Breach Notification and Incident Response Andrew Cormack Janet TLP: White.

Slides:



Advertisements
Similar presentations
University Data Classification Table* Level 5Level 4 Information that would cause severe harm to individuals or the University if disclosed. Level 5 information.
Advertisements

© JANET(UK) 2011 Running a Public Communications Service Andrew Cormack Chief Regulatory Adviser, Janet
Andrew Cormack Chief Regulatory Adviser, Access Management and Security WG.
Lawful Access in the EU: The Pipe to the Cloud? Professor Peter Swire Ohio State University & Future of Privacy Forum Georgetown Law School Conference.
May 2013 Janet Cloud Services SWIT3E –update. UK wide Cloud Services Framework – cloud and hybrid cloud services Sector agreements Microsoft/Google/Dropbox/Amazon-
John Littledale Service Lead Network Services Group Janet(UK) East Scotland.
June 04, 2013 Robin Thomas, NC III, Presenter. PRIVACY BREACHES A privacy breach is an unauthorized disclosure of PHI/PCI violating either Federal or.
Net Neutrality, What Else? Wim Nauwelaerts Partner Hunton & Williams.
The New Rules of F&I with Peter Jones The New Rules of F&I What are the Rules? Red Flag Rule Graham / Leach / Bliley Act Privacy Notice Safeguard Rule.
Data Breach Risks Overview Heather Pixton www2.idexpertscorp.com
Ethical Issues in Data Security Breach Cases Presented by Robert J. Scott Scott & Scott, LLP
Moonshot Workshop 14 th October Introduction to the Day Moonshot Workshop.
Recent Trends and Insurance Considerations March 2015
E-Infrastructure and Janet6 review and update Bob Day Chief Technology Officer
Communications Briefing: Navigating the clouds Sam Parr and Ian Walden Wednesday 21 October 2009, – 2.00 pm.
Practical tips on negotiating and drafting NDAs Ken Wilkinson.
Dino Tsibouris (614) Technology Contracting 101 What to watch out for in your contracts.
Understanding Privacy Breach Risk: Ontario Universities Risk Management Symposium Presented by Brian Rosenbaum LL.B. Director, Legal and Research Practice.
THE CHOICES WE MAKE THAT MATTER – International Data Privacy/Protection JILL L. UREY, ASSISTANT GENERAL COUNSEL MID-ATLANTIC CIO FORUM NOVEMBER 20, 2014.
Data Protection Act. Lesson Objectives To understand the data protection act.
In the Belly of the Breach: What Every In-House Counsel Needs to Know about Data Breach Response ACC International Legal Affairs Committee Legal Quick.
Investigating & Preserving Evidence in Data Security Incidents Robert J. Scott Scott & Scott, LLP
Online infringement of copyright - the Digital Economy Act June 2010 Robin Fry.
Privacy, Confidentiality and Duty to Warn in School Guidance Services March 2006 Disclaimer - While the information in these slides are designed to reflect.
WHAT EVERY RISK MANAGER NEEDS TO KNOW ABOUT DATA SECURITY RIMS Rocky Mountain Chapter Meeting Thursday, July 25, :30 am – 12:30 pm.
Confidentiality, Consents and Disclosure Recent Legal Changes and Current Issues Presented by Pam Beach, Attorney at Law.
Managing the Privacy Function at a Large Company Kimberly S. Gray, Esq., CIPP Chief Privacy Officer Highmark Inc.
Introduction to the National Cybersecurity & Communications Integration Center (NCCIC) “A Partnership for Strength” 1.
The Agency Relationships
Access to Commercial Information A Comparative Overview Darian Pavli Open Society Justice Initiative.
Microsoft’s Commitment to Privacy Principles and practices concerning government access to enterprise customer data April 2,
Data Protection: What You Need to Know Shauna Dunlop 1 July 2015.
WHOIS data The EU legal principles ICANN - GNSO meeting 2 March 2004 George Papapavlou, European Commission ICANN - GNSO meeting 2 March 2004 George Papapavlou,
Privacy, Personal Data and the Cloud Billy Hawkes Data Protection Commissioner Public Affairs Ireland Conference Dublin, 30 June 2011.
The Framework for Privacy Policies in the UK: Is telling people what information is gathered about them part of the framework? Does it need to be? Emma.
Yangon, Myanmar, November 2013 Cybersecurity-Related Standardization Initiatives in the EU and the U.S.: Lessons for Developing Countries Nir Kshetri.
Comment on: OECD Employment Outlook 2004 Giuseppe Dari-Mattiacci Measuring Law December 15 th, 2006.
Convention on International Trade in Endangered Species (CITES) Drafted on March 3, 1973 Amended on June 22, 1979 Created By, Nicole Gerard Period 6.
Privacy and Free Speech: It's Good for Business Nicole A. Ozer, Esq. Technology and Civil Liberties Policy Director ACLU of Northern California Online.
1 Canadian Privacy Policy: Customizing E.U. Standards Remarks by Jennifer Stoddart Privacy Commissioner of Canada Privacy Symposium: Summer 2007 August.
An Introduction to the Privacy Act Privacy Act 1993 Promotes and protects individual privacy Is concerned with the privacy of information about people.
Limitations and constraints
New EU General Data Protection Regulation Conference 2016 Managing a Data Breach Prevention-Detection-Mitigation By Gerard Joyce Dun Laoghaire Feb 24 th.
Final HIPAA-HITECH Rules, Cybersecurity, and Privacy Dino TsibourisMehmet Munur (614) (614)
Financial Times Matheson is ranked in the FT’s top 10 European law firms Matheson has also been commended by the FT for corporate law,
Data protection—training materials [Name and details of speaker]
Key Points for a Privacy Programme for Multinationals Steve Coope.
HOW TO AVOID COMMON DATA BREACH PITFALLS IAPP Privacy Academy 2014.
JOHN M. HUFF NAIC PRESIDENT DIRECTOR, MISSOURI DEPARTMENT OF INSURANCE JUNE 16, 2016 NAIC CYBERSECURITY INITIATIVES.
Andrew Cormack Janet Who Burnt the Cookies?. One portion... Mix with... Bake into... Resulting in... Recipe for Trouble Good intentions – They’re breaching.
Data Protection Officer’s Overview of the GDPR
Enforcement, Business Associates and Breach Notification. Oh my!
Data protection for law firms Wednesday 13 July 12pm
Strategic Communications Training Freedom of Information X State MDA
Presentation to GTMC on GDPR
Data Privacy: Essentials for Payroll
The introduction and the essential elements of E- Commerce.
Cyber Issues Facing Medical Practice Managers
Go to ‘View’ menu > ‘Header and Footer…’ to edit the footers on this slide (click ‘Apply’ to change only the currently selected slide, or ‘Apply to All’
Dan Tofan | Expert in NIS 21st Art. 13a WG| LISBON |
COMPLYING WITH FERPA WHILE USING ONLINE EDUCATIONAL SERVICES
From DPA to GDPR: the key elements
GDPR Overview and Use Cases.
By The Data Protection Commissioner
Mark Denham Glasgow University Library
LO1 - Know about aspects of cyber security
Matters to be considered Approach and timetable
THE IMPACT OF DATA PROTECTION RULES ON CORPORATE INFO SECURITY AND INCIDENT RESPONSE MANAGEMENT – The Energy sector CEER Cybersecurity Workshop Massimo.
Texas Assisted Living Association 2019 Conference
Colorado “Protections For Consumer Data Privacy” Law
Presentation transcript:

