My techlaw talk at a BCS joint event on the EU Data Protection Regulation back in 2013

bcstalk
It was over a year ago that I gave a talk at a joint BCS IRMA and the LAW groups held on the 30th September 2013. Details of the event was posted on this blog
The slides are available in pdf
To watch the video, you will need to sit down and relax to view the recording in mp4. The duration of the talk and recording was over 1:30 hours (recorded time of 1:33:19).

Also posted on youtube

Thanks and enjoy!
Cher

Google Scholar

My paper cited and recorded by Google Scholar

Found the article that cited me. Luckily my surname was correct in the references. It wasn’t correct in the article, should be Devey not Devy.

Here is the article;

Gavin W. Manes & Elizabeth Downing (2010) What Security Professionals Need to Know About Digital Evidence, Information Security Journal: A Global Perspective, 19:3, 124-131, DOI: 10.1080/19393550903200466

Data Privacy Day January 2014

Last Tuesday 28th February, I joined with couple of other PhD research students at City University London to celebrate Data Privacy Day #DPD2014. Although it was planned last minute the event went ahead and the speakers gave interesting and lively privacy related talks. Many thanks to the speakers, Mr Jonathan Turner and Mr David Haynes, the attendees, and last but not least to the organiser, Mr David Haynes.

I believe this was the first time #DPD2014 was celebrated at City University. It will not be the last time.

Next year we will plan well ahead of the January date.

My slides for the talk in pdf.

My talk was a condensed version of my talk for the BCS Law-IRMA event in September 2013. However, I introduced a bit about my PhD research theme.

Not just ESI

The US Federal Rule of Civil Procedure (FRCP) 37(e) – on preservation, is pending revision. Note the commentary at aceds.org.

Preservation orders and the rules on Electronically Stored Information (ESI) are complex areas for policy makers and also IT folks. Some of these issues I have raised in my article and also briefly during my talk at BCS in November 2011. Both these are available on this page.

Personally I find the term, ESI a confusing term in the context of electronic discovery/disclosure (edisc). In edisc it is not only the digital/electronic information in storage that the rules/laws are addressing. The word ‘stored’ implies storage media/medium/devices and the data in storage is ‘at rest’. Hard to imagine that emails are ESI. In my talk I stated that edisc folks tend to address edisc by talking about discoverable media/medium/devices which is not the case in edisc. So now the proposed FRCP is addressing ‘discoverable information’ instead of just ESI.

Surveillance – my keyword from the year 2013

I browsed about 10 mins ago on wikipedia for traffic viewing statistics on ‘electronic discovery’, ‘information privacy’, ‘information security’, ‘surveillance’ and ‘Edward Snowden’.

The ‘Electronic_discovery has been viewed 5883 times in the last 30 days.’, ‘Information_privacy has been viewed 4148 times in the last 30 days.’, ‘Information_security has been viewed 30227 times in the last 30 days.’ and ‘Surveillance has been viewed 19571 times in the last 30 days’. Most interestingly this ‘Edward_Snowden has been viewed 341274 times in the last 30 days’

The figures may not show exactly how many searches on ‘surveillance’ or ‘surveil’ but the wikipedia figures give a good enough guide for me to denote ‘surveillance’ as a keyword to take note.

I came across this article ‘Ford “Know[s] Everyone Who Breaks the Law” Using Cars They Made — Why Aren’t They Doing Something About It?‘. It is worth reading even though it is from a US perspective. Well, the Edward Snowden drama originated from the US but has news flashes across the Globe from the US to Hong Kong to Brazil to Russia and UK/Europe.

As highlighted in the volokm.com article, the term ‘surveil’ is now a legal watch word in the US.
Extracted statements from the article :
Failure to provide camera surveillance is now a common claim in negligence cases. “Take reasonable care” translates into a steady and growing pressure: investigate, surveil, disclose.

tracking Santa!

Just have to blog this!
Watching the ‘tracking of Santa delivering gifts’!
Quick go to your online chimney

The grand EU data protection reform [29C3]

A video published on 28 Dec 2012 on youtube

I didn’t know that ‘Angry Birds’ need my location data.

Come May 2014, these grand EU Data Protection reform will take shape in some form – definitely with no mention of ‘Angry Birds’ in the reform itself.

Worth listening to these ‘fresh outward’ looking speakers. A pity the session was not in debate style.

About this blogging site and beyond

This blogging site will soon passed its 5th anniversary and time to revisit what to do with this blog.
As noted in the About page, this blog was setup (on the fly, virtually within less than an hour, that’s the beauty of WordPress) primarily for my research and activities on edisclosure/ediscovery.

My interests are varied as listed in my main jollyvip website.

Since October this year, 2013 I’m a PhD research student with the Centre for Cyber Security Sciences (CCySS) with the City University London.

