1 / 20

Legal Issues

Legal Issues. Contracts & Electronic Discovery Source: CSA Security Guidance Report v.3 Presented by: Toby Tobkin – toby.tobkin@gmail.com. Motivation. why i chose this topic. Privacy Law. Data Privacy. Data on the Internet is vulnerable I won’t show a proof for this. Data Privacy.

teo
Download Presentation

Legal Issues

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Legal Issues Contracts & Electronic Discovery Source: CSA Security Guidance Report v.3 Presented by: Toby Tobkin – toby.tobkin@gmail.com

  2. Motivation • why i chose this topic

  3. Privacy Law

  4. Data Privacy • Data on the Internet is vulnerable • I won’t show a proof for this

  5. Data Privacy • Data on the Internet is vulnerable • I won’t show a proof for this • Burden of protection of personal data is on organizations in some regions

  6. Data Privacy • Data on the Internet is vulnerable • I won’t show a proof for this • Burden of protection of personal data is on organizations in some regions • Some regional organizations that mandate this: • OECD: Organization for Economic Cooperation and Development • APEC: Asia Pacific Economic Cooperation • EEA: European Economic Arena

  7. Examples of US Privacy Laws • Federal • Laws: GLBA, HIPAA, COPPA • FTC orders

  8. Examples of US Privacy Laws • Federal • Laws: GLBA, HIPAA, COPPA • FTC orders • State • Generally: reasonable security measures must be in place • including with subcontractors

  9. Privacy by Contract • If some aspect of privacy isn’t regulated, it could still be specified by a contract • but you knew that • Company using cloud service may • Have a contractual obligation to protect employee data it’s storing • Want to protect their trade secrets stored in the cloud • Have a privacy contract with their customers • Specify that data can only be used for certain purposes

  10. Contracts

  11. Concepts • Data custodian

  12. Concepts • Data custodian • Due diligence

  13. Cloud E-Discovery Issues

  14. Discovery Phase • In litigation, this comes prior to the trial • Philosophy: neither party should be able to keep secrets from each other

  15. Discovery: Problems • Data that may be demanded might not be under a party’s control • Might be on a third party’s backup system • Or something • Problem: whose obligation is it to produce requested information? • According to this document: it depends

  16. Discovery: Problems • Standard e-discovery tools may not work

  17. Discovery: Problems • Standard e-discovery tools may not work • Rules on preservation don’t seem to be clear • who pays for storage? client? service provider? • what constitutes “relevant” information to a litigation? • what about programmatically purged data?

  18. Discovery: Problems • Standard e-discovery tools may not work • Rules on preservation don’t seem to be clear • who pays for storage? client? service provider? • what constitutes “relevant” information to a litigation? • what about programmatically purged data? • Collection can be difficult • Limited bandwidth • Limited client functionality • Physical forensics could be overly intrusive on something like EC2

  19. Discovery: Problems • Standard e-discovery tools may not work • Rules on preservation don’t seem to be clear • who pays for storage? client? service provider? • what constitutes “relevant” information to a litigation? • what about programmatically purged data? • Collection can be difficult • Limited bandwidth • Limited client functionality • Physical forensics could be overly intrusive on something like EC2 • Native production

  20. Discovery: Solutions • Have terms in service agreement about e-discovery • e.g. accessing large amounts of data at once when bandwidth is usually limited

More Related