SlideShare uma empresa Scribd logo
1 de 137
Baixar para ler offline
Privacy 2.0
		Jacques	Folon	
Partner		
Edge	Consulting	
Maître	de	conférences		
Université	de	Liège		
Professeur	
ICHEC	
Professeur	invité		
Université	de	Lorraine	(Metz)	
Visiting	professor	
ESC	Rennes	School	of	Business
This presentation
and other
resources are available
on
MOODLE
http://www.jerichotechnology.com/wp-content/uploads/2012/05/SocialMediaisChangingtheWorld.jpg
Data privacy and digital strategy
Average number of Facebook
« friends » in France: 170
30
privacy ?????
6
http://www.fieldhousemedia.net/wp-content/uploads/2013/03/fb-privacy.jpg
7
http://1.bp.blogspot.com/-NqwjuQRm3Co/UCauELKozrI/AAAAAAAACuQ/MoBpRZVrZj4/s1600/Party-Raccoon-Get-Friends-Drunk-Upload-Facebook.jpg
The person who took the photo
is a real friend
8
http://cdn.motinetwork.net/motifake.com/image/demotivational-poster/1202/reality-drunk-reality-fail-drunkchicks-partyfail-demotivational-posters-1330113345.jpg
privacy and graph search ?
10
11
12
13
Data privacy and digital strategy
Data privacy and digital strategy
Data privacy and digital strategy
From Big Brother to Big Other
http://fr.slideshare.net/bodyspacesociety/casilli-privacyehess-2012def
Antonio Casili
• Importance of T&C
• Everybody speaks
• mutual surveillance
• Lateral surveillance
geolocalisation
http://upload.wikimedia.org/wikipedia/commons/thumb/9/99/Geolocalisation_GPS_SAT.png/267px-Geolocalisation_GPS_SAT.png
data collection
1
21
Interactions controlled by citizens in the Information Society
http://ipts.jrc.ec.europa.eu/home/report/english/articles/vol79/ICT1E796.htm
Interactions NOT controlled by citizens in the Information Society
http://ipts.jrc.ec.europa.eu/home/report/english/articles/vol79/ICT1E796.htm
some definitions
'personal data' shall mean any information relating to
an identified or identifiable natural person ('data
subject'); an identifiable person is one who can be
identified, directly or indirectly, in particular by
reference to an identification number or to one or
more factors specific to his physical, physiological,
mental, economic, cultural or social identity
'processing of personal data' ('processing') shall mean
any operation or set of operations which is performed
upon personal data, whether or not by automatic means,
such as collection, recording, organization, storage,
adaptation or alteration, retrieval, consultation, use,
disclosure by transmission, dissemination or otherwise
making available, alignment or combination, blocking,
erasure or destruction
personal data filing system' ('filing system') shall
mean any structured set of personal data which are
accessible according to specific criteria, whether
centralized, decentralized or dispersed on a
functional or geographical basis
121
controller shall mean the natural or legal person, public authority,
agency or any other body which alone or jointly with others
determines the purposes and means of the processing of personal
data; where the purposes and means of processing are
determined by national or Community laws or regulations, the
controller or the specific criteria for his nomination may be
designated by national or Community law;
29
'the data subject's consent' shall
mean any freely given specific
and informed indication of his
wishes by which the data subject
signifies his agreement to
personal data relating to him
being processed
30
Member States shall provide that personal data must be:
(a) processed fairly and lawfully;
(b) collected for specified, explicit and legitimate purposes and not
further processed in a way incompatible with those purposes. Further
processing of data for historical, statistical or scientific purposes shall
not be considered as incompatible provided that Member States
provide appropriate safeguards;
(c) adequate, relevant and not excessive in relation to the purposes
for which they are collected and/or further processed;
(d) accurate and, where necessary, kept up to date; every reasonable
step must be taken to ensure that data which are inaccurate or
incomplete, having regard to the purposes for which they were
collected or for which they are further processed, are erased or
rectified;
(e) kept in a form which permits identification of data subjects for no
longer than is necessary for the purposes for which the data were
collected or for which they are further processed. Member States
shall lay down appropriate safeguards for personal data stored for
longer periods for historical, statistical or scientific use.
31
Member States shall provide that personal data may be processed
only if:
(a) the data subject has unambiguously given his consent; or
(b) processing is necessary for the performance of a contract to
which the data subject is party or in order to take steps at the
request of the data subject prior to entering into a contract; or
(c) processing is necessary for compliance with a legal obligation
to which the controller is subject; or
(d) processing is necessary in order to protect the vital interests of
the data subject; or
(e) processing is necessary for the performance of a task carried
out in the public interest or in the exercise of official authority
vested in the controller or in a third party to whom the data are
disclosed
32
Member States shall prohibit the processing of
personal data revealing racial or ethnic origin,
political opinions, religious or philosophical beliefs,
trade-union membership, and the processing of data
concerning health or sex life
125
Member States shall provide that the controller or his representative must
provide a data subject from whom data relating to himself are collected
with at least the following information, except where he already has it:
(a) the identity of the controller and of his representative, if any;
(b) the purposes of the processing for which the data are intended;
(c) any further information such as
- the recipients or categories of recipients of the data,
- whether replies to the questions are obligatory or voluntary, as well as the
possible consequences of failure to reply,
- the existence of the right of access to and the right to rectify the data
concerning him
in so far as such further information is necessary, having regard to the
specific circumstances in which the data are collected, to guarantee fair
processing in respect of the data subject
34
Right of access
Member States shall guarantee every data subject the right to obtain from the
controller:
(a) without constraint at reasonable intervals and without excessive delay or
expense:
- confirmation as to whether or not data relating to him are being processed and
information at least as to the purposes of the processing, the categories of data
concerned, and the recipients or categories of recipients to whom the data are
disclosed,
- communication to him in an intelligible form of the data undergoing processing
and of any available information as to their source,
- knowledge of the logic involved in any automatic processing of data concerning
him at least in the case of the automated decisions referred to in Article 15 (1);
(b) as appropriate the rectification, erasure or blocking of data the processing of
which does not comply with the provisions of this Directive, in particular because of
the incomplete or inaccurate nature of the data;
(c) notification to third parties to whom the data have been disclosed of any
rectification, erasure or blocking carried out in compliance with (b), unless this
proves impossible or involves a disproportionate effort
35
OPT IN
Coockies
international transfer
Sub contractor
Sub-contractor
129
The Member States shall provide that the controller must, where
processing is carried out on his behalf, choose a processor
providing sufficient guarantees in respect of the technical security
measures and organizational measures governing the processing
to be carried out, and must ensure compliance with those
measures
41
The carrying out of processing by way of a processor must be
governed by a contract or legal act binding the processor to the
controller and stipulating in particular that:
- the processor shall act only on instructions from the controller,
- the obligations as defined by the law of the Member State in
which the processor is established, shall also be incumbent on the
processor
INTERNAL TRAININGS
SECURITY
SOURCE DE L’IMAGE: http://www.techzim.co.zw/2010/05/why-organisations-should-worry-about-security-2/
Source : https://www.britestream.com/difference.html.
Everything must be transparent
Data privacy and digital strategy
Article 16
Confidentiality of processing
Any person acting under the authority of the controller or of the
processor, including the processor himself, who has access to
personal data must not process them except on instructions from
the controller, unless he is required to do so by law
Member States shall provide that the controller must implement
appropriate technical and organizational measures to protect
personal data against accidental or unlawful destruction or
accidental loss, alteration, unauthorized disclosure or access, in
particular where the processing involves the transmission of data
over a network, and against all other unlawful forms of processing.
Having regard to the state of the art and the cost of their
implementation, such measures shall ensure a level of security
appropriate to the risks represented by the processing and the
nature of the data to be protected.
86
SECURITY IS A LEGAL OBLIGATION
What your boss thinks...
Employees share (too) many
information and also with third parties
Data privacy and digital strategy
Where do one steal data?
•Banks
•Hospitals
•Ministries
•Police
•Newspapers
•Telecoms
•...
Which devices are stolen?
•USB
•Laptops
•Hard disks
•Papers
•Binders
•Cars
63
RESTITUTIONS
Data privacy and digital strategy
56
Data privacy and digital strategy
154
Source de l’image : http://ediscoverytimes.com/?p=46
Data privacy and digital strategy
Data privacy and digital strategy
48
4
By giving people the power to share, we're
making the world more transparent.
The question isn't, 'What do we want to
know about people?', It's, 'What do
people want to tell about themselves?'
Data privacy is outdated !
Mark Zuckerberg
If you have something that you don’t want
anyone to know, maybe you shouldn’t be
doing it in the first place.
Eric Schmidt
PRIVACYVS SOCIAL
NETWORKS
https://encrypted-tbn2.gstatic.com/images?q=tbn:ANd9GcQgeY4ij8U4o1eCuVJ8Hh3NlI3RAgL9LjongyCJFshI5nLRZQZ5Bg
1
Data privacy and digital strategy
Data privacy and digital strategy
Data privacy and digital strategy
1
Privacy statement confusion
• 53% of consumers consider that a privacy statement
means that data will never be sell or give
• 43% only have read a privacy statement
• 45% only use different email addresses
• 33% changed passwords regularly
• 71% decide not to register or purchase due to a
request of unneeded information
• 41% provide fake info
112
Source: TRUSTe survey
http://www.psl.cs.columbia.edu/classes/cs6125-s11/presentations/2011/Presentation_Joyce_Chen.ppthy don’t we read privacy policies
http://www.psl.cs.columbia.edu/classes/cs6125-s11/presentations/2011/Presentation_Joyce_Chen.ppthy don’t we read privacy policies
Data privacy and digital strategy
72SOURCE: http://mattmckeon.com/facebook-privacy/
73
74
75
76
77
78
79
http://e1evation.com/2010/05/06/growth-of-facebook-privacy-events/
80
http://blogs.iq.harvard.edu/netgov/2010/05/facebook_privacy_policy.html
Evaluation and Comparison of Privacy Policies-Accessibility/User-Friendliness
Facebook Foursquare Google Buzz LinkedIn Twitter
Number of words 5860 words 2,436 words 1,094 words 5,650 words 1,287 words
Comparison to average Privacy
Policy (based on 2,462 words)
Above average Below average (but very
close to the average)
Below Average Above average Below average
Amount of time it takes one to
read (based on an average
person reading speed--244
words /minute)
Approx. 24 minutes Approx. 10 minutes Approx. 5 minutes Approx. 23 minutes Approx. 5 minutes
Direct link to its actual privacy
policy from the index page
No Yes Yes Yes Yes
Availability in languages other
than English
Yes Yes Yes Yes Yes
Detailed explanation of privacy
control/protection
Yes Yes Yes No No
Trust E-Verified Yes No No Yes No
Linking and/or mentioning to
U.S. Dept. of Commerce “Safe
Harbor Privacy Principles”
Yes No Yes Yes No
Availability of contact
information in case of
questions
Yes Yes No Yes Yes
Coverage of kids privacy Yes Yes No Yes Yes
Containing the clause that it
reserves the right to change the
privacy policy at any time
Yes, but users will be
notified
Yes, but users will be
notified
http://
www.psl.cs.columbia
.edu/classes/cs6125-
Yes, but users will be
notified of material
changes
Yes, but users will be
notified of material
changes
http://www.psl.cs.columbia.edu/classes/cs6125-s11/presentations/2011/Presentation_Joyce_Chen.ppthy don’t we read privacy policies
Evaluation and Comparison of Privacy Policies – “Content”
Facebook Foursquare Google Buzz LinkedIn Twitter
Allowance of an opt-
out option
Yes Yes Yes Yes Yes
Allowance of third-
party access to users’
information
Yes/No, depending on
a user’s sharing setting
and the information
shared
Yes Yes Yes Yes
Discussion of the
usage of cookie or
tracking tools
Yes Yes Not specified; but
Google states that it
records users’ use of
their products
Yes Yes
Explicit statement of
what type of
information they
share with third-
parties
Yes Yes Yes Yes Yes
Sharing of users’
location data
Yes Yes Yes Unclear; not mentioned
in the Privacy Policy
Yes
http://www.psl.cs.columbia.edu/classes/cs6125-s11/presentations/2011/Presentation_Joyce_Chen.ppthy don’t we read privacy policies
Evaluation and Comparison of Account Creation Process
Facebook Foursquare Google Buzz LinkedIn Twitter
Number of fields
required during the
initial account
creation
9 10 Zero if you have a
Gmail account
4 6
Details that are
required for a user
to create an
account
First name, last
name, email,
password, gender,
birthday
First name, last
name, password,
email, phone,
location, gender,
birthday, photo
None if you have a
Gmail account
First name, last
name, email,
password
First name,
username,
password, email, “let
others find me by my
email,” “I want the
inside scoop”
Availability of
explanation on
required
information
Yes Yes Information on how
Google Buzz works
is available
No Yes, actually
includes the entire
Terms of Service in a
Text area box
http://www.psl.cs.columbia.edu/classes/cs6125-s11/presentations/2011/Presentation_Joyce_Chen.ppthy don’t we read privacy policies
Data privacy and digital strategy
DATA PRIVACY & THE EMPLOYER
45http://i.telegraph.co.uk/multimedia/archive/02183/computer-cctv_2183286b.jpg
SO CALLED HIDDEN COSTS
46
http://www.theatlantic.com/technology/archive/2011/09/estimating-the-damage-to-the-us-economy-caused-by-angry-birds/244972/
E-recruitment
74
http://altaide.typepad.com/.a/6a00d83451e4be69e2015393d67f60970b-500wi
IAM
RISKS
SOURCE DE L’IMAGE : http://www.tunisie-news.com/artpublic/auteurs/auteur_4_jaouanebrahim.html
Source: The Risks of Social Networking IT Security Roundtable Harvard Townsend

