Subject Access Requests, The Right to be Forgotten and the problems with Unstructured Data
|
|
- Antonia Byrd
- 8 years ago
- Views:
Transcription
1 Subject Access Requests, The Right to be Forgotten and the problems with Unstructured Data SUMMARY: EU Data Protection Legislation Impact on businesses Subject Access Requests Right to be Forgotten Developments in the UK Unstructured Electronic Information Access Data ediscovery solution directly applicable in all Member States ; and, a draft Directive (binding but leaving discretion in the choice of form and method to national authorities) with the aim of protecting personal data processed for the purpose of prevention, detection, investigation or prosecution of criminal offences. The Regulation is expected to come into force in 2015, replacing the 1995 Data Protection Directive (95/46/EC), which is implemented into UK law by the current Data Protection Act 1998 (DPA). The Directive would repeal and replace the existing Data Protection Framework Decision, which was negotiated in EU Data Protection Legislation A whistle-stop tour!! A lot has changed in the world since the EU Data Protection Directive was first introduced in The internet was still in its infancy and much less data was stored and transferred electronically than today. It is no surprise then that the legislation is continually being updated to meet the challenges of how global business is conducted in the 21st century. On 25 January 2012, the Directorate General for Justice at the European Commission announced its legislative proposals for the protection of individuals with regard to the processing and use of personal data. The proposed framework consists of two EU documents: a draft Regulation legislating for general data protection that is binding in its entirety and What does it mean for your business? Following the Commission s publication of the new data protection legislative proposals and ensuing Impact Assessment, the Ministry of Justice (MoJ) launched a Call for Evidence that ran from 7th February to 6th March This consultation
2 sought information on the expected impact of the draft Regulation and Directive directly from affected stakeholders in the UK. In light of the responses received, the MoJ carried out its own Impact Assessment with the aim of presenting a fuller summary of the costs and benefits of the proposals and their wide ranging impacts on affected sectors of society in the UK. The MoJ study draws specific cost figures from a variety of sources (including the EC impact assessment, the Call for Evidence, surveys and other studies) and weights them to reflect the UK business demography, so as to deliver overall cost and benefit ranges. According to the MoJ study, the Regulation is expected to lead to a net cost to business of between 80 million and 320 million per year. Narrowing the focus Subject Access Requests The Data Protection Act of 1998 followed the EU Directive and one of the key rights for individuals was to give them access to their personal data on request. By making a subject access request any individual can request all personal data held about them to check the accuracy. The current Act states that the data controller can charge a fee of up to 10 when supplying individuals with a copy of their personal data. The 10 fee does not cover the cost of collating and supplying the information but does, at least, act as a small check to discourage frivolous or vexatious requests. locations. You have live data that might be online and backup archives in various formats. Much of this data in the past would normally have been in a structured format such as a database. This made searching the data simpler. Now data controllers have to deal with unstructured electronic data, e.g. s, with no indexing and have to try to identify which data refers to the individual and therefore falls within the definition of personal data. Consider an organisations records. One person might be referenced in these s by many different names. Not only that but these s also might refer to other records stored in other formats i.e. paper files. On the positive side, the proposed Draft Regulation does allow the data controller to provide the personal information asked for in a subject access request to the data subject in electronic format, if the information is held electronically and the data subject agrees. This makes perfect sense and would save a lot of unnecessary printing of information which, when received by the data subject, may be then transferred back into electronic format. Under the new proposed EU Data Protection Regulation, organisations would have to supply this information free of charge. If we consider that the volume of data held by organisations now is significantly greater than when the original Directive was passed in 1995 and the fact that collating all the personal data relating to an individual is more difficult now than it ever has been, then removing the charge for a subject access request would seem to be the exact opposite of what is required. Some organisations hold a vast amount of personal data in many different formats and in many Are all Subject Access Requests the same? The use and effect of subject access requests (SARs) varies from jurisdiction to jurisdiction. In some European jurisdictions these rights have not caused significant problems. SARs are either rare or not interpreted in a way that requires extensive searching of unstructured electronic data (for example, in Sweden it is not necessary to search
