Data Protection & Cyber Security Law Update 1 st October 2015

Size: px
Start display at page:

Download "Data Protection & Cyber Security Law Update 1 st October 2015"

Transcription

1 Data Protection & Cyber Security Law Update 1 st October 2015 Robert Bond, Partner Janine Regan, Associate Viktoria Protokova, Data Protection Executive charlesrussellspeechlys.com

2 Brief introduction to Charles Russell Speechlys Leading law firm based in London with regional offices within the UK and international offices in Bahrain, Qatar, Geneva, Zurich, Luxembourg and Paris with a strong focus on the Technology, Media and Telecoms ( TMT ) Financial, Retail & Leisure and Life Science sectors. Recognised for our Data experience and advisory services in the latest legal directories Chambers UK and Legal 500 amongst others. Our clients range from large listed businesses, to small start-ups, governments, not-for-profit organisations and private individuals. We have specialised in data privacy and information security for 36 years. Our Data Protection & Information Law team provide a range of expertise on data privacy audit, compliance, risk management, information security and data breaches What I liked was the fact that the team was very willing for us to see itself as an extension of our existing in-house team. I like the way it integrated members sat alongside and guided us. That was what impressed. 2

3 Robert Bond Partner Robert Bond has over 36 years' experience in advising national and international clients on all of their commercial IP, technology and data protection requirements. He also provides international notarial services and compliance advice. He is a legal expert and author in the fields of e-commerce, computer games, media and publishing, data protection, information security and cyber risks. He is named in the National Law Journal's list of 50 Governance Risk & Compliance Trailblazers, listed in the top 10 in the Who s Who of Information Technology Lawyers 2014 and also in "Best Lawyers in UK "He continues to impress year on year. His spark of imagination and ability to grasp the technology is amazing." Tel: +44 (0) robert.bond@crsblaw.com Chambers UK,

4 Janine Regan Solicitor Janine has extensive experience advising on and managing global data protection compliance for multinationals in sectors such as financial services, pharmaceutical, technology, marketing and advertising, media and construction. She frequently advises on: notifications/approvals with relevant data protection authorities, drafting and negotiating data protection provisions in outsourcing and data sharing agreements, whistle blower hotlines, trans border data flows, privacy impact assessments, data breaches and subject access requests. She also provides tailored data protection training for clients. Recently, Janine has provided privacy advice on new technologies such as telemetry, wearable devices and big data. Tel: +44 (0) October

5 Viktoria Protokova Data Protection Executive Photo Placeholder Tel: +44 (0) Viktoria has experience in advising on and delivering data privacy and information security compliant solutions for clients in a variety of sectors. She frequently advises on registrations with the local data protection authorities, contractual data controller, processor obligations, data breach notifications and data protection and information security requirements for systems, processes and procedures. Before joining Charles Russell Speechlys, Viktoria was part of the core team that implemented the Global Privacy practises in one of the world s largest multinationals in the consumer goods sector. Viktoria speaks five languages (English, Russian, Spanish, Polish and Lithuanian) and is also certified Privacy Professional for Europe (CIPP/E) and US (CIPP/US). 05 October

6 TOPICS Is Safe Harbor a safe bet any more? Beware asset sales with personal data - no consent may mean no sale Global review of child focused websites Wyndham case confirms data security is a default not an option EDPS Opinion 4/2015 "Towards a new digital ethics Changes to Japanese Data Protection Law Update to South Korean Law 6

7 1. Is Safe Harbor a safe bet anymore?

8 Is Safe Harbor a safe bet anymore? Advocate General s Opinion in Case C-362/14: Maximillian Schrems v Data Protection Commissioner Background Data Protection Directive 95/46/EC (the Directive) provides that personal data may only be transferred outside of the European Economic Area if that third country provides an adequate level of protection The Directive also provides that the Commission may find that a third country ensures an adequate level of protection If the Commission adopts a decision to that effect, the transfers of personal data will be lawful Commission Decision 2000/520/EC of 26 July 2000 effected the Safe Harbor scheme 05 October

9 Is Safe Harbor a safe bet anymore? Advocate General s Opinion in Case C-362/14: Maximillian Schrems v Data Protection Commissioner Background Complaint Facebook Ireland EU subscribers personal data Facebook US (Safe Harbor) 05 October

10 Is Safe Harbor a safe bet anymore? Advocate General s Opinion in Case C-362/14: Maximillian Schrems v Data Protection Commissioner What has happened? 05 October

11 Is Safe Harbor a safe bet anymore? Advocate General s Opinion in Case C-362/14: Maximillian Schrems v Data Protection Commissioner Given such a finding of infringements of the fundamental rights of citizens of the Union the Commission ought to have suspended the application of the decision, even though it is currently conducting negotiations with the United States in order to put an end to the shortcomings found The Advocate General indeed observes, that, if the Commission decided to enter into negotiations with the United States, that is because it considered beforehand that the level of protection ensured by that third country, under the safe harbor scheme, was no longer adequate and that the decision adopted in 2000 was no longer adapted to the reality of the situation 05 October

12 Is Safe Harbor a safe bet anymore? Advocate General s Opinion in Case C-362/14: Maximillian Schrems v Data Protection Commissioner What next and what does this mean? The judges are deliberating and a judgement will be given on 6 October DPAs may enforce Safe Harbor differently Companies may need to re-think their internal and external mechanisms for data transfers Binding Corporate Rules = more appealing? 05 October

