SlideShare uma empresa Scribd logo

Cyber security

Transferir como PPT, PDF
J
jvsihag

cyber security slide

Tecnologia
1 de 34
Structuring a National Strategy to secure Cyberspace: Solutions for India Netsecure Technology http://ww.netsecure.in
Part 1 - The need for a national strategy • Examining national objectives • Structuring a policy • Current law in India Part 2 – Case Study: Data Privacy and National Compliance [Challenges and Strategies] • Data Protection legislation around the world • European Commission Directive and the UK Act • Data Protection model: the United States • Balancing Privacy and Security
Opportunities for India
 Speed and Convenience • Technological advances in data storage and transmission  Mobile access  Personalised and tailored  Data mining sophistication • Globalisation of communications -  Loss of control the internet  Insecurity  Lack of confidence • Convergence and standardisation  Increased scepticism of technologies  Low uptake of eCommerce • Increasing importance of data processing
 Cyberspace> as introduced by William Gibson [A place governed by its own laws] - “a consensual hallucination” [William Gibson, Neuromancer]  A contradiction? Greek <kybernetes> means „steersman‟ of a ship  “Law and Borders”: the „independent‟ theory of cyberspace law [David Post and David Johnson, Stanford Law Review]  Benkler‟s layers – the physical, the code and content [in communications theory]  Lessig <Code and other laws of Cyberspace>
 Securing “Indian” Cyberspace [regulations and the history of trade – towards pax mercatur]  The basic premise: the machine or the medium  Adaptability and Enforcement of Indian law – lessons from the American experience [Adobe Systems v. Dmitry Skylarov]  Systematic collaboration between vendors and customers to secure interoperable government and industry enterprise information systems  Enhance collaboration between law enforcement and industry to prevent and prosecute cyber crimes
 Understanding the role of the medium – incidental [blackmail, stalking]; content [obscene or sensitive material]; integrity [unauthorised access and/or modification]  The criminal act – discovery [detection] and analysis  The Cybercrime Manual – fostering preparedness  Focussing on „relevant‟ issues and appropriate classification of offences  Cyber forensics and the collection of evidence  Crisis management [internal and external]
 The Team [Member of the Board, Human Resources Manager, Chief Information Officer, Legal Counsel, E-Risk Management Consultant, Internet Security Expert, Cyberinsurance broker]  Utilising and factoring security tools – Digital signatures are a ‘sign of our times’  Understanding and evaluating risks [internal and external]  Allocating roles and responsibilities - Structuring the audit process [examining use and abuse]  Ten Tips – [i] Firewalls with secure passwords; [ii] correct installation and maintenance [the human angle]; [iii] encryption; [iv] assign network administrators a security role; [v] External consultants and auditors; [vi] periodic security audits; [vii] do not ignore ‘small company’ security needs; [viii] limit access to the computer room; [ix] educate employees about the dangers of social engineering; [x] educate employees on potential threats.
 A training process for law enforcement  The Basics: the “machine” and the “medium” – What is a Cybercrime?  Develop programs that promote a culture of security within and across enterprises, including corporate governance, integration of physical and cyber security, and cyber ethics from school to the office  Engage with industry, academia and government in both countries to foster research and development and collaborative education efforts in information security
 Stake your territory: the applicable law  Have the final say: the invitation to treat  On your own terms  Is it secure?  The customer is always right!  Privacy policy and data protection  Protecting your brand: Domain names and trademarks in general  The copyright ‘catch’  Chat online [Bulletin Board/Service Provider Liability]
Data Privacy and Indian Law
A fundamental human right the right of the individual to be let alone • Information Privacy (data protection) - personal data • Bodily privacy - invasive procedures - search, drug testing; genetic testing; etc • Communications Privacy - mail, telephone, e-mail etc • Territorial privacy - domestic privacy; CCTV; ID checks etc “Public” aspects - surveillance, police powers and national security “Private” aspects - commercial use of data
Overview - major International and US regulations 1948 UN Universal Declaration of Human Rights HUMAN RIGHTS 1970 US Fair Credit Reporting Act 1974 US Privacy Act 1976 International Covenant on Civil and Political Rights 1980 OECD Guidelines on Protection of Privacy 1980 US Privacy Protection Act 1995 European Commission Directive on Data Protection 1994 US Communications Assistance to Law Enforcement Act 1996 US Health Insurance Portability and Accountability Act 1998 US Children's Online Privacy Protection Act 1998 European Member States implement Directive 1999 US Financial Services Modernization Act BUSINESS ISSUES
There is no general privacy or data protection law in India: • Constitution Article 21 Right to life and liberty, interpreted by Supreme Court as including the “right to be let alone” • International Covenant on Civil and Political Rights 1966 Article 17: No one shall be subject to arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks. • Law of privacy (Tort Law) – Action for unlawful invasion of privacy
Information Technology Act 2000 • Section 43 (a) Penalty for unauthorised access to a computer system • Section 43 (b) - Penalty for unauthorised downloading or copying of data without permission • Section 72 - Offence of accessing any electronic record, book, register, correspondence, information, document or other material and, without the consent of the person concerned, disclosing such information to another person
• Public Financial Institutions Act of 1993 codifies confidentiality of bank transactions • ISPs prohibited from violating privacy rights of subscribers by virtue of the licence to operate granted by the Department of Telecommunications • A general data protection law in India? National Task Force on IT and Software Development 1998 Submitted “IT Action Plan” calling for “National Policy on Information Security, Privacy and Data Protection Act for handling of computerised data” but no Act introduced to date
Data Protection Worldwide
CENTRAL AFRICAN REPUBLIC GIBRALTAR LITHUANIA OURG PAKISTAN SURINAME AFGHANISTAN CHAD GREECE PALAU SVALBARD AND JAN MAYEN ALBANIA CHILE GREENLAND LUXEMBOURG PALESTINIAN TERRITORY, OCCUPIED SWAZILAND ALGERIA CHINA GRENADA MACAU PANAMA SWEDEN AMERICAN SAMOA CHRISTMAS ISLAND MACEDONIA PAPUA NEW GUINEA SWITZERLAND COCOS (KEELING) ISLANDS GUADELOUPE MADAGASCAR PARAGUAY SYRIAN ARAB REPUBLIC ANDORRA COLOMBIA GUAM MALAWI PERU TAIWAN ANGOLA COMOROS GUATEMALA MALAYSIA PHILIPPINES TAJIKISTAN ANGUILLA CONGO GUINEA MALDIVES PITCAIRN TANZANIA, UNITED REPUBLIC OF ANTARCTICA GUINEA-BISSAU MALI POLAND THAILAND COOK ISLANDS GUYANA MALTA PORTUGAL TOGO ANTIGUA AND BARBUDA COSTA RICA HAITI MARSHALL ISLANDS PUERTO RICO TOKELAU COTE D'IVOIRE HEARD ISLAND AND MCDONALD ISLANDS MARTINIQUE QATAR TONGA ARGENTINA CROATIA HOLY SEE (VATICAN CITY STATE) MAURITANIA REUNION ARMENIA CUBA HONDURAS MAURITIUS ROMANIA TONGA ARUBA CYPRUS HONG KONG MAYOTTE RUSSIAN FEDERATION TRINIDAD AND TOBAGO CZECH REPUBLIC HUNGARY MEXICO RWANDA TUNISIA AUSTRALIA DENMARK ICELAND MICRONESIA, FEDERATED STATES OF SAINT HELENA TURKEY AUSTRIA DJIBOUTI INDIA MOLDOVA, REPUBLIC OF SAINT KITTS AND NEVIS TURKMENISTAN AZERBAIJAN DOMINICA INDONESIA MONACO SAINT LUCIA TURKS AND CAICOS ISLANDS BAHAMAS DOMINICAN REPUBLIC IRAN MONGOLIA SAINT PIERRE AND MIQUELON TUVALU EAST TIMOR IRAQ MONTSERRAT SAINT VINCENT AND THE GRENADINES UGANDA BAHRAIN ECUADOR IRELAND MOROCCO SAMOA UKRAINE BANGLADESH EGYPT ISRAEL MOZAMBIQUE SAN MARINO UNITED ARAB EMIRATES BARBADOS EL SALVADOR ITALY MYANMAR SAO TOME AND PRINCIPE UNITED KINGDOM BELARUS EQUATORIAL GUINEA JAMAICA NAMIBIA SAUDI ARABIA UNITED STATES (safe harbor) ERITREA JAPAN NAURU SENEGAL US MINOR OUTLYING ISLANDS BELGIUM ESTONIA JORDAN NEPAL SEYCHELLES URUGUAY BELIZE ETHIOPIA KAZAKSTAN NETHERLANDS SIERRA LEONE UZBEKISTAN BENIN FALKLAND ISLANDS (MALVINAS) KENYA NETHERLANDS ANTILLES SINGAPORE VANUATU BERMUDA FAROE ISLANDS KIRIBATI NEW CALEDONIA SLOVAKIA VENEZUELA FIJI KUWAIT NEW ZEALAND SLOVENIA VIET NAM BHUTAN FINLAND KYRGYZSTAN NICARAGUA SOLOMON ISLANDS VIRGIN ISLANDS, BRITISH BOLIVIA FRANCE LAO PEOPLE'S DEMOCRATIC REPUBLIC NIGER SOMALIA VIRGIN ISLANDS, U.S. BOSNIA AND HERZEGOVINA FRENCH GUIANA LATVIA NIGERIA SOUTH AFRICA WALLIS AND FUTUNA BOTSWANA FRENCH POLYNESIA LEBANON NIUE SOUTH GEORGIA WESTERN SAHARA FRENCH SOUTHERN TERRITORIES LESOTHO NORFOLK ISLAND SOUTH KOREA YEMEN BOUVET ISLAND GABON LIBERIA NORTH KOREA SPAIN YUGOSLAVIA BRAZIL GAMBIA LIBYAN ARAB JAMAHIRIYA NORTHERN MARIANA ISLANDS SRI LANKA ZAMBIA BRITISH INDIAN OCEAN GEORGIA LIECHTENSTEIN NORWAY SUDAN ZIMBABWE TERRITORY GERMANY OMAN BRUNEI DARUSSALAM GHANA BULGARIA BURKINA FASO BURUNDI CAMBODIA CAMEROON CANADA CAPE VERDE CAYMAN ISLANDS
Norway Finland Personal D Reg Act Personal DP Act In force 14 April 2000 In force 1 June 1999 Sweden Denmark Personal Data Act Act on Processing f PD In force 24 October 1998 In force 1 July 2000 Belgium Ireland Data Protection Act - In force 1 Sep 2001 Germany United Kingdom Data Protection Act Data Protection Act In force 23 May 2001 In force 1 March 2000 Austria Luxembourg Data Protection Act - In force 1 January 2000 Canada Mexico Italy Netherlands PIP&ED Act eCommerce Act Data Protection Act Law on Protection PD ct Commenced 1 Jan 2001 In force 7 June 2000 In force 8 May 1997 In force 1 Sep 2001 United States (includes) Hong Kong Australia Spain France CPP Act 1984 Personal Data (Privacy) Privacy Act Data Protection Act - VPP Act 1988 In force 20 Dec 1996 In force 21 Dec 2001 In force 13 January 2000 COPP Act 1998 In force 21 April 2000 Taiwan New Zealand Portugal Greece HIPA Act Computer Processed DP Privacy Act Personal DP Act Protection Processing In force 14 April 2001 In force 11 August 1995 In force 1 July 1993 In force 27 October 1998 In force 10 April 1997 GLB Act In force 1 July 2001 Switzerland South Korea Eastern Europe ‘General‟ Act Data Protection Act eCommerce Act Estonia (96) Poland (98) Solovak (98) Slovenia (99) Under consideration In force 1 June 1999 In force January 1999 Hungary (99) Czech (00) Latvia (00) Lithuania (00)
