Second edition, February 2018. Building on the best-selling first edition. this book will guide you through the GDPR requirements and help you define and run a project so that your business will comply with GDPR legislation. With the deadline looming, many companies are struggling to complete a project of this size before May 2018; practical approaches as set out in this book are invaluable.
The General Data Protection Regulation is the latest, and one of the most stringent, regulations regarding Data Protection to be passed into law by the European Union. Fundamentally, it aims to protect the Rights and Freedoms of all the individuals included under its terms; ultimately the privacy and security of all our personal data. This requirement for protection extends globally, to all organizations, public and private, wherever personal data is held, processed, or transmitted concerning any EU citizen. Cyber Security is at the core of data protection and there is a heavy emphasis on the application of encryption and state of the art technology within the articles of the GDPR. This is considered to be a primary method in achieving compliance with the law. Understanding the overall use and scope of Cyber Security principles and tools allows for greater efficiency and more cost effective management of information systems. GDPR and Cyber Security for Business Information Systems is designed to present specific and practical information on the key areas of compliance to the GDPR relevant to Business Information Systems in a global context. Key areas covered include: - Principles and Rights within the GDPR - Information Security - Data Protection by Design and Default - Implementation Procedures - Encryption methods - Incident Response and Management - Data Breaches
An essential compliance tool for every privacy officer and attorney involved in managing privacy and data security issues, Privacy and Data Security Law Deskbook provides the thorough, practical, sector-specific guidance that helps you meet today''s challenges and minimize the risk of data breaches that can damage a company''s reputation. Privacy and Data Security Law Deskbook enables you to comply with data privacy laws relating to: Marketing efforts - including standards governing online behavioral advertising and targeted marketing Privacy in the workplace - such as standards governing employee monitoring and background screening of employees and applicant Health information - focusing on the Health Insurance Portability and Accountability Act (HIPAA), with insight into the HITECH Act''s impact on data breaches and other recent changes Financial privacy - including the Gramm-Leach-Bliley Act''s regulations for the collection and disclosure of personal information in the banking and insurance industries Consumer reports - with detailed coverage of the Fair Credit Reporting Act and Fair and Accurate Credit Transactions Act Government surveillance - including the latest developments in warrantless wiretapping Social networking - including the FTC''s current approach Privacy and Data Security Law Deskbook is written by Lisa J. Sotto - one of the world''s foremost legal practitioners in the field. Ms. Sotto is partner and head of Hunton and Williams'' Privacy and Information Management practice, which was ranked in "Band 1" for Privacy and Data Security by both the Chambers USA and Chambers Global guides. Packed with sample documents, checklists, and other compliance-enabling tools, Privacy and Data Security Law Deskbook allows you to: Navigate the various breach notification requirements in the more than 45 states that have such laws in place Comply with global data protection laws (including those in the EU), facilitating compliance with cross-border data transfer restrictions Keep current with emerging legal trends, from changes in federal and state laws to the latest data privacy regulations abroad Privacy and Data Security Law Deskbook has been updated to include: Countries in Latin America with new data protection laws The Cross-Border Privacy Rules under the APEC Privacy Framework Discussion of the recent SEC focus on disclosures of cybersecurity risks in public filings Analysis of the new FCC declaratory ruling on the applicability of the CPNI Rules Relationship between the litigation exception and the prohibition against obtaining personal information for solicitation purposes under the Driver''s Privacy Protection Act Case law regarding the retention of personally identifiable information under the Video Privacy Protection Act New disclosure requirements for online privacy policies pursuant to a recent amendment to California''s Online Privacy Protection Act Recent cases on employers'' tort liability for violations of employees'' privacy Updates to the California Online Privacy Protection Act Updates to National Labor Relations Board cases related to employee monitoring and employee use of social media An SEC report on the use of social media sites by public companies to announce key information Guidance issued by the Financial Industry Regulatory Authority (FINRA) regarding the application of federal consumer protection laws to the social media activities of financial institutions Recent state attorney general enforcement actions for privacy and information security violations The new information security management standards released by the International Organization for Standardization The new version of the Payment Card Industry Data Security Standard The latest cybersecurity developments outside the United States and EU Recent FTC, HHS, and state attorney general actions brought as a result of security breaches Analysis of the proposed General Data Protection Regulation in the EU Recent enforcement actions by EU Data Protection Authorities Updates on EU data breach legislation The Australian data protection law, including significant recent changes The recently enacted data protection law in South Africa
Applying the Data Protection Act to the Cloud The UK's Data Protection Act 1998 (DPA) applies to the whole lifecycle of information, from its original collection to its final destruction. Failure to comply with the DPA's eight principles could lead to claims for compensation from affected individuals and financial penalties of up to 500,000 from the Information Commissioner's Office, not to mention negative publicity and reputational damage. An expert introduction More than 85% of businesses now take advantage of Cloud computing, but Cloud computing does not sit easily with the DPA. Data Protection and the Cloud addresses that issue, providing an expert introduction to the legal and practical data protection risks involved in using Cloud services. Data Protection and the Cloud highlights the risks an organisation's use of the Cloud might generate, and offers the kind of remedial measures that might be taken to mitigate those risks. Topics covered include: * Protecting the confidentiality, integrity and accessibility of personal data * Data protection responsibilities * The data controller/data processor relationship * How to choose Cloud providers * Cloud security - including two-factor authentication, data classification and segmentation * The increased vulnerability of data in transit * The problem of BYOD (bring your own device) * Data transfer abroad, US Safe Harbor and EU legislation * Relevant legislation, frameworks and guidance, including: o the EU General Data Protection Regulation o Cloud computing standards o the international information security standard, ISO 27001 o the UK Government's Cyber Essentials scheme and security framework o CESG's Cloud security management principles o guidance from the Information Commissioner's Office and the Open Web Application Security Project (OWASP) Mitigate the security risks Mitigating security risks requires a range of combined measures to be used to provide end-to-end security. Moving to the Cloud does not solve security problems, it just adds another element that must be addressed. Data Protection and the Cloud provides information on how to do so while meeting the DPA's eight principles. About the author With a background in IT focused on CRM and other information management applications, Paul Ticher has worked on data protection for over 20 years. He is now a well-known consultant on the topic, mainly to non-profit organisations, and specialises in work with charities and voluntary organisations. Paul is the author of the standard work Data Protection for Voluntary Organisations (now in its third edition) as well as materials for ITGP and other publishers. He also carries out data protection reviews and delivers training and webinars on the topic. Learn how to move to the Cloud and still meet the DPA's principles - buy this book today "