13 2. Beware asset sales

14 Beware Asset Sale! Germany 30 July 2015 Bavarian DPA announced it had fined both seller and purchaser for unlawfully transferring customer data as part of an asset deal The DPA said that the transfer of data during an asset deal without customer consent cannot be justified on the grounds of prevailing company interests; and That a transfer of data is only valid if customer consent has been obtained or if a corresponding opt-out has been provided 05 October

15 3. Global review of child focused website

16 Global review of child focused website Questions raised The Global Privacy Enforcement Network (GPEN) 67% of sites/apps examined collected children s personal information Only 31% of sites/apps had effective controls in place to limit the collection of personal information from children. Half of sites/apps shared personal information with third parties 22% of sites/apps provided an opportunity for children to give their phone number and 23% of sites/apps allowed them to provide photos or video 58% of sites/apps offered children the opportunity to be redirected to a different website Only 24% of sites/apps encouraged parental involvement 71% of sites/apps did not offer an accessible means for deleting account information. 05 October

17 Global review of child focused website Questions raised These are concerning results. The attitude shown by a number of these websites and apps suggested little regard for how anyone s personal information should be handled, let alone that of children. Internationally we saw some websites and apps gathering more information than we felt they needed, and sharing that data with third parties. The most common concern domestically was a lack of information being provided about how their information would be used. We saw generic privacy policies that simply weren t specific enough, and some without any information at all, which isn t good enough. We ll now be writing out to the sites and apps that caused us concern, making clear the changes we expect them to make. We wouldn t rule out enforcement action in this area if required. 05 October

18 4. Wyndham case

19 Wyndham case confirms data security is a default not an option After a series of hacks in 2008 and 2009, FTC investigated Wyndham Worldwide and held it liable to consumers affected by their failure to implement reasonable protections Wyndham brought proceedings against the FTC claiming that they had no authority to enforce against Wyndham In the Third Circuit decision on 24 th August 2015, the federal court reaffirmed the power of FTC to enforce against Wyndham claiming that Wyndham had committed unfair or deceptive acts or practices by failing to implement adequate cybersecurity Wyndham s privacy policy stated that it had suitable security in place. reaffirms the FTC s authority to hold companies accountable for failing to safeguard consumer data. Edith Ramirez, FTC Chair 05 October

20 5. EDPS Opinion 4/2015

21 EDPS Opinion 4/2015 "Towards a new digital ethics EDPS calls for Ethics and Dignity in the processing of personal data Opinion deals with Big Data, IoT and Connected Autonomous Vehicles and Drones Opinion references Art.1, EU Charter of Fundamental Rights Human dignity is inviolable. It must be respected and protected EDPS is setting up an Ethics Advisory Group NB UN Privacy Advisory Group is discussing same topic in The Hague on 24/25 October 2015 before the International Privacy Commissioners Conference in Amsterdam 05 October

22 6. Changes to Japanese Data Protection Law

23 AMENDMENTS TO JAPANESE DATA PROTECTION LAWS Bill to amend the Act on the Protection of Personal Information The amendments of the act is the part of Japan s strategy to make Japan the world's leading IT society, which is a vital part of Japan's industry revitalisation plan. Amendment New Data Protection Authority Data Transfers Extraterritorial application of the law Expanding definition of personal data Requirement Establishes Personal Information Protection Committee from 1 January Transfers abroad possible only if: i) consent is obtained; ii) adequate country and/or iii) transferee applied required measures.. APPI could apply to companies established outside Japan. Face recognition data, driver's license numbers, and passport numbers are included in personal data definition. 05 October

24 AMENDMENTS TO JAPANESE DATA PROTECTION LAWS Bill to amend the Act on the Protection of Personal Information Amendment Distinguishing "sensitive information Data anonymisation Requirement Race, belief, social status, disease, history, criminal records, facts related to suffering from crime. Consent is not needed to transfer data if PI is anonymised. Guidelines on data annonymisation will be issued by DPA. Other provisions Small size business are now subject to the legal obligations. Provisions are expected to come into force in October

25 7. Update to South Korean Data Protection Law

26 AMENDMENTS TO SOUTH KOREAN DATA PROTECTION LAW INFORMATION PROTECTION ACT (PIPA) Perhaps the strictest data protection law in the world Very active data protection authority Additional amendments came into force on 7 July 2015 Introduces punitive and statutory damages Consumers may claim up to 1700 damages 05 October

27 AMENDMENTS TO SOUTH KOREAN DATA PROTECTION LAW INFORMATION PROTECTION ACT (PIPA) Companies are banned from collecting resident registration numbers (RRNs) Guidelines for the collection and use of the mobile apps PIPA also provides incentives for companies to invest in fighting cyber attacks by reducing corporate tax RRN 05 October

28 charlesrussellspeechlys.com

Ethical hotlines and whistleblowing ensuring businesses are not in conflict with local laws

Ethical hotlines and whistleblowing ensuring businesses are not in conflict with local laws Ethical hotlines and whistleblowing ensuring businesses are not in conflict with local laws 16 January 2014 Robert Bond, CCEP Partner and Notary Public Our Team Speechly Bircham is an ambitious, full-service

More information

BIG DATA AND THE INTERNET OF THINGS

BIG DATA AND THE INTERNET OF THINGS BIG DATA AND THE INTERNET OF THINGS 12 September 2013 Robert Bond Partner and Notary Public Janine Regan Solicitor Tughan Thuraisingam Paralegal Our team Speechly Bircham is an ambitious, full-service

More information

OUTSOURCING, HOSTING AND DATA PRIVACY ISSUES

OUTSOURCING, HOSTING AND DATA PRIVACY ISSUES OUTSOURCING, HOSTING AND DATA PRIVACY ISSUES 4 April 2013 James Castro-Edwards Solicitor Monica Salgado Advogada / Portuguese Lawyer OUR TEAM Speechly Bircham is an ambitious, full-service law firm with