Data Protection in Europe
• Directive 95/46/EC of the European Commission • Now implemented in almost all Member States e.g. UK previously - UK Data Protection Act 1984 now - UK Data Protection Act 1998 (in force March 2000) (“DPA”)
1. Personal data must be processed fairly and lawfully 2. Personal data must be collected and used only for notified purposes. 3. Personal data must be adequate, relevant and not excessive. 4. Personal data must be accurate and, where necessary, kept up-to- date. 5. Personal data must only be retained for as long as is necessary to carry out the purposes for which it is collected. 6. Personal data must be processed in accordance with the rights of data subjects as set out under the 1998 Act.
7. Appropriate technical and organisational measures must be in place to protect against unauthorised access, amendment or loss of personal data. There must be a contractual obligation, in writing, upon any data processor to comply with the relevant legislation and to ensure that such measures have been put in place. 8. Personal information must not be transferred out of the European Economic Area ("EEA") unless the receiving country ensures "an adequate level of protection" for the rights and freedoms of the data subjects vis-à-vis the processing of personal data.
The Eighth Principle Personal information must not be transferred out of the European Economic Area ("EEA") unless the receiving country ensures "an adequate level of protection" for the rights and freedoms of the data subjects vis-à-vis the processing of personal data.
Notwithstanding lack of country adequate status, a Data Controller can nevertheless conclude there is adequate protection in respect of a particular transfer if: There is sufficient protection for individual data subjects Having regard to: - nature of data being transferred; - purposes for processing; - security measures in place; - individual rights to redress if things go wrong Note - all of these could be covered in a Seventh-Principle type contract
Data Protection in the USA
United States (Federal) Fair Credit Reporting Act 1970 Privacy Act 1974 Family Educational Rights and Privacy Act 1974 Cable TV Privacy Act 1974 Right to Financial Privacy Act 1978 Privacy Protection Act 1980 Cable Communications Policy Act 1984 Electronic Communications Privacy Act 1986 Video Privacy Protection Act 1988 Employee Polygraph Protection Act 1988 Safe Harbor In effect 2001 Telephone Consumer Protection Act 1991 Driver‟s Privacy Protection Act 1994 • Self certified compliance with Communications Assistance to Law Enforcement Act 1994 Health Insurance Portability and Accountability Act 1996 „adequate‟ principles Children's Online Privacy Protection Act 1998 • Regulatory enforcement of trade Deceptive Mail Prevention and Enforcement Act 1999 practices legislation Financial Services Modernization Act 1999 ‘General‟ Act Under consideration?
 However, only 356 companies in the whole of the United States have current Safe Harbor registrations  This raises questions as to the credibility of the safe harbor regime  Safe Harbor also only addresses transfers of data from abroad, and does not offer comprehensive protection for US citizens
 Antiterrorism Acts:  Issues  USA <the Patriot Act>  enhanced investigative powers 26 October 2001  will governments enforce privacy  Canada 16 October 2001 laws?  India <Prevention of Terrorism Act>  US, Canada, UK, EU, Australia  easier to use electronic surveillance  Thoughts  continue and clarify the mandate of  data protection enforcement is the law enforcement to collect generally complaint based foreign communications  public continually stress privacy  requires individuals who have concerns information related to a terrorist  good privacy is good business groups to appear before a judge to  erosion of privacy is a win for provide that information terrorism  extending DNA data bank to include terrorist crimes
The Best Solution?
• Comprehensive Laws governing collection, use and dissemination of personal data • Sectoral laws - piecemeal rules for particular industries, types of information or technologies - piecemeal protection • Self-regulation - e.g. Safe Harbor - mostly disappointing to date • Technological solutions - physical and logical security, encryption, etc - must be combined with legislative protections
• To remedy past injustices (e.g. C.Europe, S.America, S.Africa) • To create confidence and promote e-commerce, m-commerce, ITES and bioinformatics sectors • To remove barriers to data transfers from Europe, by ensuring India is granted “adequate” status • To ensure enforceability, through a central oversight agency • Because effectiveness of self-regulation is limited • Because State governments are already recognising need and considering own data protection legislation
Technology, Media and Communications

