Upload
automatskicorporation
View
98
Download
4
Embed Size (px)
Citation preview
PRIVACY STANDARDSThe Internet of Things – Automatski Corp.
http://www.automatski.comE: [email protected] , Founder & CEO
M:+91-9986574181
E: [email protected] , Director - Sales
M: +91-8884074204
THE CONTEXT
Automatski is an IoT pioneer in many ways…
With its ground up first principles based IoT Scale Platform
With Infinions.io Autonomous Compute Platform ®
Autonomous Machine Consumption Certified ®
But Analyst count more than 180 IoT Platforms across the world
An IoT Platform is a tough sell, even if you are cutting edge
Hence we want to eliminate one more possibility of someone choosing others over us.
The IoT Industry is filled with Paranoia about Security & Privacy concerns
Hence we want to address Security and Privacy even within the foundations and early stages of our Architecture and Existence as a Business
That’s why we are doing this!
FRONT RUNNER
Automatski is a front runner in addressing IoT Security & Privacy concerns, using a combination of
Research
Standard Industry Practices
Software Engineering Principles
Operational Excellence
ISO/IEC 27018
Information technology - Security techniques - Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors
This standard provides guidance aimed at ensuring that cloud service providers (such as Amazon and Google) offer suitable information security controls to protect the privacy of their customers’ clients by securing PII (Personally Identifiable Information) entrusted to them.
ISO/IEC 27018
The Standard contains sets of controls that are intended to be implemented by cloud service providers to ensure security. The Standard sets out controls including (amongst others):
information security policies;
human resource security;
access control;
cryptography;
physical and environmental security;
operations security;
communications security;
supplier relationships;
information security incident management;
information security aspects of business continuity management; and
compliance.
*** Not Legally Binding!
PRIVACY ACT 1974
Establishes controls over what personal information is collected, maintained, used and disseminated by agencies in the executive branch of the Federal government.
The Privacy Act only applies to records that are located in a “system of records.” As defined in the Privacy Act, a system of records is “a group of any records under the control of any agency from which information is retrieved by the name of the individual or by some identifying number, symbol, or other identifying particular assigned to the individual.”
The Privacy Act guarantees three primary rights: The right to see records about oneself, subject to Privacy Act exemptions;
The right to request the amendment of records that are not accurate, relevant, timely or complete; and
The right of individuals to be protected against unwarranted invasion of their privacy resulting from the collection, maintenance, use, and disclosure of personal information.
EU DATA PROTECTION REGULATION - SINGLE DIGITAL UNION
In January of this year the European Commission revealed a draft of its European Data Protection Regulation to replace the previous Data Protection Directive.
The Data Protection Directive is a European Union Directive, which was created to regulate the progression of personal data within the European Union. Officially known as the Directive 95/46/EC the legislation is part of the EU privacy and human rights law.
The aim of the new European Data Protection Regulation is to harmonise the current data protection laws in place across the EU member states. The fact that it is a “regulation” instead of a “directive” means it will be directly applicable to all EU member states without a need for national implementing legislation.
EU DATA PROTECTION REGULATION - SINGLE DIGITAL UNION
1. Get your privacy policies, procedures and documentation in order and keep them up to date: data protection authorities will be able to ask for these at any time.
2. Form a governance group that oversees all your privacy activities, led by a senior manager or executive. If you have over 250 employees, appoint a data protection officer. The group should develop metrics to measure the status of privacy efforts, report regularly and create statements of compliance that will be required as part of your organization's annual report.
EU DATA PROTECTION REGULATION - SINGLE DIGITAL UNION
3. Implement a breach notification process and enhance your incident management processes and your detection and response capabilities. Any data breach must be notified to the relevant data protection authority, even if protective measures, such as encryption, are in place; or the likelihood of harm is low.
4. Prepare your organisation to fulfil the "right to be forgotten", "right to erasure" and the "right to data portability". A strategy covering topics such as data classification, retention, collection, destruction, storage and search will be required – and it should cover all mechanisms by which data is collected, including the internet, call centres and paper.
5. Create and enforce privacy throughout your systems' lifecycles to meet the "privacy by design" requirement, whether you buy or develop. This will ensure privacy controls are stronger, simpler to implement, harder to by-pass and totally embedded in a system’s core functionality.
AUTOMATSKI PRIVACY COMPLIANCE ROADMAP
2015• 3rd Product Release
• Privacy Act 1974 Compliance
2016• 4th/5th Product Release
• ISO/IEC 27018• EU Data Protection Regulation
THANKYOU!
WHO ARE WE?
10-20+ years of Software Engineering experience each
Global Agile & Technology Consulting, Advisory & Delivery experience of 10-15+ years since Agile and Tech was in Infancy.
The first computers we worked on were Atari and ZX Spectrum ;-) And yes after Basic we went to C/C++ and then straight to Assembly Programming and then -> we began our journey as technologists
Globally Distributed Global & Fortune Company work Experience
Worked with companies like BCG, McKinsey, Fidelity, Tesco, Goldman Sachs…
Long 3-5+ year projects & Over 200+ people globally distributed teams
Led Double Digit Multi-Billion US$ Projects
Blended methodology used comprising of Scrum, XP, Lean and Kanban
From there we rode every wave J2EE, RUP, Six Sigma, CMMI, SIP, Mobile, Cloud, Big Data, Data Science etc…
Individually worked with over 300+ Technologies at a time, literally nothing that scares us
Authors, Speakers, Coach’s, Mentors, Scientists, Engineers, Technologists, Marketing, Sales, HR, Finance…
We are Generalists and we Always start with First Principles.
FURTHER INFORMATION
Please refer to http://automatski.com for more information
Please go through the 2 minute demo, 5 minute demo…
And the showcase section of the website for more information…
Or email us on [email protected]
Or just give us a shout on Linkedin, Facebook, Twitter, Email etc.