More information

HOW TO HANDLE A WHISTLEBLOWER REPORT IN THE EU

HOW TO HANDLE A WHISTLEBLOWER REPORT IN THE EU HOW TO HANDLE A WHISTLEBLOWER REPORT IN THE EU 10 April 2014 Monica Salgado Advogada registered with the Portuguese Ordem dos Advogados Registered European Lawyer with the SRA Kirsti Laird Solicitor, (qualified

More information

Presentation by: Dr. Nathalie Moreno Partner. Cloud Computing and Data Protection: an Update 4 October 2012

Presentation by: Dr. Nathalie Moreno Partner. Cloud Computing and Data Protection: an Update 4 October 2012 Presentation by: Dr. Nathalie Moreno Partner Cloud Computing and Data Protection: an Update 4 October 2012 Our team Speechly Bircham is an ambitious, international mid-size fullservice law firm head-quartered

More information

Tracking Compliance: Data Protection Risks and Remedies for Retail Janine Regan. charlesrussellspeechlys.com

Tracking Compliance: Data Protection Risks and Remedies for Retail Janine Regan. charlesrussellspeechlys.com Tracking Compliance: Data Protection Risks and Remedies for Retail Janine Regan charlesrussellspeechlys.com Janine Regan Associate +44 (0)20 7427 6798 janine.regan@crsblaw.com Janine has extensive experience

More information

technical factsheet 176

technical factsheet 176 technical factsheet 176 Data Protection CONTENTS 1. Introduction 1 2. Register with the Information Commissioner s Office 1 3. Period protection rights and duties remain effective 2 4. The data protection

More information

EU Data Protection and Information Security for Banking & Financial Service sectors 4 th December 2014

EU Data Protection and Information Security for Banking & Financial Service sectors 4 th December 2014 EU Data Protection and Information Security for Banking & Financial Service sectors 4 th December 2014 Janine Regan, Associate George Willis, Associate charlesrussellspeechlys.com Janine Regan Associate

More information

Data and Cyber Laws Up-date 9 July 2015

Data and Cyber Laws Up-date 9 July 2015 Data and Cyber Laws Up-date 9 July 2015 Janine Regan Alexia Zuber Viktoria Protokova Simon Holdsworth charlesrussellspeechlys.com Topics Updates on the key aspects of, and commentary on, the proposed GDPR

More information

THE TRANSFER OF PERSONAL DATA ABROAD

THE TRANSFER OF PERSONAL DATA ABROAD THE TRANSFER OF PERSONAL DATA ABROAD MARCH 2014 THIS NOTE CONSIDERS THE SITUATION OF AN IRISH ORGANISATION OR BUSINESS SEEKING TO TRANSFER PERSONAL DATA ABROAD FOR STORAGE OR PROCESSING, IN LIGHT OF THE

More information

Implementing and monitoring effective compliance policies & procedures. charlesrussellspeechlys.com

Implementing and monitoring effective compliance policies & procedures. charlesrussellspeechlys.com Implementing and monitoring effective compliance policies & procedures charlesrussellspeechlys.com Robert Bond Partner Robert Bond has over 36 years' experience in advising national and international clients

More information

Data Protection and Information Security: The top 5 risks for 2013 1 November 2012

Data Protection and Information Security: The top 5 risks for 2013 1 November 2012 Robert Bond Head of Data Protection & Information Law Group Data Protection and Information Security: The top 5 risks for 2013 1 November 2012 Our team Speechly Bircham is an ambitious, full-service law

More information

COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS

COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS EUROPEAN COMMISSION Brussels, XXX [ ](2011) XXX draft COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS

More information

Personal Data Protection Policy

Personal Data Protection Policy Personal Data Protection Policy Please take a moment to read the following Policy. If there is anything you do not understand then please contact us. We are committed to protecting privacy. This Personal

More information

Data controllers and data processors: what the difference is and what the governance implications are

Data controllers and data processors: what the difference is and what the governance implications are ICO lo : what the difference is and what the governance implications are Data Protection Act Contents Introduction... 3 Overview... 3 Section 1 - What is the difference between a data controller and a

More information

ESOMAR PRACTICAL GUIDE ON COOKIES JULY 2012

ESOMAR PRACTICAL GUIDE ON COOKIES JULY 2012 ESOMAR PRACTICAL GUIDE ON COOKIES JULY 2012 Copyright ESOMAR 2012 TABLE OF CONTENTS 2 Objectives 2 Introduction 3 Definitions 4 SECTION 1: APPLICABLE LAW 4 SECTION 2: WHAT YOU NEED TO KNOW SOME FAQs 5

More information

E-Discovery and EU Data Protection laws

E-Discovery and EU Data Protection laws Robert Bond robert.bond@speechlys.com Alexander Carter-Silk alexander.carter-silk@speechlys.com IP, Technology & Data Group E-Discovery and EU Data Protection laws Alex Carter-Silk, Partner, IP, Technology

More information

The reform of the EU Data Protection framework - Building trust in a digital and global world. 9/10 October 2012

The reform of the EU Data Protection framework - Building trust in a digital and global world. 9/10 October 2012 The reform of the EU Data Protection framework - Building trust in a digital and global world 9/10 October 2012 Questionnaire addressed to national Parliaments Please, find attached a number of questions

More information

COMPLYING WITH THE E-COMMERCE REGULATIONS 2002

COMPLYING WITH THE E-COMMERCE REGULATIONS 2002 COMPLYING WITH THE E-COMMERCE REGULATIONS 2002 You should read this guide if you. advertise goods or services online (i.e. via the Internet, interactive television or mobile telephone) sell goods or services

More information

Value of the EU Data Protection Reform against the Big Data challenges. Keynote address 5th European Data Protection Days Berlin, 4.5.