Chief Information Security Officer Kansas State University
The new head of MI6 has been left
exposed by a major personal security
breach after his wife published
intimate photographs and family
details on the Facebook website.
Sir John Sawers is due to take over
as chief of the Secret Intelligence
Service in November, putting him in
charge of all Britain's spying
operations abroad.
But his wife's entries on the social
networking site have exposed
potentially compromising details
about where they live and work, who
their friends are and where they
spend their holidays.
http://www.dailymail.co.uk
Social Media Spam
Compromised Facebook
account. Victim is now
promoting a shady
pharmaceutical
Source: Social Media: Manage the Security to Manage Your Experience;
Ross C. Hughes, U.S. Department of Education
Social Media Phishing
To: T V V I T T E R.com
Now they will have
your username and
password
Source: Social Media: Manage the Security to Manage Your Experience;
Ross C. Hughes, U.S. Department of Education
Social Media Malware
Clicking on the
links takes you
to sites that will
infect your
computer
with malware
Source: Social Media: Manage the Security to Manage Your Experience;
Ross C. Hughes, U.S. Department of Education
Phishing
Sources/ Luc Pooters, Triforensic, 2011
DATA
THEFT
Social engineering
Sources/ Luc Pooters, Triforensic, 2011
Take my stuff,
please!
Source: The Risks of Social Networking IT Security Roundtable Harvard Townsend

Chief Information Security Officer Kansas State University
3rd Party
Applications
•Games,	quizzes,	cutesie	stuff	
•Untested	by	Facebook	–	anyone	
can	write	one	
•No	Terms	and	Condi=ons	–	you	
either	allow	or	you	don’t	
•Installa=on	gives	the	developers	
rights	to	look	at	your	profile	and	
overrides	your	privacy	seFngs!
Source: The Risks of Social Networking IT Security Roundtable Harvard Townsend

Chief Information Security Officer Kansas State University
Right to be forgotten
• On 13.05.2014 the European Union Court of
Justice backed a ruling called “the right to be
forgotten,” which allows individuals to control
their data and ask search engines, such as Google,
to remove inadequate personal results from the
Internet.
• However, the decision cannot be interpreted as a
“victory” for the protection of the personal data
of Europeans, according to privacy experts.
• In 2010 a Spanish citizen lodged a complaint against a Spanish
newspaper with the national Data Protection Agency and
against Google Spain and Google Inc.
• The citizen complained that an auction notice of his
repossessed home on Google’s search results infringed his
privacy rights because the proceedings concerning him had
been fully resolved for a number of years and hence the
reference to these was entirely irrelevant.
• He requested, first, that the newspaper be required either to
remove or alter the pages in question so that the personal
data relating to him no longer appeared;
• and second, that Google Spain or Google Inc. be required to
remove the personal data
• In its ruling of 13 May 2014 the EU Court said :
• a)On the territoriality of EU rules: Even if the physical server of a
company processing data islocated outside Europe, EU rules apply
to search engine operators if they have a branch or a sub sidiary in
a Member State which promotes the selling of advertising space
offered by the search engine;
• b)On the applicability of EU data protection rules to a search
engine : Search engines are controllers of personal data. Google can
therefore not escape its responsibilities before European lawwhen
handling personal data by saying it is a search engine. EU data
protection law applies and so does the right to be forgotten.
• c) On the “Right to be Forgotten” : Individuals have the right -
under certain conditions - to ask search engines to remove links
with personal information about them.This applies where the
information is inaccurate, inadequate, irrelevant or excessive for the
purposes of the data
• At the same time, the Court explicitly clarified
that the right to be forgotten is not absolute but
will always need to be balanced against other
fundamental rights, such as the freedom of
expression and of the media
• Right to erasure (future rules?)
• 1.The data subject shall have the right to obtain from the
controller the erasure of personal data relating to them and the
abstention from further dissemination of such data, and to
obtain from third parties the erasure of any links to, or copy or
replication of that data, where one of the following grounds
applies:
• (a) the data are no longer necessary in relation to the purposes
for which they were collected or otherwise processed
• (b) the data subject withdraws consent on which the processing
is based according
• (c) when the storage period consented to has expired and
where there is no other legal ground for the processing of the
data
New EU Regulation
• right to be forgotten
• no more notification to data privacy authorities
• data privacy officer
• up to 2% turnover penalty
• information of data theft
Control by the employer
161SOURCE DE L’IMAGE: http://blog.loadingdata.nl/2011/05/chinese-privacy-protection-to-top-american/
what your boss thinks
BUT…
May the employer control everything?
Who controls what?
Could my employer
open my emails?
169
112
CODE OF CONDUCTS
Data privacy and digital strategy
Data privacy and digital strategy
Data privacy and digital strategy
TELEWORKING
Employer’s control
177
http://fr.slideshare.net/olivier/identitenumeriquereseauxsociaux
Big data
182
SOLOMO
184http://www.youngplanneur.fr/wp-content/uploads/2011/06/companies-innovating.jpg
Biometry
186
facial recognition
187
RFID & internet of things
188
http://www.ibmbigdatahub.com/sites/default/files/public_images/IoT.jpg
SECURITY ???
GDPR
Data privacy and digital strategy
Data privacy and digital strategy
Data privacy and digital strategy
TO DO
Data privacy and digital strategy
Data privacy and digital strategy
Data privacy and digital strategy
Data privacy and digital strategy
Résistance au changement
crainte du contrôle
Imposer ou convaincre ?
Positionnement du DPO
atteinte à l’activité économique
Culture d’entreprise et nationale
Besoins du business
les freins
87
“It is not the strongest of the species that survives,
nor the most intelligent that survives.
It is the one that is the most adaptable to change.”
C. Darwin
Data privacy and digital strategy
ANY QUESTIONS ?
Data privacy and digital strategy

Mais conteúdo relacionado

Mais procurados

Conducting a self-audit of data protection compliance
Conducting a self-audit of data protection complianceConducting a self-audit of data protection compliance
Conducting a self-audit of data protection complianceFintan Swanton
 
Data Protection: Transitioning to the GDPR
Data Protection: Transitioning to the GDPRData Protection: Transitioning to the GDPR
Data Protection: Transitioning to the GDPRImogenRutherford
 
Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Werksmans Attorneys
 
General Data Protection Regulation (GDPR) for Identity Architects
General Data Protection Regulation (GDPR) for Identity ArchitectsGeneral Data Protection Regulation (GDPR) for Identity Architects
General Data Protection Regulation (GDPR) for Identity ArchitectsWSO2
 
General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...Cvent
 
GDPR – Readiness in IT offshore organization
GDPR – Readiness in IT offshore organization  GDPR – Readiness in IT offshore organization
GDPR – Readiness in IT offshore organization Vishnuvarthanan Moorthy
 
Guide to-the-general-data-protection-regulation
Guide to-the-general-data-protection-regulationGuide to-the-general-data-protection-regulation
Guide to-the-general-data-protection-regulationN N
 
Safety And Security Of Data 4
Safety And Security Of Data 4Safety And Security Of Data 4
Safety And Security Of Data 4Wynthorpe
 
"Legal tips and compliance requirements" - Anastasia Botsi, ICT Legal
"Legal tips and compliance requirements" - Anastasia Botsi, ICT Legal"Legal tips and compliance requirements" - Anastasia Botsi, ICT Legal
"Legal tips and compliance requirements" - Anastasia Botsi, ICT LegalCyber Watching
 
An Overview of GDPR by Pathway Group
An Overview of GDPR by Pathway GroupAn Overview of GDPR by Pathway Group
An Overview of GDPR by Pathway GroupThe Pathway Group
 
Intercity technology - GDPR your training toolkit
Intercity technology - GDPR your training toolkitIntercity technology - GDPR your training toolkit
Intercity technology - GDPR your training toolkitjoshquarrie
 
Building a register of data processing
Building a register of data processingBuilding a register of data processing
Building a register of data processingTim Gough
 
General Data Protection Regulation or GDPR
General Data Protection Regulation or GDPRGeneral Data Protection Regulation or GDPR
General Data Protection Regulation or GDPRNupur Samaddar
 
GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!Fintan Swanton
 
Regulation (EU) 2016_679_GDPR_Overview_June 2016
Regulation (EU) 2016_679_GDPR_Overview_June 2016Regulation (EU) 2016_679_GDPR_Overview_June 2016
Regulation (EU) 2016_679_GDPR_Overview_June 2016John Greenwood
 

Mais procurados (20)

DATA PRIVACY, CLOUD & PURCHASING DEPARTMENT
DATA PRIVACY, CLOUD & PURCHASING DEPARTMENTDATA PRIVACY, CLOUD & PURCHASING DEPARTMENT
DATA PRIVACY, CLOUD & PURCHASING DEPARTMENT
 
Conducting a self-audit of data protection compliance
Conducting a self-audit of data protection complianceConducting a self-audit of data protection compliance
Conducting a self-audit of data protection compliance
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
 
GDPR Demystified
GDPR DemystifiedGDPR Demystified
GDPR Demystified
 
GDPR-Overview
GDPR-OverviewGDPR-Overview
GDPR-Overview
 
Data Protection: Transitioning to the GDPR
Data Protection: Transitioning to the GDPRData Protection: Transitioning to the GDPR
Data Protection: Transitioning to the GDPR
 
Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...
 
General Data Protection Regulation (GDPR) for Identity Architects
General Data Protection Regulation (GDPR) for Identity ArchitectsGeneral Data Protection Regulation (GDPR) for Identity Architects
General Data Protection Regulation (GDPR) for Identity Architects
 
General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...
 
GDPR – Readiness in IT offshore organization
GDPR – Readiness in IT offshore organization  GDPR – Readiness in IT offshore organization
GDPR – Readiness in IT offshore organization
 
Data Protection & GDPR Health Check Service Overview
Data Protection & GDPR Health Check Service OverviewData Protection & GDPR Health Check Service Overview
Data Protection & GDPR Health Check Service Overview
 
Guide to-the-general-data-protection-regulation
Guide to-the-general-data-protection-regulationGuide to-the-general-data-protection-regulation
Guide to-the-general-data-protection-regulation
 
Safety And Security Of Data 4
Safety And Security Of Data 4Safety And Security Of Data 4
Safety And Security Of Data 4
 
"Legal tips and compliance requirements" - Anastasia Botsi, ICT Legal
"Legal tips and compliance requirements" - Anastasia Botsi, ICT Legal"Legal tips and compliance requirements" - Anastasia Botsi, ICT Legal
"Legal tips and compliance requirements" - Anastasia Botsi, ICT Legal
 
An Overview of GDPR by Pathway Group
An Overview of GDPR by Pathway GroupAn Overview of GDPR by Pathway Group
An Overview of GDPR by Pathway Group
 
Intercity technology - GDPR your training toolkit
Intercity technology - GDPR your training toolkitIntercity technology - GDPR your training toolkit
Intercity technology - GDPR your training toolkit
 
Building a register of data processing
Building a register of data processingBuilding a register of data processing
Building a register of data processing
 
General Data Protection Regulation or GDPR
General Data Protection Regulation or GDPRGeneral Data Protection Regulation or GDPR
General Data Protection Regulation or GDPR
 
GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!
 