My domains of research are varied too. I use the word ‘domain’ as I have not figured out where all my interests lie or map into the academia world of research with it’s own definition of disciplines and schools and departments. I do know that my main interest is in computer science (or software engineering). Over the years, having worked primarily on complex software projects/programmes, I am particularly drawn to the dynamics of interaction between people (hence my foray into Law and Dispute Resolution) and within organisations. To me, computer (and technology) is a tool, albeit a tool unlike others whereby it can transform life positively or negatively depending on it’s use or abuse. Well it’s like a hammer except it’s ‘soft’ i.e. malleable. Others have argued and also written on many aspects of software. I like to view software as malleable i.e. this Merriam definition;
a : capable of being altered or controlled by outside forces or influences
b : having a capacity for adaptive change

With this view, my research will explore these domains:-

Software Practice and Engineering
Organisation Operational Practice (cyber insurance)
IT Governance, Risk and Compliance
Data and Privacy Laws
Data and Information Visualisation
Supply Chain and Cyber Space (Internet)

So edisclosure/ediscovery is not on my agenda for my PhD research. However I do hope that the outcome of my research will provide useful tool(s) for edisclosure/ediscovery related issues.

As this site will be my only (public) blogging space, I will keep this blogging site as it is i.e. without any changes to the site name and description. From time to time, I will post news & tweets (via my twitters, @edisclosure and @insuredatarisk ) covering edisclosure/ediscovery and beyond into the above domains.

Thanks for reading this.
Cher

Digital Investigations, E-Disclosure, Readiness Plans Guide

Back in 2008 I posted this ‘digital investigations and evidence’ blog. In that blog I mentioned Dr. Peter Sommer’s Guide to Forensic Readiness. This Guide has now been revised. The New (4th) edition in pdf is available at the IAAC site.

My techlaw talk – EU Data Protection Regulation

Welcome to join me on the 30th September 2013 at the BCS Office, London.
Admission Free – Limited Places available
To attend please register via this BCS link:

Details of the event:
BCS – The Chartered Institute for IT
Joint Event BCS LAW SG and IRMA

Monday 30 September 2013
18:00 for event start
18:30 event end 20:30

FILMING: This event may be filmed and recording could be used for future publicity.

Legal issues concerning Data Privacy and Technology generated by the Draft (2012) EU DP Regulation presented by Cher Devey

New legal issues concerning data privacy and technology have arisen from the recently drafted (January 2012) EU General Data Protection Regulation (Draft EU DP Regulation) that should be of immediate interest to lawyers, compliance officers, as well as IT professionals. This revised regulation will eventually replace the current Data Protection Act of 1998.

Early this year a draft report on the Draft EU DP Regulation was released by the MEP Jan Phillipp Albrecht. This Albrecht report (the Report) proposes 350 amendments and has been widely reviewed and commented on, not only in the EU but also with mixed reactions from the US industry and government.

Besides the controversial concepts underpinning the proposals (e.g. the Right to be forgotten), technological measures for protecting personal data and the compliance incentives (in terms of penalties) have also stirred heated debates. The Report also stresses the accountability approach and measures including data protection assessment. In particular it introduces the concept of the ‘producer’. Broadly, the ‘producer’ is the entity that creates automated data processing or filing systems to be used by data controllers or data processors. Potentially the ‘producer’ needs to comply with ‘privacy by design’ and ‘privacy by default’ principles. While the exact scope is still in the making, the introduction of such concept has implications for software and hardware designers and developers.

There are many messy questions not only stemming from the data privacy law but also from the confluence of this and technology. Potential topics for discussion;

What do we understand by ‘privacy by design’ and ‘privacy by default’ principles?

Is data protection assessment a data privacy risk assessment or more?

How do organisations assess or identify data privacy and potential exposure to data related events (theft, misuse, abuse)?

The aims of these topics are to invite participants to share their stories, and also explore what are the challenges ahead.

The format of the evening will be a facilitated forum driven by attendees’ questions and discussions.

Materials;
The Draft EU General Data Protection Regulation

The Albrecht Report;

Facilitator Profile
Cher Devey

Cher Devey (BSc, MBA, DipIntArb) has particular expertise in technology and computers matters affecting businesses and individuals. She has the benefit of having worked as senior IT Consultant (as Project Manager/Business Architecture/Business Analyst) for several major global investment banks and software service providers. Besides her professional IT qualifications, being a Chartered Engineer (CEng) and a Certified Information Technology Professional (CITP, British Computer Society), she has also studied specialist modules in computer and communications law (LLM with Queen Mary College, London).She is also a Fellow of the Chartered Institute of Arbitrators (FCIArb) and an accredited CIArb Mediator.

As from October 2013, Cher will be a PhD student (with Studentship) with the Centre for Cyber Security Sciences, City University London.
She occasionally blogs at http://jollyvip.com/edisclosure/
Her research site at http://www.insuredatarisk.com/

For overseas delegates who wish to attend the event please note that BCS do not issue invitation letters.

Cancellation Policy
In the event of cancellation the delegates will be told well in advance. BCS reserve the right to cancel any event. BCS is not responsible for hotel or travel costs. No refunds will be given after 18 March 2013.

Bookings close 29 September 2013 at 23:59.

Email: mandy.bauer@hq.bcs.org.uk

Electronic Privacy
As a body for IT professionals BCS Group regularly communicates with its interested parties by email. I understand that BCS Group will not pass on my email address to other organisations.

Data Protection Act 1998
BCS Group will hold your personal data on its computer database and process it in accordance with the Act. This information may be accessed, viewed and used by the Society for administrative purposes and conducting market research. All of these purposes have been notified to the Commissioner. If you are based outside the European Economic Area (the ‘EEA’), information about you may be transferred outside the EEA in accordance with the requirements of the Act.

Further information about this and other BCS activities is available via the website,
else via email to Law SG Branch Chair, Jennifer Dean at: dean.jenniferlila@gmail.com