Value of the EU Data Protection Reform against the Big Data challenges. Keynote address 5th European Data Protection Days Berlin, 4.5. Value of the EU Data Protection Reform against the Big Data challenges Keynote address 5th European Data Protection Days Berlin, 4.5.2015 Giovanni Buttarelli European Data Protection Supervisor (Check

More information

Inhouse Masterclass: Data Developments - Cyber Security & the Right to be Forgotten. MHC.ie

Inhouse Masterclass: Data Developments - Cyber Security & the Right to be Forgotten. MHC.ie Inhouse Masterclass: Data Developments - Cyber Security & the Right to be Forgotten MHC.ie Rewriting the Past Oisin Tobin otobin@mhc.ie Agenda 1. Background 2. Findings and impact: a) Jurisdiction b) A

More information

pharmaceutical & biotechnology

pharmaceutical & biotechnology pharmaceutical & biotechnology Our specialist lawyers find practical solutions to legal problems and help pharma and biotech companies to operate and grow their businesses effectively and compliantly.

More information

FRANCE. Chapter XX OVERVIEW

FRANCE. Chapter XX OVERVIEW Chapter XX FRANCE Merav Griguer 1 I OVERVIEW France has an omnibus privacy, data protection and cybersecurity framework law. As a member of the European Union, France has implemented the EU Data Protection

More information

www.bonddickinson.com Cyber Risks October 2014 2

www.bonddickinson.com Cyber Risks October 2014 2 www.bonddickinson.com Cyber Risks October 2014 2 Why this emerging sector matters Justin Tivey Legal Director T: +44(0)845 415 8128 E: justin.tivey The government estimates that the current cost of cyber-crime

More information

An overview of UK data protection law

An overview of UK data protection law An overview of UK data protection law Our team Vinod Bange Partner +44 (0)20 7300 4600 v.bange@taylorwessing.com Graham Hann Partner +44 (0)20 7300 4839 g.hann@taylorwessing.com Chris Jeffery Partner +44

More information

Cloud computing and personal data protection. Gwendal LE GRAND Director of technology and innovation CNIL

Cloud computing and personal data protection. Gwendal LE GRAND Director of technology and innovation CNIL Cloud computing and personal data protection Gwendal LE GRAND Director of technology and innovation CNIL 1 Data protection in Europe Directive 95/46/EC Loi 78-17 du 6 janvier 1978 amended in 2004 (France)

More information

Data Protection in Ireland

Data Protection in Ireland Data Protection in Ireland 0 Contents Data Protection in Ireland Introduction Page 2 Appointment of a Data Processor Page 2 Security Measures (onus on a data controller) Page 3 8 Principles Page 3 Fair

More information

Privacy & Data Security: The Future of the US-EU Safe Harbor

Privacy & Data Security: The Future of the US-EU Safe Harbor Privacy & Data Security: The Future of the US-EU Safe Harbor NAOMI MCBRIDE, LISA J. SOTTO AND BRIDGET TREACY, HUNTON & WILLIAMS LLP, WITH PRACTICAL LAW US INTELLECTUAL PROPERTY & TECHNOLOGY AND UK IP&IT

More information

CYBER SECURITY - CYBER RISK MANAGEMENT AND MITIGATION. Scott Thiel, Partner June 2015

CYBER SECURITY - CYBER RISK MANAGEMENT AND MITIGATION. Scott Thiel, Partner June 2015 CYBER SECURITY - CYBER RISK MANAGEMENT AND MITIGATIN Scott Thiel, Partner June 2015 Agenda 1. Current threat environment 2. Regulatory frameworks of countries in the Asia Pacific region 3. Key challenges

More information

DATA TRANSFERS WITHIN A MULTINATIONAL GROUP SAFELY NAVIGATING EU DATA PROTECTION RULES

DATA TRANSFERS WITHIN A MULTINATIONAL GROUP SAFELY NAVIGATING EU DATA PROTECTION RULES DATA TRANSFERS WITHIN A MULTINATIONAL GROUP SAFELY NAVIGATING EU DATA PROTECTION RULES MAY 2013 INTRODUCTION Multinational corporations increasingly have a need to share their data throughout their group.

More information

"Direct marketing" is not limited to advertising goods or services for sale. It also includes promoting an organisation s aims and ideals.

Direct marketing is not limited to advertising goods or services for sale. It also includes promoting an organisation s aims and ideals. Direct Marketing Most direct marketing activities must comply with the requirements of the Data Protection Act 2002 (DPA) and, where that direct marketing is communicated by electronic mail, telephone

More information

Getting Serious about Privacy and Cyber Security in Asia Pacific

Getting Serious about Privacy and Cyber Security in Asia Pacific SESSION ID: CDS-F04 Getting Serious about Privacy and Cyber Security in Asia Pacific Scott Thiel Partner DLA Piper @DLA_Piper Peter Jones Partner DLA Piper @DLA_Piper Agenda Current threat environment

More information

Privacy vs Data Protection. PRESENTATION TITLE GOES HERE Eric A. Hibbard, CISSP, CISA Hitachi Data Systems

Privacy vs Data Protection. PRESENTATION TITLE GOES HERE Eric A. Hibbard, CISSP, CISA Hitachi Data Systems Privacy vs Data Protection PRESENTATION TITLE GOES HERE Eric A. Hibbard, CISSP, CISA Hitachi Data Systems Introduction The terms privacy and data protection are often used interchangeable In reality they

More information

GARANTE PER LA PROTEZIONE DEI DATI PERSONALI WHEREAS

GARANTE PER LA PROTEZIONE DEI DATI PERSONALI WHEREAS [doc. web n. 1589969] Spamming: How to Lawfully Email Advertising Messages GARANTE PER LA PROTEZIONE DEI DATI PERSONALI Prof. Stefano Rodotà, President, Prof. Giuseppe Santaniello, Vice-President, Prof.

