Monday, May 27, 2019


A word to the wise – and wise-wanna-bes.
How to Win the Trust of Regulators, Customers and Other Stakeholders When the GDPR Honeymoon Ends
a string of high-profile breaches at the likes of Marriott Hotels, British Airways and Cathay Pacific has raised further concerns about the extent to which companies are willing or able to protect people’s data and information. And in the process they have added more pressure on EU information regulators to act firmly.
With the prospect of legal actions being taken more seriously, and the possibility of class action lawsuits, some large technology and social media companies are known to be lawyering up.
Against this backdrop, regulators have said they will take seriously anything that puts the twin principles of openness and honesty into jeopardy, and that they are willing to expand investigations beyond assessing cybersecurity governance and controls to testing compliance in areas like technical competence and education and training.
To date, attention has largely been focused on the need for openness about what data is being collected and how it is used, chiefly in the form of data privacy statements.
By nature, data privacy statements tend to be lengthy, verbose and full of legalese, which means they are usually skipped over or simply bypassed. Of course, that suits some organizations well.
However, those in the business of winning trust should ensure they are as comprehensive, clear and accessible as possible. Survey Monkey General Counsel Lora Blum writes compellingly on this topic.
Much of the focus on honesty has been on data breach disclosure, particularly on ensuring that breaches and leaks are reported in a timely and forthright manner to regulators and data subjects.
It is not easy knowing what to say about a breach when the facts are only just starting to emerge and the media are breathing down your neck. Cathay Pacific, for example, chose to stay silent about a ‘data security event’ affecting 9.4 million customers for three months, resulting in lawmakers and the media accusing it of orchestrating a cover-up.




An article worth reading.

Artificial Intelligence and Associated Clinical Data Privacy Considerations

Seen at BakerHostetler:
James Sherer and Emily Fedeles of BakerHostetler have co-authored an article published in the July 1, 2019, issue of The Journal of Robotics, Artificial Intelligence & Law (RAIL). The article, “Artificial Intelligence and Associated Clinical Data Privacy Considerations,” discusses how artificial intelligence is regularly involved in clinical data trials and examines a hypothetical where data is generated by a Swiss company through the clinical trial process and is subsequently affected by privacy laws and regulations in the EU and Switzerland.




A lawyer with a tech background (and perhaps military?)
What the hell is a ‘cyber diplomat’?
… I went to Tallinn to speak with Estonia’s first Ambassador at Large for Cybersecurity, Heli Tiirmaa-Klaar — often described as Estonia’s heavy-hitter in the field of cyber diplomacy — to get the details on how this new frontier in diplomacy works, why Estonia is leading it, and what being a cyber diplomat actually means.
… In its simplest form, cyber diplomacy is diplomacy in the cyber domain (incredibly informative, I know).
This basically means is that nation states are finally waking up to the importance of cyberspace (fun word for our computer/online/virtual world) and how it relates to national interests.
… The reason why all of ‘cyber’ has been grouped separately when it comes to diplomacy is that we’re lacking the basic foundational rules we’ve established in other fields of geopolitics as a global society. You invade another country? Nope, not allowed. Don’t bother to clean up an oil spill? Think again, pal.
In cyberspace, it’s far from being this clear. We’re still struggling with basic questions like what constitutes an ‘attack’ in cyberwarfare — which would be quite obvious when it comes to other forms of aggression. What’s our collective stance on botnets, malware, and exploiting software vulnerabilities? That’s exactly what Tiirmaa-Klaar and her fellow cyber diplomats are trying to figure out.


(Related)
Our take: Interpreting recent signals from US regulatory agencies
The heart of our argument for a clear, forward-looking regulatory framework for crypto has long been that digital assets represent a fundamentally new class of financial instruments, which defy simple classification as security, commodity, or currency. Many digital assets occupy several classifications at the same time depending on their context and use. For example, imagine a token created for a game. The initial sale could fund development of the game. Then the token may be distributed to users as a reward in a game (utility), traded on an exchange (commodity), used to purchase virtual goods in an online story (currency), and used to confer holder voting rights in the project (security).
We have also urged lawmakers to stop applying laws written in the 20th century to technologies created in the 21st. For example, one of the main factors that determines whether or not a crypto asset can be regulated as a security is something called the Howey test, formulated by the Supreme Court in 1946.



No comments: