[IUCC-GDPR] Sending incident reports from Europe to Rest of World
Roy Shapira
roys at savion.huji.ac.il
Sat Feb 24 21:15:13 IST 2018
Fascinating
בברכה,
[cid:image001.jpg at 01D3384B.9D964510]
רועי שפירא | CISO
מנהל אבטחת מידע
הרשות למחשוב, תקשורת ומידע
האוניברסיטה העברית בירושלים
T +972-2-549-4969 | M +972-50-699-2414
roy.shapira at savion.huji.ac.il<mailto:roy.shapira at savion.huji.ac.il>
“There are known knowns; … there are known unknowns… But there are also unknown unknowns<https://www.youtube.com/watch?v=GiPe1OiKQuk>… it is the latter category that tend to be the difficult ones.”
Donald Rumsfeld, 12 February 2002.
From: gdpr-bounces at noc.ilan.net.il [mailto:gdpr-bounces at noc.ilan.net.il] On Behalf Of Hank Nussbacher
Sent: Saturday, February 24, 2018 20:54
To: GDPR <gdpr at iucc.ac.il>
Subject: [IUCC-GDPR] Sending incident reports from Europe to Rest of World
Being forwarded from another list…
There's always been a slightly grey area about sending incident reports from
Europe to the rest of the world. Those reports contain IP and e-mail
addresses - generally considered personal data - so do they need to fit into
the legal rules for exporting personal data? And does it help that as we're
generally sending data back to where it came from?
Fortunately the Article 29 Working Party of European Data Protection
Regulators has now published draft guidance on exports that seems to be
aware, and supportive, of the practice. Though I suspect they don't realise
how often we need to do it...
Full details:
https://community.jisc.ac.uk/blogs/regulatory-developments/article/gdpr-send
ing-incident-reports-overseas
One-line summary (not legal advice!): keep on doing it - good CSIRT practice
should be fine.
Cheers
Andrew
--
Andrew Cormack
Chief Regulatory Adviser
T 01235 822302
Skype ancormack
Twitter @JanetLegReg
Blog https://community.jisc.ac.uk/blogs/regulatory-developments
Orcid.org/0000-0002-8448-2881
Lumen House, Library Avenue, Harwell Oxford, Didcot OX11 0SG
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://noc.ilan.net.il/pipermail/gdpr/attachments/20180224/930bf39a/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 2242 bytes
Desc: image002.jpg
URL: <http://noc.ilan.net.il/pipermail/gdpr/attachments/20180224/930bf39a/attachment-0001.jpg>
More information about the GDPR
mailing list