More information

privacy and credit reporting policy.

privacy and credit reporting policy. privacy and credit reporting policy. ME, we, us or our refers to Members Equity Bank Ltd and its subsidiary ME Portfolio Management Ltd. about ME Every Australian deserves to get the most out of their

More information

Direct Marketing Rules

Direct Marketing Rules Direct Marketing Rules Is your business compliant? June 2016 Our expertise Banking & Finance Charities Commercial Construction Corporate Corporate Tax Disputes Employment Family & Matrimonial Immigration

More information

Cybersecurity in the Commonwealth: Setting the Stage

Cybersecurity in the Commonwealth: Setting the Stage Cybersecurity in the Commonwealth: Setting the Stage Tim Unwin Secretary General Commonwealth Telecommunications Organisation CTO Cybersecurity Forum, Yaoundé 24 th April 2013 For governments Imagine if

More information

BHF Southern African Conference

BHF Southern African Conference BHF Southern African Conference Navigating the complexities of the new legislative framework Peter Hill, Director: IT Governance Network TOPICS TO BE COVERED The practical implementation of the PPI Act

More information

Data Protection for Fundraisers

Data Protection for Fundraisers The Charity First Series Data Protection for Fundraisers Lawrence Simanowitz and Mairéad O Reilly The Charity First series aims to provide practical and straightforward guidance on the challenges confronting

More information

COMMENTARY. European Commission Launches E-Commerce Sector Inquiry. What are Sector Inquiries?

COMMENTARY. European Commission Launches E-Commerce Sector Inquiry. What are Sector Inquiries? MAY 2015 COMMENTARY European Commission Launches E-Commerce Sector Inquiry The European Commission (the Commission ) has launched a sector inquiry of the e-commerce sector in Europe. 1 This is a far-reaching

More information

EU Data Protection Directive and U.S. Safe Harbor Framework: An Employer Update. By Stephen H. LaCount, Esq.

EU Data Protection Directive and U.S. Safe Harbor Framework: An Employer Update. By Stephen H. LaCount, Esq. EU Data Protection Directive and U.S. Safe Harbor Framework: An Employer Update By Stephen H. LaCount, Esq. Overview The European Union Data Protection Directive 95/46/EC ( Directive ) went effective in

More information

7.08.2 Privacy Rules for Customer, Supplier and Business Partner Data. Directive 7.08 Protection of Personal Data

7.08.2 Privacy Rules for Customer, Supplier and Business Partner Data. Directive 7.08 Protection of Personal Data Akzo Nobel N.V. Executive Committee Rules 7.08.2 Privacy Rules for Customer, Supplier and Business Partner Data Source Directive Content Owner Directive 7.08 Protection of Personal Data AkzoNobel Legal

More information

I am grateful to Rod Freeman and Valerie Kenyon at Hogan Lovells for their invaluable contribution to these speaking points

I am grateful to Rod Freeman and Valerie Kenyon at Hogan Lovells for their invaluable contribution to these speaking points Speaking points made by Robert MacDougall, Vodafone, during the IoT liability workshop as part of the Digital Revolution event at the University of Münster, 2 October 2015 1 Good afternoon everyone and

More information

Intellectual Property & Data Protection 2015: Legal developments you need to know about

Intellectual Property & Data Protection 2015: Legal developments you need to know about Intellectual Property & Data Protection 2015: Legal developments you need to know about Welcome This is a short guide to some of the key legal developments for intellectual property and data protection

More information

The eighth data protection principle and international data transfers

The eighth data protection principle and international data transfers Data Protection Act 1998 The eighth data protection principle and international data transfers The Information Commissioner s recommended approach to assessing adequacy including consideration of the issue

More information

Comments and proposals on the Chapter IV of the General Data Protection Regulation

Comments and proposals on the Chapter IV of the General Data Protection Regulation Comments and proposals on the Chapter IV of the General Data Protection Regulation Ahead of the trialogue negotiations later this month, EDRi, Access, Panoptykon Bits of Freedom, FIPR and Privacy International

More information

Context. To cloud or not to cloud, that is a very serious question. Legal challenges in a post Safe Harbour and pre GDPR cloud world

Context. To cloud or not to cloud, that is a very serious question. Legal challenges in a post Safe Harbour and pre GDPR cloud world To cloud or not to cloud, that is a very serious question EEMA / TrustCore Legal challenges in a post Safe Harbour and pre GDPR cloud world 18 November 2015 hans.graux@timelex.eu Context Major cloud providers

More information

INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER

INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER 3 APPLIES TO: ALL STAFF 4 COMMITTEE & DATE APPROVED: AUDIT COMMITTEE

More information

How To Protect Your Data From Hackers

How To Protect Your Data From Hackers Cyber Risk: What you need to know and what you can t afford to ignore! James Johnston Directors' and Officers' Insurance Underwriter Daniel Fletcher Cyber Insurance Underwriter Financial & Specialty Markets

More information

South East Asia: Data Protection Update

South East Asia: Data Protection Update Data Privacy and Security Team To: Our Clients and Friends September 2013 South East Asia: Data Protection Update Europe has had data protection laws in place for over a decade. Such laws regulate how

More information

The Manitowoc Company, Inc.