Regulation (EU) 2016_679_GDPR_Overview_June 2016
Regulation (EU) 2016_679_GDPR_Overview_June 2016Regulation (EU) 2016_679_GDPR_Overview_June 2016
Regulation (EU) 2016_679_GDPR_Overview_June 2016
 

Destaque

Data & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny LeroyData & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny LeroyThoughtworks
 
Information security in big data -privacy and data mining
Information security in big data -privacy and data miningInformation security in big data -privacy and data mining
Information security in big data -privacy and data miningharithavijay94
 
Dan Trottier
Dan TrottierDan Trottier
Dan Trottiercitasa
 
Gender pay gap in the EU
Gender pay gap in the EUGender pay gap in the EU
Gender pay gap in the EUChristineKrumm
 
Recent Privacy and Data Protection Developments in Latin America and Their Im...
Recent Privacy and Data Protection Developments in Latin America and Their Im...Recent Privacy and Data Protection Developments in Latin America and Their Im...
Recent Privacy and Data Protection Developments in Latin America and Their Im...Cédric Laurant
 
Data Privacy in the DMBOK - No Need to Reinvent the Wheel
Data Privacy in the DMBOK - No Need to Reinvent the WheelData Privacy in the DMBOK - No Need to Reinvent the Wheel
Data Privacy in the DMBOK - No Need to Reinvent the WheelDATAVERSITY
 
Privacy and the GDPR: How Cloud computing could be your failing
Privacy and the GDPR: How Cloud computing could be your failingPrivacy and the GDPR: How Cloud computing could be your failing
Privacy and the GDPR: How Cloud computing could be your failingIT Governance Ltd
 
Gender Wage Gap Slides
Gender Wage Gap SlidesGender Wage Gap Slides
Gender Wage Gap SlidesKirby Crider
 
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Gohsuke Takama
 
Data Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPRData Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPRIT Governance Ltd
 

Destaque (20)

Digital strategy and IPR questions
Digital strategy and IPR questionsDigital strategy and IPR questions
Digital strategy and IPR questions
 
digital strategy & e-reputation
digital strategy & e-reputationdigital strategy & e-reputation
digital strategy & e-reputation
 
Digital strategy
Digital strategyDigital strategy
Digital strategy
 
Data & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny LeroyData & Privacy: Striking the Right Balance - Jonny Leroy
Data & Privacy: Striking the Right Balance - Jonny Leroy
 
digital strategy and information security
digital strategy and information securitydigital strategy and information security
digital strategy and information security
 
Information security in big data -privacy and data mining
Information security in big data -privacy and data miningInformation security in big data -privacy and data mining
Information security in big data -privacy and data mining
 
Sup de Co Rennes - planning 2014-2015
Sup de Co Rennes - planning 2014-2015Sup de Co Rennes - planning 2014-2015
Sup de Co Rennes - planning 2014-2015
 
Dan Trottier
Dan TrottierDan Trottier
Dan Trottier
 
Intellectual property rights
Intellectual property rightsIntellectual property rights
Intellectual property rights
 
Contexte organisationnel pour GDPR
Contexte organisationnel pour GDPRContexte organisationnel pour GDPR
Contexte organisationnel pour GDPR
 
Gender pay gap in the EU
Gender pay gap in the EUGender pay gap in the EU
Gender pay gap in the EU
 
Recent Privacy and Data Protection Developments in Latin America and Their Im...
Recent Privacy and Data Protection Developments in Latin America and Their Im...Recent Privacy and Data Protection Developments in Latin America and Their Im...
Recent Privacy and Data Protection Developments in Latin America and Their Im...
 
Data Privacy in the DMBOK - No Need to Reinvent the Wheel
Data Privacy in the DMBOK - No Need to Reinvent the WheelData Privacy in the DMBOK - No Need to Reinvent the Wheel
Data Privacy in the DMBOK - No Need to Reinvent the Wheel
 
Privacy and the GDPR: How Cloud computing could be your failing
Privacy and the GDPR: How Cloud computing could be your failingPrivacy and the GDPR: How Cloud computing could be your failing
Privacy and the GDPR: How Cloud computing could be your failing
 
Privacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital WorldPrivacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital World
 
Gender Wage Gap Slides
Gender Wage Gap SlidesGender Wage Gap Slides
Gender Wage Gap Slides
 
Wage gap
Wage gapWage gap
Wage gap
 
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
Security, Privacy Data Protection and Perspectives to Counter Cybercrime 0409...
 
Data Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPRData Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPR
 
Marketing digital et données personnelles
Marketing digital et données personnellesMarketing digital et données personnelles
Marketing digital et données personnelles
 

Semelhante a Data privacy and digital strategy

GDPR: Protecting Your Data
GDPR: Protecting Your DataGDPR: Protecting Your Data
GDPR: Protecting Your DataUlf Mattsson
 
The ASEAN Data Protection Index 2020
The ASEAN Data Protection Index 2020The ASEAN Data Protection Index 2020
The ASEAN Data Protection Index 2020FairTechInstitute
 
Group 5 Banking Laws Semi Finals.pptx
Group 5 Banking Laws Semi Finals.pptxGroup 5 Banking Laws Semi Finals.pptx
Group 5 Banking Laws Semi Finals.pptxStephenQuijano3
 
General Data Protection Regulations (GDPR) Summary
General Data Protection Regulations (GDPR) Summary General Data Protection Regulations (GDPR) Summary
General Data Protection Regulations (GDPR) Summary Compliance3
 
Intro ataya inauguration event 12 dec 17
Intro ataya inauguration event 12 dec 17Intro ataya inauguration event 12 dec 17
Intro ataya inauguration event 12 dec 17Georges Ataya
 
General Data Protection Regulation (GDPR) | Privacy Law in India |
General Data Protection Regulation (GDPR) | Privacy Law in India |General Data Protection Regulation (GDPR) | Privacy Law in India |
General Data Protection Regulation (GDPR) | Privacy Law in India |Bivas Chatterjee
 
Are You GDPR Ready?
Are You GDPR Ready?Are You GDPR Ready?
Are You GDPR Ready?NICSA
 
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
 
GDPR compliance process and maturity/readiness assessment checklist
GDPR compliance process and maturity/readiness assessment checklistGDPR compliance process and maturity/readiness assessment checklist
GDPR compliance process and maturity/readiness assessment checklistEz Fahmy
 
Data Privacy - Rights of the Data Subject
Data Privacy - Rights of the Data SubjectData Privacy - Rights of the Data Subject
Data Privacy - Rights of the Data SubjectJDP Consulting
 
Data Privacy Act of 2012 (R.A. 10173) Briefing 2017
Data Privacy Act of 2012 (R.A. 10173) Briefing 2017Data Privacy Act of 2012 (R.A. 10173) Briefing 2017
Data Privacy Act of 2012 (R.A. 10173) Briefing 2017Jay Castillo
 
LOPD - Spanish ethical and legal issues in the context of an international IC...
LOPD - Spanish ethical and legal issues in the context of an international IC...LOPD - Spanish ethical and legal issues in the context of an international IC...
LOPD - Spanish ethical and legal issues in the context of an international IC...Natalia Monllor
 
3rd party considerations gdpr
3rd party considerations gdpr3rd party considerations gdpr
3rd party considerations gdprJoe Orlando
 

Semelhante a Data privacy and digital strategy (20)

data privacy
data privacydata privacy
data privacy
 
GDPR, Data Privacy.
GDPR, Data Privacy.GDPR, Data Privacy.
GDPR, Data Privacy.
 