3 unstructured electronic data in response to SARs under the so-called Unstructured Material Rule). However, in other jurisdictions, such as the United Kingdom, these rights are used frequently and strictly enforced by the regulator. There is anecdotal evidence that some data controllers in the UK have received over one million subject access requests in a single year. Rights of the Data Subject The practical and financial challenges that have sparked the most discussion by stakeholders are those that relate to provisions that strengthen the rights of data subjects. Notably: Art. 12: abolishment of the fee for subject access requests; Art. 17: the Right to be Forgotten and to erasure; and, Art. 18: the right to data portability. Some stakeholders are concerned that these measures may have the unintended effect of distorting consumer behaviour. In the case of fee abolishment, there is the concern that this will lead to an increase in frivolous and/or vexatious requests, putting strain on resources and budgets. Similarly, business respondents feel that the provision on data portability may induce consumers to swamp companies with requests to have their personal data made available to them in an agreed format for reuse, putting severe strain on their resources (particularly in the case of SMEs). According to the MOJ s Impact Assessment, the additional cost to business of removing fees for data subjects to access their data depends solely on the cost of responding to a SAR and on the increase in number of SARs. The loss in income from the fee itself is more than offset by the removed cost of administering the fee. The MoJ estimates that removing the 10 fee will increase the number of SARs by 25 40%. The estimated cost of responding to a SAR ranges between per request (though respondents to the MoJ s Call for Evidence from the financial services sector reported costs of per request). The European Commission proposed in 2012 that people should have the "Right to be Forgotten" on the Internet. This was watered down by the European Parliament last year in favour of a "right to erasure" of specific information. The proposal needs the blessing of the 28 European Union governments before it can become law. Google, Facebook and other Internet companies have lobbied against such plans, worried about the extra costs. The issues of privacy and data protection in Europe have become all the more sensitive since a former U.S. intelligence contractor, Edward Snowden, leaked details last year of U.S. surveillance programmes monitoring vast quantities of s and phone records worldwide. The Court of Justice of the European Union (ECJ) upheld the complaint of a Spanish man who objected to the fact that Google searches on his name threw up links to a 1998 newspaper article about the repossession of his home. The case highlighted the struggle in cyberspace between free speech advocates and supporters of privacy rights who say people should have the "Right to be Forgotten" - meaning that they should be able to remove their digital traces from the Internet. The requirement creates technical challenges as well as potential extra costs for companies given they will be required to remove data that are "inadequate, irrelevant or no longer relevant, or excessive in relation to the purposes for which they
4 were processed and in the light of the time that has elapsed. European Justice Commissioner Viviane Reding said that the court ruling vindicated EU efforts to toughen up privacy rules. "Companies can no longer hide behind their servers being based in California or anywhere else in the world," she said. Developments in the United Kingdom The problems with SARs for unstructured electronic data fit uncomfortably with the legislative framework in the United Kingdom. There is no explicit relief in the UK Data Protection Act 1998 for data controllers facing unreasonably broad SARs. Instead, data controllers faced with a subject access request demanding all the personal data held about an individual have tended to rely on other provisions. For example, the data controller can ask the individual for further information necessary to locate the information they seek (section 7(3) of the Act) and need not provide copies of personal data if it would involve disproportionate effort (section 8(2) of the Act). In Ezsias v Welsh Ministers [2007] All ER (D) 65 the High Court decided that it was only necessary to conduct a "reasonable and proportionate" search in response to that subject access request. However, guidance from the Information Commissioner issued at the start of this year suggested that it is still necessary to use extensive efforts to search for personal data but having used those efforts it is not necessary to leave no stone unturned. The guidance also suggests it is necessary to conduct a reasonable search of archived ( non-live ) data, particularly where the individual has provided details of the information they are seeking to locate, but it is not necessary to reconstitute deleted data even if it might be technically possible to do so. Unstructured Electronic Information Whilst the subject access right sounds straightforward, it can be difficult to comply with in practice. Data controllers have had to contend with the growth of unstructured electronic data e.g. s. Responding to broad requests from individuals for all personal data held about them in an unstructured format can be very difficult, if not impossible. There are a number of reasons for this: This normally manifests itself through the selection of appropriate search parameters such as limiting searches to particular systems or mail boxes and using key words or data ranges to further narrow the scope of the search. Ideally, these parameters are agreed with the individual but, if not, the extent to which searches can be limited is controversial. Volume. Some unstructured data sets are huge. Large organisations are likely to have hundreds of millions, if not billions, of s. Searching across such large data sets presents significant logistical challenges. This problem is aggravated by the fact that this data is likely to be stored in a number of different formats (for example, live data, back-ups and archived data). Recovering and restoring backed-up or archived data can be very costly. Lack of indexation. Another common problem with unstructured data is the difficulty of quickly and accurately identifying information about a particular individual. In a traditional structured relational database each individual will normally have a unique identifier allowing rapid location and extraction of information about them. In contrast, individuals in unstructured data can be referred to in a number of ambiguous and
5 duplicate ways. For example, s about John Smith might refer to him as John, JS, Mr Smith etc. Moreover, not every reference to Mr Smith will be to John Smith. Locating and extracting information about a particular individual from unstructured data will normally require an expensive and time consuming manual review. Mixture of information. Finally, unstructured data normally contains a mixture of different types of information. s might contain information on a number of different topics or about a number of different individuals. This again adds to the difficulty of responding to SARs given the need to manually redact irrelevant information from any response (not least to protect the privacy of other individuals identified in that data). Key issues A lack of understanding about the provisions in the EC s proposed general data protection Regulation persists across business. Uncertainty is pervasive across the provisions of the proposed regulation and affects more abstract and unsettled aspects, such as the obligations of data controllers under the socalled Right to be Forgotten, as well as seemingly straightforward changes e.g. those regarding administrative fines and the appointment of Data Protection Officers. The majority of businesses are unable to quantify their current spending in relation to data protection responsibilities under existing law and this persists in relation to estimates for expected future spending under the new proposals. This uncertainty indicates that existing evidence on the financial impact of the regulation is difficult to corroborate. Further research is required to clarify some important issues, e.g. the role of privacy and data protection in determining the level and intensity of consumer participation in online markets. The lack of understanding strongly indicates that there is a key role to play in educating and supporting businesses to increase their awareness and understanding of the forthcoming changes. The priorities for supporting business in implementing the new Regulation should focus on providing guidance on the areas of the new provisions which are shown to be misunderstood for example the Right to be Forgotten, but also the new rules on fines, the appointment of Data Protection Officers, SARs and data portability. Access Data ediscovery The proposed legislation is certain to cause many a sleepless night and require a significant rethink as to how businesses currently manage their data. If it s not given appropriate consideration the costs of meeting these new obligations are likely to spiral and reputational risk increase disproportionately. The key challenge is how a business can ensure that it has unequivocal access to all of the data it requires in a format that can easily be accessed and subsequently manipulated to meet business and regulatory requirements. AD ediscovery provides a fully integrated platform for enterprise-wide search, collection, systemized preservation, processing, data assessment and complete review. It provides robust processing capability which, in-turn, provides a comprehensive and unequivocal response to today s data privacy requirements. It provides Enterprise Collection ; namely it finds and collects needed data from the broadest range of structured and unstructured data sources of any single platform on the market. Using workflow-driven templates, AD ediscovery performs agentless collections from e.g. Google Docs, Gmail Corporate/Administrator, Microsoft Exchange,
