Transcript Global Information Governance

Global Information Governance
Security and Privacy in a New Era
Northern Virginia Chapter, ARMA International
October 2013 Monthly Meeting
Christina Ayiotis, Esq., CRM
Adjunct Faculty, Department of Computer Science, The George Washington University
Co-Chair, The Sedona Conference on Cyber Liability
Co-Chair, Georgetown Cybersecurity Law Institute
Member, AFCEA International Cyber Committee
Principal Financier, Princess Andrianna Isabella Ayiotis
@christinayiotis
March 2011
• http://www.youtube.com/watch?v=ZJ380SHZ
vYU
plus ça change...
Today’s World
• Global organizations experiencing blurring of lines
between personal and professional:
– What information is created on corporate systems an
organization has “full” control over vs. through “public”
channels where more private information may be seen?
• What about integrity of Social Media “records” in the long-term?
(“Facebook editing function raises concern over misuse” Joe Miller
BBC News 30 September 2013 http://bbc.in/19PSyui)
• “GSA offers electronic privacy refresher” Molly Bernhart Walker
Fierce Government IT September 30, 2013 http://bit.ly/15H150c
– Need to abide by country law in global systems not
architected to do so (biggest dirty little secret globally)
Today’s World
– Who decides how employees will execute their job duties and
what tools they will use (or not use)?
• Incoming Work Force and E-Mail (“Technology and the College
Generation” Courtney Rubin The New York Times September 27, 2013
http://nyti.ms/18gnh4v)
• What organization (private sector or public sector) fully manages all
text messages?
• Reconciling privacy and business needs
• What can be monitored and by whom?
– BYOD further complicates the governance challenge (Drivers are
cost and convenience, issues difficult to push back on during
challenging times)
• Only when we can truly (and easily) protect at the data level will this
change
– We’ll still wonder who has access and to what end
People, Process, Technology
• Government vs. Private Sector Information Governance Challenges
Similar
– Records Management may be dead but government still has to manage to
Schedules (theoretically)
– Big Data Impact (Emerging Trends in Law Firm Governance: Unlocking the
Power of Big Data, Predictive Coding and 24/7 Access in Law Firms Iron
Mountain July 2013 http://bit.ly/1aCDJfR)
– What to protect and at what cost
• Cybercrime, Espionage, Terrorism
– How can the government help the private sector?
– Is the government able to even help itself?
– Who is in charge? “A Call to One is a Call to All”- DHS/FBI/NSA
• Who is in the middle?
– Would a US Cyber Force help? (“Why the nation needs a US Cyber Force”
James Stavridis The Boston Globe September 29, 2013
http://b.globe.com/16KA37A)
Government and Citizens
• Expectations around personal information
–
–
–
–
Social Security Administration
IRS
Medicaid/Medicare
Veteran’s Benefits
• Electronic Health Records (DoD/VA)
– HIEs (security concerns)
• Expectations citizens have about what is truly private
– Communications through ISPs (even when encrypted), Social Media
posts in “private” groups, Data Aggregators
• E-Government—delivery of services
– IRS greatest success story of US government (but now there are
concerns about the privacy and security of that data)
– Estonia (E-vulnerabilities)
California Leads the Way (as always)
• Governor Brown Ushers in a New Privacy Era
in California and Beyond Tanya Forsheit
Information Law Group September 29, 2013
http://bit.ly/1bmvcSt
– AB 370- new disclosures to privacy policy (DNT)
– SB46 and AB1149 amend breach notification
(online accounts)
• “Eraser Bill” passed September 23, 2013,
effective January 1, 2015 http://bit.ly/17O1iyV
The Future is Here
• Google/Facebook/NSA combined data—does
that cover everyone and everything?
• Google Glasses- http://onforb.es/100DnaM
• The Internet of Things http://bit.ly/Xp0Fp
• “Cisco predicts that there will be 50 billion
connected devices by the year 2020.”
http://onforb.es/16lxrh9
Resources
• The ABA Cybersecurity Handbook: A Resource for Attorneys, Law
Firms and Business Professionals Jill D. Rhodes & Vincent I. Polley
(July 24, 2013) http://bit.ly/1ccsPSn
• Locked Down: Information Security for Lawyers Sharon D. Nelson,
David G. Ries and John W. Simek (2012) http://amzn.to/1fAIyfC
• Building Law Firm Information Governance: Prime Your Key
Processes Iron Mountain (July 2013) http://bit.ly/1hd81Yeh
• Emerging Trends in Law Firm Governance: Unlocking the Power of
Big Data, Predictive Coding and 24/7 Access in Law Firms Iron
Mountain (July 2013) http://bit.ly/1aCDJfR
• A Proposed Law Firm Information Governance Framework Iron
Mountain (August 2012) http://bit.ly/NA7e4Y
MORE RESOURCES
•
Shane McGee, Randy V. Sabett, & Anand Shah, Adequate Attribution: A Framework for Developing a
National Policy for Private Sector Use of Active Defense, 8 J. Bus. & Tech. L. 1 (2013) http://bit.ly/11CwHaX
•
Paul M. Schwartz & Daniel J. Solove, Reconciling Personal Information in the United States and European
Union, Forthcoming 102 California Law Review – (2014) September 6, 2013 http://bit.ly/13YSIPo
•
Hunton & Williams LLP, OECD Issues Updated Privacy Guidelines September 16, 2013
http://bit.ly/1blOWlH
•
Chris Wolf, Post-Snowden Fallout Shouldn't Cripple EU-US Safe Harbor 8/30/13 http://bit.ly/16ZxoYE
•
Bryan Cunningham, Do not let Prism scandal wreck the Safe Harbour system 9/6/13 http://bit.ly/16DdYhS
•
David Perera, Indigenous European cloud needed to defeat NSA surveillance, says report September 23,
2013 http://bit.ly/16CP1Dl
•
Alastair Stevenson, EC calls for single privacy law to protect €1tn worth of data from PRISM snoops
9/18/13 http://bit.ly/169l91c