As a new era of privacy regulations approaches, security and compliance professionals need to make GDPR a top priority. It is essential to build a roadmap with both privacy and security in mind. In this session, we’ll discuss the importance of privacy management within the context of your existing security and compliance ecosystem –– how it fits into the larger puzzle, why it has been precariously overlooked in the past, and how it can be seamlessly integrated as a function among the information security, information technology, risk management, audit and compliance, as well as legal areas in your organization. We’ll address the importance of demonstrating on-going compliance with privacy regulations like GDPR, and how privacy management software can support security and GRC teams.
• Understand the requirements and importance of GDPR for privacy and security teams
• Learn how privacy management tools fit into an overall security ecosystem
• How to demonstrate ongoing compliance with GDPR and other regulations
Federated Identity Management (FIM), while solving important scalability, security and privacy problems of remote entity authentication, introduces new privacy risks. By virtue of sharing identities with many systems, the improved data quality of subjects may increase the possibilities of linking private data sets; moreover, new opportunities for user profiling are being introduced. However, FIM models to mitigate these risks have been proposed. In this presentation we elaborate privacy by design requirements for this class of systems, transpose them into specific architectural requirements, and evaluate a number of FIM models with respect to these requirements.
In the face of not just GDPR, but many nations' new mandates for consumer data rights, organizations with a variety of business models face what may be their most serious dilemma of the information age: how can we deal in personal data safely? Proponents of the User-Managed Access vision would say the only way is to offer individuals "context, control, choice, and respect". This session will explore new UMA work that maps the flow of on-the-wire technical artifacts to legal devices such as contracts and licenses, designed to allow provable end-to-end control by data subjects of access rights to personal digital assets.