Global Information Governance

Global Information Governance
Security and Privacy in a New Era
Northern Virginia Chapter, ARMA International
October 2013 Monthly Meeting
Christina Ayiotis, Esq., CRM
Adjunct Faculty, Department of Computer Science, The George Washington University
Co-Chair, The Sedona Conference on Cyber Liability
Co-Chair, Georgetown Cybersecurity Law Institute
Member, AFCEA International Cyber Committee
Principal Financier, Princess Andrianna Isabella Ayiotis
March 2011
plus ça change...
Today’s World
• Global organizations experiencing blurring of lines
between personal and professional:
– What information is created on corporate systems an
organization has “full” control over vs. through “public”
channels where more private information may be seen?
• What about integrity of Social Media “records” in the long-term?
(“Facebook editing function raises concern over misuse” Joe Miller
BBC News 30 September 2013
• “GSA offers electronic privacy refresher” Molly Bernhart Walker
Fierce Government IT September 30, 2013
– Need to abide by country law in global systems not
architected to do so (biggest dirty little secret globally)
Today’s World
– Who decides how employees will execute their job duties and
what tools they will use (or not use)?
• Incoming Work Force and E-Mail (“Technology and the College
Generation” Courtney Rubin The New York Times September 27, 2013
• What organization (private sector or public sector) fully manages all
text messages?
• Reconciling privacy and business needs
• What can be monitored and by whom?
– BYOD further complicates the governance challenge (Drivers are
cost and convenience, issues difficult to push back on during
challenging times)
• Only when we can truly (and easily) protect at the data level will this
– We’ll still wonder who has access and to what end
People, Process, Technology
• Government vs. Private Sector Information Governance Challenges
– Records Management may be dead but government still has to manage to
Schedules (theoretically)
– Big Data Impact (Emerging Trends in Law Firm Governance: Unlocking the
Power of Big Data, Predictive Coding and 24/7 Access in Law Firms Iron
Mountain July 2013
– What to protect and at what cost
• Cybercrime, Espionage, Terrorism
– How can the government help the private sector?
– Is the government able to even help itself?
– Who is in charge? “A Call to One is a Call to All”- DHS/FBI/NSA
• Who is in the middle?
– Would a US Cyber Force help? (“Why the nation needs a US Cyber Force”
James Stavridis The Boston Globe September 29, 2013
Government and Citizens
• Expectations around personal information
Social Security Administration
Veteran’s Benefits
• Electronic Health Records (DoD/VA)
– HIEs (security concerns)
• Expectations citizens have about what is truly private
– Communications through ISPs (even when encrypted), Social Media
posts in “private” groups, Data Aggregators
• E-Government—delivery of services
– IRS greatest success story of US government (but now there are
concerns about the privacy and security of that data)
– Estonia (E-vulnerabilities)
California Leads the Way (as always)
• Governor Brown Ushers in a New Privacy Era
in California and Beyond Tanya Forsheit
Information Law Group September 29, 2013
– AB 370- new disclosures to privacy policy (DNT)
– SB46 and AB1149 amend breach notification
(online accounts)
• “Eraser Bill” passed September 23, 2013,
effective January 1, 2015
The Future is Here
• Google/Facebook/NSA combined data—does
that cover everyone and everything?
• Google Glasses-
• The Internet of Things
• “Cisco predicts that there will be 50 billion
connected devices by the year 2020.”
• The ABA Cybersecurity Handbook: A Resource for Attorneys, Law
Firms and Business Professionals Jill D. Rhodes & Vincent I. Polley
(July 24, 2013)
• Locked Down: Information Security for Lawyers Sharon D. Nelson,
David G. Ries and John W. Simek (2012)
• Building Law Firm Information Governance: Prime Your Key
Processes Iron Mountain (July 2013)
• Emerging Trends in Law Firm Governance: Unlocking the Power of
Big Data, Predictive Coding and 24/7 Access in Law Firms Iron
Mountain (July 2013)
• A Proposed Law Firm Information Governance Framework Iron
Mountain (August 2012)
Shane McGee, Randy V. Sabett, & Anand Shah, Adequate Attribution: A Framework for Developing a
National Policy for Private Sector Use of Active Defense, 8 J. Bus. & Tech. L. 1 (2013)
Paul M. Schwartz & Daniel J. Solove, Reconciling Personal Information in the United States and European
Union, Forthcoming 102 California Law Review – (2014) September 6, 2013
Hunton & Williams LLP, OECD Issues Updated Privacy Guidelines September 16, 2013
Chris Wolf, Post-Snowden Fallout Shouldn't Cripple EU-US Safe Harbor 8/30/13
Bryan Cunningham, Do not let Prism scandal wreck the Safe Harbour system 9/6/13
David Perera, Indigenous European cloud needed to defeat NSA surveillance, says report September 23,
Alastair Stevenson, EC calls for single privacy law to protect €1tn worth of data from PRISM snoops