Thứ Bảy, 26 tháng 5, 2018

News on Youtube May 26 2018

I especially want to thank you for designating India, Brazil and now Japan

as violative of the Sean and David Goldman International Child Parental Abduction and Return Act

Japan is notorious for not returning American children, including American servicemembers' children

and your Department now has taken that step, which previously was not done

to say they are non-compliant with the Goldman Act

and I deeply appreciate that and I hope there will be follow on sanctions with that.

For more infomation >> US Congress requesting sanctions vs Japan to State Secretary Mike Pompeo - Duration: 0:35.

-------------------------------------------

GDPR Impact on Organizations in Canada and the United States - Duration: 10:37.

Will Canadians and Americans demand that our governments make businesses

offer privacy protections similar to GDPR? New research reveals...

GDPR impact on businesses in Canada and the United States. The is a Cyverity report and a

special edition of Threat Actions This Week. GDPR, of course, is the general

data protection regulation and it went live as of May 25th 2018. OK let's look

at the nine rights that individuals now have in Europe and the businesses need

to comply with in Canada and the United States if you are collecting processing

or otherwise using personal data from Europeans or about Europeans. So let's go

through the nine rights really quickly and then I'll just highlight some of the

real differences that we're seeing. Number one is the right to be informed. To

know what data you have about me. The right to correct my data to rectify any

errors in the data that you have about me. The right to be forgotten to ask you

to delete personal data that you have about me. The right to restrict or limit

how you use my data. The right to be notified. To let me know if you've

corrected deleted or have otherwise complied with my request. The right to

data portability. To allow me to take my data from your business somewhere else.

The right to object. To tell you to stop using my data in the way that you might

be or to stop collecting that data. The right to limit profiling. To not have my

data, the data about me, segmented into buckets based on your algorithms. OK so

what are the really big changes here because some of this we already sort of

have when we look at our own American or Canadian privacy legislation. There are

differences though. The right to be forgotten absolutely a big change and

that could be costly for organizations as you cull through your data to pull

out the historical records of customers and delete those records. The right to

date a portability. This one can't be underestimated. As

you're investing in the relationship between you and your customers that

customer has the right to remove their data from your system and bring it over

to someone else's system. In other words it's their data not your data. So that's

a pretty big change and something again not to underestimate. Now here's one that

hasn't received as much attention as I think it should have. You have the right

to limit profiling now as artificial intelligence gets better and better and

as there's new ways to correlate all different kinds of information there's

all sorts of new business models new trends that haven't even been thought of

yet when we think about how artificial intelligence is going to be

fundamentally reshaping the interaction between business and customers how it's

going to be forming new communities well as an individual in Europe I have the

right to tell you to not profile me in certain ways can the long arm of the law

of the European Union really extend across the ocean and reach my

organization well the short answer is yes a court ruling in the European Union

absolutely can take effect in Canada or the United States will a set of privacy

rights as strong as those in effect for European soon safeguard North Americans

if we take popular opinion as a guide to how lawmakers may react let's find out

what five hundred people from across the continent think this survey was

conducted as of May 23rd 2018 all right here's the question should the United

States government make businesses give you more control of your own private

data like GDP our will for Europeans and that same question was posed for

Canadians about the Canadian government the options they have are yes no or

don't know Canada I'll get to the results in just a minute let's start

with the United States only 12% say no if it wasn't for the big news of

late about Cambridge analytic ah and Facebook I'd find the sentiment

counterintuitive I thought Americans opted for less

government not quite libertarian but not this lowest twelve percent of the

population so how many Americans said yes they do want more legislated privacy

protection 42% of Americans said yes well that leaves 46% a fairly large

percentage that are undecided at this point in time women tended to look

towards government involvement a little more than men interestingly by age

typically as we get older we want more government oversight say for those who

are 18 to 24 year old who stand out is a very important demographic and possibly

a leading indicator of change on the way with the amount of them who are saying

yes I do want government involvement to protect my privacy now in Canada similar

to Americans 14 percent say no thanks to government involvement in making

business protect their personal data but only 33 percent say yes now if I had to

place a bet on the results of this research in advance I would have lost

this one I would have thought Canadians would seek more government intervention

than Americans but the people of spoken another small difference is that men in

Ghana seem to slightly favor added privacy protection from an age

perspective there are some differences to the US but generally speaking the

shape of our sentiment is much the same when we're in the heart of our working

years we vote for less protection but when were younger or when were older

were likely to say look I want more protection very interesting ok so what

are these results mean overall so two things one with a large number of

undecided and number two with the younger population saying that they want

change we could very well see GDP our strength legislation coming to

North America if our politicians are reading these kind of tea leaves so

there are certainly a lot of checklists online where your organization can go to

find out what it should be looking at and the tasks it should be laying out

for itself with respect to GD P R let me highlight some of the key areas that

your organization will want to look at one is don't collect extraneous personal

data well that goes without saying at least it should with respect to existing

privacy legislation delete personal data when no longer needed

same thing know that personal data includes metadata like geolocation data

or IP addresses remember the scandals around the NSA data that was leaked well

that was all about metadata and that can identify who a person is you have to get

consent and this goes beyond what we saw from can spam and from a casul

perspective along the same vein be very clear about privacy and your privacy

policy make that obvious make it clear for individuals really to understand

that know where personal data is this actually may be a little bit of a

challenge for organizations who aren't sure where all the personal data is that

they collect or even if they're collecting data on or about Europeans

conduct a threat risk assessment it's good documentation to have and frankly

it's really the only way to know if your security technologies and processes are

actually working demonstrate strong IT security predominantly gdpr is about

confidentiality of data in other words that that data hasn't been revealed to

people and about the integrity of that data as well in other words that the

data is correct the data hasn't been corrupted but gdpr does also mention

availability and what that means is that if you're collecting personal data you

have a platform that an individual is used to using and now that platform is

offline there could be consequences for that when we look at the fines related

to GDP are however most of those seem to be related to confidentiality and

integrity so we'll have to see how the of

availability peace plays out have an incident response plan that you should

just have anyway but seeing as you only have 72 hours to notify individuals of a

data breach there's no way you'll be able to do that if you don't have a plan

in place next point is to really just document every effort to be compliant

with gdpr write everything down there should be

one of the primary things that you do create a full or part-time Data

Protection Officer you appoint someone who is going to be a data protection

officer and this can be a part-time role depending on the company now it could be

a big deal depending on how much data you collect and this could be a

department of an organization but for a lot of organizations it will be a

part-time job for somebody set workflow to handle complaints and requests know

how websites and other partners handle personal data if they're not compliant

you're not compliant either I'm David said this is a cyber t report and a

special edition of thread actions this week you can catch that podcast on

YouTube iTunes and a number of other platforms thanks for listening and let

us know how we can help you

Không có nhận xét nào:

Đăng nhận xét