Cyber Security Industry Alliance Newsletter •  Volume 3, Number 12  • November 2007

RSA Conference Europe 2007

Keynote Panel on Data Security and Breach Notification Requirements
Marika Konings takes a question for the panel at RSA Conference Europe 2007

The RSA Conference Europe 2007 kicked off on Monday 22 October in London with a keynote presentation by Art Coviello, Executive Vice President, EMC and President, RSA, The Security Division of EMC and a panel discussion on the pros and cons of Data Security and Breach Notification obligations.

Led by CSIA's Director European Affairs Marika Konings, the panel reviewed the current state of data security legislation and breach notification requirements in Europe as well as the United States.

The panelists included Christopher Kuner, Partner and Head, International Privacy and Information Management Practice, Hunton & Williams; Dr. James Lewis, Director and Senior Fellow, Technology and Public Policy Program, Center for Strategic and International Studies; Marc Rotenberg, Executive Director, EPIC; and David Smith, Deputy Information Commissioner, UK Information Commissioner's Office.

The panelists' wide range of knowledge and experience ensured a lively debate that touched upon a range of issues such as vendor responsibility, the role of the consumer, government accountability and new legislative developments.

CSIA Panelists at RSA Conference Europe 2007. From left to right: Marika Konings, Christopher Kuner, Marc Rotenberg, David Smith and James Lewis 


One of the more hotly debated issues was the question of privacy. Has the role of privacy changed with the advent of new technologies? Should people just accept that there is less privacy these days? There was no clear agreement on this question.

Another important topic of discussion was what the question of the role of breach notification requirements. Should the emphasis be on punishing those responsible for data loss, provide an incentive for businesses to take security more seriously, or to warn consumers of loss of their sensitive personal data? Is it a combination of all the above?

All in all, the issue of data security and breach notification requirements provided for plenty of food for thought. The debate begun in the keynote session continued into the evening of the first day of the conference.

For more information on this session as well as the rest of the conference, please visit the RSA Conference Europe 2007 and listen to the conference podcasts: