Re: EU's GDPR - is anyone worrying/doing anything?

[Ken Connelly <ken.connelly () UNI EDU>]

Yeah, I'm a consumer on this one, not a provider...

- ken

On 8/21/17 3:31 PM, Joanna Grama wrote:
> Absolutely, Ken.
>
> The call for proposals for the Security Professionals Conference will open in two short weeks.  If your institution 
> has been looking into GDPR and has implemented a GDPR plan or process, your colleagues would LOVE it if you would 
> share your knowledge at the conference.
>
> Information about how to submit a proposal will be posted to this list when the call for proposals opens.
>
> Thanks,
> Joanna
>
>
> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Ken 
> Connelly
> Sent: Monday, August 21, 2017 3:09 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] EU's GDPR - is anyone worrying/doing anything?
>
> Joanna -
>
> Seems as though this would be a worthwhile topic for Security Professionals Conference as well, although next April 
> is clearly too late to begin planning for this.
>
> - ken
>
> On 8/21/17 12:56 PM, Joanna Grama wrote:
> > Hello everyone,
> > I promised to update you all as GDPR materials are published.  Please 
> > note that a Security Matters blog on GDPR was published last week.  
> > You can find that blog here:  
> > http://er.educause.edu/blogs/2017/8/gdpr-a-data-regulation-to-watch
> >
> > For those of you attending the EDUCAUSE Annual Conference, you can 
> > find information on the GDPR session here: 
> > https://events.educause.edu/annual-conference/2017/agenda/the-new-eu-g
> > eneral-data-protection-regulations-what-it-specialists-need-to-know
> > (Session information is in the process of being uploaded; but the 
> > date/time information is correct.)
> >
> > Kind regards,
> > Joanna
> >
> >
> > Joanna Grama, JD, CISSP, CRISC, CIPT
> > Director of Cybersecurity and IT GRC Programs
> >
> > EDUCAUSE
> > Uncommon Thinking for the Common Good
> > 282 Century Place, Suite 5000, Louisville, CO 80027
> > direct: 720.406.6769 | cell: 720.507.5983 | jgrama () educause edu
> >
> >
> > -----Original Message-----
> > From: The EDUCAUSE Security Constituent Group Listserv 
> > [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Joanna Grama
> > Sent: Tuesday, June 06, 2017 8:31 AM
> > To: SECURITY () LISTSERV EDUCAUSE EDU
> > Subject: Re: [SECURITY] EU's GDPR - is anyone worrying/doing anything?
> >
> > Hi Everyone,
> > EDUCAUSE is working to marshal some GDPR resources for IT professionals.  The National Association of College and 
> > University Attorneys (NACUA) will be presenting a panel presentation on GDPR at the EDUCAUSE Annual Conference this 
> > fall. In addition, our policy director, Jarret Cummings, is working with another organization to source some blogs 
> > and other online content about GDPR.  As materials are published, I will be sure to send an alert to this list.
> >
> > Kind regards,
> > Joanna
> >
> >
> > Joanna Grama, JD, CISSP, CRISC, CIPT
> > Director of Cybersecurity and IT GRC Programs
> >
> > EDUCAUSE
> > Uncommon Thinking for the Common Good
> > 282 Century Place, Suite 5000, Louisville, CO 80027
> > direct: 720.406.6769 | cell: 720.507.5983 | jgrama () educause edu
> >
> >
> >
> >
> >
> >
> > -----Original Message-----
> > From: The EDUCAUSE Security Constituent Group Listserv 
> > [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jim Dillon
> > Sent: Monday, June 5, 2017 1:12 PM
> > To: SECURITY () LISTSERV EDUCAUSE EDU
> > Subject: Re: [SECURITY] EU's GDPR - is anyone worrying/doing anything?
> >
> > Laura,
> >
> > No plans (solid/documented/complete) I'm aware of yet, but our compliance audit manager is fairly concerned about 
> > its potential impact and we are gathering opinions and researching the topic.  Her sense is we will need to take 
> > steps to comply.  Not being a legal expert myself I'm always in jurisdictional quandaries about regulations from 
> > other nations and in other states (remember California's privacy rules?) and how those could have tangible impact, 
> > but so far people closer to this issue than I believe it to be real.  Since CU is very heavily reaching out to 
> > international students we may have this problem to a greater degree than others.
> >
> > Sorry nothing specific to report other than it does pay to pay attention here.  I suggest taking this to compliance 
> > and legal folks for interpretation as they will (or should) have a more sound understanding of the implications.  My 
> > impression is that if we advertise and register students in GDPR nations we are definitely accountable for any 
> > actions there, and that given the typical Internet jurisdictional concerns, we probably are here as well.  I don't 
> > have a handle on what that means from an operational standpoint yet but it looks a bit onerous to me at the moment.  
> > Yet another set of demands to add to your favorite cross-walk.
> >
> > Might be a good question for the privacy/policy forums if you don't mind cross-posting a bit.
> >
> > Best regards,
> >
> > Jim Dillon
> >
> > _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Jim Dillon 
> > Director of IT Audit Services, CU Internal Audit
> > 303-735-7028
> >
> > -----Original Message-----
> > From: The EDUCAUSE Security Constituent Group Listserv 
> > [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Laura Raderman
> > Sent: Monday, June 05, 2017 10:48 AM
> > To: SECURITY () LISTSERV EDUCAUSE EDU
> > Subject: [SECURITY] EU's GDPR - is anyone worrying/doing anything?
> >
> > Is there any institution that’s worried about or otherwise doing anything about the GDPR and getting ready for the 
> > May 2018 “deadline”?  If so, would you be willing to give me a quick overview of what you’re including in your plans?
> >
> > Thanks,
> > Laura
> >
> > Laura Raderman
> > ISO Policy & Compliance Coordinator
> > Carnegie Mellon University
> > lraderman () cmu edu
> --
> - Ken
> =================================================================
> Ken Connelly                       Director, Information Security
> Information Security Officer          University of Northern Iowa
> email: Ken.Connelly () uni edu   p: (319) 273-5850 f: (319) 273-7373
>
> Any request to divulge your UNI password via e-mail is fraudulent!

-- 
- Ken
=================================================================
Ken Connelly                       Director, Information Security
Information Security Officer          University of Northern Iowa
email: Ken.Connelly () uni edu   p: (319) 273-5850 f: (319) 273-7373

Any request to divulge your UNI password via e-mail is fraudulent!