Complex Made Simple

UAE institute of Judicial Studies focuses on data protection policies in Cloud era

Over 50 legal experts from the Judiciary, Government, Academia and the Telecommunications Regulatory Authority (TRA) attended a recent seminar, organized by the Institute of Judicial Training Studies (ITJS) in collaboration with Microsoft Gulf and Eversheds, an international law firm at the Al Badia Golf Club, Festival City Dubai.

The seminar titled “Legal Directives for data security and storage” saw industry leaders and experts from the data security sector present discussion papers underlining the increasing importance of data protection in the world today.

The seminar, spearheaded under the auspices of HE Sultan Bin Said Elbadi, Minister of Justice and in the presence of Dr Mohammed Mahmoud Al Khamali, the Director General of the Institute of Judicial Training and Studies (ITJS), focused on the importance of security and data privacy in the current evolution of ICT models, namely cloud computing and recognized the need for new standards for data protection.

Dr. Mohammed Mahmoud Al Kamal, Director General of ITJS, said: “In providing new and differentiated services to citizens through cloud computing technology, there is a need for new legislations to guarantee data security and protection. Therefore the Institute found it necessary to organize this seminar which focused on explaining the laws and standards applicable internationally in this field and what UAE can learn from them.”

Microsoft raised awareness about the new standard, ISO 27018 that will help strengthen data privacy by adding key controls for sensitive customer information stored in the cloud. Published in July 2014 by the International Organization for Standardization, ISO 27018 sets forth guidelines for cloud service providers concerning Personally Identifiable Information (“PII”).

“As Microsoft cloud services continue to fuel business and economic transformation in the region, Microsoft is committed to providing training and solutions around proper handling of sensitive data. This training was essential in raising awareness about the real threat of data security breach and the need for necessary measures,” said Dr. Ashraf H. Abdelwahab, Corporate Affairs Manager at Microsoft Gulf and Egypt.

“The ISO 27018 formulated with the contribution of various Data Protection Authorities (DPAs), companies, and ICT experts is a standard that brings a degree of uniformity to the industry, and adds needed protections to improve PII security and compliance in an increasingly cloud-based information environment,” he added

The seminar also addressed the status of data protection regulations in the legal system in UAE as well as global level by Mr. Nasser Ali Khasawneh, Regional Managing Partner of Eversheds, a leading global law firm.

The participants were also introduced to the current draft law on data protection through a presentation made by Hameed Hamdan Elghafery, Head of Legal Department at the Telecommunications Regulatory Authority (TRA) that addressed the establishment of a DPA and different aspects of data protection.

In conclusion, the attendees acknowledged the need for data classification as a key requirement for the successful implementation of a national cloud (a hybrid of private and public cloud) which should be considered in the framework of the proposed data protection law. They also called for the adoption of an international standard to facilitate the operations of cloud service providers and provide a common platform for comparisons. Finally, the audience agreed on the need to have a consultation session around the proposed new law whenever the final draft is ready.