The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/80353
Continuous Validation and Response Even with the most robust policies, processes and systems, continuous vigilance is required to validate that selected controls are effective. Organizations should: • Monitor changes to the regulatory and security landscape as they rapidly advance, generating new requirements and vulnerabilities. Leverage the ISO 27001 framework for information security management. This ensures continuous improvements to a validated data protection and risk mitigation strategy. • Develop a strong incident-handling and remediation program to rapidly reconcile identified challenges in compliance or technical security controls. • Ensure that your incident-handling program can manage a breach of data that has cross-border or interjurisdictional ramifications. Get Ready Although much discussion has occurred around the creation of international standards for data security and privacy controls, a true international set of standards has not yet been developed. Until then, meaningful protections for data — both domestic and international — will remain an issue for organizations of all kinds. Companies conducting business internationally, contracting with international vendors or hosting data with international data center providers must develop effective strategies to meet their current and future obligations related to international data transfer and data security best practices. Individuals, governments and business all have a stake in data security, whether they're directly involved or not. Staying up to date on best practices, implementing an information governance program, identifying effective mitigation techniques and continuous validation, combined with strong incident response, will enable organizations to meet the challenges presented by cross-border data transfers and security. Selected examples of information privacy legislation, by region: United States • Health Insurance Portability and Accountability Act • Fair Credit Reporting Act • Electronic Communications Privacy Act • International Traffic in Arms Regulations Canada • Personal Information Protection and Electronic Documents Act Europe • European Court of Human Rights, Article 8 • Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data • EU Data Protection Directive (Directive 95/46/EC) United Kingdom • Data Protection Act 1998, as amended France • Law 2004-801 of 6 August 2004 modifying law 78-17 of 6 January 1978 relating to the Protection of Data Subjects as Regards the Processing of Personal Data Germany • Federal Data Protection Act, as amended Switzerland • The Swiss Federal Data Protection Act • The Swiss Federal Data Protection Ordinance Daniel Charboneau is responsible for the information security program at Epiq Systems, Inc. He has over 10 years of experience in information security and information technology. His specialties include network theory and architecture, emerging technologies, complex adaptive systems, compliance, auditing and security policy. Daniel can be reached at dcharboneau@epiqsystems.com. George Tsounis is the Senior Vice President of Information Technology and Development at Epiq Systems, Inc. He is responsible for leading Epiq's technology organization, which includes oversight of the worldwide data centers that support Epiq's global e-discovery business. George has been in the information technology field for over 20 years. He can be contacted at gtsounis@epiqsystems.com. 80 Peer to Peer