Esc Rennes gdpr oct 2018
Esc Rennes gdpr oct 2018Esc Rennes gdpr oct 2018
Esc Rennes gdpr oct 2018
 
GDPR: Protecting Your Data
GDPR: Protecting Your DataGDPR: Protecting Your Data
GDPR: Protecting Your Data
 
The ASEAN Data Protection Index 2020
The ASEAN Data Protection Index 2020The ASEAN Data Protection Index 2020
The ASEAN Data Protection Index 2020
 
Data privacy & social media
Data privacy & social mediaData privacy & social media
Data privacy & social media
 
EU GDPR (training)
EU GDPR (training)  EU GDPR (training)
EU GDPR (training)
 
Group 5 Banking Laws Semi Finals.pptx
Group 5 Banking Laws Semi Finals.pptxGroup 5 Banking Laws Semi Finals.pptx
Group 5 Banking Laws Semi Finals.pptx
 
General Data Protection Regulations (GDPR) Summary
General Data Protection Regulations (GDPR) Summary General Data Protection Regulations (GDPR) Summary
General Data Protection Regulations (GDPR) Summary
 
Ichec & ESC gdpr feb 2020
Ichec & ESC gdpr feb 2020Ichec & ESC gdpr feb 2020
Ichec & ESC gdpr feb 2020
 
Intro ataya inauguration event 12 dec 17
Intro ataya inauguration event 12 dec 17Intro ataya inauguration event 12 dec 17
Intro ataya inauguration event 12 dec 17
 
General Data Protection Regulation (GDPR) | Privacy Law in India |
General Data Protection Regulation (GDPR) | Privacy Law in India |General Data Protection Regulation (GDPR) | Privacy Law in India |
General Data Protection Regulation (GDPR) | Privacy Law in India |
 
Are You GDPR Ready?
Are You GDPR Ready?Are You GDPR Ready?
Are You GDPR Ready?
 
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
 
GDPR compliance process and maturity/readiness assessment checklist
GDPR compliance process and maturity/readiness assessment checklistGDPR compliance process and maturity/readiness assessment checklist
GDPR compliance process and maturity/readiness assessment checklist
 
Data Privacy - Rights of the Data Subject
Data Privacy - Rights of the Data SubjectData Privacy - Rights of the Data Subject
Data Privacy - Rights of the Data Subject
 
Data Privacy Act of 2012 (R.A. 10173) Briefing 2017
Data Privacy Act of 2012 (R.A. 10173) Briefing 2017Data Privacy Act of 2012 (R.A. 10173) Briefing 2017
Data Privacy Act of 2012 (R.A. 10173) Briefing 2017
 
LOPD - Spanish ethical and legal issues in the context of an international IC...
LOPD - Spanish ethical and legal issues in the context of an international IC...LOPD - Spanish ethical and legal issues in the context of an international IC...
LOPD - Spanish ethical and legal issues in the context of an international IC...
 
#CyberSafeLambeth
#CyberSafeLambeth#CyberSafeLambeth
#CyberSafeLambeth
 
3rd party considerations gdpr
3rd party considerations gdpr3rd party considerations gdpr
3rd party considerations gdpr
 

Mais de Prof. Jacques Folon (Ph.D)

Rh et data DANS LE MONDE APRÈS LE CONFINEMENT
Rh et data DANS LE MONDE APRÈS LE CONFINEMENTRh et data DANS LE MONDE APRÈS LE CONFINEMENT
Rh et data DANS LE MONDE APRÈS LE CONFINEMENTProf. Jacques Folon (Ph.D)
 

Mais de Prof. Jacques Folon (Ph.D) (20)

Introduction to digital strategy
Introduction to digital strategy Introduction to digital strategy
Introduction to digital strategy
 
Ifc jour 1 dpo
Ifc jour 1 dpoIfc jour 1 dpo
Ifc jour 1 dpo
 
Cpas divers sujets
Cpas divers sujets Cpas divers sujets
Cpas divers sujets
 
Ferrer premier cours octobre 2021
Ferrer premier cours octobre  2021Ferrer premier cours octobre  2021
Ferrer premier cours octobre 2021
 
premier cours saint louis sept 2021
premier cours saint louis sept 2021premier cours saint louis sept 2021
premier cours saint louis sept 2021
 
Cmd premier cours sept 2021
Cmd premier cours sept 2021Cmd premier cours sept 2021
Cmd premier cours sept 2021
 
CPAS ET RGPD : direction et DPO
CPAS ET RGPD : direction et DPO CPAS ET RGPD : direction et DPO
CPAS ET RGPD : direction et DPO
 
le RGPD fossoyeur du marketing digital ?
le RGPD fossoyeur du marketing digital ?le RGPD fossoyeur du marketing digital ?
le RGPD fossoyeur du marketing digital ?
 
Ifc gdpr strat digit mai 2021
Ifc gdpr strat digit mai 2021Ifc gdpr strat digit mai 2021
Ifc gdpr strat digit mai 2021
 
Pandemie et vie privee
Pandemie et vie priveePandemie et vie privee
Pandemie et vie privee
 
GDPR & digital strategy
GDPR & digital strategyGDPR & digital strategy
GDPR & digital strategy
 
Cmd de la stratégie au marketing digital
Cmd de la stratégie au marketing digitalCmd de la stratégie au marketing digital
Cmd de la stratégie au marketing digital
 
Ichec ipr feb 2021
Ichec ipr feb 2021Ichec ipr feb 2021
Ichec ipr feb 2021
 
Strategy for digital business class #1
Strategy for digital business class #1Strategy for digital business class #1
Strategy for digital business class #1
 
E comm et rgpd
E comm et rgpdE comm et rgpd
E comm et rgpd
 
Cmd premier cours
Cmd premier coursCmd premier cours
Cmd premier cours
 
Cmd cours 1
Cmd cours 1Cmd cours 1
Cmd cours 1
 
Le dossier RGPD
Le dossier RGPDLe dossier RGPD
Le dossier RGPD
 
Rh et data DANS LE MONDE APRÈS LE CONFINEMENT
Rh et data DANS LE MONDE APRÈS LE CONFINEMENTRh et data DANS LE MONDE APRÈS LE CONFINEMENT
Rh et data DANS LE MONDE APRÈS LE CONFINEMENT
 
RGPD et stratégie digitale
RGPD et stratégie digitaleRGPD et stratégie digitale
RGPD et stratégie digitale
 

Último

Research Methodology and Tips on Better Research
Research Methodology and Tips on Better ResearchResearch Methodology and Tips on Better Research
Research Methodology and Tips on Better ResearchRushdi Shams
 
BBA 205 BUSINESS ENVIRONMENT UNIT I.pptx
BBA 205 BUSINESS ENVIRONMENT UNIT I.pptxBBA 205 BUSINESS ENVIRONMENT UNIT I.pptx
BBA 205 BUSINESS ENVIRONMENT UNIT I.pptxProf. Kanchan Kumari
 
THYROID HORMONE.pptx by Subham Panja,Asst. Professor, Department of B.Sc MLT,...
THYROID HORMONE.pptx by Subham Panja,Asst. Professor, Department of B.Sc MLT,...THYROID HORMONE.pptx by Subham Panja,Asst. Professor, Department of B.Sc MLT,...
THYROID HORMONE.pptx by Subham Panja,Asst. Professor, Department of B.Sc MLT,...Subham Panja
 
AI Uses and Misuses: Academic and Workplace Applications
AI Uses and Misuses: Academic and Workplace ApplicationsAI Uses and Misuses: Academic and Workplace Applications
AI Uses and Misuses: Academic and Workplace ApplicationsStella Lee
 
3.14.24 Gender Discrimination and Gender Inequity.pptx
3.14.24 Gender Discrimination and Gender Inequity.pptx3.14.24 Gender Discrimination and Gender Inequity.pptx
3.14.24 Gender Discrimination and Gender Inequity.pptxmary850239
 
Plant Tissue culture., Plasticity, Totipotency, pptx
Plant Tissue culture., Plasticity, Totipotency, pptxPlant Tissue culture., Plasticity, Totipotency, pptx
Plant Tissue culture., Plasticity, Totipotency, pptxHimansu10
 
