What Do I Need to Know About Cyber Frameworks, Standards, and Laws?

Cyber Insurance ◽

Complex Landscape ◽

General Data ◽

Cyber Risk ◽

Watch List

The question “What do I need to know about cyber frameworks, standards, and laws?” distills the complex landscape of cyber risk laws, requirements, and standards. The chapter begins with a case study on Nielsen Holdings’ legal and business trouble with the European General Data Protection Regulation (GDPR). It distinguishes compliance from security—explaining how readers can achieve both—and clarifies the dynamic, complex legal landscape in a world of ever-evolving cyber risk. It reviews legislation relating to cyber risk including the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-Leach-Bliley Act (GBLA), the Federal Information Security Management Act (FISMA), and GDPR. The chapter describes the importance of adopting the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework, creating a cyber policy/act/law/regulation “watch list” and purchasing cyber insurance. At the chapter’s end Falco shares Embedded Endurance strategy insight from his experience leading a team developing a cyber standard of care.

Regulatory Challenges of Data Mining Practices: The Case of the Never-ending Lifecycles of ‘Health Data’

European Journal of Health Law ◽

10.1163/15718093-12520368 ◽

2018 ◽

Vol 25 (3) ◽

pp. 284-307

Author(s):

Giovanni Comandè ◽

Giulia Schneider

Keyword(s):

Data Mining ◽

Data Protection ◽

Personal Data ◽

Health Data ◽

General Level ◽

The Face ◽

General Data ◽

Level Of Analysis

Abstract Health data are the most special of the ‘special categories’ of data under Art. 9 of the General Data Protection Regulation (GDPR). The same Art. 9 GDPR prohibits, with broad exceptions, the processing of ‘data concerning health’. Our thesis is that, through data mining technologies, health data have progressively undergone a process of distancing from the healthcare sphere as far as the generation, the processing and the uses are concerned. The case study aims thus to test the endurance of the ‘special category’ of health data in the face of data mining technologies and the never-ending lifecycles of health data they feed. At a more general level of analysis, the case of health data shows that data mining techniques challenge core data protection notions, such as the distinction between sensitive and non-sensitive personal data, requiring a shift in terms of systemic perspectives that the GDPR only partly addresses.

The cyber-insurance market in Norway

Information and Computer Security ◽

10.1108/ics-01-2019-0012 ◽

2019 ◽

Vol 28 (1) ◽

pp. 54-67 ◽

Cited By ~ 1

Author(s):

Hayretdin Bahşi ◽

Ulrik Franke ◽

Even Langfeldt Friberg

Keyword(s):

Insurance Market ◽

Insurance Companies ◽

Supply Side ◽

Insurance Company ◽

Marine Insurance ◽

Structured Interviews ◽

Content Type ◽

Cyber Insurance ◽

Purpose This paper aims to describe the cyber-insurance market in Norway but offers conclusions that are interesting to a wider audience. Design/methodology/approach The study is based on semi-structured interviews with supply-side actors: six general insurance companies, one marine insurance company and two insurance intermediaries. Findings The Norwegian cyber-insurance market supply-side has grown significantly in the past two years. The General Data Protection Regulation (GDPR) is found to have had a modest effect on the market so far but has been used by the supply-side as an icebreaker to discuss cyber-insurance with customers. The NIS Directive has had little or no impact on the Norwegian cyber-insurance market until now. Informants also indicate that Norway is still the least mature of the four Nordic markets. Practical implications Some policy lessons for different stakeholders are identified. Originality/value Empirical investigation of cyber-insurance is still rare, and the paper offers original insights on market composition and actor motivations, ambiguity of coverage, the NIS Directive and GDPR.

