1 / 10

Trust in the Cloud How HP Protects its Customers’ Data and Supports Compliance

Trust in the Cloud How HP Protects its Customers’ Data and Supports Compliance. February 26 th 2014. Peter J Reid Privacy Officer, HP Enterprise Business Email: peter.j.reid@hp.com Phone: 469-808-4139. Significant Privacy Legislation Exists Outside US.

nevin
Download Presentation

Trust in the Cloud How HP Protects its Customers’ Data and Supports Compliance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Trust in the CloudHow HP Protects its Customers’ Data and Supports Compliance February 26th 2014 Peter J Reid Privacy Officer, HP Enterprise Business Email: peter.j.reid@hp.com Phone: 469-808-4139

  2. Significant Privacy Legislation Exists Outside US • In Europe, the European Data Protection Directive & its supporting country legislation considers privacy (data protection) a human right • Legislation, similar to European Data Protection Directive, has been & continues to be enacted in many other countries • Argentina * • Australia • Canada * • Hong Kong • Israel * • Japan • New Zealand * Most International Privacy Laws Place Restrictions on Trans-Border Data Flow * Deemed ‘adequate’ by EC

  3. U.S. Approach To Privacy Legislation, Historically Sector-Based, Has Been Growing • Fair Credit Reporting Act • Privacy Act • Family Educational Rights and Privacy Act • Right to Financial Privacy Act • Cable Communications Privacy Act • Electronic Communications Privacy Act • Video Privacy Protection Act • FCC TCPA & CPNI Rules • Driver’s Privacy Protection Act • Telecommunications Act • Children’s Online Privacy Protection Act • Wireless Communications and Public Safety Act • Gramm Leach Bliley Act • Health Insurance Portability & Accountability Act (HIPAA) • FTC Do Not Call Registry & Telemarketing Rules • CAN-SPAM Act • Fair & Accurate Credit Transactions Act (FACTA) • HITECH Act No current U.S. Privacy Laws place any restrictions on Trans-Border Data Flow

  4. What is Trans Border Data Flow? Personal Information from one country moved to another Personal Information in one country can be accessed from another HR Database Global Directory Support Services Both of these flows constitute Trans Border Data Flow

  5. Global Scope of Cross-Border Data Transfers Service Mgt. support in China Applications Support in US Data Center Services in India Messaging Support in Brazil Service Desk in South Africa

  6.   Privacy Restrictions On Trans-Border Data Flow Privacy & Data Protection regulations restrict transfer of “personal information” across national borders • Transfers from all countries with comprehensive national legislation are restricted • EU/EEA, Switzerland, Argentina, Australia, Canada, Japan, Korea, Mexico, etc. • From EU/EEA countries, personal information can be transferred to countries that have “adequate protection” • All other EU/EEA member states are deemed to be adequate • Switzerland, Canada, Argentina, Israel, New Zealand, Uruguay all have regulations deemed adequate by the EU • No other countries (e.g. US, Brazil, China, India, Malaysia, Philippines, Costa Rica) are deemed adequate by the EU, so transfers are restricted

  7. Overcoming Privacy Restrictions • Mechanisms to overcome transfer restrictions • Information can be transferred from a company in an EU/EEA country or Switzerland to it’s U.S. entity if that entity has joined U.S. DoC Safe Harbor • Safe Harbor applies only to transfers of PI from the EU to the U.S. • Safe Harbor also allows “onward transfers” to other jurisdictions • Personal information can also be transferred from any EU/EEA country to any non-EU/EEA country, other than “approved adequate countries”, if: • A model contract has been signed & in many instances approved by the country regulator, or • Binding Corporate Rules (BCR) /Binding Corporate Rules for Processors (BCR-P) have been approved, or • The individual has “freely given” consent • Transfers from other countries with national privacy legislation also require contractual agreement. APEC has introduced Cross Border Processing Rules (CBPR, CBPR-P)

  8. Biggest Cloud Compliance Challenges • Data mapping and data flow analysis • Knowing where your personal and other confidential information is and where it is stored and from where it can be accessed is a key factor in compliance. • In the “Public/Hybrid Cloud” space, this becomes a critical issue as it determines compliance requirements when your data is being stored and processed by a third party

  9. How HP engenders the Trust of it’s Customers • HP has well established Privacy and Security programs • We were one of the first members of the US DoC Safe Harbor program in 2001 • We have had “Binding Corporate Rules” or BCR approved by the regulators in the EU • We began to promote the idea of BCR for Data Processors with EU regulators in 2007. That has now become an approved program for Service Providers and HP is now in the process of applying for BCR-P approval • HP is also actively engaged with the APEC forum in the development of Cross Border Processing Rules (CBPR) and Cross Border Processing Rules for Processors (CBPR-P) • With our experience in IT, Apps and BPO services through the acquisition of EDS, we have significant experience in the global marketplace with many large Fortune 100 customers in helping them navigate the complexities of complying with global regulatory requirements. • We are leveraging that experience in the evolving Cloud space

  10. Thank you

More Related