Cedric Laurant

Posts Tagged ‘information security’

Conference: “Is Your Company under Threat? New Digital Risks & Computer Attacks: Forensic & Data Protection Aspects” (Medellin, Colombia – 16 Nov. 2011)

In Conferences, Spanish on 11 November, 2011 at 04:01

UPDATE (28 Nov. 2011): the video of the conference is now available at http://envivo.eafit.edu.co/EnvivoEafit/?p=10790.

Next week, I am organizing with two colleagues a conference in Medellin, Colombia, about the country’s recent data protection law entitled: “Is Your Company at Risk? New Digital Risks and Computer Attacks: Forensic and Data Protection Aspects – International Perspectives and the New Colombian Legislation”. Now that the Constitutional Court has approved the law, the time has come for the government to implement it into regulations, and for companies to start seriously considering how they will put in place the measures necessary to comply with the new rules.

In this conference, we plan on talking, from the forensic expert’s point of view, about the threats Colombian companies are facing with the latest waves of cybercrimes and computer attacks, the new risks they must address and the new challenges they must tackle.  We will then cover the new law itself: its scope, the legal and regulatory privacy framework in Colombia, and the legal impact for companies.  In a third and last part, the focus will be to explain the position of the new law within the landscape of current or emerging data protection laws in Latin America, but then also in the more global context of legislative and public policy developments in the European Union and the United States, and what these developments mean for Colombia at a time when its government is drafting its new data protection regulatory framework.

Conference speakers are:

  • Álvaro Alexander Soto, Director, Digital Forensic & Security Lab, Asoto Technology Group (forensic company with offices in Medellin and Bogota (Colombia), and Washington, D.C. (U.S.A.)),
  • Arean Velasco, Attorney, Velasco & Calle d’Alleman (a law firm with offices in Medellin, Colombia) and
  • Cédric Laurant, Principal, Cedric Laurant Consulting (consulting firm based in Brussels, Belgium)

Practical information: the conference will take place on 16 November 2011, 18:00-20:00 at the Universidad EAFIT, Carrera 49 N° 7 Sur – 50, Medellín (Colombia) – Bloque 38, Auditorio 125.  Language: Spanish.  Free entrance.  Prior registration required at info@cedriclaurant.com or right before the event at the conference venue.  More information in the flyer below.

Please do share this event with people who could be interested.

Conference: "Is Your Company at Risk? New Digital Risks and Computer Attacks: Forensic and Data Protection Aspects - International Perspectives and the New Colombian Legislation" (EAFIT, Medellin, Colombia - 16 Nov. 2011) (p. 1)

Conference: "Is Your Company at Risk? New Digital Risks and Computer Attacks: Forensic and Data Protection Aspects - International Perspectives and the New Colombian Legislation" (EAFIT, Medellin, Colombia - 16 Nov. 2011) (p. 1)

Conference: "Is Your Company at Risk? New Digital Risks and Computer Attacks: Forensic and Data Protection Aspects - International Perspectives and the New Colombian Legislation" (EAFIT, Medellin, Colombia - 16 Nov. 2011) (p. 2)

Conference: "Is Your Company at Risk? New Digital Risks and Computer Attacks: Forensic and Data Protection Aspects - International Perspectives and the New Colombian Legislation" (EAFIT, Medellin, Colombia - 16 Nov. 2011) (p. 2)

Share

New Blog: “Information Security Breaches & The Law”

In News on 7 August, 2010 at 22:15

Last June, I have started with a colleague, Marie-Andrée Weiss, a blog dedicated specifically to the topic of information security breaches (“Information Security Breaches & The Law”) from both a legal and technical perspectives.

The blog, which is written in English and French, and later will also be in Spanish, will include opinions, comments on recent news, laws or other developments, research notes and conference reports in the area of information security breaches, mainly in the United States, Europe and Latin America.  It also features a “Security Breaches Library” that includes links to major recent reports and surveys, upcoming conferences, calls for papers and news, all on the same subject of information security breaches.

It should be of interest to company executives concerned with information security issues in their business, as well as to professionals practicing in the field of information security, privacy and data protection, along with the interested general public.

Below is an outline of the first blog posts:

  • Will France adopt a law requiring the notification of security breaches? (August 6, 2010): A French bill “to better guarantee the right to privacy in the digital age” has implemented the European Directive 2009/136/EC by requiring the data controller to inform the “Data Protection Correspondent” or the French data protection authority, of a breach of integrity or confidentiality. Those involved in the breach must also be informed, at least if security breaches are “likely to adversely affect” their personal data. The bill follows the recommendation of the Directive to notify individuals of security breaches for all sectors, not just electronic communications. It was adopted by the French Senate on March 24, 2010 and is currently before the National Assembly. (A French version of this article is also available here.)
  • Article 29 Data Protection Working Party reports on implementation of Data Retention Directive (July 19, 2010): The Article 29 Data Protection Working Party has adopted on July 13, 2010 a report on the EU Data Retention Directive (2006/24/EC). This report is the Working Party’s contribution to the evaluation of the implementation of the Data Retention Directive by the European Commission, which is due by September 15, 2010. The report details the results of a joint inquiry made by the data protection authorities about the compliance, at the national level, with the obligations of telecom providers and Internet service providers with both the Data Retention Directive and articles 6 and 9 of the EU e-Privacy Directive (2002/58/EC).
  • Are ‘clouds’ located outside the European Union unlawful? (July 16, 2010): A central aspect of every cloud service contract is the security of data processing. It is therefore important, if only for liability reasons, that responsibility for specific security measures be clearly assigned. This can be done by using security service level agreements between the cloud service provider and its client that clearly assign who is responsible for which particular security measure. Storing data in a cloud located outside the EU raises specific legal compliance issues. According to some experts, such clouds are even unlawful. There are, however, some ways to make sure that, even if a data controller stores data into a cloud located in a third country, he is still in compliance with German data protection law. A data exporter must use, in order to satisfy the adequate level of data protection requirement, specific standard contractual clauses for all contracts with a cloud service company located outside the EU. Binding corporate rules are the alternative solution, though only for private clouds.
  • The Safe Harbor Framework: not a “safe harbor” anymore for US companies? German expert body insists on stronger compliance stance (July 9, 2010): On April 29, 2010, the Düsseldorfer Kreis, an informal group of German data protection authorities, published a decision that could have significant repercussions on U.S. companies importing personal data from organizations operating in the European Union. One of these repercussions is that German organizations exporting personal data to the United States should check if the U.S. data importer does indeed comply with the Safe Harbor Framework. Security plan recommendations will provide for a useful guideline to E.U. data exporters to help them comply with the Safe Harbor’s Security Principle.
  • Canada May Soon Have a Data Breach Law (June 5, 2010): a bill called the “Safeguarding Canadian’s Personal Information Act” (C-29) that would amend Canada’s national privacy legislation. C-29 would introduce a security breach disclosure (also called “notification” in the United States) requirement in PIPEDA. Canada does not yet have such a law, contrary to the United States where the majority of states have enacted data breach notification statutes.

Share

Follow

Get every new post delivered to your Inbox.

Join 724 other followers

%d bloggers like this: