A word to the wise – and
wise-wanna-bes.
How
to Win the Trust of Regulators, Customers and Other Stakeholders When
the GDPR Honeymoon Ends
… a
string of high-profile breaches at the likes of Marriott Hotels,
British Airways and Cathay Pacific has raised further concerns about
the extent to which companies are willing or able to protect people’s
data and information. And in the process they have added more
pressure on EU information regulators to act firmly.
With
the prospect of legal actions being taken more seriously, and the
possibility of class action lawsuits, some large technology and
social media companies are known to be lawyering
up.
Against
this backdrop, regulators have said they will take seriously anything
that puts the twin principles of openness and honesty into jeopardy,
and that they are willing to expand
investigations beyond assessing cybersecurity governance and controls
to testing compliance in areas like technical competence and
education and training.
… To
date, attention has largely been focused on the need for openness
about what data is being collected and how it is used, chiefly in the
form of data privacy statements.
By
nature, data privacy statements tend to be lengthy, verbose and full
of legalese, which means they are usually skipped over or simply
bypassed. Of course, that suits some organizations well.
However,
those in the business of winning trust should ensure they are as
comprehensive, clear and accessible as possible. Survey Monkey
General Counsel Lora Blum writes
compellingly on this topic.
… Much
of the focus on honesty has been on data breach disclosure,
particularly on ensuring that breaches and leaks are reported in a
timely and forthright manner to regulators and data subjects.
It
is not easy knowing what to say about a breach when the facts are
only just starting to emerge and the media are breathing down your
neck. Cathay Pacific, for example, chose to stay silent about a
‘data security event’ affecting 9.4 million customers for three
months, resulting in lawmakers and the media accusing
it
of orchestrating a cover-up.
An
article worth reading.
Artificial Intelligence and Associated Clinical Data Privacy Considerations
Seen
at BakerHostetler:
James Sherer and Emily Fedeles of BakerHostetler have co-authored an article published in the July 1, 2019, issue of The Journal of Robotics, Artificial Intelligence & Law (RAIL). The article, “Artificial Intelligence and Associated Clinical Data Privacy Considerations,” discusses how artificial intelligence is regularly involved in clinical data trials and examines a hypothetical where data is generated by a Swiss company through the clinical trial process and is subsequently affected by privacy laws and regulations in the EU and Switzerland.
A lawyer with
a tech background (and perhaps military?)
What
the hell is a ‘cyber diplomat’?
… I went to Tallinn to speak with Estonia’s
first Ambassador at Large for Cybersecurity, Heli
Tiirmaa-Klaar — often described as Estonia’s
heavy-hitter in the field of cyber diplomacy — to get the
details on how this new frontier in diplomacy works, why Estonia is
leading it, and what being a cyber diplomat actually means.
… In its simplest form, cyber diplomacy is
diplomacy
in the cyber domain (incredibly informative, I know).
This basically means is that nation states are
finally waking up to the importance of cyberspace (fun word for our
computer/online/virtual world) and how it relates to national
interests.
… The reason why all of ‘cyber’ has been
grouped separately when it comes to diplomacy is that we’re lacking
the basic foundational rules we’ve established in other fields of
geopolitics as a global society. You invade another country? Nope,
not allowed. Don’t bother to clean up an oil spill? Think again,
pal.
In cyberspace, it’s far from being this clear.
We’re still struggling with basic questions like what constitutes
an ‘attack’ in cyberwarfare — which would be quite obvious when
it comes to other forms of aggression. What’s our collective
stance on botnets, malware, and exploiting software vulnerabilities?
That’s exactly what Tiirmaa-Klaar and her fellow cyber diplomats
are trying to figure out.
(Related)
https://blog.circle.com/2019/05/23/our-take-interpreting-recent-signals-from-us-regulatory-agencies/
Our take:
Interpreting recent signals from US regulatory agencies
… The
heart of our argument for a clear, forward-looking regulatory
framework for crypto has long been that digital assets represent a
fundamentally new class of financial instruments, which defy simple
classification as security, commodity, or currency. Many digital
assets occupy several classifications at the same time depending on
their context and use. For example, imagine a token created for a
game. The initial sale could fund development of the game. Then the
token may be distributed to users as a reward in a game (utility),
traded on an exchange (commodity), used to purchase virtual goods in
an online story (currency), and used to confer holder voting rights
in the project (security).
… We
have also urged lawmakers to stop applying laws written in the 20th
century to technologies created in the 21st. For example, one of the
main factors that determines whether or not a crypto asset can be
regulated as a security is something called the Howey
test,
formulated by the Supreme Court in 1946.
No comments:
Post a Comment