Recomendados

The impact of Hacktivism upon Australian Organisations
The impact of Hacktivism upon Australian OrganisationsThe impact of Hacktivism upon Australian Organisations
The impact of Hacktivism upon Australian Organisationssiswarren
 
Nitty Gritty of Social Media Regulations BY SAURAV GUPTA
Nitty Gritty of Social Media Regulations BY SAURAV GUPTANitty Gritty of Social Media Regulations BY SAURAV GUPTA
Nitty Gritty of Social Media Regulations BY SAURAV GUPTASaurav Gupta
 
Securing Mobile - A Business Centric Approach
Securing Mobile - A Business Centric ApproachSecuring Mobile - A Business Centric Approach
Securing Mobile - A Business Centric ApproachSalahuddin Khawaja
 
Drm digital rights managment-june2014-tarek gaber
Drm digital rights managment-june2014-tarek gaberDrm digital rights managment-june2014-tarek gaber
Drm digital rights managment-june2014-tarek gaberTarek Gaber
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Imperva
 
Averting the dangers embedded in lack of privacy law in nigeria by arazim
Averting the dangers embedded in lack of privacy law in nigeria by arazimAverting the dangers embedded in lack of privacy law in nigeria by arazim
Averting the dangers embedded in lack of privacy law in nigeria by arazimArazim Sheu
 
Cyber law
Cyber lawCyber law
Cyber lawpremarhea
 
Raji unit3 ppt_blaw_bba.ppt
Raji unit3 ppt_blaw_bba.pptRaji unit3 ppt_blaw_bba.ppt
Raji unit3 ppt_blaw_bba.pptRajeswari Anand
 

Recomendados

The impact of Hacktivism upon Australian Organisations
The impact of Hacktivism upon Australian OrganisationsThe impact of Hacktivism upon Australian Organisations
The impact of Hacktivism upon Australian Organisationssiswarren
 
Nitty Gritty of Social Media Regulations BY SAURAV GUPTA
Nitty Gritty of Social Media Regulations BY SAURAV GUPTANitty Gritty of Social Media Regulations BY SAURAV GUPTA
Nitty Gritty of Social Media Regulations BY SAURAV GUPTASaurav Gupta
 
Securing Mobile - A Business Centric Approach
Securing Mobile - A Business Centric ApproachSecuring Mobile - A Business Centric Approach
Securing Mobile - A Business Centric ApproachSalahuddin Khawaja
 
Drm digital rights managment-june2014-tarek gaber
Drm digital rights managment-june2014-tarek gaberDrm digital rights managment-june2014-tarek gaber
Drm digital rights managment-june2014-tarek gaberTarek Gaber
 
Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Top Cyber Security Trends for 2016
Top Cyber Security Trends for 2016Imperva
 
Averting the dangers embedded in lack of privacy law in nigeria by arazim
Averting the dangers embedded in lack of privacy law in nigeria by arazimAverting the dangers embedded in lack of privacy law in nigeria by arazim
Averting the dangers embedded in lack of privacy law in nigeria by arazimArazim Sheu
 
Cyber law
Cyber lawCyber law
Cyber lawpremarhea
 
Raji unit3 ppt_blaw_bba.ppt
Raji unit3 ppt_blaw_bba.pptRaji unit3 ppt_blaw_bba.ppt
Raji unit3 ppt_blaw_bba.pptRajeswari Anand
 
Raji unit3 ppt_blaw_bba.ppt
Raji unit3 ppt_blaw_bba.pptRaji unit3 ppt_blaw_bba.ppt
Raji unit3 ppt_blaw_bba.pptRaajRudroju
 
MIS ppt 1
MIS ppt 1MIS ppt 1
MIS ppt 1Pankaj Nandurkar
 
Towela_Trans boundary issues in cybersecurity
Towela_Trans boundary issues in cybersecurityTowela_Trans boundary issues in cybersecurity
Towela_Trans boundary issues in cybersecurityAFRINIC
 
PPT for Business.Law B.com and BBA
PPT for Business.Law B.com and BBAPPT for Business.Law B.com and BBA
PPT for Business.Law B.com and BBARajeswari Anand
 
Cyber Law
Cyber LawCyber Law
Cyber LawMiz Malinz
 
E-Commerce Legal Framework In The UAE
E-Commerce Legal Framework In The UAEE-Commerce Legal Framework In The UAE
E-Commerce Legal Framework In The UAEThe Internet Show ME 2011
 
Basema aljaberi tra
Basema aljaberi traBasema aljaberi tra
Basema aljaberi traThe Internet Show ME 2011
 
Internet Security and Legal Compliance: Cyber Law in India
Internet Security and Legal Compliance: Cyber Law in IndiaInternet Security and Legal Compliance: Cyber Law in India
Internet Security and Legal Compliance: Cyber Law in IndiaRodney D. Ryder
 
Data Protection Act: implications for monitoring technologies
Data Protection Act: implications for monitoring technologiesData Protection Act: implications for monitoring technologies
Data Protection Act: implications for monitoring technologiesniallkerrigan
 
Cyberlaw for Company Secretaries (1).ppt
Cyberlaw for Company Secretaries (1).pptCyberlaw for Company Secretaries (1).ppt
Cyberlaw for Company Secretaries (1).pptAjayYadav672180
 
Chapter 2 - Computer Engineering and IT Laws.pptx
Chapter 2 - Computer Engineering and IT Laws.pptxChapter 2 - Computer Engineering and IT Laws.pptx
Chapter 2 - Computer Engineering and IT Laws.pptxRomanoGabrillo1
 
Jacques Bus F I I R L Presentation J B
Jacques Bus F I I R L Presentation J BJacques Bus F I I R L Presentation J B
Jacques Bus F I I R L Presentation J BIrish Future Internet Forum
 
Securing ever growing and complex business systems v1 1
Securing ever growing and complex business systems v1 1Securing ever growing and complex business systems v1 1
Securing ever growing and complex business systems v1 1Maganathin Veeraragaloo
 
Malaysia's National Cyber Security Policy
Malaysia's National Cyber Security PolicyMalaysia's National Cyber Security Policy
Malaysia's National Cyber Security PolicyDirectorate of Information Security | Ditjen Aptika
 
Basics of Behavioral Targeting
Basics of Behavioral TargetingBasics of Behavioral Targeting
Basics of Behavioral TargetingTarun Babbar
 
Information Technology Act
Information Technology ActInformation Technology Act
Information Technology Actmaruhope
 
SYBER CRIME.pptx
SYBER CRIME.pptxSYBER CRIME.pptx
SYBER CRIME.pptxpratikshapatil62556
 
Privacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital WorldPrivacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital WorldArab Federation for Digital Economy
 
