itu cis regional workshop · itu cis regional workshop key elements of big data –between...
TRANSCRIPT
©VEON Ltd 2016
ITUCISREGIONALWORKSHOP
©VEON Ltd 2016
KEYELEMENTSOFBIGDATA– BETWEENINNOVATIONANDPRIVACY
DENISLOWAssociateGeneralCounsel,HeadofData&Privacy7September2017
2
WHATISBIGDATA?
PURPOSEOFDATAPROTECTION/PRIVACY
PRIVACYBYDESIGN
DATARESIDENCY/LOCALISATION
CLOUD,SECURITY&PRIVACY
BRANDING&TRUST
OURMENUTODAY….
3
o Nostandarddefinition
o Gartner’s3“V”s– Volume,Velocity(speed)&Variety
o Iwilladda4th- “Veracity(integrityandaccuracy)
o BigDatadoesnotnecessarilyneedPersonalData…
o …butPrivacyandDataRegulationapplieswhenitinvolvesPersonalData
WHATISBIGDATA?
PURPOSEOFDATAPROTECTION
4
DistinguishfromConfidentiality
PRIVACY isnotSecrecy
SOCIALIBILITY - Notwhatyoucannotdo,buthowyoucandoitresponsiblyandproperly
Weneedtodevelop“anentirelynew,flexibleregulatoryfoundationforintroducingdigitaltechnologyinallareas
oflife.”
PresidentPutinStPetersburgIntlEconForum
June2017
.
WHYISTHISFRAMINGIMPORTANT?
5
6
WHATDOESDATAPROTECTIONMEAN?
o ServiceProvision/PerformanceofContract
o Consent
o LegitimateInterest
LEGALBASISFORPROCESSINGPERSONALDATA Collection,organising,loading,access,updates,transfers,retention,anonymisingetc.
WhatisProcessing?
RoleofDataController/OperatorandDataProcessor
Anythirdpartyprocessing
WhatisPersonalData?
Anydatapointthatindividuallyorcollectivelyidentifiesanindividualdirectlyorindirectly
PrivacybyDesignTakeprivacyprinciplesintoaccountthroughoutwholeengineeringprocess
KEYCONCEPTS
IncorporatingPrivacyprinciplesinProductDesign
Dataminimization– collection,purposespecificationandretention
Pseudonymisation- Analyse datawithrandomidentifiers- Accesscontrol,segregationofdata&duties
7
PRIVACYBYDESIGN
DATARESIDENCY/LOCALISATION
Whatisit?Requirementtohostdatawithinacertainterritory
8
Whatarethereasonsfordataresidency?
• InformationSecurityreasons• Concernthatforeignauthoritiescanaccess
data• Concernthatlawenforcementauthorities
cannotaccessdata• Concernthatregulatorscannotenforcelaws
againstoffshore/cloudprovider
Cantheseconcernsbemetwithoutdataresidency?
• Withrighttechnologyandsplitofresponsibilities,cloudcansaferthanselfrundatacentres
• Choiceoflocationanddueprocess.UseofEncryption
• Canbemandatedvialawandcontracts
9P R E S E N T A T I O N T I T L E – C L I E N T N A M E
Whatarethemostimportantfactorstoreducingimpactonsecuritybreaches?
EARLYDETECTIONANDCONTAINMENT
- Incidentresponse
management
STRONGNETWORKPROTECTIONANDINTERNALCONTROLS
- Encryption
- Accesscontrols
PROPERSELECTIONOFVENDORSANDMOBILEDEVICEUSE
- Securityassessment
- Devicemanagement
USEOFCLOUDANDLOCATIONOFDATAISNOTNECESSARILY AFACTOR
CLOUD&INFORMATIONSECURITY
INTERPLAYBETWEENSECURITY,PRIVACYANDTELECOMSLAW
10
o ProtectingConfidentiality,AuthenticityandIntegrityofInformation
SECURITY
o ReliesonSecurityo LawfulandFairUse,PurposeLimitation,
Minimisation,Transparency,AccuracyPRIVACY
TELECOMS
o ConfidentialityofCommunicationso ConfidentialityofSubscriberInformation
BRANDINGANDTRUST
Presentation title – Client name 1111
o EquivalenttoHealthandSafetyissue
DATAETHICS
o Regulationisneededbutwillalwaysbeonestepbehind
o UKChannel4advertisement
REGULATIONANDEDUCATION
o Fulldisclosureo Benefitstousers,notjustcompanieso Realchoice,notmechanicalones
TRANSPARENCY&CHOICE
©VEON Ltd 2017
СПАСИБО
TWITTER.COM/VEONFACEBOOK.COM/VEON
DENISLOWASSOCIATEGENERALCOUNSEL,HEADOFDATA&PRIVACY7SEPTEMBER2017
CLAUDE DEBUSSYLAAN 881082 MD AMSTERDAMTHE NETHERLANDSTel +31 (0)20 79 77 200Tax +31 (0)20 79 77 201