Certification Study Group - Professional ML Engineer Session 3 (Machine Learn...
Certification Study Group - Professional ML Engineer Session 3 (Machine Learn...Certification Study Group - Professional ML Engineer Session 3 (Machine Learn...
Certification Study Group - Professional ML Engineer Session 3 (Machine Learn...gdgsurrey
 
25 CHUYÊN ĐỀ ÔN THI TỐT NGHIỆP THPT 2023 – BÀI TẬP PHÁT TRIỂN TỪ ĐỀ MINH HỌA...
25 CHUYÊN ĐỀ ÔN THI TỐT NGHIỆP THPT 2023 – BÀI TẬP PHÁT TRIỂN TỪ ĐỀ MINH HỌA...25 CHUYÊN ĐỀ ÔN THI TỐT NGHIỆP THPT 2023 – BÀI TẬP PHÁT TRIỂN TỪ ĐỀ MINH HỌA...
25 CHUYÊN ĐỀ ÔN THI TỐT NGHIỆP THPT 2023 – BÀI TẬP PHÁT TRIỂN TỪ ĐỀ MINH HỌA...Nguyen Thanh Tu Collection
 
3.14.24 The Selma March and the Voting Rights Act.pptx
3.14.24 The Selma March and the Voting Rights Act.pptx3.14.24 The Selma March and the Voting Rights Act.pptx
3.14.24 The Selma March and the Voting Rights Act.pptxmary850239
 
Arti Languages Pre Seed Send Ahead Pitchdeck 2024.pdf
Arti Languages Pre Seed Send Ahead Pitchdeck 2024.pdfArti Languages Pre Seed Send Ahead Pitchdeck 2024.pdf
Arti Languages Pre Seed Send Ahead Pitchdeck 2024.pdfwill854175
 
LEAD6001 - Introduction to Advanced Stud
LEAD6001 - Introduction to Advanced StudLEAD6001 - Introduction to Advanced Stud
LEAD6001 - Introduction to Advanced StudDr. Bruce A. Johnson
 
The basics of sentences session 8pptx.pptx
The basics of sentences session 8pptx.pptxThe basics of sentences session 8pptx.pptx
The basics of sentences session 8pptx.pptxheathfieldcps1
 
POST ENCEPHALITIS case study Jitendra bhargav
POST ENCEPHALITIS case study  Jitendra bhargavPOST ENCEPHALITIS case study  Jitendra bhargav
POST ENCEPHALITIS case study Jitendra bhargavJitendra Bhargav
 
Material Remains as Source of Ancient Indian History & Culture.ppt
Material Remains as Source of Ancient Indian History & Culture.pptMaterial Remains as Source of Ancient Indian History & Culture.ppt
Material Remains as Source of Ancient Indian History & Culture.pptBanaras Hindu University
 
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...Nguyen Thanh Tu Collection
 
Alamkara theory by Bhamaha Indian Poetics (1).pptx
Alamkara theory by Bhamaha Indian Poetics (1).pptxAlamkara theory by Bhamaha Indian Poetics (1).pptx
Alamkara theory by Bhamaha Indian Poetics (1).pptxDhatriParmar
 
2024 March 11, Telehealth Billing- Current Telehealth CPT Codes & Telehealth ...
2024 March 11, Telehealth Billing- Current Telehealth CPT Codes & Telehealth ...2024 March 11, Telehealth Billing- Current Telehealth CPT Codes & Telehealth ...
2024 March 11, Telehealth Billing- Current Telehealth CPT Codes & Telehealth ...Marlene Maheu
 
VIT336 – Recommender System - Unit 3.pdf
VIT336 – Recommender System - Unit 3.pdfVIT336 – Recommender System - Unit 3.pdf
VIT336 – Recommender System - Unit 3.pdfArthyR3
 
ASTRINGENTS.pdf Pharmacognosy chapter 5 diploma in Pharmacy
ASTRINGENTS.pdf Pharmacognosy chapter 5 diploma in PharmacyASTRINGENTS.pdf Pharmacognosy chapter 5 diploma in Pharmacy
ASTRINGENTS.pdf Pharmacognosy chapter 5 diploma in PharmacySumit Tiwari
 

Último (20)

Research Methodology and Tips on Better Research
Research Methodology and Tips on Better ResearchResearch Methodology and Tips on Better Research
Research Methodology and Tips on Better Research
 
BBA 205 BUSINESS ENVIRONMENT UNIT I.pptx
BBA 205 BUSINESS ENVIRONMENT UNIT I.pptxBBA 205 BUSINESS ENVIRONMENT UNIT I.pptx
BBA 205 BUSINESS ENVIRONMENT UNIT I.pptx
 
THYROID HORMONE.pptx by Subham Panja,Asst. Professor, Department of B.Sc MLT,...
THYROID HORMONE.pptx by Subham Panja,Asst. Professor, Department of B.Sc MLT,...THYROID HORMONE.pptx by Subham Panja,Asst. Professor, Department of B.Sc MLT,...
THYROID HORMONE.pptx by Subham Panja,Asst. Professor, Department of B.Sc MLT,...
 
AI Uses and Misuses: Academic and Workplace Applications
AI Uses and Misuses: Academic and Workplace ApplicationsAI Uses and Misuses: Academic and Workplace Applications
AI Uses and Misuses: Academic and Workplace Applications
 
3.14.24 Gender Discrimination and Gender Inequity.pptx
3.14.24 Gender Discrimination and Gender Inequity.pptx3.14.24 Gender Discrimination and Gender Inequity.pptx
3.14.24 Gender Discrimination and Gender Inequity.pptx
 
Plant Tissue culture., Plasticity, Totipotency, pptx
Plant Tissue culture., Plasticity, Totipotency, pptxPlant Tissue culture., Plasticity, Totipotency, pptx
Plant Tissue culture., Plasticity, Totipotency, pptx
 
Certification Study Group - Professional ML Engineer Session 3 (Machine Learn...
Certification Study Group - Professional ML Engineer Session 3 (Machine Learn...Certification Study Group - Professional ML Engineer Session 3 (Machine Learn...
Certification Study Group - Professional ML Engineer Session 3 (Machine Learn...
 
25 CHUYÊN ĐỀ ÔN THI TỐT NGHIỆP THPT 2023 – BÀI TẬP PHÁT TRIỂN TỪ ĐỀ MINH HỌA...
25 CHUYÊN ĐỀ ÔN THI TỐT NGHIỆP THPT 2023 – BÀI TẬP PHÁT TRIỂN TỪ ĐỀ MINH HỌA...25 CHUYÊN ĐỀ ÔN THI TỐT NGHIỆP THPT 2023 – BÀI TẬP PHÁT TRIỂN TỪ ĐỀ MINH HỌA...
25 CHUYÊN ĐỀ ÔN THI TỐT NGHIỆP THPT 2023 – BÀI TẬP PHÁT TRIỂN TỪ ĐỀ MINH HỌA...
 
ANOVA Parametric test: Biostatics and Research Methodology
ANOVA Parametric test: Biostatics and Research MethodologyANOVA Parametric test: Biostatics and Research Methodology
ANOVA Parametric test: Biostatics and Research Methodology
 
3.14.24 The Selma March and the Voting Rights Act.pptx
3.14.24 The Selma March and the Voting Rights Act.pptx3.14.24 The Selma March and the Voting Rights Act.pptx
3.14.24 The Selma March and the Voting Rights Act.pptx
 
Arti Languages Pre Seed Send Ahead Pitchdeck 2024.pdf
Arti Languages Pre Seed Send Ahead Pitchdeck 2024.pdfArti Languages Pre Seed Send Ahead Pitchdeck 2024.pdf
Arti Languages Pre Seed Send Ahead Pitchdeck 2024.pdf
 
LEAD6001 - Introduction to Advanced Stud
LEAD6001 - Introduction to Advanced StudLEAD6001 - Introduction to Advanced Stud
LEAD6001 - Introduction to Advanced Stud
 
The basics of sentences session 8pptx.pptx
The basics of sentences session 8pptx.pptxThe basics of sentences session 8pptx.pptx
The basics of sentences session 8pptx.pptx
 
POST ENCEPHALITIS case study Jitendra bhargav
POST ENCEPHALITIS case study  Jitendra bhargavPOST ENCEPHALITIS case study  Jitendra bhargav
POST ENCEPHALITIS case study Jitendra bhargav
 
Material Remains as Source of Ancient Indian History & Culture.ppt
Material Remains as Source of Ancient Indian History & Culture.pptMaterial Remains as Source of Ancient Indian History & Culture.ppt
Material Remains as Source of Ancient Indian History & Culture.ppt
 
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...
BÀI TẬP BỔ TRỢ TIẾNG ANH 11 THEO ĐƠN VỊ BÀI HỌC - CẢ NĂM - CÓ FILE NGHE (GLOB...
 
