John Leonard, Computing, Saturday, May 28, 2016
odel contract clauses, the data transfer mechanism deployed by multinational companies like Facebook, Amazon and Google to ship personal data from the EU to the US as an alternative to the now-defunct Safe Harbour framework, look to be in trouble. Irish data protection authorities have warned that model contract clauses are potentially in breach of EU regulations. The Irish Data Protection Commissioner (IDPC) has suggested that the European Court of Justice (ECJ), the same body that invalidated Safe Harbour, should look into the matter.
Stephen Dockery, Wall Street Journal, Thursday, May 26, 2016
The U.S. is promoting the Asia-Pacific Economic Cooperation data transfer agreement as an alternative to the powerful European Union model that is causing American regulators such headaches, a Department of Commerce official said Tuesday. Announced in 2011, APEC’s cross-border privacy rules offer a standard template for data transfers in the organization’s 21 member countries.
Jennifer Baker, IAPP Privacy Tracker, Thursday, May 26, 2016
The fate of Privacy Shield will hang in the balance until at least June 20 as national representatives remain in talks. The Privacy Advisor has learned the Article 31 committee has scheduled at least two further meetings to discuss Privacy Shield after it failed to reach an agreement last week, sources confirmed.
Larry Dignan, ZDNet, Thursday, May 26, 2016
Public cloud vendors are establishing unique characteristics that indicate the market won't be a zero-sum game that'll support multiple players. Cowen & Co. conducted a survey of 314 public cloud customers and found Amazon Web Services is the top dog with Microsoft Azure a strong No. 2. Meanwhile, IBM and Google Cloud Platform (GCP), which is grabbing more workloads, are above average in quality of IT support.
Tom Gillis, Computerworld, Wednesday, May 25, 2016
As workloads in the corporate data center begin to migrate to the public cloud, the need to encrypt data in motion and at rest becomes foundational. In the public cloud, it is much harder to rely on the traditional approaches of wrapping select data with firewalls and IPS systems. At the same time, it is much easier to post a heap of sensitive data to an object store such as Amazon S3 and inadvertently leave it open to the unwashed Internet. Customer-controlled encryption is becoming a necessity for the enterprise hybrid cloud. But IT security is subject to a fundamental law: “If it slows users down, they will turn it off.”
Eli Richman, Fierce Government IT, Wednesday, May 25, 2016
"The findings of this year's study paint a clear picture: Cloud adoption is nearly ubiquitous, but it's not now and will not in the foreseeable future be suitable for all workloads," said Joel Dolisy, CIO of SolarWinds, in a press release. "The resulting dynamic – one set of critical on-premises services connected with another set of services in the cloud – is hybrid IT." That dynamic is being fed by agencies' dual responsibilities to both use more cloud services and ensure the security of critical systems, databases and applications, SolarWinds found.
Lothar Determann, Bloomberg BNA, Wednesday, May 25, 2016
Since Oct. 6, national data protection authorities in the EEA rushed to issue inconsistent and unclear guidance to local companies that do business with the U.S. Chaos ensued and numerous myths were added to ones that had previously surrounded the Safe Harbor Program:
Austin Adams, Federal News Radio, Wednesday, May 25, 2016
Agency leaders – from chief information officers to agency records officers to information security managers – are at an intersection of the technology revolution, where the cultural shift toward a digital world and the demanding requirements of security and compliance often collide. When it comes to managing information assets, agencies need tools that allow for collaboration, workflow processes and content management, and the flexibility to meet the needs of a changing content landscape – all while maintaining the security standards and structural controls that government IT demands.
Sara Sorcher, Christian Science Monitor, Wednesday, May 25, 2016
The encryption debate can't be simplified to a Silicon Valley v. Washington fight over your privacy. Even though FBI concerns about "going dark" in its pursuit of criminals and terrorists have captured the headlines, the Obama administration is still deeply divided.
Brenda Leong, Brookings, Tuesday, May 24, 2016
In the last two years, there has been a perfect storm on the topic of student data privacy. The role of technology within schools expanded at an unprecedented rate, general awareness of consumer data security and breaches increased, and student databases at the state or national level were established or proposed, which drew great public scrutiny and fear. This maelstrom yielded a tremendous output of legislative activity targeted at education technology companies, that was overwhelmingly focused on protecting and limiting the sharing and use of student data—in rare instances, to the point of forbidding research uses almost completely. There are signs that this wave of fear-driven response has finally crested, and that more measured conversations are occurring; conversations that prioritize the fundamental requirement for appropriate privacy and security, but with a clear focus on the invaluable role of research and analysis and the need to enable it.