Global Information Governance Security and Privacy in a New Era Northern Virginia Chapter, ARMA International October 2013 Monthly Meeting Christina Ayiotis, Esq., CRM Adjunct Faculty, Department of Computer Science, The George Washington University Co-Chair, The Sedona Conference on Cyber Liability Co-Chair, Georgetown Cybersecurity Law Institute Member, AFCEA International Cyber Committee Principal Financier, Princess Andrianna Isabella Ayiotis @christinayiotis March 2011 • http://www.youtube.com/watch?v=ZJ380SHZ vYU plus ça change... Today’s World • Global organizations experiencing blurring of lines between personal and professional: – What information is created on corporate systems an organization has “full” control over vs. through “public” channels where more private information may be seen? • What about integrity of Social Media “records” in the long-term? (“Facebook editing function raises concern over misuse” Joe Miller BBC News 30 September 2013 http://bbc.in/19PSyui) • “GSA offers electronic privacy refresher” Molly Bernhart Walker Fierce Government IT September 30, 2013 http://bit.ly/15H150c – Need to abide by country law in global systems not architected to do so (biggest dirty little secret globally) Today’s World – Who decides how employees will execute their job duties and what tools they will use (or not use)? • Incoming Work Force and E-Mail (“Technology and the College Generation” Courtney Rubin The New York Times September 27, 2013 http://nyti.ms/18gnh4v) • What organization (private sector or public sector) fully manages all text messages? • Reconciling privacy and business needs • What can be monitored and by whom? – BYOD further complicates the governance challenge (Drivers are cost and convenience, issues difficult to push back on during challenging times) • Only when we can truly (and easily) protect at the data level will this change – We’ll still wonder who has access and to what end People, Process, Technology • Government vs. Private Sector Information Governance Challenges Similar – Records Management may be dead but government still has to manage to Schedules (theoretically) – Big Data Impact (Emerging Trends in Law Firm Governance: Unlocking the Power of Big Data, Predictive Coding and 24/7 Access in Law Firms Iron Mountain July 2013 http://bit.ly/1aCDJfR) – What to protect and at what cost • Cybercrime, Espionage, Terrorism – How can the government help the private sector? – Is the government able to even help itself? – Who is in charge? “A Call to One is a Call to All”- DHS/FBI/NSA • Who is in the middle? – Would a US Cyber Force help? (“Why the nation needs a US Cyber Force” James Stavridis The Boston Globe September 29, 2013 http://b.globe.com/16KA37A) Government and Citizens • Expectations around personal information – – – – Social Security Administration IRS Medicaid/Medicare Veteran’s Benefits • Electronic Health Records (DoD/VA) – HIEs (security concerns) • Expectations citizens have about what is truly private – Communications through ISPs (even when encrypted), Social Media posts in “private” groups, Data Aggregators • E-Government—delivery of services – IRS greatest success story of US government (but now there are concerns about the privacy and security of that data) – Estonia (E-vulnerabilities) California Leads the Way (as always) • Governor Brown Ushers in a New Privacy Era in California and Beyond Tanya Forsheit Information Law Group September 29, 2013 http://bit.ly/1bmvcSt – AB 370- new disclosures to privacy policy (DNT) – SB46 and AB1149 amend breach notification (online accounts) • “Eraser Bill” passed September 23, 2013, effective January 1, 2015 http://bit.ly/17O1iyV The Future is Here • Google/Facebook/NSA combined data—does that cover everyone and everything? • Google Glasses- http://onforb.es/100DnaM • The Internet of Things http://bit.ly/Xp0Fp • “Cisco predicts that there will be 50 billion connected devices by the year 2020.” http://onforb.es/16lxrh9 Resources • The ABA Cybersecurity Handbook: A Resource for Attorneys, Law Firms and Business Professionals Jill D. Rhodes & Vincent I. Polley (July 24, 2013) http://bit.ly/1ccsPSn • Locked Down: Information Security for Lawyers Sharon D. Nelson, David G. Ries and John W. Simek (2012) http://amzn.to/1fAIyfC • Building Law Firm Information Governance: Prime Your Key Processes Iron Mountain (July 2013) http://bit.ly/1hd81Yeh • Emerging Trends in Law Firm Governance: Unlocking the Power of Big Data, Predictive Coding and 24/7 Access in Law Firms Iron Mountain (July 2013) http://bit.ly/1aCDJfR • A Proposed Law Firm Information Governance Framework Iron Mountain (August 2012) http://bit.ly/NA7e4Y MORE RESOURCES • Shane McGee, Randy V. Sabett, & Anand Shah, Adequate Attribution: A Framework for Developing a National Policy for Private Sector Use of Active Defense, 8 J. Bus. & Tech. L. 1 (2013) http://bit.ly/11CwHaX • Paul M. Schwartz & Daniel J. Solove, Reconciling Personal Information in the United States and European Union, Forthcoming 102 California Law Review – (2014) September 6, 2013 http://bit.ly/13YSIPo • Hunton & Williams LLP, OECD Issues Updated Privacy Guidelines September 16, 2013 http://bit.ly/1blOWlH • Chris Wolf, Post-Snowden Fallout Shouldn't Cripple EU-US Safe Harbor 8/30/13 http://bit.ly/16ZxoYE • Bryan Cunningham, Do not let Prism scandal wreck the Safe Harbour system 9/6/13 http://bit.ly/16DdYhS • David Perera, Indigenous European cloud needed to defeat NSA surveillance, says report September 23, 2013 http://bit.ly/16CP1Dl • Alastair Stevenson, EC calls for single privacy law to protect €1tn worth of data from PRISM snoops 9/18/13 http://bit.ly/169l91c