The Manitowoc Company, Inc. The Manitowoc Company, Inc. DATA PROTECTION POLICY 11FitzPatrick & Associates 4/5/04 1 Proprietary Material Version 4.0 CONTENTS PART 1 - Policy Statement PART 2 - Processing Personal Data PART 3 - Organisational

More information

Day 1: Lawyers Briefing Host and Venue: Wierzbowski Eversheds Sp.k., Warsaw With simultaneous Polish English and English Polish interpretation

Day 1: Lawyers Briefing Host and Venue: Wierzbowski Eversheds Sp.k., Warsaw With simultaneous Polish English and English Polish interpretation Privacy Laws & Business Privacy Officers Network Poland s Changing Data Protection Law Lawyers Briefing and GIODO Roundtable 28 29 March 2012, Warsaw Programme Day 1: Lawyers Briefing Host and Venue: Wierzbowski

More information

Our specialist insurance services for Professionals risks

Our specialist insurance services for Professionals risks Our specialist insurance services for Professionals risks Price Forbes & Partners is an independent Lloyd s broker based in the heart of London s insurance sector. We trade with all of the major international

More information

Privacy, the Cloud and Data Breaches

Privacy, the Cloud and Data Breaches Privacy, the Cloud and Data Breaches Annelies Moens Head of Sales and Operations, Information Integrity Solutions Legalwise Seminars Sydney, 20 March 2013 About IIS Building trust and privacy through global

More information

What's Up with Apps in Hong Kong July 2013

What's Up with Apps in Hong Kong July 2013 What's Up with Apps in Hong Kong July 2013 In May this year, the Hong Kong Privacy Commissioner for Personal Data ("Privacy Commissioner") joined the Global Privacy Enforcement Network ("GPEN") to conduct

More information

Briefly summarised, SURFmarket has submitted the following questions to the Dutch DPA:

Briefly summarised, SURFmarket has submitted the following questions to the Dutch DPA: UNOFFICIAL TRANSLATION Written opinion on the application of the Wet bescherming persoonsgegevens [Dutch Data Protection Act] in the case of a contract for cloud computing services from an American provider

More information

Supported by. World Trademark Review. Anti-counterfeiting. Poland. Contributing firm Patpol Patent & Trademark Attorneys.

Supported by. World Trademark Review. Anti-counterfeiting. Poland. Contributing firm Patpol Patent & Trademark Attorneys. Supported by World Trademark Review Anti-counterfeiting 2012 Poland Contributing firm A Global Guide Poland Contributing firm Authors Jaromir Piwowar and Bartek Kochlewski Legal framework Rights holders

More information

Data Protection Act. Privacy & Security in the Information Age. April 26, 2013. Ministry of Communications, Ghana

Data Protection Act. Privacy & Security in the Information Age. April 26, 2013. Ministry of Communications, Ghana Data Protection Act Privacy & Security in the Information Age April 26, 2013 Agenda Privacy in The Information Age The right to privacy Why We Need Legislation Purpose of the Act The Data Protection Act

More information

Management liability - Employment practices liability Policy wording

Management liability - Employment practices liability Policy wording Special definitions for this section Benefits Claim Defence costs The General terms and conditions and the following terms and conditions all apply to this section. Any compensation awarded to an employee

More information

Work programme 2016 2018

Work programme 2016 2018 ARTICLE 29 Data Protection Working Party 417/16/EN WP235 Work programme 2016 2018 Adopted on 2 February 2016 This Working Party was set up under Article 29 of Directive 95/46/EC. It is an independent European

More information

EU Regulatory Trends in Data Protection & Cybersecurity What should be on the industry s agenda?

EU Regulatory Trends in Data Protection & Cybersecurity What should be on the industry s agenda? EU Regulatory Trends in Data Protection & Cybersecurity What should be on the industry s agenda? Dr. Jörg Hladjk Counsel European Data Protection & Privacy Practice Hunton & Williams, Brussels Cyber Security

More information

Data Protection for Charities

Data Protection for Charities Data Protection for Charities CFG 15 May 2014 Overview Overview and key definitions The data protection principles Fair and lawful processing Data security and outsourcing Rights of data subjects Recent

More information

What is Cyber Security?

What is Cyber Security? & Cyber Security The threat: trojans, trap doors malware, packet sniffers, worms, viruses, hacking and denial of service. Physical security is insufficient protection against these new forms of threat.

More information

The potential legal consequences of a personal data breach

The potential legal consequences of a personal data breach The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.

More information

What is Cyber Security? Why work with us?

What is Cyber Security? Why work with us? & Cyber Security The threat: trojans, trap doors malware, packet sniffers, worms, viruses, hacking and denial of service. Physical security is insufficient protection against these new forms of threat.

