Protecting the privacy and security of sensitive customer data in the cloud

The global ubiquity of cloud computing may expose consumers' sensitive personal data to significant privacy and security threats. A critical challenge for the cloud computing industry is to earn consumers' trust by ensuring adequate privacy and security for sensitive consumer data. Regulating consumer privacy and security also challenges government enforcement of data protection laws that were designed with national borders in mind. From an information privacy perspective, this article analyses how well the regulatory frameworks in place in Europe and the United States help protect the privacy and security of sensitive consumer data in the cloud. It makes suggestions for regulatory reform to protect sensitive information in cloud computing environments and to remove regulatory constraints that limit the growth of this vibrant new industry.     

European Court of Justice rules on the protection of databases under the Database Directive (96/9/EC)

The European Court of Justice has ruled on the circumstances in which databases may be protected by the Database Directive. In a decision that renders the protection of databases a narrow concept, the ECJ appears to have introduced a new requirement that a database must comprise its author's “creative ability” in order to qualify for protection as a copyright work.     

Legal grounds to process personal data under Spanish legislation after the ECJ Judgment of 24 November 2011 (the ASNEF and FECEMD case)

Spanish law on personal data protection regulates (among other issues) the legal bases that permit the processing of data in a way that is similar to that set out in Directive 95/46/EC. Consent constitutes the general rule although data may be processed without it if necessary for administration functions, within the framework of a contractual relationship, in order to safeguard the vital interests of the data subject or if they are included in sources accessible to the public. However, unlike the Directive, legitimate interest is not recognised as an independent reason for processing data, whereas a legal ground that is not set out in community law is included, i.e., sources accessible to the public. This paper analyses these two cases, taking as its starting point consent, along with the consequences that the ECJ Judgment of 24 November 2011 regarding the interpretation of Article 7 of Directive 95/46/EC may have and giving attention to the revision of this Directive itself.     

Data protection in Malaysia and Hong Kong: One step forward,two steps back?

Continuing rapid developments in information communication technology has led to an ever increasing amount of personal information being collected, processed, stored and used, without the individual even knowing about it. For countries which have domestic legislation relating to privacy and data protection, it has afforded the opportunity for a review. For others, it has opened up the opportunity to legislate. The aim of the paper is three-fold. First, the paper aims to deal with data protection regime in Malaysia and in Hong Kong by examining the salient features of the newly enacted Malaysia's Personal Data Protection Act 2010 and the recent recommendations for legislative reform to the Personal Data (Privacy) Ordinance in Hong Kong. Second, it considers whether the laws are more concerned with legitimising data protection practices of organizations and businesses rather than the protection of individuals' privacy interests. Finally, the paper briefly considers whether the laws adequately address the impact to individuals' data privacy brought about by technological advancements before providing a conclusion.     

Personal data protection in employment: New legal challenges for Malaysia

The purpose of this article is to discuss and apply data protection principles in the context of employment. The Personal Data Protection Act (PDPA), passed by the Malaysian Parliament in 2010, has affected many aspects of life in Malaysia, including employment. Storage of data by employers is rampant. Management, as the data user, is duty bound to safeguard the employees' data according to the PDPA. Likewise, the employees, as data subjects, enjoy some rights under the PDPA. The author also examines issues of privacy law: whether such law exists in Malaysia and, if so, whether it can be reconciled with the PDPA's principles. The author adopts legal methodology anchored in exploratory analysis, with the legislative text as the main reference point.     

Small is Beautiful: The Counterterrorism Option in Afghanistan

Strategy is matching means and ends. If the ends desired in Afghanistan are about al Qaeda, the counterterrorism option is the best fit in terms of means. It is sustainable, always crucial in prolonged conflict, as it limits the expenditure of U.S. blood and treasure. This article fills a gap in the existing strategy debate by detailing what a counterterrorism option would be in terms of force structure and operations.     

Lessons from Democratic Transitions: Case Studies from Asia

In an era when democratization is stalled or in retreat in many parts of the world, it is important to highlight the successful democratic experience of East and Southeast Asia in recent decades. Five consolidated democracies have emerged since the mid-1980s; only Thailand has seen some backsliding with the 2006 coup. The Asian cases provide insights into several major debates in the democratization literature, including the relative importance of culture, history, economic structure, and the optimal sequencing of political and economic reform. This article reviews these issues, with particular attention to the role of outside powers in underpinning democratization. Ultimately, the Asian cases offer evidence for optimism about the prospects of a Fourth Wave of democratization.     

The Military and SocietyBeyond the Postmodern Era

The degree to which the international security environment had changed after the Cold War became evident with the attacks on September 11. As a result, military forces in the United States (and perhaps in the West generally) are evolving from their Cold War and immediate post-Cold War perspectives to confront transnational and subnational non-state dangers. These changes have significant implications for military professionalism and the relations between the military and society. They are explored through a modified “Postmodern Military” model, called here the “Hybrid” model.     

Blurring the dimensions of privacy? Law enforcement and trusted traveler programs

Risk has become a ubiquitous tool for security governance. This paper analyzes the ongoing shift in airport/aviation security from rule-based to risk-based screening. Seeking to explore the effects of data based passenger risk assessment on privacy through the collection and processing of personal data, it is argued that risk is likely to enroll passengers into a partly voluntary, partly enforced membership in trusted traveler schemes in order to enhance the database, thus enabling a more precise assessment of risk levels. In a disciplinary spatial setting, the once distinct privacy dimensions of citizen-state and consumer-market become increasingly blurred, as law enforcement authorities seek to exploit data that was originally obtained for commercial purposes to improve risk calculations.