CYBERCRIME - WHEN THE VIRTUAL WORLD BECOMES A CRIMINAL PLAYGROUND
CYBERCRIME - WHEN THE VIRTUAL WORLD BECOMES A CRIMINAL PLAYGROUNDCYBERCRIME - WHEN THE VIRTUAL WORLD BECOMES A CRIMINAL PLAYGROUND
CYBERCRIME - WHEN THE VIRTUAL WORLD BECOMES A CRIMINAL PLAYGROUNDAnkush saini
 
IT Act
IT ActIT Act
IT ActNitesh Bhatia
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 

Mais conteúdo relacionado

Semelhante a Cyber security

Raji unit3 ppt_blaw_bba.ppt
Raji unit3 ppt_blaw_bba.pptRaji unit3 ppt_blaw_bba.ppt
Raji unit3 ppt_blaw_bba.pptRaajRudroju
 
Towela_Trans boundary issues in cybersecurity
Towela_Trans boundary issues in cybersecurityTowela_Trans boundary issues in cybersecurity
Towela_Trans boundary issues in cybersecurityAFRINIC
 
PPT for Business.Law B.com and BBA
PPT for Business.Law B.com and BBAPPT for Business.Law B.com and BBA
PPT for Business.Law B.com and BBARajeswari Anand
 
Internet Security and Legal Compliance: Cyber Law in India
Internet Security and Legal Compliance: Cyber Law in IndiaInternet Security and Legal Compliance: Cyber Law in India
Internet Security and Legal Compliance: Cyber Law in IndiaRodney D. Ryder
 
Data Protection Act: implications for monitoring technologies
Data Protection Act: implications for monitoring technologiesData Protection Act: implications for monitoring technologies
Data Protection Act: implications for monitoring technologiesniallkerrigan
 
Cyberlaw for Company Secretaries (1).ppt
Cyberlaw for Company Secretaries (1).pptCyberlaw for Company Secretaries (1).ppt
Cyberlaw for Company Secretaries (1).pptAjayYadav672180
 
Chapter 2 - Computer Engineering and IT Laws.pptx
Chapter 2 - Computer Engineering and IT Laws.pptxChapter 2 - Computer Engineering and IT Laws.pptx
Chapter 2 - Computer Engineering and IT Laws.pptxRomanoGabrillo1
 
Securing ever growing and complex business systems v1 1
Securing ever growing and complex business systems v1 1Securing ever growing and complex business systems v1 1
Securing ever growing and complex business systems v1 1Maganathin Veeraragaloo
 
Basics of Behavioral Targeting
Basics of Behavioral TargetingBasics of Behavioral Targeting
Basics of Behavioral TargetingTarun Babbar
 
Information Technology Act
Information Technology ActInformation Technology Act
Information Technology Actmaruhope
 
CYBERCRIME - WHEN THE VIRTUAL WORLD BECOMES A CRIMINAL PLAYGROUND
CYBERCRIME - WHEN THE VIRTUAL WORLD BECOMES A CRIMINAL PLAYGROUNDCYBERCRIME - WHEN THE VIRTUAL WORLD BECOMES A CRIMINAL PLAYGROUND
CYBERCRIME - WHEN THE VIRTUAL WORLD BECOMES A CRIMINAL PLAYGROUNDAnkush saini
 

Semelhante a Cyber security (20)

Raji unit3 ppt_blaw_bba.ppt
Raji unit3 ppt_blaw_bba.pptRaji unit3 ppt_blaw_bba.ppt
Raji unit3 ppt_blaw_bba.ppt
 
MIS ppt 1
MIS ppt 1MIS ppt 1
MIS ppt 1
 
Towela_Trans boundary issues in cybersecurity
Towela_Trans boundary issues in cybersecurityTowela_Trans boundary issues in cybersecurity
Towela_Trans boundary issues in cybersecurity
 
PPT for Business.Law B.com and BBA
PPT for Business.Law B.com and BBAPPT for Business.Law B.com and BBA
PPT for Business.Law B.com and BBA
 
Cyber Law
Cyber LawCyber Law
Cyber Law
 
E-Commerce Legal Framework In The UAE
E-Commerce Legal Framework In The UAEE-Commerce Legal Framework In The UAE
E-Commerce Legal Framework In The UAE
 
Basema aljaberi tra
Basema aljaberi traBasema aljaberi tra
Basema aljaberi tra
 
Internet Security and Legal Compliance: Cyber Law in India
Internet Security and Legal Compliance: Cyber Law in IndiaInternet Security and Legal Compliance: Cyber Law in India
Internet Security and Legal Compliance: Cyber Law in India
 
Data Protection Act: implications for monitoring technologies
Data Protection Act: implications for monitoring technologiesData Protection Act: implications for monitoring technologies
Data Protection Act: implications for monitoring technologies
 
Cyberlaw for Company Secretaries (1).ppt
Cyberlaw for Company Secretaries (1).pptCyberlaw for Company Secretaries (1).ppt
Cyberlaw for Company Secretaries (1).ppt
 
Chapter 2 - Computer Engineering and IT Laws.pptx
Chapter 2 - Computer Engineering and IT Laws.pptxChapter 2 - Computer Engineering and IT Laws.pptx
Chapter 2 - Computer Engineering and IT Laws.pptx
 
Jacques Bus F I I R L Presentation J B
Jacques Bus F I I R L Presentation J BJacques Bus F I I R L Presentation J B
Jacques Bus F I I R L Presentation J B
 
Securing ever growing and complex business systems v1 1
Securing ever growing and complex business systems v1 1Securing ever growing and complex business systems v1 1
Securing ever growing and complex business systems v1 1
 
Malaysia's National Cyber Security Policy
Malaysia's National Cyber Security PolicyMalaysia's National Cyber Security Policy
Malaysia's National Cyber Security Policy
 
Basics of Behavioral Targeting
Basics of Behavioral TargetingBasics of Behavioral Targeting
Basics of Behavioral Targeting
 