More information

Data Protection and Cloud Computing: an Overview of the Legal Issues

Data Protection and Cloud Computing: an Overview of the Legal Issues Data Protection and Cloud Computing: an Overview of the Legal Issues Christopher Kuner Partner, Hunton & Williams, Brussels Research Assistant, University of Copenhagen Nordic IT Law Conference Copenhagen,

More information

Safe Harbour Agreement no longer a valid basis for EEA to US transfers of personal data

Safe Harbour Agreement no longer a valid basis for EEA to US transfers of personal data Jisc Safe Harbour NOTE ON THE COURT OF JUSTICE OF THE EUROPEAN UNION'S JUDGMENT ON 'SAFE HARBOUR' ARRANGEMENTS FOR THE TRANSFER OF PERSONAL DATA FROM THE EEA TO THE USA KEY POINTS Safe Harbour Agreement

More information

EU Employment Law Euro Info Centre December 2006

EU Employment Law Euro Info Centre December 2006 EU Employment Law Euro Info Centre December 2006 CONTENTS EU Employment Law 2 1. Anti-discrimination 2 2 2 2. Equal treatment of men and women in the workplace 3 3 3 3. Fixed and part time work including

More information

Guidance on political campaigning

Guidance on political campaigning I ICO guidance Guidance on political campaigning 3 Guidance on political campaigning Data Protection Act Privacy and Electronic Communications Regulations Contents Introduction... 3 A. Why comply?... 5

More information

GSK Public policy positions

GSK Public policy positions Safeguarding Personally Identifiable Information A Summary of GSK s Binding Corporate Rules The Issue The processing of Personally Identifiable Information (PII) 1 and Sensitive Personally Identifiable

More information

Data Protection Avoiding Information Commissioner Fines. Caroline Egan 5 June 2014

Data Protection Avoiding Information Commissioner Fines. Caroline Egan 5 June 2014 Data Protection Avoiding Information Commissioner Fines Caroline Egan 5 June 2014 Why is data protection a hot topic in pensions? Pension schemes hold large amounts of personal data Individuals more aware

More information

The Role and Function of a Data Protection Officer in the European Commission s Proposed General Data Protection Regulation. Initial Discussion Paper

The Role and Function of a Data Protection Officer in the European Commission s Proposed General Data Protection Regulation. Initial Discussion Paper The Role and Function of a Data Protection Officer in the European Commission s Proposed General Data Protection Regulation 1. Introduction Initial Discussion Paper The data protection officer ( DPO )

More information

Privacy in the cloud. DNB has indicated that it considers cloud computing a form of outsourcing.

Privacy in the cloud. DNB has indicated that it considers cloud computing a form of outsourcing. Privacy in the cloud computing, and the company concerned is required to submit a risk analysis to DNB. 3 Cloud computing entails the saving, processing and using of company data on the servers of a cloud

More information

CCBE RECOMMENDATIONS FOR THE IMPLEMENTATION OF THE DATA RETENTION DIRECTIVE

CCBE RECOMMENDATIONS FOR THE IMPLEMENTATION OF THE DATA RETENTION DIRECTIVE Représentant les avocats d Europe Representing Europe s lawyers CCBE RECOMMENDATIONS FOR THE IMPLEMENTATION OF THE DATA RETENTION DIRECTIVE CCBE RECOMMENDATIONS FOR THE IMPLEMENTATION OF THE DATA RETENTION

More information

Personal data and cloud computing, the cloud now has a standard. by Luca Bolognini

Personal data and cloud computing, the cloud now has a standard. by Luca Bolognini Personal data and cloud computing, the cloud now has a standard by Luca Bolognini Lawyer, President of the Italian Institute for Privacy and Data Valorization, founding partner ICT Legal Consulting Last

More information

OFFICE: London Dashwood 69 Old Broad Street London, EC2M. T: +44 (0) 20 7556 4425 E: mdeem@cooley.com

OFFICE: London Dashwood 69 Old Broad Street London, EC2M. T: +44 (0) 20 7556 4425 E: mdeem@cooley.com MARK DEEM PARTNER OFFICE: London Dashwood 69 Old Broad Street London, EC2M T: +44 (0) 20 7556 4425 E: mdeem@cooley.com PRACTICES: Aviation Commercial Litigation Communications Digital Media & Entertainment

More information

Who s next after TalkTalk?

Who s next after TalkTalk? Who s next after TalkTalk? Frequently Asked Questions on Cyber Risk Fraud threat to millions of TalkTalk customers TalkTalk cyber-attack: website hit by significant breach These are just two of the many

More information

Making a cross border claim in the EU

Making a cross border claim in the EU Making a cross border claim in the EU serving the community through the administration of justice Using the European Order for Payment procedure or the European Small Claims procedure Version: 2.0 Date

More information

16 September 2015. Easier data transfer to countries outside the EU Legal newsletter

16 September 2015. Easier data transfer to countries outside the EU Legal newsletter 16 September 2015 Easier data transfer to countries outside the EU Legal newsletter Easier data transfer to countries outside the EU Deloitte Legal Szarvas, Erdős and Partners Law Firm provides its clients

More information

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS Mat Wright www.britishcouncil.org CONTENTS Purpose of the code 1 Scope of the code 1 The British Council s data protection commitment and

More information

Merthyr Tydfil County Borough Council. Data Protection Policy

Merthyr Tydfil County Borough Council. Data Protection Policy Merthyr Tydfil County Borough Council Data Protection Policy 2014 Cyfarthfa High School is a Rights Respecting School, we recognise the importance of ensuring that the United Nations Convention of the

More information

Selling Telematics Motor Insurance Policies. A Good Practice Guide

Selling Telematics Motor Insurance Policies. A Good Practice Guide Selling Telematics Motor Insurance Policies A Good Practice Guide April 2013 1 INTRODUCTION 1.1 The purpose of the guidance This guidance sets out high-level actions that insurers should seek to achieve

More information

Big Data for Law Firms DAMIAN BLACKBURN

Big Data for Law Firms DAMIAN BLACKBURN Big Data for Law Firms DAMIAN BLACKBURN PUBLISHED BY IN ASSOCIATION WITH Big data means big business By Simon Briskman, partner, technology & outsourcing group, Field Fisher Waterhouse LLP BIG DATA is

