Problems for model clauses and Privacy Shield as MEPs and regulators flex their muscles

John Leonard, Computing,  Saturday, May 28, 2016

odel contract clauses, the data transfer mechanism deployed by multinational companies like Facebook, Amazon and Google to ship personal data from the EU to the US as an alternative to the now-defunct Safe Harbour framework, look to be in trouble. Irish data protection authorities have warned that model contract clauses are potentially in breach of EU regulations. The Irish Data Protection Commissioner (IDPC) has suggested that the European Court of Justice (ECJ), the same body that invalidated Safe Harbour, should look into the matter.

U.S. Official: Data Transfer Agreements Don’t Have to Follow EU Model

Stephen Dockery, Wall Street Journal,  Thursday, May 26, 2016

The U.S. is promoting the Asia-Pacific Economic Cooperation data transfer agreement as an alternative to the powerful European Union model that is causing American regulators such headaches, a Department of Commerce official said Tuesday. Announced in 2011, APEC’s cross-border privacy rules offer a standard template for data transfers in the organization’s 21 member countries.

Article 31 to settle Shield's fate after Parliament says it needs more work

Jennifer Baker, IAPP Privacy Tracker,  Thursday, May 26, 2016

The fate of Privacy Shield will hang in the balance until at least June 20 as national representatives remain in talks. The Privacy Advisor has learned the Article 31 committee has scheduled at least two further meetings to discuss Privacy Shield after it failed to reach an agreement last week, sources confirmed.

Public cloud computing vendors: A look at strengths, weaknesses, big picture

Larry Dignan, ZDNet,  Thursday, May 26, 2016

Public cloud vendors are establishing unique characteristics that indicate the market won't be a zero-sum game that'll support multiple players. Cowen & Co. conducted a survey of 314 public cloud customers and found Amazon Web Services is the top dog with Microsoft Azure a strong No. 2. Meanwhile, IBM and Google Cloud Platform (GCP), which is grabbing more workloads, are above average in quality of IT support.

Encryption is the foundation of the new data center

Tom Gillis, Computerworld,  Wednesday, May 25, 2016

As workloads in the corporate data center begin to migrate to the public cloud, the need to encrypt data in motion and at rest becomes foundational. In the public cloud, it is much harder to rely on the traditional approaches of wrapping select data with firewalls and IPS systems. At the same time, it is much easier to post a heap of sensitive data to an object store such as Amazon S3 and inadvertently leave it open to the unwashed Internet. Customer-controlled encryption is becoming a necessity for the enterprise hybrid cloud. But IT security is subject to a fundamental law: “If it slows users down, they will turn it off.”

Report: In mixed cloud landscape, hybrid IT rules agencies

Eli Richman, Fierce Government IT,  Wednesday, May 25, 2016

"The findings of this year's study paint a clear picture: Cloud adoption is nearly ubiquitous, but it's not now and will not in the foreseeable future be suitable for all workloads," said Joel Dolisy, CIO of SolarWinds, in a press release. "The resulting dynamic – one set of critical on-premises services connected with another set of services in the cloud – is hybrid IT." That dynamic is being fed by agencies' dual responsibilities to both use more cloud services and ensure the security of critical systems, databases and applications, SolarWinds found.

U.S. Privacy Safe Harbor—More Myths and Facts

Lothar Determann, Bloomberg BNA,  Wednesday, May 25, 2016

Since Oct. 6, national data protection authorities in the EEA rushed to issue inconsistent and unclear guidance to local companies that do business with the U.S. Chaos ensued and numerous myths were added to ones that had previously surrounded the Safe Harbor Program:

4 things every CIO should be paying attention to

Austin Adams, Federal News Radio,  Wednesday, May 25, 2016

Agency leaders – from chief information officers to agency records officers to information security managers – are at an intersection of the technology revolution, where the cultural shift toward a digital world and the demanding requirements of security and compliance often collide. When it comes to managing information assets, agencies need tools that allow for collaboration, workflow processes and content management, and the flexibility to meet the needs of a changing content landscape – all while maintaining the security standards and structural controls that government IT demands.

What the US government really thinks about encryption

Sara Sorcher, Christian Science Monitor,  Wednesday, May 25, 2016

The encryption debate can't be simplified to a Silicon Valley v. Washington fight over your privacy. Even though FBI concerns about "going dark" in its pursuit of criminals and terrorists have captured the headlines, the Obama administration is still deeply divided.

Student data privacy: Moving from fear to responsible use

Brenda Leong, Brookings,  Tuesday, May 24, 2016

In the last two years, there has been a perfect storm on the topic of student data privacy. The role of technology within schools expanded at an unprecedented rate, general awareness of consumer data security and breaches increased, and student databases at the state or national level were established or proposed, which drew great public scrutiny and fear. This maelstrom yielded a tremendous output of legislative activity targeted at education technology companies, that was overwhelmingly focused on protecting and limiting the sharing and use of student data—in rare instances, to the point of forbidding research uses almost completely. There are signs that this wave of fear-driven response has finally crested, and that more measured conversations are occurring; conversations that prioritize the fundamental requirement for appropriate privacy and security, but with a clear focus on the invaluable role of research and analysis and the need to enable it.