USE OF PASSENGER LOCATION CARDS IN THE ERA OF THE COVID-19 PANDEMIC, AND THE PROCESSING OF PERSONAL DATA OF AIR PASSENGERS

Folia Turistica ◽

10.5604/01.3001.0015.6316 ◽

2021 ◽

Vol 57 ◽

pp. 2-2

Author(s):

Katarzyna Biczysko-Pudełko

Keyword(s):

Personal Data ◽

The State ◽

The Public ◽

General Data ◽

The Subject ◽

The Republic ◽

Questionnaire Method ◽

General Regulation

Purpose. The aim of the article is to analyse the processing of personal data of air passengers during the SARS-CoV-2 pandemic in the context of doubts that have arisen in connection with the need for these passengers to provide their personal data as part of filling out the Passenger Location Card questionnaire. Method. The research method used in this study is case study. Findings. In the study, it was showed that firstly, the data of air passengers processed in relation to the application of the Passenger Location Card by the State Border Sanitary Inspectorate in Warsaw should be protected under the provisions of the General Regulation on the protection of personal data. Furthermore, their controller, i.e. the State Border Sanitary Inspectorate in Warsaw, did not fulfil its obligations in this regard. This, in effect, justifies the conclusion that the processing process not in accordance with the law on the protection of personal data. Research and conclusions limitations. The analysis concerned only passengers of aircrafts arriving and/or departing from airports located on the territory of the Republic of Poland. Practical implications. The analysis carried out in this study may provide a solution to the issues that have arisen in the public sector with regard to the processing of personal data collected from air passengers on the basis of the Passenger Location Card questionnaire and thus, the conclusions may prove useful for data controllers who should be aware of such problems, but also for air travellers as data subjects who should be protected by the General Data Protection Regulation and their rights in this regard. Originality. This analysis, if only for the reason that it is an analysis of a problem that has come to light relatively recently (March 2020), has so far, only been the subject of consideration in press articles.

(Smart) Citizens from Data Providers to Decision-Makers? The Case Study of Barcelona

Sustainability ◽

10.3390/su10093252 ◽

2018 ◽

Vol 10 (9) ◽

pp. 3252 ◽

Cited By ~ 31

Author(s):

Igor Calzada

Keyword(s):

Smart City ◽

Decision Makers ◽

The European Union ◽

New Paradigm ◽

Key Stakeholders ◽

General Data ◽

Digital Plan

Against the backdrop of the General Data Protection Regulation (GDPR) taking effect in the European Union (EU), a debate emerged about the role of citizens and their relationship with data. European city authorities claim that (smart) citizens are as important to a successful smart city program as data and technology are, and that those citizens must be convinced of the benefits and security of such initiatives. This paper examines how the city of Barcelona is marking a transition from the conventional, hegemonic smart city approach to a new paradigm—the experimental city. Through (i) a literature review, (ii) carrying out twenty in-depth interviews with key stakeholders, and (iii) actively participating in three symposiums in Barcelona from September 2017 to March 2018, this paper elucidates how (smart) citizens are increasingly considered decision-makers rather than data providers. This paper considers (i) the implications of the technopolitics of data ownership and, as a result, (ii) the ongoing implementation of the Digital Plan 2017–2020, its three experimental strategies, and the related seven strategic initiatives. This paper concludes that, from the policy perspective, smartness may not be appealing in Barcelona, although the experimental approach has yet to be entirely established as a paradigm.

Data Mining and Knowledge Discovery. Preliminaries for a Critical Examination of the Data Driven Society

Global Jurist ◽

10.1515/gj-2019-0016 ◽

2019 ◽

Vol 20 (1) ◽

Author(s):

Claudio Sarra

Keyword(s):

Data Mining ◽

Decision Making ◽

Data Driven ◽

Critical Examination ◽

New Knowledge ◽

Decision Making Processes ◽

General Data ◽

Use Of Knowledge

Abstract Data Mining (DM) is the analytical activity aimed at revealing new “knowledge” from data useful for further decision-making processes. These techniques have recently acquired enormous importance as they seem to fit perfectly the requests of the so called “Data Driven World”. In this paper, first I give an overview of DM, and of the most relevant criticisms raised so far. Then using a well-known case study and the European General Data Protection Regulation as benchmark, I show that there are some specific ambiguities in this use of “knowledge” which are relevant for the ethical and legal assessment of DM.

