Global Information GovernanceSecurity and Privacy in a New Era

Northern Virginia Chapter, ARMA InternationalOctober 2013 Monthly Meeting

Christina Ayiotis, Esq., CRMAdjunct Faculty, Department of Computer Science, The George Washington University

Co-Chair, The Sedona Conference on Cyber LiabilityCo-Chair, Georgetown Cybersecurity Law InstituteMember, AFCEA International Cyber Committee

Principal Financier, Princess Andrianna Isabella Ayiotis@christinayiotis

March 2011

• http://www.youtube.com/watch?v=ZJ380SHZvYU

plus ça change...

Today’s World

• Global organizations experiencing blurring of lines between personal and professional:– What information is created on corporate systems an

organization has “full” control over vs. through “public” channels where more private information may be seen?• What about integrity of Social Media “records” in the long-term?

(“Facebook editing function raises concern over misuse” Joe Miller BBC News 30 September 2013 http://bbc.in/19PSyui)

• “GSA offers electronic privacy refresher” Molly Bernhart Walker Fierce Government IT September 30, 2013 http://bit.ly/15H150c

– Need to abide by country law in global systems not architected to do so (biggest dirty little secret globally)

Today’s World– Who decides how employees will execute their job duties and what

tools they will use (or not use)?• Incoming Work Force and E-Mail (“Technology and the College Generation”

Courtney Rubin The New York Times September 27, 2013 http://nyti.ms/18gnh4v)

• What organization (private sector or public sector) fully manages all text messages?

• Reconciling privacy and business needs• What can be monitored and by whom?

– BYOD further complicates the governance challenge (Drivers are cost and convenience, issues difficult to push back on during challenging times)• Only when we can truly (and easily) protect at the data level will this change

– We’ll still wonder who has access and to what end

People, Process, Technology• Government vs. Private Sector Information Governance Challenges Similar

– Records Management may be dead but government still has to manage to Schedules (theoretically)

– Big Data Impact (Emerging Trends in Law Firm Governance: Unlocking the Power of Big Data, Predictive Coding and 24/7 Access in Law Firms Iron Mountain July 2013 http://bit.ly/1aCDJfR)

– What to protect and at what cost

• Cybercrime, Espionage, Terrorism– How can the government help the private sector?– Is the government able to even help itself?– Who is in charge? “A Call to One is a Call to All”- DHS/FBI/NSA

• Who is in the middle?

– Would a US Cyber Force help? (“Why the nation needs a US Cyber Force” James Stavridis The Boston Globe September 29, 2013 http://b.globe.com/16KA37A)

Government and Citizens• Expectations around personal information

– Social Security Administration– IRS– Medicaid/Medicare– Veteran’s Benefits

• Electronic Health Records (DoD/VA)

– HIEs (security concerns)• Expectations citizens have about what is truly private

– Communications through ISPs (even when encrypted), Social Media posts in “private” groups, Data Aggregators

• E-Government—delivery of services– IRS greatest success story of US government (but now there are concerns

about the privacy and security of that data)– Estonia (E-vulnerabilities)

California Leads the Way (as always)

• Governor Brown Ushers in a New Privacy Era in California and Beyond Tanya Forsheit Information Law Group September 29, 2013 http://bit.ly/1bmvcSt– AB 370- new disclosures to privacy policy (DNT)– SB46 and AB1149 amend breach notification

(online accounts)• “Eraser Bill” passed September 23, 2013,

effective January 1, 2015 http://bit.ly/17O1iyV

The Future is Here

• Google/Facebook/NSA combined data—does that cover everyone and everything?

• Google Glasses- http://onforb.es/100DnaM

• The Internet of Things http://bit.ly/Xp0Fp

• “Cisco predicts that there will be 50 billion connected devices by the year 2020.” http://onforb.es/16lxrh9

Resources• The ABA Cybersecurity Handbook: A Resource for Attorneys, Law Firms

and Business Professionals Jill D. Rhodes & Vincent I. Polley (July 24, 2013) http://bit.ly/1ccsPSn

• Locked Down: Information Security for Lawyers Sharon D. Nelson, David G. Ries and John W. Simek (2012) http://amzn.to/1fAIyfC

• Building Law Firm Information Governance: Prime Your Key Processes Iron Mountain (July 2013) http://bit.ly/1hd81Yeh

• Emerging Trends in Law Firm Governance: Unlocking the Power of Big Data, Predictive Coding and 24/7 Access in Law Firms Iron Mountain (July 2013) http://bit.ly/1aCDJfR

• A Proposed Law Firm Information Governance Framework Iron Mountain (August 2012) http://bit.ly/NA7e4Y

MORE RESOURCES• Shane McGee, Randy V. Sabett, & Anand Shah, Adequate Attribution: A Framework for Developing a

National Policy for Private Sector Use of Active Defense, 8 J. Bus. & Tech. L. 1 (2013) http://bit.ly/11CwHaX

• Paul M. Schwartz & Daniel J. Solove, Reconciling Personal Information in the United States and European Union, Forthcoming 102 California Law Review – (2014) September 6, 2013 http://bit.ly/13YSIPo

• Hunton & Williams LLP, OECD Issues Updated Privacy Guidelines September 16, 2013 http://bit.ly/1blOWlH

• Chris Wolf, Post-Snowden Fallout Shouldn't Cripple EU-US Safe Harbor 8/30/13 http://bit.ly/16ZxoYE

• Bryan Cunningham, Do not let Prism scandal wreck the Safe Harbour system 9/6/13 http://bit.ly/16DdYhS

• David Perera, Indigenous European cloud needed to defeat NSA surveillance, says report September 23, 2013 http://bit.ly/16CP1Dl

• Alastair Stevenson, EC calls for single privacy law to protect €1tn worth of data from PRISM snoops 9/18/13 http://bit.ly/169l91c