6 Microsoft Sharepoint, Oracle, Cloud and Web-Based (IMAP & POP) etc. Relationships are easily mapped between data sources and can schedule collection and processing jobs to begin at your convenience. If any source of data disconnects during a collection, ediscovery automatically picks back up where it left off, eliminating the annoyance and delay of starting over again. This will significantly reduce processing time and you can assign secure web access to AD ediscovery to teams in any location for unlimited collaboration in the processing, culling and analysing of information. With multiple forensic image and native file support of over 700 formats, as well as advanced search, filtering and clustering technology built into the single application, AD ediscovery offers unprecedented, complete coverage and control of your data. KSC and PerformIT working in conjunction with Access Data ediscovery, has developed a unique solution that enables businesses to produce a comprehensive view of their data estate. This will subsequently enable businesses to clearly interpret their respective legal, regulatory and business requirements and consolidate this information into a single reporting repository. There are, of course, numerous associated benefits of doing so and in addition to the peace of mind that your data is under some semblance of control, we have proven that we can dramatically reduce the associated costs of processing SARs and addressing the requirement of Right to be Forgotten. How can we help you? To learn more about how we can assist you, please feel free to contact Mark Child Partner, Technology Risk Management. Tel: +44 (0) mchild@kscllp.co.uk About Kingston Smith Consulting LLP Kingston Smith Consulting (KSC) is the specialist consulting practice of the top 20 accountancy firm Kingston Smith LLP. Established in 2009, KSC provides services in all aspects of Technology Risk Management, Governance and Controls Assurance and Legal and Regulatory Compliance. In addition, we have a team skilled at specialist services such as due diligence, supplier selection and third party management. We maintain strong relationships with allied service providers in order to be your one stop consulting solution. Kingston Smith Consulting LLP Devonshire House, 60 Goswell Road, London EC1M 7AD, UK Telephone +44 (0) Fax +44 (0) info@kscllp.co.uk A list of partners is available for inspection at the above address. Registered in England and Wales as a Limited Liability Partnership: No OC Registered office: Devonshire House, 60 Goswell Road, London EC1M 7AD, UK About PerformIT PerformIT is an IT services company that provides IT Support & Forensic ediscovery services. PerformIT helps companies understand their data landscape and how best to manage it in the face of a changing regulatory landscape. PerformIT 54 Clarendon Road, Watford, Hertfordshire WD17 1DU, UK Telephone +44 (0) info@performit.uk.com Registered in England and Wales: No Registered office: 17 Cosgrove Road, Old Stratford, Milton Keynes MK19 6AG, UK
AD ediscovery +INTUITIVE +ROBUST +CONSISTENT +SECURE
AD ediscovery +INTUITIVE +ROBUST +CONSISTENT +SECURE AD ediscovery brings IT and Legal teams together like never before, in a single, fully integrated platform for enterprise-wide search, collection, systemized
More informationImplications of the European Commission s proposal for a general data protection regulation for business
Implications of the European Commission s proposal for a general data protection regulation for Final report to the Information Commissioner s Office Prepared by May 2013 About is one of Europe's leading
More informationFactsheet on the Right to be
101010 100101 1010 101 Factsheet on the Right to be 100 Forgotten ruling (C-131/12) 101 101 1) What is the case about and what did 100 the Court rule? 10 In 2010 a Spanish citizen lodged a complaint against
More informationAre CAATs keeping you awake at night?
Are CAATs keeping you awake at night? SUMMARY: The importance of using Computer-Assisted Audit Techniques is discussed. A challenge is made regarding the audit profession s traditional methodology. The
More informationPrivacy & Data Security: The Future of the US-EU Safe Harbor
Privacy & Data Security: The Future of the US-EU Safe Harbor NAOMI MCBRIDE, LISA J. SOTTO AND BRIDGET TREACY, HUNTON & WILLIAMS LLP, WITH PRACTICAL LAW US INTELLECTUAL PROPERTY & TECHNOLOGY AND UK IP&IT
More informationAN INSIDE VIEW FROM THE EU EXPERT GROUP ON CLOUD COMPUTING
AN INSIDE VIEW FROM THE EU EXPERT GROUP ON CLOUD COMPUTING 1. Overview and Background On 27 September 2012, the European Commission adopted a strategy for "Unleashing the potential of cloud computing in
More informationI. Personal data and its use in the business to business environment.
