Managing data breaches in the cloud

(Jan 28, 2020) The day-to-day business penetration of cloud services has reached an all-time high and is expected to grow further in 2020. With the adoption of cloud services, the regular data controller and data processor setup is also becoming more obsolete and transforms into a data controller (regular data processor), one or more cloud service provider (sub-processor), or data controller (one or more CSP data processors set up in the EU). This implies the threat landscape and privacy risks data controllers... Read More

Op-ed: Data security in cloud computing calls for shared responsibility

(Jan 24, 2020) In an era of cloud computing, security and data breaches are a top issue, Blazeclan Technologies Co-Founder and CEO Varoon Rajani writes in an op-ed for Entrepreneur India. Ensuring data security and protection in cloud computing extends beyond the service provider alone. It takes a shared responsibility between businesses and a cloud vendor, Rajani notes. “This matrix of responsibility eliminates single points of failure and achieves higher security,” he writes. “Sharing the responsibility of c... Read More

Statistics Canada moving data to digital cloud, anticipates concerns

(Jan 17, 2020) Statistics Canada is in the planning stages of moving data to the digital cloud, and the agency is acknowledging the data security concerns this could raise, 570 News reports. Only “non-sensitive, unclassified information” is currently being stored in the cloud, according to Spokesman Peter Frayne. Protected information will be migrated when systems “have been deemed secure for cloud services appropriate for sensitive information,” he said. In internal notes obtained through the Access to Inform... Read More

US financial regulators discuss cloud data obligations

(Jan 16, 2020) The Wall Street Journal reports U.S. financial regulators have reminded banks and brokers they are still responsible for consumer data stored on a third-party cloud. While attending a Financial Industry Regulatory Authority conference, Securities and Exchange Commission Senior Examiner Salvatore Montemarano explained how liability for cloud data breaches falls back on companies that own the data. “Even if you have identified who has responsibility for what controls, you’re still outsourcing your... Read More

Irish DPC releases CSP guidance

(Oct 25, 2019) The Irish Data Protection Commission has released guidance for organizations when they use cloud service providers. The guidance was created to help data controllers ensure they follow transparency requirements under the EU General Data Protection Regulation and have the proper contract in place when they use a CSP. The DPC’s guidance also covers the definition and security considerations around cloud computing, as well as further guidance from the European Data Protection Supervisor and Europea... Read More

Top-5 most-read stories since Oct. 21, 2019

(Oct 25, 2019) We know, there's lots of privacy news, guidance and documentation to keep up with every day. And we also know you're busy doing all the things required of the modern privacy professional. Sure, we distill the latest news and relevant content down in the Daily Dashboard and our weekly regional digests, but sometimes that's even too much. To help, we offer our top-five most-read stories for the week of Oct. 21.Full Story... Read More

The IAPP's top-5 most-read stories for the week of Oct. 21, 2019

(Oct 25, 2019) We know, there's lots of privacy news, guidance and documentation to keep up with every day. And we also know, you're busy doing all the things required of the modern privacy professional. Sure, we distill the latest news and relevant content down in the Daily Dashboard and our weekly regional digests, but sometimes, that's even too much. To help, we offer our top-five, most-read stories of the week. Resource Center: "IAPP 2019 Privacy Tech Vendor Report" Daily Dashboard: "EC releases report... Read More

Warren, Wyden ask FTC to investigate Amazon over Capital One breach

(Oct 24, 2019) Sens. Ron Wyden, D-Ore., and Elizabeth Warren, D-Mass., have asked the U.S. Federal Trade Commission to investigate Amazon over the Capital One data breach, The Wall Street Journal reports. In a letter sent to the agency, the senators wrote the tech company did not properly protect consumers from a known vulnerability in its cloud computing system. The senators added since the issue had been reported a year earlier, the FTC should look into whether Amazon’s failure to remedy the flaw should be l... Read More

IAPP white paper: 'Talking Tech for Privacy Pros: Coming Down from the Cloud'

(Oct 22, 2019) For privacy professionals, considerations around databases center on design decisions, system architecture and the way they are used and maintained rather than on the individual variables and the other minutia involved in their creation. In this third part in a series of white papers, former IAPP Westin Research Fellow Nicholas Schmidt, CIPP/US, offers an explanation of cloud computing and introduction into systems architecture.Full Story... Read More

French minister offers warning about European use of AWS

(Oct 16, 2019) French Junior Economy Minister Agnes Pannier-Runacher said Europe is running out of time if it ever wishes to wean itself off Amazon Web Services, Reuters reports. She added if Europe cannot find an alternative to AWS within 24 months, the region runs the risk of "a loss of sovereignty. This is what I’m hearing from experts, including French people in Silicon Valley, who underline how worrisome this situation is."Full Story... Read More