Hello everyone. It's Chris Stevens again, and I'm the info sec institutes instructor for its Information privacy Central for cybersecurity professionals learning path. Some people refer to me as the privacy gremlin, because if I start talking to you about privacy or data protection after midnight you'll get no sleep. I'm in passionate about this topic. I never thought I'd enjoy topic or career for as much as I did, working for over 35 years as an intelligence officer. But the ability to help organizations, institutions and companies respect the rights and freedoms of individuals while collecting, using, disclosing, retaining their personal information as a rewarding experience for me. In this course we're going to review several laws. We're going to look at global data protection and information privacy laws. In U.S cyber security professionals and others might be asking why, why these laws? And I'll tell you why. Because they have cyber security and information security and other requirements in them. We're told that in many of these laws themselves you have to maintain the technical and organizational security safeguards to make sure that you have end to end security when processing an individual's personal data personal information. However, the term is define jurisdictionally. And so as cybersecurity professionals, we must have some familiarity with these laws because again, the companies, the organizations and institutions that were supporting have to remain compliant with these laws. Otherwise they face deep and ever increasing administrative fines that can impact their profitability and survivability. Now, the course overview. We're going to look at several of these laws around the globe. They're extremely important. We're going to begin with our look with looking at the European Union's general data protection regulation, which is a game changer. The European Union began working on this 15 years prior to its eventual enactment and passage in 2016. It was on May 25 of 2018 that this all important regulation was fully enforced. And we've seen this impact on companies around the globe that are deemed non compliant with this important act, finding themselves fined. And so, we're going to talk about the GDPR and its importance to us. We're also going to look at the United Kingdom's Data Protection Act, amended in 2018 first, enacted in 1998. For those of you that are supporting companies, organizations and institutions that do business with the U K, It's extremely important that you be familiar with this law because again, as we all know, the UK left the European union earlier this year. And so with that move, what that determined was that the question was, would the European Union still view the U.K as being adequate in this data protection practices? So what does it mean when I talk about adequate? The European commission designates companies around the globe as being adequate in their data protection practices. But it goes well beyond just having a data protection law. You also have to have a demonstrated respect for the rule of law, for human rights. You have to have in your court system ability for aggrieved parties to seek redress. You got to have data protection principles. Your law, in short must mirror that of the GDPR. Have similar provisions. And so, the question was when the UK after Brexit left the European union, would it have a different status which has changed the way that European, I mean UK companies could process user subject data. Thankfully, the European Union has granted the UK adequacy status but the verdict is still out because we don't know just how far the UK plans diverge its data protection laws from the other GDPR. I think it's equally important that we look at other laws around the globe, just like Brazil's general data protection law or in Portuguese. And the army didn't pay money for me to learn Portuguese, it's LGPD. Which is an impactful Brazil is the largest country in South America. And so with the passage of this law, we may see the passage of additional laws. We do know that in South America though, that Uruguay and Argentina are two of the countries that are deemed adequate in their data protections by the European Union. I think we also must look at Canada's personal information protection and Electronic Data Act. This law pipeda, I had the opportunity to teach a Privacy Technology course in 2018. I had the ability to work with several privacy professionals from Canada's office of, in front of their information commissioner. And to a person they all viewed pipeda as being one of the weaker laws as it applied to providing individuals with protections from a data protection perspective. The Canadians themselves right now considering a new law again, that will closely align it with the GDPR. But it will also hold if passed, will hold businesses and companies more accountable in their data protection practices. We'll conclude with a review of Japan's Act of the protection of personal information. Japan was one of the more recent countries that was partially designated as adequate by the European Union. So I look forward to talking about these laws with you. I hope that you, your family members and significant others are safe and well and that you enjoy a wonderful year. As always, it's Chris Stevens and it's my pleasure to be your instructor. Take care.