Information Technology Act
Information Technology ActInformation Technology Act
Information Technology Act
 
SYBER CRIME.pptx
SYBER CRIME.pptxSYBER CRIME.pptx
SYBER CRIME.pptx
 
Privacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital WorldPrivacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital World
 
CYBERCRIME - WHEN THE VIRTUAL WORLD BECOMES A CRIMINAL PLAYGROUND
CYBERCRIME - WHEN THE VIRTUAL WORLD BECOMES A CRIMINAL PLAYGROUNDCYBERCRIME - WHEN THE VIRTUAL WORLD BECOMES A CRIMINAL PLAYGROUND
CYBERCRIME - WHEN THE VIRTUAL WORLD BECOMES A CRIMINAL PLAYGROUND
 
IT Act
IT ActIT Act
IT Act
 

Último

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 

Último (20)

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 

Cyber security

  • 1. Structuring a National Strategy to secure Cyberspace: Solutions for India Netsecure Technology http://ww.netsecure.in
  • 2. Part 1 - The need for a national strategy • Examining national objectives • Structuring a policy • Current law in India Part 2 – Case Study: Data Privacy and National Compliance [Challenges and Strategies] • Data Protection legislation around the world • European Commission Directive and the UK Act • Data Protection model: the United States • Balancing Privacy and Security
  • 3. Opportunities for India
  • 4. Speed and Convenience • Technological advances in data storage and transmission  Mobile access  Personalised and tailored  Data mining sophistication • Globalisation of communications -  Loss of control the internet  Insecurity  Lack of confidence • Convergence and standardisation  Increased scepticism of technologies  Low uptake of eCommerce • Increasing importance of data processing
  • 5. Cyberspace> as introduced by William Gibson [A place governed by its own laws] - “a consensual hallucination” [William Gibson, Neuromancer]  A contradiction? Greek <kybernetes> means „steersman‟ of a ship  “Law and Borders”: the „independent‟ theory of cyberspace law [David Post and David Johnson, Stanford Law Review]  Benkler‟s layers – the physical, the code and content [in communications theory]  Lessig <Code and other laws of Cyberspace>
  • 6. Securing “Indian” Cyberspace [regulations and the history of trade – towards pax mercatur]  The basic premise: the machine or the medium  Adaptability and Enforcement of Indian law – lessons from the American experience [Adobe Systems v. Dmitry Skylarov]  Systematic collaboration between vendors and customers to secure interoperable government and industry enterprise information systems  Enhance collaboration between law enforcement and industry to prevent and prosecute cyber crimes
  • 7. Understanding the role of the medium – incidental [blackmail, stalking]; content [obscene or sensitive material]; integrity [unauthorised access and/or modification]  The criminal act – discovery [detection] and analysis  The Cybercrime Manual – fostering preparedness  Focussing on „relevant‟ issues and appropriate classification of offences  Cyber forensics and the collection of evidence  Crisis management [internal and external]
  • 8. The Team [Member of the Board, Human Resources Manager, Chief Information Officer, Legal Counsel, E-Risk Management Consultant, Internet Security Expert, Cyberinsurance broker]  Utilising and factoring security tools – Digital signatures are a ‘sign of our times’  Understanding and evaluating risks [internal and external]  Allocating roles and responsibilities - Structuring the audit process [examining use and abuse]  Ten Tips – [i] Firewalls with secure passwords; [ii] correct installation and maintenance [the human angle]; [iii] encryption; [iv] assign network administrators a security role; [v] External consultants and auditors; [vi] periodic security audits; [vii] do not ignore ‘small company’ security needs; [viii] limit access to the computer room; [ix] educate employees about the dangers of social engineering; [x] educate employees on potential threats.
  • 9. A training process for law enforcement  The Basics: the “machine” and the “medium” – What is a Cybercrime?  Develop programs that promote a culture of security within and across enterprises, including corporate governance, integration of physical and cyber security, and cyber ethics from school to the office  Engage with industry, academia and government in both countries to foster research and development and collaborative education efforts in information security
  • 10. Stake your territory: the applicable law  Have the final say: the invitation to treat  On your own terms  Is it secure?  The customer is always right!  Privacy policy and data protection  Protecting your brand: Domain names and trademarks in general  The copyright ‘catch’  Chat online [Bulletin Board/Service Provider Liability]
  • 11. Data Privacy and Indian Law
  • 12. A fundamental human right the right of the individual to be let alone • Information Privacy (data protection) - personal data • Bodily privacy - invasive procedures - search, drug testing; genetic testing; etc • Communications Privacy - mail, telephone, e-mail etc • Territorial privacy - domestic privacy; CCTV; ID checks etc “Public” aspects - surveillance, police powers and national security “Private” aspects - commercial use of data
