpoena • Problems arise with how to characterize cloud computing activity
  • 7. www.hoganlovells.com 7 Compelled Disclosure to the Government – USA Patriot Act • Originally enacted in 2001, amended in 2005 • Allows FBI access to certain business records with a court order • Also provides for use of National Security Letters (form of administrative subpoena) to obtain records • The law limits the ability of cloud providers to reveal that they received an order – Cloud users may not even know about a disclosure
  • 8. www.hoganlovells.com 8 Data Security Issues – Federal Laws, Regulations, and Standards • Federal laws & regulations: – Certain Federal laws and regulations impose industry-specific data security and/or breach notification obligations • Financial institutions (GLBA) • Educational institutions (FERPA) • Health care (HIPAA and HITECH) • Publicly traded companies (SOX) – Generally, an entity cannot contract away its obligation to comply with these industry-specific regimes – Some of these statutes, however, require an entity to pass these obligations to cloud providers by contract • Federal administrative guidance – White House CIO Council, which released data security guidelines for federal agency use of cloud computing and • Industry standards – Payment Card Industry Data Security Standards (PCI DSS) for credit card data
  • 9. www.hoganlovells.com 9 White House CIO Council – Federal Administrative Guidance • Released as a draft on November 2, 2010 – Final version to be released after public comments • Produced by the Federal Risk and Authorization Management Program (FedRAMP) – Interagency effort aimed at consolidating risk management activities related to cloud computing • Proposes standards for cloud computing – Common security baseline – Continuous monitoring
  • 10. www.hoganlovells.com 10 Data Security Issues – Federal Laws, Regulations, and Standards (continued) • Some cloud service providers offer ―take it or leave it contracts‖ • Some cloud providers offer no transparency into their security programs • Without notice, transparency and communication, it may be impossible for a cloud user to know if it’s complying with data security and breach notification requirements imposed by federal statutes and regulations
  • 11. www.hoganlovells.com 11 Section 5 of the FTC Act (if applicable)—Will the FTC Take Lead on Privacy and Security in the Cloud? • The FTC has not done a lot in the cloud computing area • The FTC’s December 2010 draft report on privacy highlighted cloud computing as one of the technologies that makes changes to the existing privacy framework necessary – But it does not offer prescriptive advice for what sort of notice and choice must be given to consumers by entities who store consumer information on the cloud • However, entities that store consumer information on the cloud face the threat of FTC enforcement if their representations to consumers about where and how information is stored and secured do not match their actual practices
  • 12. www.hoganlovells.com 12 Data Security Issues – State Laws • Many states also impose data security requirements on entities operating in the state or who hold data about state residents – State data protection laws – State data breach laws • Much like the federal statutes discussed, some state laws obligate entities to receive contractual guarantees that technology vendors will provide adequate information security
  • 13. www.hoganlovells.com 13 State Laws: Massachusetts • Massachusetts has an extensive data security legal regime • Regulations provide that businesses must ―take reasonable steps to select and retain‖ third-party service providers • Regulators have not clarified or explained what this means – It potentially could be read to impose an audit or assessment requirement before a business can use a cloud provider
  • 14. www.hoganlovells.com 14 State Laws: Data Breach Notification • Data breach notification – 46 states, DC, Puerto Rico, and the U.S. Virgin Islands have data breach notification statutes for breaches of sensitive information – State law varies: 37 states have some risk of harm threshold; each state has its own definition of protected information – Usually requires notification of all affected individuals if sensitive information is lost or exposed in a manner that creates a risk of identity theft – Notification must be made in a reasonable period of time, though in certain circumstances may be delayed by a government investigation into the breach
  • 15. www.hoganlovells.com 15 Data Breach Responsibility • Under state data breach laws, the data host (cloud provider) is responsible for breach notification (hacking, lost data, unauthorized access) to the data owner, but not to individuals – The data owner is ultimately responsible for the breach – The parties can agree by contract on who will perform notification duties and functions • The parties can agree about who will be financially responsible for the breach – This might include: notification costs, legal costs (indemnification), investigation costs (such as IT forensic firms), and reputational costs
  • 16. www.hoganlovells.com 16 Information Ownership and Control Issues • Who owns data on the cloud? • Can a cloud provider use the data for its own purposes? What if it’s de-identified or aggregated? • When and under what circumstances can the customer obtain a copy of information stored on the cloud? • When a customer leaves the cloud, what obligations does the provider have to assist in the transition? • What happens when service to the cloud is interrupted?
  • 17. www.hoganlovells.com 17 How to Deal with Cloud Computing Legal Issues • Contract! Almost all issues can be dealt with contractually: – Where data can be stored – What security standards the cloud provider will adhere to • Is customer data segregated • Does the cloud conform to industry standards • Do outside auditors confirm its security practices – Who is liable for a data breach – Regulatory compliance and indemnification responsibilities – Ownership and control of information and availability and maintenance of the cloud – See the checklist for more at (hyperlink)
  • 18. www.hoganlovells.com 18 What if I can’t negotiate? • Perform a cost/benefit analysis when choosing a provider – What is the reputational risk to the cloud provider if something goes wrong? • Consider the company’s current reputation for quality, compliance, and best practice – What is the reputational risk to your company if something goes wrong? • What data will you store on the cloud? • How sensitive is this data?
  • 19. www.hoganlovells.com Hogan Lovells has offices in: Abu Dhabi Alicante Amsterdam Baltimore Beijing Berlin Boulder Brussels Budapest* Caracas Colorado Springs Denver Dubai Dusseldorf Frankfurt Hamburg Hanoi Ho Chi Minh City Hong Kong Houston Jeddah* London Los Angeles Madrid Miami Milan Moscow Munich New York Northern Virginia Paris Philadelphia Prague Riyadh* Rome San Francisco Shanghai Silicon Valley Singapore Tokyo Ulaanbaatar* Warsaw Washington DC Zagreb* "Hogan Lovells" or the "firm" refers to the international legal practice comprising Hogan Lovells International LLP, Hogan Lovells US LLP, Hogan Lovells Worldwide Group (a Swiss Verein), and their affiliated businesses, each of which is a separate legal entity. Hogan Lovells International LLP is a limited liability partnership registered in England and Wales with registered number OC323639. Registered office and principal place of business: Atlantic House, Holborn Viaduct, London EC1A 2FG. Hogan Lovells US LLP is a limited liability partnership registered in the District of Columbia. The word "partner" is used to refer to a member of Hogan Lovells International LLP or a partner of Hogan Lovells US LLP, or an employee or consultant with equivalent standing and qualifications, and to a partner, member, employee or consultant in any of their affiliated businesses who has equivalent standing. Rankings and quotes from legal directories and other sources may refer to the former firms of Hogan & Hartson LLP and Lovells LLP. Where case studies are included, results achieved do not guarantee similaroutcomes for other clients. New York State Notice: Attorney Advertising. © Copyright Hogan Lovells 2010. All rights reserved. * Associated offices