Regulating the European Data-Driven Economy. A Case Study on the General Data Protection Regulation

10.31235/osf.io/a6m8r ◽

2020 ◽

Author(s):

Moritz Laurer ◽

Timo Seidl

Keyword(s):

Data Protection ◽

Personal Data ◽

Policy Formulation ◽

Data Driven ◽

The Political ◽

General Data ◽

Institutional Legacies ◽

The Eu

In recent years, data have become part and parcel of contemporary capitalism. This created tensions between the growing demand for personal data and the fundamental right to data protection. Against this background, the EU’s adoption of the general data protection regulation (GDPR) poses a puzzle. Why did the EU adopt a regulation that strengthens data protection despite intensive lobbying by powerful business groups? We make two arguments to explain this outcome. First, we use process tracing to show how institutional legacies triggered and structured the policy-formulation process by strengthening the position of data protection advocates within the Commission. Second, we use discourse network analysis to show that the Snowden revelations fundamentally changed the discursive and coalitional dynamics during the decision-making stage, ‘saving’ the GDPR from being watered down. Our paper contributes to the literature on the political economy of data protection while also offering a comprehensive explanationof the GDPR.

Regulating the European Data‐Driven Economy: A Case Study on the General Data Protection Regulation

Policy & Internet ◽

10.1002/poi3.246 ◽

2020 ◽

Author(s):

Moritz Laurer ◽

Timo Seidl

Keyword(s):

Data Protection ◽

Data Driven ◽

European Data ◽

A Study on the Information Security Management Index through Analysis of EU-GDPR(European Union-General Data Protection Regulation)

Asia-pacific Journal of Law Politics and Administration ◽

10.21742/ajlpa.2018.2.2.03 ◽

2018 ◽

Vol 2 (2) ◽

pp. 13-32

Keyword(s):

European Union ◽

Information Security ◽

Data Protection ◽

Security Management ◽

Information Security Management ◽

How Do I Embed Cyber Risk Management in All Aspects of the Organization?

10.1093/oso/9780197526545.003.0008 ◽

2021 ◽

pp. 160-172

Author(s):

Gregory Falco ◽

Eric Rosenbach

Keyword(s):

Risk Management ◽

Real World ◽

Mitigation Measures ◽

Critical Systems ◽

The Real ◽

Cyber Insurance ◽

Risk Framework ◽

Strategic Goals ◽

Cyber Risk

The question “How do I embed cyber risk management in all aspects of the organization?” addresses how to adopt an Embedded Endurance cyber risk strategy in your day-to-day work as a cyber leader. The chapter begins with a case study about the NotPetya cyberattack, which highlights ongoing challenges in cyber insurance and illuminates the need for embedding cyber mitigation measures across all prioritized critical systems, networks, and data. The chapter describes how to develop an Embedded Endurance cyber risk strategy that is customized for your organization. This chapter walks readers through the key elements of a cyber strategy, from start to finish. This includes defining a risk framework, setting strategic goals, identifying metrics, and establishing strong leadership. The chapter concludes with experiences highlighting the real-world importance of an Embedded Endurance cyber risk strategy from Rosenbach and Falco.

Differences Between Europe and the United States on AI/Digital Policy: Comment Response to Roundtable Discussion on AI

Gender and the Genome ◽

10.1177/2470289720907103 ◽

2020 ◽

Vol 4 ◽

pp. 247028972090710

Author(s):

Pierre-Antoine Gourraud ◽

Francoise Simon

Keyword(s):

United States ◽

European Union ◽

Health Insurance ◽

The United States ◽

Health Data ◽

Roundtable Discussion ◽

Medical Decisions ◽

Individual Health ◽

For AI policy, there are significant differences between Europe and the United States. The General Data Protection Regulation, which applies not only to European Union companies but also to all American companies with European customers, is more protective than health insurance portability and accountability act for individual health data. Its Article 22 stipulates that citizens cannot be submitted to medical decisions generated by an automated source.