  • 13. Overview - major International and US regulations 1948 UN Universal Declaration of Human Rights HUMAN RIGHTS 1970 US Fair Credit Reporting Act 1974 US Privacy Act 1976 International Covenant on Civil and Political Rights 1980 OECD Guidelines on Protection of Privacy 1980 US Privacy Protection Act 1995 European Commission Directive on Data Protection 1994 US Communications Assistance to Law Enforcement Act 1996 US Health Insurance Portability and Accountability Act 1998 US Children's Online Privacy Protection Act 1998 European Member States implement Directive 1999 US Financial Services Modernization Act BUSINESS ISSUES
  • 14. There is no general privacy or data protection law in India: • Constitution Article 21 Right to life and liberty, interpreted by Supreme Court as including the “right to be let alone” • International Covenant on Civil and Political Rights 1966 Article 17: No one shall be subject to arbitrary or unlawful interference with his privacy, family, home or correspondence, nor to unlawful attacks on his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks. • Law of privacy (Tort Law) – Action for unlawful invasion of privacy
  • 15. Information Technology Act 2000 • Section 43 (a) Penalty for unauthorised access to a computer system • Section 43 (b) - Penalty for unauthorised downloading or copying of data without permission • Section 72 - Offence of accessing any electronic record, book, register, correspondence, information, document or other material and, without the consent of the person concerned, disclosing such information to another person
  • 16. Public Financial Institutions Act of 1993 codifies confidentiality of bank transactions • ISPs prohibited from violating privacy rights of subscribers by virtue of the licence to operate granted by the Department of Telecommunications • A general data protection law in India? National Task Force on IT and Software Development 1998 Submitted “IT Action Plan” calling for “National Policy on Information Security, Privacy and Data Protection Act for handling of computerised data” but no Act introduced to date
  • 17. Data Protection Worldwide
  • 18. CENTRAL AFRICAN REPUBLIC GIBRALTAR LITHUANIA OURG PAKISTAN SURINAME AFGHANISTAN CHAD GREECE PALAU SVALBARD AND JAN MAYEN ALBANIA CHILE GREENLAND LUXEMBOURG PALESTINIAN TERRITORY, OCCUPIED SWAZILAND ALGERIA CHINA GRENADA MACAU PANAMA SWEDEN AMERICAN SAMOA CHRISTMAS ISLAND MACEDONIA PAPUA NEW GUINEA SWITZERLAND COCOS (KEELING) ISLANDS GUADELOUPE MADAGASCAR PARAGUAY SYRIAN ARAB REPUBLIC ANDORRA COLOMBIA GUAM MALAWI PERU TAIWAN ANGOLA COMOROS GUATEMALA MALAYSIA PHILIPPINES TAJIKISTAN ANGUILLA CONGO GUINEA MALDIVES PITCAIRN TANZANIA, UNITED REPUBLIC OF ANTARCTICA GUINEA-BISSAU MALI POLAND THAILAND COOK ISLANDS GUYANA MALTA PORTUGAL TOGO ANTIGUA AND BARBUDA COSTA RICA HAITI MARSHALL ISLANDS PUERTO RICO TOKELAU COTE D'IVOIRE HEARD ISLAND AND MCDONALD ISLANDS MARTINIQUE QATAR TONGA ARGENTINA CROATIA HOLY SEE (VATICAN CITY STATE) MAURITANIA REUNION ARMENIA CUBA HONDURAS MAURITIUS ROMANIA TONGA ARUBA CYPRUS HONG KONG MAYOTTE RUSSIAN FEDERATION TRINIDAD AND TOBAGO CZECH REPUBLIC HUNGARY MEXICO RWANDA TUNISIA AUSTRALIA DENMARK ICELAND MICRONESIA, FEDERATED STATES OF SAINT HELENA TURKEY AUSTRIA DJIBOUTI INDIA MOLDOVA, REPUBLIC OF SAINT KITTS AND NEVIS TURKMENISTAN AZERBAIJAN DOMINICA INDONESIA MONACO SAINT LUCIA TURKS AND CAICOS ISLANDS BAHAMAS DOMINICAN REPUBLIC IRAN MONGOLIA SAINT PIERRE AND MIQUELON TUVALU EAST TIMOR IRAQ MONTSERRAT SAINT VINCENT AND THE GRENADINES UGANDA BAHRAIN ECUADOR IRELAND MOROCCO SAMOA UKRAINE BANGLADESH EGYPT ISRAEL MOZAMBIQUE SAN MARINO UNITED ARAB EMIRATES BARBADOS EL SALVADOR ITALY MYANMAR SAO TOME AND PRINCIPE UNITED KINGDOM BELARUS EQUATORIAL GUINEA JAMAICA NAMIBIA SAUDI ARABIA UNITED STATES (safe harbor) ERITREA JAPAN NAURU SENEGAL US MINOR OUTLYING ISLANDS BELGIUM ESTONIA JORDAN NEPAL SEYCHELLES URUGUAY BELIZE ETHIOPIA KAZAKSTAN NETHERLANDS SIERRA LEONE UZBEKISTAN BENIN FALKLAND ISLANDS (MALVINAS) KENYA NETHERLANDS ANTILLES SINGAPORE VANUATU BERMUDA FAROE ISLANDS KIRIBATI NEW CALEDONIA SLOVAKIA VENEZUELA FIJI KUWAIT NEW ZEALAND SLOVENIA VIET NAM BHUTAN FINLAND KYRGYZSTAN NICARAGUA SOLOMON ISLANDS VIRGIN ISLANDS, BRITISH BOLIVIA FRANCE LAO PEOPLE'S DEMOCRATIC REPUBLIC NIGER SOMALIA VIRGIN ISLANDS, U.S. BOSNIA AND HERZEGOVINA FRENCH GUIANA LATVIA NIGERIA SOUTH AFRICA WALLIS AND FUTUNA BOTSWANA FRENCH POLYNESIA LEBANON NIUE SOUTH GEORGIA WESTERN SAHARA FRENCH SOUTHERN TERRITORIES LESOTHO NORFOLK ISLAND SOUTH KOREA YEMEN BOUVET ISLAND GABON LIBERIA NORTH KOREA SPAIN YUGOSLAVIA BRAZIL GAMBIA LIBYAN ARAB JAMAHIRIYA NORTHERN MARIANA ISLANDS SRI LANKA ZAMBIA BRITISH INDIAN OCEAN GEORGIA LIECHTENSTEIN NORWAY SUDAN ZIMBABWE TERRITORY GERMANY OMAN BRUNEI DARUSSALAM GHANA BULGARIA BURKINA FASO BURUNDI CAMBODIA CAMEROON CANADA CAPE VERDE CAYMAN ISLANDS
  • 19. Norway Finland Personal D Reg Act Personal DP Act In force 14 April 2000 In force 1 June 1999 Sweden Denmark Personal Data Act Act on Processing f PD In force 24 October 1998 In force 1 July 2000 Belgium Ireland Data Protection Act - In force 1 Sep 2001 Germany United Kingdom Data Protection Act Data Protection Act In force 23 May 2001 In force 1 March 2000 Austria Luxembourg Data Protection Act - In force 1 January 2000 Canada Mexico Italy Netherlands PIP&ED Act eCommerce Act Data Protection Act Law on Protection PD ct Commenced 1 Jan 2001 In force 7 June 2000 In force 8 May 1997 In force 1 Sep 2001 United States (includes) Hong Kong Australia Spain France CPP Act 1984 Personal Data (Privacy) Privacy Act Data Protection Act - VPP Act 1988 In force 20 Dec 1996 In force 21 Dec 2001 In force 13 January 2000 COPP Act 1998 In force 21 April 2000 Taiwan New Zealand Portugal Greece HIPA Act Computer Processed DP Privacy Act Personal DP Act Protection Processing In force 14 April 2001 In force 11 August 1995 In force 1 July 1993 In force 27 October 1998 In force 10 April 1997 GLB Act In force 1 July 2001 Switzerland South Korea Eastern Europe ‘General‟ Act Data Protection Act eCommerce Act Estonia (96) Poland (98) Solovak (98) Slovenia (99) Under consideration In force 1 June 1999 In force January 1999 Hungary (99) Czech (00) Latvia (00) Lithuania (00)
