In This Issue

• President’s Message
• CSIA Applauds Senate Passage of Cybercrime Bill
• New Information Security Initiatives Launched in October
• U.S. Cyber Security Briefs
• Letter from the Director of European Affairs
• Commission Presents Proposals for EU Telecoms Review
• RSA Conference Europe 2007
• E.U. and Global Cyber Security Briefs
• Cyber Security Corner: Using International Standards in your Compliance Program
• CSIA Congressional Spotlight
  • Senator Patrick Leahy
    
  • A Conversation with Senator Patrick Leahy
    
• U.S. Legislative Update
• CSIA in the News
• Cyber Security Industry Events
• Member List
• Contact Us
• Unsubscribe
  
• Archives
• CSIA Home Page

RSA Conference Europe 2007

Keynote Panel on Data Security and Breach Notification Requirements

The RSA Conference Europe 2007 kicked off on Monday 22 October in London with a keynote presentation by Art Coviello, Executive Vice President, EMC and President, RSA, The Security Division of EMC and a panel discussion on the pros and cons of Data Security and Breach Notification obligations.

Led by CSIA's Director European Affairs Marika Konings, the panel reviewed the current state of data security legislation and breach notification requirements in Europe as well as the United States.

The panelists included Christopher Kuner, Partner and Head, International Privacy and Information Management Practice, Hunton & Williams; Dr. James Lewis, Director and Senior Fellow, Technology and Public Policy Program, Center for Strategic and International Studies; Marc Rotenberg, Executive Director, EPIC; and David Smith, Deputy Information Commissioner, UK Information Commissioner's Office.

The panelists' wide range of knowledge and experience ensured a lively debate that touched upon a range of issues such as vendor responsibility, the role of the consumer, government accountability and new legislative developments.

One of the more hotly debated issues was the question of privacy. Has the role of privacy changed with the advent of new technologies? Should people just accept that there is less privacy these days? There was no clear agreement on this question.

Another important topic of discussion was what the question of the role of breach notification requirements. Should the emphasis be on punishing those responsible for data loss, provide an incentive for businesses to take security more seriously, or to warn consumers of loss of their sensitive personal data? Is it a combination of all the above?

All in all, the issue of data security and breach notification requirements provided for plenty of food for thought. The debate begun in the keynote session continued into the evening of the first day of the conference.

For more information on this session as well as the rest of the conference, please visit the RSA Conference Europe 2007 and listen to the conference podcasts: http://www.rsaconference.com/2007/Europe/Agenda_and_Content/Conference_Podcasts.aspx