Download presentation
Presentation is loading. Please wait.
Published byAnnabella Barrick Modified over 10 years ago
1
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS 29e Confrence internationale des commissaires à la protection de la vie prive
2
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS 29e Confrence internationale des commissaires à la protection de la vie prive Data Flows and Data Mirroring Benjamin S. Hayes Americas Data Privacy Compliance Lead Accenture, LLP
3
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS 29e Confrence internationale des commissaires à la protection de la vie prive Data Flows and Data Mirroring What data is flowing across borders, and where is it going? Why is the data moving? What are the trends? Predictions for the future Outsourcingmyth and reality
4
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS 29e Confrence internationale des commissaires à la protection de la vie prive Example 1: Commercial website Content / functionality modules (not including web advertisements) supplied by various third parties: Dell Careerbuilder.com Google People magazine Yahoo Accuweather.com Time.com AOL Fortune Etc., etc., etc.
5
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS 29e Confrence internationale des commissaires à la protection de la vie prive Commercial Website (cont.) Each module, in turn is likely powered by a service provider to Google, Time, AOL, etc. These service providers may outsource part or all of the functionality to a subcontractor. Data input through a module may be accessible to multiple parties in multiple geographies. Virtually all of the controls to protect data will be contractual (as opposed to compliance with laws)
6
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS 29e Confrence internationale des commissaires à la protection de la vie prive Example 2HR Outsourcing Services typically involve providing the majority of personnel administration functions: –Payroll –Benefits enrollment –Change of status –Communications to employees –Helpline for employee inquiries
7
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS 29e Confrence internationale des commissaires à la protection de la vie prive How a hypothetical HRO is staffed Assume client is in US, UK, NL and Belgium. –Deal may be signed in London between Client UK and Accenture UK Accenture Consultants in US, UK, Argentina and Manila Call centers in Buenos Aires, Warsaw, and Kuala Lampur to ensure 24 hr coverage. Data processing in Bangalore Printing / mailing performed by third party in US.
8
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS 29e Confrence internationale des commissaires à la protection de la vie prive Why are services provided this way? Primary reason – cost –The search for efficiency and savings drives outsourcing –Strong pressure on public companies to produce profits for shareholders. Secondary reasons – –ability to distribute work to expert teams in various geographies, –24 hour capabilities, –languages
9
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS 29e Confrence internationale des commissaires à la protection de la vie prive Added complexity communications infrastructure Servers are located in service locations, but are backed up on different continents for disaster discovery purposes. Secondary backup servers (fail-over capacity) may be in yet another country. The widely distributed service delivery team may use a private group website (hosted in Chicago, serviced from India) to collaborate on projects, share drafts, etc. The advent of VOIP may mean re-examining assumptions about the privacy /security of voice communicationscaching, routing, clear-text packets, etc. All of this means a complex web of Model Clauses and other data transfer agreements must be applied to follow the datadifficult to administer.
10
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS 29e Confrence internationale des commissaires à la protection de la vie prive Predictions for the future The distribution of data and segmentation of business processes is driven by economics and improvements in information technology. Bandwidth availability will continue to improve, which will drive further distribution of data and segmentation of business processes. More businesses will engage in transitory data processing instead of traditional controllership. Business realities require consistent administration of data from many sources this means there is economic demand for harmonized international rules regarding data sharing, Increased or disharmonized regulation that interferes with transborder data flows will mean some economic efficiencies are unrealized. Territorial limits on transborder data flows may do little to address actual risksa risk-focused (rather than territorial) regulatory regime would be more protective of consumer interests.
11
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS 29e Confrence internationale des commissaires à la protection de la vie prive Outsourcing Myths Work is performed in substandard conditions, employing uneducated, untrustworthy people. Information security standards are lax. Data is necessarily less safe than it would be in its home country.
12
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS 29e Confrence internationale des commissaires à la protection de la vie prive OutsourcingReality Work is performed in modern business conditions by educated, trained, screened personnel Information security standards are extremely strict Data is safer than it might be in many other places
13
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS 29e Confrence internationale des commissaires à la protection de la vie prive Accenture Delivery Centers are focused on security expectations and are audited Bangalore has been certified at Level 3 of the eSourcing Capability Model for Service Providers by Carnegie Mellon University1 st outsourcer in the world to receive this designation 17+ Accenture delivery locations to receive SAS 70 Level II audits in 2007 8 centers are currently compliant with ISO 27001; 3 more will be added in October, 2007 (represents most of Accentures outsourced service delivery locations); variety of other standards certifications in place. Global mandatory training on data privacy for all personnel
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.