  • 20. Data Protection in Europe
  • 21. Directive 95/46/EC of the European Commission • Now implemented in almost all Member States e.g. UK previously - UK Data Protection Act 1984 now - UK Data Protection Act 1998 (in force March 2000) (“DPA”)
  • 22. 1. Personal data must be processed fairly and lawfully 2. Personal data must be collected and used only for notified purposes. 3. Personal data must be adequate, relevant and not excessive. 4. Personal data must be accurate and, where necessary, kept up-to- date. 5. Personal data must only be retained for as long as is necessary to carry out the purposes for which it is collected. 6. Personal data must be processed in accordance with the rights of data subjects as set out under the 1998 Act.
  • 23. 7. Appropriate technical and organisational measures must be in place to protect against unauthorised access, amendment or loss of personal data. There must be a contractual obligation, in writing, upon any data processor to comply with the relevant legislation and to ensure that such measures have been put in place. 8. Personal information must not be transferred out of the European Economic Area ("EEA") unless the receiving country ensures "an adequate level of protection" for the rights and freedoms of the data subjects vis-à-vis the processing of personal data.
  • 24. The Eighth Principle Personal information must not be transferred out of the European Economic Area ("EEA") unless the receiving country ensures "an adequate level of protection" for the rights and freedoms of the data subjects vis-à-vis the processing of personal data.
  • 25. Notwithstanding lack of country adequate status, a Data Controller can nevertheless conclude there is adequate protection in respect of a particular transfer if: There is sufficient protection for individual data subjects Having regard to: - nature of data being transferred; - purposes for processing; - security measures in place; - individual rights to redress if things go wrong Note - all of these could be covered in a Seventh-Principle type contract
  • 26. Data Protection in the USA
  • 27. United States (Federal) Fair Credit Reporting Act 1970 Privacy Act 1974 Family Educational Rights and Privacy Act 1974 Cable TV Privacy Act 1974 Right to Financial Privacy Act 1978 Privacy Protection Act 1980 Cable Communications Policy Act 1984 Electronic Communications Privacy Act 1986 Video Privacy Protection Act 1988 Employee Polygraph Protection Act 1988 Safe Harbor In effect 2001 Telephone Consumer Protection Act 1991 Driver‟s Privacy Protection Act 1994 • Self certified compliance with Communications Assistance to Law Enforcement Act 1994 Health Insurance Portability and Accountability Act 1996 „adequate‟ principles Children's Online Privacy Protection Act 1998 • Regulatory enforcement of trade Deceptive Mail Prevention and Enforcement Act 1999 practices legislation Financial Services Modernization Act 1999 ‘General‟ Act Under consideration?
  • 28. However, only 356 companies in the whole of the United States have current Safe Harbor registrations  This raises questions as to the credibility of the safe harbor regime  Safe Harbor also only addresses transfers of data from abroad, and does not offer comprehensive protection for US citizens
  • 29. Antiterrorism Acts:  Issues  USA <the Patriot Act>  enhanced investigative powers 26 October 2001  will governments enforce privacy  Canada 16 October 2001 laws?  India <Prevention of Terrorism Act>  US, Canada, UK, EU, Australia  easier to use electronic surveillance  Thoughts  continue and clarify the mandate of  data protection enforcement is the law enforcement to collect generally complaint based foreign communications  public continually stress privacy  requires individuals who have concerns information related to a terrorist  good privacy is good business groups to appear before a judge to  erosion of privacy is a win for provide that information terrorism  extending DNA data bank to include terrorist crimes
  • 31. Comprehensive Laws governing collection, use and dissemination of personal data • Sectoral laws - piecemeal rules for particular industries, types of information or technologies - piecemeal protection • Self-regulation - e.g. Safe Harbor - mostly disappointing to date • Technological solutions - physical and logical security, encryption, etc - must be combined with legislative protections
  • 32. To remedy past injustices (e.g. C.Europe, S.America, S.Africa) • To create confidence and promote e-commerce, m-commerce, ITES and bioinformatics sectors • To remove barriers to data transfers from Europe, by ensuring India is granted “adequate” status • To ensure enforceability, through a central oversight agency • Because effectiveness of self-regulation is limited • Because State governments are already recognising need and considering own data protection legislation
  • 33.
  • 34. Technology, Media and Communications