Upload
arden
View
38
Download
1
Tags:
Embed Size (px)
DESCRIPTION
Lawyers in the Cloud. – The Australian Cloud Workplace. The Cloud. Because of three factors Computer capacity Connection speeds Web Must have elements Internet-based Always available Reliably secure. – The Australian Cloud Workplace. An earlier analogy. - PowerPoint PPT Presentation
Citation preview
Lawyers in the Cloud
– The Australian Cloud Workplace
• Because of three factors– Computer capacity– Connection speeds– Web
• Must have elements– Internet-based– Always available– Reliably secure
– The Australian Cloud Workplace
The Cloud
• Initially factories generated their own electricity – owned, maintained and operated
• Suppliers evolved• Consumers came to expect “always on”• Pay as you use• Consumers less concerned about the source,
and more about the service
– The Australian Cloud Workplace
An earlier analogy
• 16% see it as a network to store, access and share data
• 54% say they hardly ever use the Cloud• 32% see it as a thing of the future, but• 95% use Cloud Services
C.P Fleischauer – Citrix – Calming the Storm of Confusion
– The Australian Cloud Workplace
• Facebook• Gmail• YouTube• LinkedIn
• Instagram• iCloud• Dropbox• Box
• YouSendIt/Hightail• Hotmail• Ninefold• AWS
Do you use the Cloud?
The New Model
The Australian Cloud Workplace
• Cloud computing delivers resources, software, and data to computers and devices on demand
• Is a natural evolution of virtualisation, service orientated architecture and utility computing
• Offered on a subscription basis – “software as a service”
– The Australian Cloud Workplace
Cloud becomes serious business
• Cost – pay only for what you use• Scale – no infrastructure handcuffs – grow or shrink• Reliability – redundant infrastructure ensures always on
services for your practice• Options – Not locked in to a single provider• Brand and Device – Opens up multi-platform opportunities• Keep ahead – Access to previously unavailable and new
services• Mobility – anywhere, any time – limited only by one thing• Simplicity – just use it – don’t need to understand it
– The Australian Cloud Workplace
Advantages of Cloud
Choose a device – any device
– The Australian Cloud Workplace
Android and Windows Phone support coming soon
– The Australian Cloud Workplace
Access your files – anywhere
• The lawyer and the free lunch• You get what you pay for• The myth of cheap storage• Terms and Conditions
– The Australian Cloud Workplace
The Customer or the Product?
[skr•oo•gulld] verb
Word Origin:
Google’s ongoing use of invasive tactics to maximize their advertising profits.
Definition:
The Google practice of going through your personal Gmail for keywords so they can target you with ads.
See also: bug; eavesdrop; eyeball; listen in; observe; peek; peer; pry; scan; snoop; spy; tap; wiretap.
Sample sentence:
“Even if you’re not a Gmail user, you get Scroogled because Google goes through your personal emails sent to someone using Gmail.”
http://scroogled.com
– The Australian Cloud Workplace
• Trans-border data flow• Australian Privacy Principles (APP)/N.P.P.• “reasonable steps”
– exporter liability [Principle 8]– Federal and State Government service
requirement
– The Australian Cloud Workplace
Data Sovereignty
– The Australian Cloud Workplace
Do you know where your datais being stored?
Have your files goneon an overseas holiday?
– The Australian Cloud Workplace
• 80+ Acts/Reg/Rules on Document retention• “The Cloud ate my Data” or “Hotel California”• Bargaining Peeves – Trading Terms• Google's disclaimer – as is – no responsibility• What’s in the Cloud stays in the cloud
– The Australian Cloud Workplace
Exit from Cloud
• The relationship of players in the Cloud, or the Parties in the Cloud stack
• Backup/restoring data/disaster recovery• Service Levels – expect & plan for some
outage• Who owns your Cloud stuff – treatment of
Data on termination/insolvency/death
– The Australian Cloud Workplace
Due Diligence
Email – the every day example • A facto business platform• An email can pass through dozens of different
servers/networks during its delivery• On each one it can be intercepted, tracked and
the contents viewed• Jurisdictions and boundaries are meaningless
– The Australian Cloud Workplace
Do you know who looks at your data?
– The Australian Cloud Workplace
Should your documents beencrypted during transit?
Edocx – The Australian Cloud Workplace– The Australian Cloud Workplace
How private are you?
How private is yourCloud service?
