Still Seeking the Paperless Office EU, U.S. Agree on New Data Transfer Deal
Total Page:16
File Type:pdf, Size:1020Kb
© 2016 Arma International UPFRONTNews, Trends & Analysis PRIVACY E-RECORDS EU, U.S. Agree on New Data Transfer Deal Still Seeking the Paperless Office hirty-five years ago, a British- American information scien- Ttist introduced the concept of a paperless office. Today, it seems, we are no closer to attaining that scenario, according to a recent sur- vey of UK offices. Printer company Epson sur- veyed more than 3,600 European employees, and 83% called the pa- perless office “unrealistic.” It found that hard copies are preferred over digital documents because workers feel the need to share, hand out, and edit reports. In fact, the majority of respondents felt they’d be more fter three months of in- financial information to social me- likely to make a mistake when edit- termittent talks, U.S. and dia posts. ing an electronic document than a AEuropean officials have “We have for the first time paper copy. reached a new agreement on how received detailed written assur- According to the survey, 83% digital data will be transferred ances from the United States on of office workers in Europe said a from one side of the Atlantic to the safeguards and limitations ap- ban on printing would “limit their the other. The Privacy Shield plicable to U.S. surveillance pro- productivity.” Across Europe, office agreement, which still requires gram,” Commission Vice-President workers spend nearly 19 hours ev- political approval, means Euro- Andrus Ansip told the media. “On ery year walking to and from print- pean data protection authorities the commercial side, we have ob- ers, Epson said, walking more than will not restrict data transfers as tained strong oversight by the U.S. 110 kilometers (68.35 miles) in the they had planned to if an agree- Department of Commerce and process. ment had not been reached. the Federal Trade Commission of Another survey, from informa- According to Reuters, the Eu- companies’ compliance with their tion management firm M-Files, ropean Commission said Privacy obligations to protect EU personal found that 77% of UK businesses Shield will place stronger obliga- data.” still store and manage paper re- tions on U.S. companies to pro- Per the agreement, the United cords, with 19% stating they keep tect Europeans’ personal data and States will create an ombudsman all records in paper format and 58% ensure stronger monitoring and within the State Department to storing data in both paper and digi- enforcement by U.S. agencies than handle complaints and inquiries tal formats. the previous Safe Harbor agree- forwarded by EU data protection ment. agencies, Reuters reported. There Since Safe Harbor was invali- will also be an alternative dispute dated by the European Court of resolution mechanism to resolve Justice in October 2015, about grievances, as well as a joint an- 4,000 U.S. companies that had nual review of the agreement. relied on it to collect and trans- European data protection au- fer data out of the EU have been thorities said they will also work without any legal guidelines for with the U.S. Federal Trade Com- handling information ranging from mission to police the system. 6 MARCH/APRIL 2016 INFORMATIONMANAGEMENT © 2016 Arma International PRIVACY tors in Braunschweig, a city close privacy laws, which limit access to to Volkswagen’s headquarters in data, especially for those outside VW Cites Privacy Laws Wolfsburg, said German law al- the European Union. In refusing in Refusing to Provide lowed prosecutors to carry out raids to turn over evidence to American of Volkswagen’s Wolfsburg offices to investigators, Volkswagen has cited Documents gather possible evidence that could the German Federal Data Protec- include e-mail exchanges, the Times tion Act, as well as the German olkswagen has refused to pro- reported. Constitution, the European Con- vide its executives’ e-mails “We can’t complain about our co- vention on Human Rights, decisions Vand other communications to operation with the company,” Ziehe of the German Constitutional Court U.S. attorneys general who request- said. “We have the impression that and the European Court of Human ed the documents as part of their we have received everything that Rights, “and (for good measure) investigations into the company’s we have specifically requested.” provisions of the German Crimi- emissions scandal, according to the Germany is known for its strict nal Code,” according to the Times. New York Times. INFO SECURITY Survey: Departing Employees Take Sensitive Data ore than one in four employees take and/or share sensitive company data when leaving a job, according to a recent survey Mfrom secure communications solutions provider Biscom. Technology decision-makers take heed: Survey findings show that the technology a company implements plays a major role in an employee’s’ decision to take company data. For example, tools like In September 2015, Volkswa- Dropbox, Google Drive, and e-mail make it