Alamkara theory by Bhamaha Indian Poetics (1).pptx
Alamkara theory by Bhamaha Indian Poetics (1).pptxAlamkara theory by Bhamaha Indian Poetics (1).pptx
Alamkara theory by Bhamaha Indian Poetics (1).pptx
 
2024 March 11, Telehealth Billing- Current Telehealth CPT Codes & Telehealth ...
2024 March 11, Telehealth Billing- Current Telehealth CPT Codes & Telehealth ...2024 March 11, Telehealth Billing- Current Telehealth CPT Codes & Telehealth ...
2024 March 11, Telehealth Billing- Current Telehealth CPT Codes & Telehealth ...
 
VIT336 – Recommender System - Unit 3.pdf
VIT336 – Recommender System - Unit 3.pdfVIT336 – Recommender System - Unit 3.pdf
VIT336 – Recommender System - Unit 3.pdf
 
ASTRINGENTS.pdf Pharmacognosy chapter 5 diploma in Pharmacy
ASTRINGENTS.pdf Pharmacognosy chapter 5 diploma in PharmacyASTRINGENTS.pdf Pharmacognosy chapter 5 diploma in Pharmacy
ASTRINGENTS.pdf Pharmacognosy chapter 5 diploma in Pharmacy
 

Data privacy and digital strategy

  • 2. This presentation and other resources are available on MOODLE
  • 5. Average number of Facebook « friends » in France: 170 30
  • 8. The person who took the photo is a real friend 8 http://cdn.motinetwork.net/motifake.com/image/demotivational-poster/1202/reality-drunk-reality-fail-drunkchicks-partyfail-demotivational-posters-1330113345.jpg
  • 9. privacy and graph search ?
  • 10. 10
  • 11. 11
  • 12. 12
  • 13. 13
  • 17. From Big Brother to Big Other
  • 18. http://fr.slideshare.net/bodyspacesociety/casilli-privacyehess-2012def Antonio Casili • Importance of T&C • Everybody speaks • mutual surveillance • Lateral surveillance
  • 21. 21
  • 22. Interactions controlled by citizens in the Information Society http://ipts.jrc.ec.europa.eu/home/report/english/articles/vol79/ICT1E796.htm
  • 23. Interactions NOT controlled by citizens in the Information Society http://ipts.jrc.ec.europa.eu/home/report/english/articles/vol79/ICT1E796.htm
  • 25. 'personal data' shall mean any information relating to an identified or identifiable natural person ('data subject'); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity
  • 26. 'processing of personal data' ('processing') shall mean any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction
  • 27. personal data filing system' ('filing system') shall mean any structured set of personal data which are accessible according to specific criteria, whether centralized, decentralized or dispersed on a functional or geographical basis
  • 28. 121 controller shall mean the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by national or Community laws or regulations, the controller or the specific criteria for his nomination may be designated by national or Community law;
  • 29. 29 'the data subject's consent' shall mean any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed
  • 30. 30 Member States shall provide that personal data must be: (a) processed fairly and lawfully; (b) collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes. Further processing of data for historical, statistical or scientific purposes shall not be considered as incompatible provided that Member States provide appropriate safeguards; (c) adequate, relevant and not excessive in relation to the purposes for which they are collected and/or further processed; (d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that data which are inaccurate or incomplete, having regard to the purposes for which they were collected or for which they are further processed, are erased or rectified; (e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data were collected or for which they are further processed. Member States shall lay down appropriate safeguards for personal data stored for longer periods for historical, statistical or scientific use.
  • 31. 31 Member States shall provide that personal data may be processed only if: (a) the data subject has unambiguously given his consent; or (b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; or (c) processing is necessary for compliance with a legal obligation to which the controller is subject; or (d) processing is necessary in order to protect the vital interests of the data subject; or (e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or in a third party to whom the data are disclosed
  • 32. 32 Member States shall prohibit the processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of data concerning health or sex life
  • 33. 125 Member States shall provide that the controller or his representative must provide a data subject from whom data relating to himself are collected with at least the following information, except where he already has it: (a) the identity of the controller and of his representative, if any; (b) the purposes of the processing for which the data are intended; (c) any further information such as - the recipients or categories of recipients of the data, - whether replies to the questions are obligatory or voluntary, as well as the possible consequences of failure to reply, - the existence of the right of access to and the right to rectify the data concerning him in so far as such further information is necessary, having regard to the specific circumstances in which the data are collected, to guarantee fair processing in respect of the data subject
  • 34. 34 Right of access Member States shall guarantee every data subject the right to obtain from the controller: (a) without constraint at reasonable intervals and without excessive delay or expense: - confirmation as to whether or not data relating to him are being processed and information at least as to the purposes of the processing, the categories of data concerned, and the recipients or categories of recipients to whom the data are disclosed, - communication to him in an intelligible form of the data undergoing processing and of any available information as to their source, - knowledge of the logic involved in any automatic processing of data concerning him at least in the case of the automated decisions referred to in Article 15 (1); (b) as appropriate the rectification, erasure or blocking of data the processing of which does not comply with the provisions of this Directive, in particular because of the incomplete or inaccurate nature of the data; (c) notification to third parties to whom the data have been disclosed of any rectification, erasure or blocking carried out in compliance with (b), unless this proves impossible or involves a disproportionate effort
  • 35. 35
  • 40. Sub-contractor 129 The Member States shall provide that the controller must, where processing is carried out on his behalf, choose a processor providing sufficient guarantees in respect of the technical security measures and organizational measures governing the processing to be carried out, and must ensure compliance with those measures
  • 41. 41 The carrying out of processing by way of a processor must be governed by a contract or legal act binding the processor to the controller and stipulating in particular that: - the processor shall act only on instructions from the controller, - the obligations as defined by the law of the Member State in which the processor is established, shall also be incumbent on the processor
  • 43. SECURITY SOURCE DE L’IMAGE: http://www.techzim.co.zw/2010/05/why-organisations-should-worry-about-security-2/
  • 45. Everything must be transparent
  • 47. Article 16 Confidentiality of processing Any person acting under the authority of the controller or of the processor, including the processor himself, who has access to personal data must not process them except on instructions from the controller, unless he is required to do so by law
  • 48. Member States shall provide that the controller must implement appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular where the processing involves the transmission of data over a network, and against all other unlawful forms of processing. Having regard to the state of the art and the cost of their implementation, such measures shall ensure a level of security appropriate to the risks represented by the processing and the nature of the data to be protected.
  • 49. 86 SECURITY IS A LEGAL OBLIGATION
  • 50. What your boss thinks...
  • 51. Employees share (too) many information and also with third parties
  • 53. Where do one steal data? •Banks •Hospitals •Ministries •Police •Newspapers •Telecoms •... Which devices are stolen? •USB •Laptops •Hard disks •Papers •Binders •Cars
  • 56. 56
  • 58. 154 Source de l’image : http://ediscoverytimes.com/?p=46
  • 61. 48
  • 62. 4 By giving people the power to share, we're making the world more transparent. The question isn't, 'What do we want to know about people?', It's, 'What do people want to tell about themselves?' Data privacy is outdated ! Mark Zuckerberg If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place. Eric Schmidt
  • 64. 1
  • 68. 1 Privacy statement confusion • 53% of consumers consider that a privacy statement means that data will never be sell or give • 43% only have read a privacy statement • 45% only use different email addresses • 33% changed passwords regularly • 71% decide not to register or purchase due to a request of unneeded information • 41% provide fake info 112 Source: TRUSTe survey
