Thinking through ACL-aware data processing

(Jul 17, 2019) Large cloud computing services are generally run for multiple users. In a few cases, all the data processed by that service is public. In virtually all cases, users have an expectation that some of the information about them is kept private. Even if the data store itself is public, logs about access to that data are generally not. Keeping each person’s information separate is most simple in the primary data stores, where each object can easily have its own access control list. Once we step into... Read More

Tech talk: Exploring ACL-aware data processing

(Jul 17, 2019) Large cloud computing services are generally run for multiple users. In a few cases, all the data processed by that service is public. In virtually all cases, users have an expectation that some of the information about them is kept private. Even if the data store itself is public, logs about access to that data are generally not. Keeping each person’s information separate is most simple in the primary data stores, where each object can easily have its own access control list. However, most clou... Read More

Irish DPC releases guidance for securing cloud-based environments

(Jun 27, 2019) The Irish Data Protection Commission released guidance for organizations to follow in order to ensure their cloud-based environments are secure. The commission recommends organizations review their default security settings, create clear policies and properly train staff, understand and monitor the data that is stored in cloud-based environments, and implement strong authentication procedures. “Cloud-based environments offer many advantages to organisations; however, they also introduce a number... Read More

CBO sees tech, privacy hurdles in Medicare for All proposal

(May 3, 2019) The U.S. Congressional Budget Office has released a report that shows significant challenges, including information tech, with the possible implementation of a Medicare for All plan, ZDNet reports. The CBO filed a report that noted standards, data management and patient privacy as key IT issues facing the implementation of a single payer health system. While use and availability of electronic medical records in the health care market are rising in the U.S., the interoperability between systems r... Read More

When the US CLOUD Act meets the GDPR

(Feb 12, 2019) Given its relatively recent enactment date, the U.S. Clarifying Lawful Overseas Use of Data Act’s compatibility with the EU General Data Protection Act is still an open question. With regard to data transfer to third countries for which such transfer is subject to the GDPR, Articles 44 to 50 of the GDPR apply. In particular, Article 48 of the GDPR comes into play when EU data is being requested by a U.S. law enforcement agency. In this article for The Privacy Advisor, Walter Delacruz, CIPP/E, CI... Read More

How to comply with both the GDPR and the CLOUD Act

(Jan 29, 2019) On March 23, 2018, U.S. Congress enacted the Clarifying Lawful Overseas Use of Data Act, which had the immediate effect of mooting the ongoing U.S. v. Microsoft litigation, where a central issue of the case was whether a web-based or cloud-based telecommunications or data service provider, subject to U.S. jurisdiction, could avoid being required to provide stored electronic communications for which a search-and-seizure warrant had been served, when such stored electronic communications were stor... Read More

El INAI emite manual con criterios para contratos de cómputo en la nube

(Dec 19, 2018) El Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales (INAI, por sus siglas) emitió un manual denominado Criterios mínimos sugeridos para la contratación de servicios de cómputo en la nube que impliquen el tratamiento de Datos Personales. Este documento contiene una serie de recomendaciones para aquellas personas físicas y morales que pretendan contratar servicios de cómputo en la nube -particularmente cuando dichos servicios impliquen un tratamiento de... Read More

Government-owned company now stores Apple iCloud data in China

(Nov 29, 2018) Mashable reports that government-owned China Telecom took over the iCloud data from Guizhou-Cloud Big Data, meaning Apple iCloud data in China is now stored by a state-owned company. Apple had previously announced its first data center in China, in partnership with Guizhou-Cloud Big Data, to help the company comply with a government policy requiring foreign service providers to store data on Chinese citizens in the country. China Telecom’s takeover of the iCloud data has been met with concern ov... Read More

Report found Indian bank routinely shared customer data

(Nov 1, 2018) According to a bank document related to the Reserve Bank of India’s risk observation, Microsoft routinely shared customers’ financial information with U.S. intelligence agencies, Zee Business reports. The document, seen by DNA Money, found that this impacted banks that had migrated to Microsoft Office 365 cloud-based email service. While the article states banks were “fully aware” information was shared in this manner, customers may have not been informed. According to the RBI observation, Micro... Read More

McAfee report finds increase in sensitive data on the cloud

(Oct 31, 2018) Cybersecurity company McAfee released its Cloud Adoption & Risk Report, which analyzed anonymized cloud use to report on the current state of cloud developments and uncover risks, according to a news release. The report discovered nearly 25 percent of cloud data could be considered sensitive and, on average, an organization will experience more than 2,200 misconfiguration incidents per month. McAfee Cloud Security Business Senior Vice President Rajiv Gupta said, “Accidental sharing, collabor... Read More