effortless to take files. gen admitted to installing software The survey also found: to cheat on emissions tests in 11 • 15% of respondents said they are more likely to take company million diesel vehicles sold world- data if they are fired or laid off than if they leave on their own. wide. The Times reported that a • Of those who take company data, 85% report they take material 48-state civil investigation is be- they have created themselves and don’t feel doing so is wrong. ing led by several states, including • Only 25% of respondents report taking data they did not create. New York and Connecticut, and • About 95% of respondents said that taking data they did not attorneys general in California and create was possible because their company either did not have Texas are also looking into the com- policies or technology in place to prevent data stealing or it ig- pany, which includes the Audi and nored its policies. Porsche brands. “The survey’s results reveal employees as a big security hole,” John An inquiry by the U.S. Justice Lane, CISO of Biscom, said in a statement. “Companies can use this Department states that Volkswa- information to understand how they can protect their data. Whether gen had “impeded and obstructed” it’s updating employee training, regulators and provided “mislead- establishing stricter company ing information.” Investigators say policies to prevent data theft, or Volkswagen’s actions limit their obtaining secure tools to store and ability to identify which employ- track company data.” ees knew about or sanctioned the Although stealing data can re- emissions cheating. Penalties would sult in significant security risks, be greater if the states and others most survey respondents reported pursuing Volkswagen in court could that they didn’t view it as data prove that top executives were theft. Despite the fact that they’re aware of or directed the activity. taking sensitive information, including company strategy documents, German investigators said Volk- customer lists, and financial data, employees don’t consider their ac- swagen is working with them under tions malicious or even wrong. The report concluded that this may be the auspices of German law. Klaus why data theft is so prevalent. Ziehe, a spokesman for prosecu- MARCH/APRIL 2016 INFORMATIONMANAGEMENT 7 UPFRONT © 2016 Arma International rent state of information sharing and developed concrete resources and breach reporting requirements. to help firms better manage their According to the IIROC, the cyber risks.” guide provides a framework for de- The IIROC also noted that veloping a plan but is not “intended it is developing a cybersecurity to function as a working response program to help dealers increase plan. Rather, each dealer member their cybersecurity preparedness. should develop internal plans as In December, the Canadian govern- part of their cybersecurity strategy ment announced plans to launch that prepares them in advance for the Canadian Cyber Threat Ex- the risks they are most likely to change in 2016, Legaltech News face.” reported. It will be an independent, “Active management of cyber not-for-profit organization to help risk is critical to the stability of businesses protect themselves CYBERSECURITY IIROC-regulated firms, the integri- against attacks through informa- ty of Canadian capital markets, and tion sharing. Its founding members Canadian Organization the protection of investors,” said are Air Canada, Bell Canada, Can- Releases Cybersecurity Andrew Kriegler, IIROC president adian National Railway Company, and CEO, in a statement. “That HydroOne, Manulife, Royal Bank of Guides is why we consulted with the in- Canada, TELUS, TD Bank Group, dustry, engaged security experts and TransCanada Corp. self-regulatory organization that helps monitor Canada’s A trading industry has released INFO SECURITY two guides to help investment deal- Data Breaches Affect U.S. Consumer ers protect themselves and their cli- ents in the event of a cyber attack. Business Decisions The Investment Industry Reg- ulatory Organization of Canada ust how much do U.S. consumers pay attention to data breaches? (IIROC) introduced “Cybersecu- Enough to consider a company’s record before choosing to rity Best Practices Guide” as a liv- Jgive it their personal information, a recent survey reveals. ing document that can be updated Law firm Morrison & Foerster released “Morrison & Foerster to include the latest practices on Insights: Consumer Outlook on Privacy,” which asked consumers governance and risk management, about their attitudes on privacy and data breaches. According to the network security, and more. The findings, more than one-in-three U.S. consumers (35%) have made 53-page guide also features a cy- a decision whether to purchase a product from a company because bersecurity incident checklist and of privacy concerns during the past 12 months. In addition, of those a sample vendor assessment, ac- consumers that identified themselves as “concerned” about privacy, cording to Legaltech News.