Breach Notification and Incident Response Andrew Cormack Janet TLP: White

Breach Notification Current Telecoms Directive (telcos) – Privacy breach => privacy regulator and affected parties – Integrity/availability breach => telco regulator => ENISA (see report) Draft Data Protection Regulation (all) – Privacy breach => privacy regulator and affected parties (within 24 hours) Rumoured Cybersecurity Directive (???) – Integrity/availability breach => ??? regulator => ENISA Draft E-Signatures regulation also has notification requirements Many incidents will require multiple notifications – With different requirements on timescales/severity/format 

Information Sharing Current Data Protection Directive – Incident response is a legitimate interest for telcos – Can disclose personal data for own and recipient’s legitimate interest E.g. Telling bank their customer has been phished Draft Data Protection Regulation – Incident response is a legitimate interest for everyone – Can disclose for own legitimate interest Apparently not for recipient’s interest  – Including outside EEA

Thoughts... Does this indicate trends? – From voluntary to mandatory disclosure? – From mesh to hub-and-spoke model of sharing? Could affect priorities after an incident – Legal duty to report rather than contain/fix? Must help law build on known good practice – Talk to your legislators/regulators

THANK YOU Janet, Lumen House Library Avenue, Harwell Oxford Didcot, Oxfordshire t: +44 (0) f: +44 (0) e: b:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.