The Australian Cloud Workplace
To be presented by:
Ms Emma Hossack BA LLB (Melb.) LLM (QUT)President - iappANZ (International Association of Privacy Professionals – Australia & New Zealand)
– The Australian Cloud Workplace
Privacy and the Cloud
DATA IN FLIGHT Privacy in the Cloud
Emma Hossack President iappANZ
WEBSITE: WWW.IAPPANZ.ORG | PHONE: +61 3 9895 4475 | EMAIL: [email protected]
Global Privacy
Privacy – relevance globally?
Privacy –a current issue for Australian business?
I am not a piece of your inventory
I AM NOT A PAIR OF EYEBALLS TO BE CAPTURED OR A CONSUMER PROFILE TO BE SOLD
I AM AN INDIVIDUAL AND YOU WILL RESPECT MY PRIVACY
I WILL NOT BE BARTERED TRADED OR SOLD
Privacy – OAIC Survey on Community attitudes 09.10.13
page | 26
Cloud proliferation
“Cloud computing has reached its tipping point; it’s no longer atrend, but an absolute business requirement” [Conroy at launch of NCCS, 29 May 2013]
• 58% of Australian businesses have adopted cloud computing solutions
• Market leaders: Amazon, Google, Microsoft, Salesforce• Australian providers: Telstra, Macquarie Telecom
2011 estimated value 2020 forecast
Australian market $732 million $3.2 billion
Global market $40.7 billion $241 billion
page | 27
Draft APP Privacy Guidelines: second stage released Guidelines 6 to 11 (Parts 3 and 4) on 20 September
Consultation closes COB Monday 21 October 2013. Please send submissions to [email protected].
Spotlight on Draft Guidelines for APP 8
page | 28
APP 8.1 Before an APP entity discloses personal
information to an overseas recipient, the entity must take reasonable steps to ensure that the overseas recipient does not breach the APPs in relation to that information
Australian Privacy Principle 8 – Key Points
page | 29
When does an APP entity ‘disclose’ personal information about an individual to an overseas recipient?
Disclose is narrowly construed Release of information from effective control Distinct from ‘unauthorised access’ in APP 11 Includes where by an act (positive or accidental) the
data is accessed by an overseas recipient.
Australian Privacy Principle 8 – Key Concepts
page | 30
‘Use’ Distinct from a 'disclosure'. Maintaining control (as against release). Limited circumstance where a use may not
be a disclosure.
Australian Privacy Principle 8 – Key Concepts
page | 31
Reasonable steps depends on: Nature of data Relationship with the overseas entity Risk of harm to individual Existing technical and operational safeguards
implemented by overseas entity and the practicability of taking particular steps.
Australian Privacy Principle 8 – Key Concepts
page | 32
Exceptions to 8.1 and s16C Disclosure to an overseas recipient that is subject to
a similar law or binding scheme where the APP entity believes that: the overseas recipient is subject to a law, or binding
scheme, that has the effect of protecting the information in a way that, overall, is at least substantially similar to the way the APPs protect information, and
mechanisms can be accessed by the individual to enforce the protection of the law or binding scheme.
Australian Privacy Principle 8 – Key Points
page | 33
APP entity expressly informs the individual that if they consent to the disclosure, this principle will not apply, and the individual then consents to the disclosure.
‘Expressly inform’ Clear written or oral statement which explains that
if the person consents and the overseas recipient breaches, the entity will not be accountable under the Privacy Act and the person will have no remedy.
Australian Privacy Principle 8 – Key Concepts
page | 34
The magic data formula• Data Value = DV The inherent ability to contact customers, diagnose
problems or otherwise leverage data and turn it into intelligence. The ability to take knowledge based commercial or social risks. The ability to report objective progress that is correlated to data and good governance
• Data Risk = DR The legal, social or economic costs of mishandling, misappropriating or otherwise failing to recognize the potential for data to become transformed into intelligence or leveraged in a positive fashion.
SO,DV > DR = Success.Michelle Dennedy CPO McAfee PAW 2013 Brisbane
Privacy – How to make it work for your business?
page | 35
Create your Privacy Business Plan
•What does your organisation need?
•How will you get there?
Privacy – how to make it work for your business?
page | 36
Security and privacy
"Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on."
Edward Snowden http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance
iappANZ resourcesIAPP&iappANZ publications keep members up to date on the latest privacy and data protection news worldwide. In addition to the Bulletin.
Privacy – next steps to implementation?
WEBSITE: WWW.IAPPANZ.ORG | PHONE: +61 3 9895 4475 | MAIL: [email protected]
Emma HossackB.A. (Hons), L.L.B, L.L.M
President iappANZ
CEO Extensia
P: 07 3292 0250
The Australian Cloud Workplace
Lost in Cloud complexity?Break through with Edocx