Information Security and Privacy - Challenges and Outlook

Data protection concerns have been identified as one of the most serious barriers for the deployment and development of cloud computing. 1 There is a general lack of regulation and policy on a European (EU) level. The Data Protection Directive (DPD) is currently under revision and will be replaced with a regulation in the near future.

ECOEI V, 2019

The Edward Snowdens June 2013 leaks of United States National Security Agency (NSA) documents unsettled the global community of internet users, Governments and the Civil Society at large. At the heart of Snowdens leaks was the NSA top-secret PRISM programs that the NSA was using to obtained mass users data through direct access to the systems of Google, Facebook, Apple and other US internet service providers. Complicit with the NSA PRISM program was UKs General Communications Headquarters or GCHQ through its own covert mass data collection program TEMPORA. Google, Facebook and Microsoft etc. denied their complicity in the PRISM program. Verizon came forward and revealed that the communications that were being targeted by the PRISM did not just stop at the metadata rather it also collected the contents of the specifically targeted data subject. It can be argued that the US and UK intelligence communities were responding to the emerging threats of “Global terrorism”. The PRISM program was working under the US Legislation of FAA or the FISA Amendments Act. The Foreign Intelligence Surveillance Act (FISA) of 1978 Amendments Act of 2008 allowed the US intelligence agencies to collect mass data for surveillance without any Court Orders or seeking the cooperation of the internet service providers. It can be stated with confidence that the present day European Unions May 2018 General Data Protection regulation (GDPR) and USAs Clarifying Overseas Use of Data (CLOUD) Act March 2018 are the culmination of a series of legal battles on both sides to tackle the uncertainties that occurred with the lawful handling of Big Data. This paper seeks to review the brief history of both the legal instruments and how these two competing laws would affect the future handling of personal data for those using internet technologies. The international reach of both the laws makes them unique as the Supra-National nature of both the laws aims to satisfy the prescribed needs of EU and USA only. We will also focus our attention to the possible tension that these laws create for the subject of these laws, the individual or the data-subjects whose data is the focal point these laws. It is ubmitted that both EU GDPR and USAs CLOUD Act have far reaching social and legal implications on how the internet use and the development of its technologies proceeds in the future.

Computer Law & Security Review, 2015

Privacy Technologies and Policy, 2018

The EU's General Data Protection Regulation is poised to present major challenges in bridging the gap between law and technology. This paper reports on a workshop on the deployment, content and design of the GDPR that brought together academics, practitioners, civil-society actors, and regulators from the EU and the US. Discussions aimed at advancing current knowledge on the use of abstract legal terms in the context of applied technologies together with best practices following state of the art technologies. Five themes were discussed: state of the art, consent, de-identification, transparency, and development and deployment practices. Four traversal conflicts were identified, and research recommendations were outlined to reconcile these conflicts.

Journal of Contemporary European Research, 2010

The key functional operability in the pre-Lisbon PJCCM pillar of the EU is the exchange of intelligence and information amongst the law enforcement bodies of the EU. The twin issues of data protection and data security within what was the EU’s third pillar legal framework therefore come to the fore. With the Lisbon Treaty reform of the EU, and the increased role of the Commission in PJCCM policy areas, and the integration of the PJCCM provisions with what have traditionally been the pillar I activities of Frontex, the opportunity for streamlining the data protection and data security provisions of the law enforcement bodies of the post-Lisbon EU arises. This is recognised by the Commission in their drafting of an amending regulation for Frontex , when they say that they would prefer “to return to the question of personal data in the context of the overall strategy for information exchange to be presented later this year and also taking into account the reflection to be carried out o...

2017

2022

The workshop on Restrictions in the Implementation of EU Data Protection Directive for Public Interest, Security and Defence, was the second of the two problem-solving workshops to be held in the HIDE project. This one-and-a-half-day workshop took place at Grand Hotel Union – Hotel and Conference Centre, Miklošičeva 1, Ljubljana, Slovenia on 17-18 September 2009. The workshop was organized by the Laboratory of Artificial Perception, Systems and Cybernetics, Faculty of Electrical Engineering, University of Ljubljana, in cooperation with the Centre for Science, Society and Citizenship (CSSC), Italy. This paper summarizes the results of the workshop.

Florida Law Review, 2019

This Article questions the widespread contention that recent updates to European Union (EU) data protection law will drive a disruptive wedge between EU and United States (U.S.) data privacy regimes. Europe's General Data Protection Regulation (GDPR), which took effect in May 2018, gives all EU citizens easier access to their data, a right to portability, a right to be forgotten, and a right to learn when their data has been hacked. These mandatory privacy protections apply to non-EU companies that offer goods or services to EU consumers, whether through a subsidiary or a website. The "Brussels Effect" hypothesis projects a "race to the top" as multinational entities find it easier to adopt the most stringent data protection standards worldwide, rather than satisfying divergent data privacy rules. The GDPR is said to be a prime example of the Brussels Effect because of its aggressive extraterritorial scope that unilaterally imposes EU law on U.S. entities. This Article acknowledges a Brussels Effect, but there is also an overlooked "D.C. Effect" reflected in the GDPR's adoption of many U.S. data privacy innovations. The GDPR imports long-established U.S. tort concepts for the first time into European privacy law, including deterrence-based fines, collective redress, wealth-based punishment, and arming data subjects with the right to initiate public enforcement. Under the GDPR, the EU Commission adopted "Privacy by Design" and security breach notification obligations, innovations pioneered in the U.S. The net effect of the GDPR is a bilateral transatlantic privacy convergence, which is rapidly evolving into a global data privacy 1. The authors would like to acknowledge the support, encouragement, and ideas of

Kiteworks, 2024

Today, the protection of sensitive content has become more critical than ever. As organizations increasingly rely on digital communication and collaboration and their third-party ecosystems grow, the risks associated with data breaches continue to escalate. Our report highlights the trends and challenges that organizations must navigate to ensure the security and compliance of their sensitive content. Malicious events from the past year ratcheted up risks associated with third parties and the software supply chain (e.g., the MOVEit and GoAnywhere managed file transfer data breaches). Accordingly, Verizon, in its 2024 Data Breach Investigations Report (DBIR), highlighted a staggering 68% increase in data breaches connected to third parties, which now account for 15% of all incidents. At the same time, personal data is the target of most cyberattacks, leading government and industry bodies to double-down on instituting additional data privacy regulations—all which makes data security and compliance increasingly more complex and difficult to achieve. On that note, as cross-analysis of our survey data shows, proliferation of communication tools used to send and share sensitive content, as well as a continued broad universe of third parties with which sensitive content is exchanged, remain critical risk factors. Failure to vet communication tools to ensure they employ advanced security capabilities is also a salient takeaway in the survey findings. Ultimately, the proof is in the survey “pudding”: Data breach rates and litigation costs are significantly higher for organizations that rely on higher numbers of communication tools, exchange sensitive content with larger numbers of third parties, and fail to employ advanced security technologies. While we are certainly a bit biased, we believe the Kiteworks Private Content Network can help organizations overcome these challenges—safeguarding email and file data communications while enabling organizations to demonstrate compliance with various data privacy and cybersecurity compliance mandates. We hope you find the data insights and takeaways in this year’s report informative and actionable. And as always, we welcome your comments and suggestions.