RESPONSE FROM THE DIRECT MARKETING ASSOCIATION (UK) LTD. TO THE EUROPEAN COMMISSION'S CONSULTATION ON THE IMPLEMENTATION OF DIRECTIVE 95/46 EC ON THE PROTECTION OF INDIVIDUALS WITH REGARD TO THE PROCESSING
More informationInvestigating the prevalence of unsecured financial, health and personally identifiable information in corporate data
Nuix And EDRM Case Study: Removing PII from Nuix the and EDRM EDRM Enron Case Data Study Set Removing PII from the EDRM Enron Data Set Investigating the prevalence of unsecured financial, health and personally
More informationCourt of Justice of the European Union PRESS RELEASE No 70/14
Court of Justice of the European Union PRESS RELEASE No 70/14 Luxembourg, 13 May 2014 Press and Information Judgment in Case C-131/12 Google Spain SL, Google Inc. v Agencia Española de Protección de Datos,
More informationInsurance Europe key messages on the European Commission's proposed General Data Protection Regulation
Position Paper Insurance Europe key messages on the European Commission's proposed General Data Protection Regulation Our reference: SMC-DAT-12-064 Date: 3 September 2012 Related documents: Proposal for
More informationPrivacy in the Cloud: Data Protection and Security in Cloud Computing
SPEECH/11/859 Viviane REDING Vice-President of the European Commission, EU Justice Commissioner Privacy in the Cloud: Data Protection and Security in Cloud Computing Round-table High Level conference on
More informationSafe Harbour Agreement no longer a valid basis for EEA to US transfers of personal data
Jisc Safe Harbour NOTE ON THE COURT OF JUSTICE OF THE EUROPEAN UNION'S JUDGMENT ON 'SAFE HARBOUR' ARRANGEMENTS FOR THE TRANSFER OF PERSONAL DATA FROM THE EEA TO THE USA KEY POINTS Safe Harbour Agreement
More informationEmail archives: no longer fit for purpose?
RESEARCH PAPER Email archives: no longer fit for purpose? Most organisations are using email archiving systems designed in the 1990s: inflexible, non-compliant and expensive May 2013 Sponsored by Contents
More informationEU Data Protection and Information Security for Banking & Financial Service sectors 4 th December 2014
EU Data Protection and Information Security for Banking & Financial Service sectors 4 th December 2014 Janine Regan, Associate George Willis, Associate charlesrussellspeechlys.com Janine Regan Associate
More informationThe Smart Archive strategy from IBM
The Smart Archive strategy from IBM IBM s comprehensive, unified, integrated and information-aware archiving strategy Highlights: A smarter approach to archiving Today, almost all processes and information
More informationRecruitment Sector. Consultation on prohibiting employment agencies and employment businesses from advertising jobs exclusively in other EEA countries
Recruitment Sector Consultation on prohibiting employment agencies and employment businesses from advertising jobs exclusively in other EEA countries JULY 2014 Contents Contents... 2 Prohibiting employment
More informationThe evolution of data archiving
The evolution of data archiving 1 1 How archiving needs to change for the modern enterprise Today s enterprises are buried by data, and this problem is being exacerbated by the unfettered growth of unstructured
More informationPolicy Statement. Employee privacy, data protection and human resources. Prepared by the Commission on E-Business, IT and Telecoms. I.
International Chamber of Commerce The world business organization Policy Statement Employee privacy, data protection and human resources Prepared by the Commission on E-Business, IT and Telecoms I. Introduction
More informationWHITE PAPER. Deficiencies in Traditional Information Management
WHITE PAPER Deficiencies in Traditional Information Management Table of Contents 3 Abstract 3 Information Management Defined 7 Problems with Traditional Approaches 8 Conclusion Table of Figures 5 Figure
More informationData and Cyber Laws Up-date 9 July 2015
Data and Cyber Laws Up-date 9 July 2015 Janine Regan Alexia Zuber Viktoria Protokova Simon Holdsworth charlesrussellspeechlys.com Topics Updates on the key aspects of, and commentary on, the proposed GDPR
More informationData Protection Working Group. Final Report on the Draft Data Protection Bill
Data Protection Working Group Final Report on the Draft Data Protection Bill Background In August 2009, upon a request from the Hon. Attorney General, the Governor-in-Cabinet established a Data Protection
More informationMulti-Jurisdictional Study: Cloud Computing Legal Requirements. Julien Debussche Associate January 2015
Multi-Jurisdictional Study: Cloud Computing Legal Requirements Julien Debussche Associate January 2015 Content 1. General Legal Framework 2. Data Protection Legal Framework 3. Security Requirements 4.
More informationEU Competition Law. Article 101 and Article 102. January 2010. Contents
EU Competition Law January 2010 Contents Article 101 The requirements of Article 101(1) Exemptions under Article 101(3) Article 102 Dominant position Abuse of a dominant position Procedural issues Competition
More informationRegulated Mortgages. March 2012
Regulated Mortgages March 2012 1 Introduction Since 31 October 2004, Regulated Mortgage Contracts have been subject to statutory control, supervised by the Financial Services Authority ("FSA"). Under Section
More informationMr Ronald S Boster Acting Secretary Public Company Accounting Oversight Board 1666 K Street, NW USA-Washington, DC 20006-2803.
Date Secrétariat Fédération Rue de la Loi 83 Général des Experts 1040 Bruxelles 31 March 2003 Comptables Tél. 32 (0) 2 285 40 85 Européens Fax: 32 (0) 2 231 11 12 E-mail: secretariat@fee.be Mr Ronald S
More informationHSE: Frequently Asked Questions
HSE: Frequently Asked Questions Q1 - What is GHS? A GHS refers to the United Nations (UN) Globally Harmonised System of Classification and Labelling of Chemicals. The UN published GHS in its publication
More informationIntellectual Property & Data Protection 2015: Legal developments you need to know about
Intellectual Property & Data Protection 2015: Legal developments you need to know about Welcome This is a short guide to some of the key legal developments for intellectual property and data protection
More informationTime limits for compliance under the Freedom of Information Act (Section 10)
ICO lo Time limits for compliance under the Freedom of Information Act (Section 10) Freedom of Information Ac t Contents Introduction... 2 Overview... 2 What FOIA says... 3 Refusing requests... 5 The obligation
More informationUK Data Protection Newsletter June 2015
UK Data Protection Newsletter June 2015 Headlines this month: n Data Protection reform update n New regulation must not lower data protection standards n Raid on Manchester Call Centre n Recent data breaches
More informationINQUIRY ON THE PUBLIC SERVICE OMBUDSMAN FOR WALES Dr Richard Kirkham, School of Law, University of Sheffield 20 March 2015 Some introductory comments
INQUIRY ON THE PUBLIC SERVICE OMBUDSMAN FOR WALES Dr Richard Kirkham, School of Law, University of Sheffield 20 March 2015 Some introductory comments 1. As well as writing extensively on the Ombudsman,
More informationCybercrime: risks, penalties and prevention
Cybercrime: risks, penalties and prevention Cyber attacks have been appearing in the news with increased frequency and recent victims of cybercrime have included well-known companies such as Sony, LinkedIn,
More informationwww.gov.uk/government/consultations/ship-recycling-authorising-uk-facilities-to-work-oneu-flagged-ships
www.gov.uk/defra Consultation on proposed measures to implement elements of EU regulation 1257/2013 on ship recycling relating to the authorisation of UK ship recycling facilities Summary of response and
More informationUnleashing the Potential of Cloud Computing in Europe - What is it and what does it mean for me?
EUROPEAN COMMISSION MEMO Brussels, 27 September 2012 Unleashing the Potential of Cloud Computing in Europe - What is it and what does it mean for me? See also IP/12/1025 What is Cloud Computing? Cloud
More informationRegulation of Insolvency Practitioners
1 Regulation of Insolvency Practitioners Regulatory Impact Statement EXECUTIVE SUMMARY Under insolvency, the main issue is that there is rarely enough money to pay all the creditors everything they are
More informationEXPLANATORY MEMORANDUM TO THE DATA RETENTION (EC DIRECTIVE) REGULATIONS 2007. 2007 No. 2199
EXPLANATORY MEMORANDUM TO THE DATA RETENTION (EC DIRECTIVE) REGULATIONS 2007 2007 No. 2199 1. This explanatory memorandum has been prepared by the Home Office and is laid before Parliament by Command of
More informationNew EU Data Protection legislation comes into force today. What does this mean for your business?
