Page 37 - index
P. 37
LEGISLATION
Field Fisher Waterhouse highlights in addition that un- The technology should facilitate the sharing of
controlled collaborative working and information sharing files in their native file format, which removes
generally poses a variety of non-legal risks as well and the risk of integrity loss in format conversion.
hands out good advices:
The technology should allow for the creation of
Identify incidents of collaborative working and individual “work streams”, to help implement
information sharing in the workplace, the purpos- information barriers and support access rights and
es for which the collaboration and sharing takes privileges.
place, and the tools that are used.
Look for innovative uses of DRM and encryp-
Carry out a risk assessment to measure the na- tion, especially in the area of “tethering”, so that
ture and likelihood of harm that could be caused to access rights and privileges can be time limited and
data and to third parties through the collaboration removed, even after information has been shared.
and sharing, including potential legal consequences.
Isolate high risk use cases and processes.
The technology should maintain encryption of
data at rest, with high levels of transport encryp-
Take decisions on improvements and changes.
tion, ideally with individual encryption keys for indi-
vidual files.
Record your key positions in a written “system”
of operational rules, then embed them into the Regarding technology vendors, Field Fisher Water-
organization through training and raising awareness. house recommends to look for ones:
If you plan to use a third party service provider to With pedigree, track record and industry experi-
support your system, carry out appropriate due dili- ence, with key industry accreditations and ref-
gence and put in place an appropriate written con- erences.
tract.
Which provide support to external parties, not
The legal expert gives even more recommendations re- just paying customers, as this will remove some of
garding your technology strategy, pointing out:
the operational load of successful and safe collabo-
rative working and information sharing between
The use that is made of the technology must be your organization, its extended supply chain and
fully auditable, so as to enable the organization to other third parties.
know who accessed data, when they need it and
what they did with it. That are willing to give their customers access
to their premises for security auditing purpos-
Look for technology that requires a minimal es. This kind of access will help you satisfy your
amount of behavioral change within the work- due diligence obligations as they apply to your ser-
place; it should be simple and easy to use and fit vice providers.
for purpose – remember that part of the reason why
people “self-procure” is because what is provided for
them isn’t what they want or need! And last but not least it’s important to remember that
the functionality must be about more than just sharing,
The technology should enable the user to easily since it is “safe, secure, controlled and auditable shar-
apply readily understandable levels of security ing” that the law seeks! ◊
to files based on how sensitive they are, and should
include fine-grained, customizable access rights and Source: Field Fisher Waterhouse
privileges.
MediaBUZZ Pte Ltd - Independant ePublisher for Asia
Field Fisher Waterhouse highlights in addition that un- The technology should facilitate the sharing of
controlled collaborative working and information sharing files in their native file format, which removes
generally poses a variety of non-legal risks as well and the risk of integrity loss in format conversion.
hands out good advices:
The technology should allow for the creation of
Identify incidents of collaborative working and individual “work streams”, to help implement
information sharing in the workplace, the purpos- information barriers and support access rights and
es for which the collaboration and sharing takes privileges.
place, and the tools that are used.
Look for innovative uses of DRM and encryp-
Carry out a risk assessment to measure the na- tion, especially in the area of “tethering”, so that
ture and likelihood of harm that could be caused to access rights and privileges can be time limited and
data and to third parties through the collaboration removed, even after information has been shared.
and sharing, including potential legal consequences.
Isolate high risk use cases and processes.
The technology should maintain encryption of
data at rest, with high levels of transport encryp-
Take decisions on improvements and changes.
tion, ideally with individual encryption keys for indi-
vidual files.
Record your key positions in a written “system”
of operational rules, then embed them into the Regarding technology vendors, Field Fisher Water-
organization through training and raising awareness. house recommends to look for ones:
If you plan to use a third party service provider to With pedigree, track record and industry experi-
support your system, carry out appropriate due dili- ence, with key industry accreditations and ref-
gence and put in place an appropriate written con- erences.
tract.
Which provide support to external parties, not
The legal expert gives even more recommendations re- just paying customers, as this will remove some of
garding your technology strategy, pointing out:
the operational load of successful and safe collabo-
rative working and information sharing between
The use that is made of the technology must be your organization, its extended supply chain and
fully auditable, so as to enable the organization to other third parties.
know who accessed data, when they need it and
what they did with it. That are willing to give their customers access
to their premises for security auditing purpos-
Look for technology that requires a minimal es. This kind of access will help you satisfy your
amount of behavioral change within the work- due diligence obligations as they apply to your ser-
place; it should be simple and easy to use and fit vice providers.
for purpose – remember that part of the reason why
people “self-procure” is because what is provided for
them isn’t what they want or need! And last but not least it’s important to remember that
the functionality must be about more than just sharing,
The technology should enable the user to easily since it is “safe, secure, controlled and auditable shar-
apply readily understandable levels of security ing” that the law seeks! ◊
to files based on how sensitive they are, and should
include fine-grained, customizable access rights and Source: Field Fisher Waterhouse
privileges.
MediaBUZZ Pte Ltd - Independant ePublisher for Asia
