Anonos’ Webinar Series for International Data Privacy Professionals Confirms Pressing Industry Challenges and Growing Interest in Statutory Pseudonymization
Sessions discussed data breaches, lawful secondary processing and data transfers, and cloud use, including how to mitigate risk, exposure and loss in these use cases
NEW YORK CITY and BRUSSELS – November 29, 2022
– Anonos, global data privacy and security innovator, recently sponsored three webinars with the International Association of Privacy Professionals (IAPP). A panel of International legal experts shared their perspectives on each webinar topic and explained how Statutory Pseudonymization, as embodied in Anonos’ Variant Twins®, is available as a technical and supplementary measure to mitigate risk, exposure and loss in each instance to enable:
- Breach-resistant data processing
- Lawful basis for secondary data processing and international data transfers
- Defensible data supply chain sharing and processing
Strong attendance and the results of the associated polls for each session confirm how relevant the topics are to privacy professionals and their internal and external clients,” according to Gary LaFever, Co-CEO and General Counsel for Anonos and the IAPP webinar series’ moderator. “We know the data industry faces a lot of drama, so we wanted to dig into some of the most significant contributors to the friction, uncertainty and misunderstanding.”
Following are the poll results, as indicated by participants in each session, as well as key highlights from each webinar.
Managing Data Breach Liability & Exposure
43% have suffered an external data breach
62% have experienced an internal data breach
Operating the U.S. Cloud Under Schrems II
80% rated software-as-a-service as the most important cloud-enabled capability for their organizations
86% believe the proposed EU-US Data Privacy Framework will fail to withstand judicial scrutiny and not be sustainable because it fails to address Schrems II requirements for supplemental technical measures
- Reduces organizations’ obligations under the GDPR, as far as notification to data subjects and regulators.
- Protects data, rendering it useless to any attacker in the event that a breach occurs.
- Allows organizations to obtain more comprehensive cybersecurity insurance.
- Enables compliance with minimization and purpose limitation.
- Facilitates secondary uses of data.
Preventing Data Supply Chain Issues Under the U.S. CLOUD Act and EU Law
100% said sharing and processing data with other legal entities and third parties is necessary for their organizations
97% indicated that the potential liability from data supply chain partners failing to protect data when in use is an issue for them
91% said they either (i) realize their organization should use Statutory Pseudonymization because of the benefits it provides or (ii) they would like to learn more about Statutory Pseudonymization
- Organizations are protecting data at rest and in transit with encryption and access controls, but often no controls are used to protect the data when it is being processed in cleartext. Numerous data breaches and enforcement actions highlight this issue.
- Technical controls that protect data in use are important for protecting against breach and making desired processing in U.S. operated clouds lawful.
- EU and US laws are often in conflict. Technical controls can help to bridge conflict-of-laws issues.
- The Schrems II ruling has sparked new interest in the CLOUD Act, and the interplay between US cloud companies, other US companies, and EU data subject rights.
- Technical measures can protect against CLOUD Act requests and help reconcile Schrems II issues with EU data subject data.
- Statutory Pseudonymization is one way for organizations, governments, and companies to process data in a way that is predictable and lawful to enable data-driven insights.
- The use of the U.S. cloud as part of organizational data supply chains is critical, and needs to continue for both operational and business reasons.
- Joint and several liability and the shared responsibility model apply to the use of the cloud, for cloud providers and cloud users. Increasing technical protections such as through the use of Statutory Pseudonymization can reduce the risk of breach and help organizations more easily obtain cybersecurity insurance.
- Schrems II and other guidance does not intend to prohibit the use of the U.S. cloud: instead, compliant use is the intention by leveraging technical controls.
- Access controls and encryption only protect data in transit and in storage, but most data is still processed in cleartext, leaving it vulnerable to breach.
- The U.S. cloud can be used in a compliant manner with appropriate technical and organizational controls.
- Statutory Pseudonymization allows EU-US transfers and compliant processing, including compliant further processing in the cloud for AI, ML and analytics.
You can replay the webinars, access the slides, and download a written summary of the entire series, starting here
Anonos is hosting a new webinar, “The Business Benefits of Data Privacy & Security,” about how the data-driven enterprise can increase data utility across the seven most critical use cases. With the right approach, data privacy and security become business enablers, not blockers. This program takes place on Thursday, December 8, at 10 a.m. EST / 4 p.m. CET, and you can register for it here
Anonos is a global software company that provides the only technology capable of protecting data in use with 100% accuracy, even in untrusted environments, making otherwise restricted assets accessible to expand and expedite data-driven initiatives. Its patented Data Embassy platform transforms source data into Variant Twins: non-identifiable yet 100% accurate data assets for specific use cases. Because multi-level data privacy and security controls are embedded into the data and technologically enforced, Variant Twins can travel anywhere – across departments, outside the enterprise, or around the globe. Therefore, data protection teams and data users can collaborate to advance projects for capturing valuable insights without compromising privacy, security, accuracy or speed. Anonos. Data without the drama.