  • 73. 73
  • 74. 74
  • 75. 75
  • 76. 76
  • 77. 77
  • 78. 78
  • 81. Evaluation and Comparison of Privacy Policies-Accessibility/User-Friendliness Facebook Foursquare Google Buzz LinkedIn Twitter Number of words 5860 words 2,436 words 1,094 words 5,650 words 1,287 words Comparison to average Privacy Policy (based on 2,462 words) Above average Below average (but very close to the average) Below Average Above average Below average Amount of time it takes one to read (based on an average person reading speed--244 words /minute) Approx. 24 minutes Approx. 10 minutes Approx. 5 minutes Approx. 23 minutes Approx. 5 minutes Direct link to its actual privacy policy from the index page No Yes Yes Yes Yes Availability in languages other than English Yes Yes Yes Yes Yes Detailed explanation of privacy control/protection Yes Yes Yes No No Trust E-Verified Yes No No Yes No Linking and/or mentioning to U.S. Dept. of Commerce “Safe Harbor Privacy Principles” Yes No Yes Yes No Availability of contact information in case of questions Yes Yes No Yes Yes Coverage of kids privacy Yes Yes No Yes Yes Containing the clause that it reserves the right to change the privacy policy at any time Yes, but users will be notified Yes, but users will be notified http:// www.psl.cs.columbia .edu/classes/cs6125- Yes, but users will be notified of material changes Yes, but users will be notified of material changes http://www.psl.cs.columbia.edu/classes/cs6125-s11/presentations/2011/Presentation_Joyce_Chen.ppthy don’t we read privacy policies
  • 82. Evaluation and Comparison of Privacy Policies – “Content” Facebook Foursquare Google Buzz LinkedIn Twitter Allowance of an opt- out option Yes Yes Yes Yes Yes Allowance of third- party access to users’ information Yes/No, depending on a user’s sharing setting and the information shared Yes Yes Yes Yes Discussion of the usage of cookie or tracking tools Yes Yes Not specified; but Google states that it records users’ use of their products Yes Yes Explicit statement of what type of information they share with third- parties Yes Yes Yes Yes Yes Sharing of users’ location data Yes Yes Yes Unclear; not mentioned in the Privacy Policy Yes http://www.psl.cs.columbia.edu/classes/cs6125-s11/presentations/2011/Presentation_Joyce_Chen.ppthy don’t we read privacy policies
  • 83. Evaluation and Comparison of Account Creation Process Facebook Foursquare Google Buzz LinkedIn Twitter Number of fields required during the initial account creation 9 10 Zero if you have a Gmail account 4 6 Details that are required for a user to create an account First name, last name, email, password, gender, birthday First name, last name, password, email, phone, location, gender, birthday, photo None if you have a Gmail account First name, last name, email, password First name, username, password, email, “let others find me by my email,” “I want the inside scoop” Availability of explanation on required information Yes Yes Information on how Google Buzz works is available No Yes, actually includes the entire Terms of Service in a Text area box http://www.psl.cs.columbia.edu/classes/cs6125-s11/presentations/2011/Presentation_Joyce_Chen.ppthy don’t we read privacy policies
  • 85. DATA PRIVACY & THE EMPLOYER 45http://i.telegraph.co.uk/multimedia/archive/02183/computer-cctv_2183286b.jpg
  • 86. SO CALLED HIDDEN COSTS 46 http://www.theatlantic.com/technology/archive/2011/09/estimating-the-damage-to-the-us-economy-caused-by-angry-birds/244972/
  • 88. IAM
  • 89. RISKS SOURCE DE L’IMAGE : http://www.tunisie-news.com/artpublic/auteurs/auteur_4_jaouanebrahim.html
  • 90. Source: The Risks of Social Networking IT Security Roundtable Harvard Townsend
 Chief Information Security Officer Kansas State University
  • 91. The new head of MI6 has been left exposed by a major personal security breach after his wife published intimate photographs and family details on the Facebook website. Sir John Sawers is due to take over as chief of the Secret Intelligence Service in November, putting him in charge of all Britain's spying operations abroad. But his wife's entries on the social networking site have exposed potentially compromising details about where they live and work, who their friends are and where they spend their holidays. http://www.dailymail.co.uk
  • 92. Social Media Spam Compromised Facebook account. Victim is now promoting a shady pharmaceutical Source: Social Media: Manage the Security to Manage Your Experience; Ross C. Hughes, U.S. Department of Education
  • 93. Social Media Phishing To: T V V I T T E R.com Now they will have your username and password Source: Social Media: Manage the Security to Manage Your Experience; Ross C. Hughes, U.S. Department of Education
  • 94. Social Media Malware Clicking on the links takes you to sites that will infect your computer with malware Source: Social Media: Manage the Security to Manage Your Experience; Ross C. Hughes, U.S. Department of Education
  • 95. Phishing Sources/ Luc Pooters, Triforensic, 2011
  • 97. Social engineering Sources/ Luc Pooters, Triforensic, 2011
  • 98. Take my stuff, please! Source: The Risks of Social Networking IT Security Roundtable Harvard Townsend
 Chief Information Security Officer Kansas State University
  • 100. Right to be forgotten • On 13.05.2014 the European Union Court of Justice backed a ruling called “the right to be forgotten,” which allows individuals to control their data and ask search engines, such as Google, to remove inadequate personal results from the Internet. • However, the decision cannot be interpreted as a “victory” for the protection of the personal data of Europeans, according to privacy experts.
  • 101. • In 2010 a Spanish citizen lodged a complaint against a Spanish newspaper with the national Data Protection Agency and against Google Spain and Google Inc. • The citizen complained that an auction notice of his repossessed home on Google’s search results infringed his privacy rights because the proceedings concerning him had been fully resolved for a number of years and hence the reference to these was entirely irrelevant. • He requested, first, that the newspaper be required either to remove or alter the pages in question so that the personal data relating to him no longer appeared; • and second, that Google Spain or Google Inc. be required to remove the personal data
  • 102. • In its ruling of 13 May 2014 the EU Court said : • a)On the territoriality of EU rules: Even if the physical server of a company processing data islocated outside Europe, EU rules apply to search engine operators if they have a branch or a sub sidiary in a Member State which promotes the selling of advertising space offered by the search engine; • b)On the applicability of EU data protection rules to a search engine : Search engines are controllers of personal data. Google can therefore not escape its responsibilities before European lawwhen handling personal data by saying it is a search engine. EU data protection law applies and so does the right to be forgotten. • c) On the “Right to be Forgotten” : Individuals have the right - under certain conditions - to ask search engines to remove links with personal information about them.This applies where the information is inaccurate, inadequate, irrelevant or excessive for the purposes of the data
  • 103. • At the same time, the Court explicitly clarified that the right to be forgotten is not absolute but will always need to be balanced against other fundamental rights, such as the freedom of expression and of the media
  • 104. • Right to erasure (future rules?) • 1.The data subject shall have the right to obtain from the controller the erasure of personal data relating to them and the abstention from further dissemination of such data, and to obtain from third parties the erasure of any links to, or copy or replication of that data, where one of the following grounds applies: • (a) the data are no longer necessary in relation to the purposes for which they were collected or otherwise processed • (b) the data subject withdraws consent on which the processing is based according • (c) when the storage period consented to has expired and where there is no other legal ground for the processing of the data
  • 105. New EU Regulation • right to be forgotten • no more notification to data privacy authorities • data privacy officer • up to 2% turnover penalty • information of data theft
  • 106. Control by the employer 161SOURCE DE L’IMAGE: http://blog.loadingdata.nl/2011/05/chinese-privacy-protection-to-top-american/
  • 107. what your boss thinks
  • 108. BUT…
  • 109. May the employer control everything?
  • 111. Could my employer open my emails? 169
  • 122. RFID & internet of things 188 http://www.ibmbigdatahub.com/sites/default/files/public_images/IoT.jpg
  • 124. GDPR
  • 128. TO DO
  • 133. Résistance au changement crainte du contrôle Imposer ou convaincre ? Positionnement du DPO atteinte à l’activité économique Culture d’entreprise et nationale Besoins du business les freins
  • 134. 87 “It is not the strongest of the species that survives, nor the most intelligent that survives. It is the one that is the most adaptable to change.” C. Darwin