More information

GDPR & Service Providers ( Cloud Focus )

GDPR & Service Providers ( Cloud Focus ) OASIS / EEMA Digital Enterprise Europe 2015 Building Trust in the Hyperconnected World 8 July 2015 GDPR & Service Providers ( Cloud Focus ) Kuan Hon Senior Researcher, Cloud Legal Project & Microsoft Cloud

More information

The Impact of EU Data Protection Legislation. Thomas Rivera Hitachi Data Systems

The Impact of EU Data Protection Legislation. Thomas Rivera Hitachi Data Systems Privacy PRESENTATION vs Data TITLE Protection: GOES HERE The Impact of EU Data Protection Legislation Thomas Rivera Hitachi Data Systems SNIA Legal Notice The material contained in this tutorial is copyrighted

More information

E-commerce and Legal Compliance

E-commerce and Legal Compliance E-commerce and Legal Compliance Moving all or part of your business online can be an exciting time, opening up a range of opportunities and new markets for you and your business. Hand in hand with these

More information

Surviving the Era of Hack Attacks Cyber Security on a Global Scale

Surviving the Era of Hack Attacks Cyber Security on a Global Scale Surviving the Era of Hack Attacks Cyber Security on a Global Scale Dr. Adriana Sanford ASU Lincoln Professor of Global Corporate Compliance and Ethics Clinical Associate Professor of Law and Ethics This

More information

Global Privacy and Data Security in the Cloud September 14, 2011 Miriam Wugmeister

Global Privacy and Data Security in the Cloud September 14, 2011 Miriam Wugmeister 2011 Morrison & Foerster LLP All Rights Reserved mofo.com Global Privacy and Data Security in the Cloud September 14, 2011 Miriam Wugmeister Presenter Miriam Wugmeister Morrison & Foerster LLP New York

More information

Employment. CMS Cameron McKenna Supporting your needs

Employment. CMS Cameron McKenna Supporting your needs Employment CMS Cameron McKenna Supporting your needs 2014 Our Employment team We are a full service Employment team advising on all aspects of the employment relationship with a focus on high-level, complex

More information

Compliance guide: Data protection. A practical guide to meeting your regulatory and best practice obligations

Compliance guide: Data protection. A practical guide to meeting your regulatory and best practice obligations Compliance guide: Data protection A practical guide to meeting your regulatory and best practice obligations Contents Introduction 3 5 Principle 1: Data must be fairly and lawfully processed 4 5 Principle

More information

Competition litigation

Competition litigation FINANCIAL INSTITUTIONS ENERGY INFRASTRUCTURE, MINING AND COMMODITIES TRANSPORT TECHNOLOGY AND INNOVATION PHARMACEUTICALS AND LIFE SCIENCES Competition litigation in the UK Class act Competition litigation

More information

Jan Philipp Albrecht Rapporteur, Committee on Civil Liberties, Justice and Home Affairs European Parliament

Jan Philipp Albrecht Rapporteur, Committee on Civil Liberties, Justice and Home Affairs European Parliament September 5, 2012 Jan Philipp Albrecht Rapporteur, Committee on Civil Liberties, Justice and Home Affairs European Parliament Lara Comi Rapporteur, Committee on Internal market and Consumer Protection

More information

E-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY

E-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY E-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY Oana Dolea 7 th Annual Leg@l.IT Conference March 26th, 2013 Montreal, Canada INTRODUCTION Mobile e-commerce vs. E-commerce Mobile e-commerce:

More information

Multi-Jurisdictional Study: Cloud Computing Legal Requirements. Julien Debussche Associate January 2015

Multi-Jurisdictional Study: Cloud Computing Legal Requirements. Julien Debussche Associate January 2015 Multi-Jurisdictional Study: Cloud Computing Legal Requirements Julien Debussche Associate January 2015 Content 1. General Legal Framework 2. Data Protection Legal Framework 3. Security Requirements 4.

More information

Dean Bank Primary and Nursery School. Secure Storage of Data and Cloud Storage

Dean Bank Primary and Nursery School. Secure Storage of Data and Cloud Storage Dean Bank Primary and Nursery School Secure Storage of Data and Cloud Storage January 2015 All school e-mail is disclosable under Freedom of Information and Data Protection legislation. Be aware that anything

More information

Data Protection for the Guidance Counsellor. Issues To Plan For

Data Protection for the Guidance Counsellor. Issues To Plan For Data Protection for the Guidance Counsellor Issues To Plan For Author: Hugh Jones Data Protection Specialist Longstone Management Ltd. Published by the National Centre for Guidance in Education (NCGE)

More information

Plan for Growth: Promoting the UK s Legal Services Sector

Plan for Growth: Promoting the UK s Legal Services Sector Plan for Growth: Promoting the UK s Legal Services Sector Foreword by the Lord Chancellor and Secretary of State for Justice, and the Minister for Trade & Investment As Britain s economy emerges from a

More information

discover the secret Intellectual Property Legal Services in Russia and the CIS

discover the secret Intellectual Property Legal Services in Russia and the CIS discover the secret Intellectual Property Legal Services in Russia and the CIS With a Russian presence since the early 1990s, Gowlings is proud to have an internationally recognized intellectual property

More information

Contracts, Consumer Rights and Trading Online

Contracts, Consumer Rights and Trading Online Neil Baylis and Noirin McFadden Contracts, Consumer Rights and Trading Online 20 January 2015 Copyright 2014 by K&L Gates LLP. All rights reserved. LEGAL BACKGROUND SETTING THE SCENE Contracts what are

More information