24 th May 2016 New EU Data Protection legislation comes into force today. What does this mean for your business? After years of discussion and proposals, the General Data Protection Regulation ( GDPR )
More informationCOMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS
EUROPEAN COMMISSION Brussels, XXX [ ](2011) XXX draft COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS
More informationslaughter and may The new EU Data Protection Regulation revolution or evolution?
slaughter and may The new EU Data Protection Regulation revolution or evolution? BRIEFING April 2012 Reform of Europe s data protection regime moved one step closer this January with the publication of
More informationQUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN 18 085 048 237. better health cover shouldn t hurt
QUEENSLAND COUNTRY HEALTH FUND privacy policy Queensland Country Health Fund Ltd ABN 18 085 048 237 better health cover shouldn t hurt 1 2 contents 1. Introduction 4 2. National Privacy Principles 5 3.
More informationThe Impact of EU Data Protection Legislation. Thomas Rivera Hitachi Data Systems
Privacy PRESENTATION vs Data TITLE Protection: GOES HERE The Impact of EU Data Protection Legislation Thomas Rivera Hitachi Data Systems SNIA Legal Notice The material contained in this tutorial is copyrighted
More informationE U R O P E A N E C O N O M I C A R E A
E U R O P E A N E C O N O M I C A R E A S T A N D I N G C O M M I T T E E O F T H E E F T A S T A T E S Distribution: EEA EFTA 20 March 2012 SUBCOMMITTEE I ON THE FREE MOVEMENT OF GOODS EEA EFTA Comment
More informationCompany Investigations What we do.
Company Investigations What we do. What we do Company Investigations has the power to investigate limited companies where information we receive suggests corporate abuse; this may include serious misconduct,
More informationCAPABILITY STATEMENT LEGAL TECHNOLOGIES AND COMPUTER FORENSICS. www.controlrisks.com DECEMBER 2013
LEGAL TECHNOLOGIES AND COMPUTER FORENSICS DECEMBER 2013 Copyright Control Risks. All rights reserved. This document cannot be reproduced without the express written permission of Control Risks. Any reproduction
More informationSubject Access Request Procedure (Data Protection) Doc No IMPR04 Rev 2 27/07/11. 1.0 Scope. 2.0 Responsibilities and Definitions
Doc No IMPR04 1.0 Scope The Data Protection Act 1998 (DPA) provides individuals with rights in connection with personal data held about them. It provides those individuals with a right of access to that
More informationData Protection Act. Conducting privacy impact assessments code of practice
Data Protection Act Conducting privacy impact assessments code of practice 1 Conducting privacy impact assessments code of practice Data Protection Act Contents Information Commissioner s foreword... 3
More informationInto the Cloud: How will the Draft EU Data Protection Regulation affect cloud computing service providers and users?
10 Juni 2013 Taylor Wessing - Essay Competition 2013 Into the Cloud: How will the Draft EU Data Protection Regulation affect cloud computing service providers and users? by Katarina Kesselová, LLM. Introduction
More informationMiddle Temple. case study
case study Norisco Backup and Data Recovery as a Service protects a historic Inn of Court This modern institution with a progressive outlook has a long and distinguished history, is one of four Inns of
More informationData controllers and data processors: what the difference is and what the governance implications are
ICO lo : what the difference is and what the governance implications are Data Protection Act Contents Introduction... 3 Overview... 3 Section 1 - What is the difference between a data controller and a
More informationCOMPLIANCE BENEFITS OF SAP ARCHIVING
O P E R AT I O NA L A N D COMPLIANCE BENEFITS OF SAP ARCHIVING A article sponsored by EMC Author: Jarad Carleton, Senior Consultant ICT Practice Partnering with clients to create innovative growth strategies
More informationCYBER RISK SECURITY, NETWORK & PRIVACY
CYBER RISK SECURITY, NETWORK & PRIVACY CYBER SECURITY, NETWORK & PRIVACY In the ever-evolving technological landscape in which we live, our lives are dominated by technology. The development and widespread
More informationCyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft
Cyber Security and Privacy Services Working in partnership with you to protect your organisation from cyber security threats and data theft 2 Cyber Security and Privacy Services What drives your security
More informationHOW TO HANDLE A WHISTLEBLOWER REPORT IN THE EU
HOW TO HANDLE A WHISTLEBLOWER REPORT IN THE EU 10 April 2014 Monica Salgado Advogada registered with the Portuguese Ordem dos Advogados Registered European Lawyer with the SRA Kirsti Laird Solicitor, (qualified
More informationInformation Governance in Dental Practices. Summary of findings from ICO reviews. September 2015
Information Governance in Dental Practices Summary of findings from ICO reviews September 2015 Executive summary The Information Commissioner s Office (ICO) is the regulator responsible for ensuring that
More informationPreliminary submission (prior to Oral Examination) by Gareth G Morgan Professor of Charity Studies, Sheffield Hallam University 20 November 2014
To: Joint Committee on the Draft Protection of Charities Bill Preliminary submission (prior to Oral Examination) by Gareth G Morgan Professor of Charity Studies, Sheffield Hallam University 20 November
More informationSUBJECT ACCESS REQUEST
DATA PROTECTION ACT 1998 SUBJECT ACCESS REQUEST Procedure Manual 1 Invest NI Subject Access Request Procedure Manual 1. Introduction 1.1 What is a Subject Access Request? 1.2 Routine Requests 1.3 What
More informationBCS, The Chartered Institute for IT Consultation Response to:
BCS, The Chartered Institute for IT Consultation Response to: A Comprehensive Approach to Personal Data Protection in the European Union Dated: 15 January 2011 BCS The Chartered Institute for IT First
More informationFinancial services mis-selling: regulation and redress
Report by the Comptroller and Auditor General Financial Conduct Authority and Financial Ombudsman Service Financial services mis-selling: regulation and redress HC 851 SESSION 2015-16 24 FEBRUARY 2016
More informationPrivacy and Transparency for Consumer Trust and Consumer Centrality
1 1 2 2 Ecommerce Europe is the association representing around 5000+ companies selling products and/or services online to consumers in Europe. Ecommerce Europe is a major stakeholder in policy issues
More informationFIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS
FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS As a world leader in electronic commerce and payment services, First Data Corporation and its subsidiaries ( First Data entity or entities ),
More informationMailStore Server Sales Guide. Email Archiving ediscovery Compliance Email Backup Data Loss Protection Lower IT Costs
MailStore Server Sales Guide Email Archiving ediscovery Compliance Email Backup Data Loss Protection Lower IT Costs Introduction For most companies, email is not only the most important way of communicating,
More informationCORK INSTITUTE OF TECHNOLOGY
CORK INSTITUTE OF TECHNOLOGY DATA PROTECTION POLICY APPROVED BY GOVERNING BODY ON 30 APRIL 2009 INTRODUCTION Cork Institute of Technology is committed to a policy of protecting the rights and privacy of
More informationPROVINCE OF BRITISH COLUMBIA. Summary Review. Anti-Money Laundering Measures at BC Gaming Facilities
PROVINCE OF BRITISH COLUMBIA Summary Review Anti-Money Laundering Measures at BC Gaming Facilities February 2011 2 P a g e EXECUTIVE SUMMARY In early January 2011, a series of news reports ran on cash
More informationCivil Rights, Security and Consumer Protection in the EU
Internationale Politikanalyse Internationale Politikanalyse International Policy Analysis European Integration Working Group* Civil Rights, Security and Consumer Protection in the EU Civil Liberties: Data
More informationBig Data for Mutuals. Marc Dautlich 25 November 2013
Big Data for Mutuals Marc Dautlich 25 November 2013 Agenda BIG DATA What is it? OPPORTUNITIES What are they? LEGAL CHALLENGES How do we overcome them? LEGAL REFORM What can we do now to minimise impact?
More informationEuropean Union Law and Online Gambling by Marcos Charif
With infringement proceedings, rulings by the European Court of Justice (ECJ) and the ongoing lack of online gambling regulation at EU level, it is important to understand the extent to which member states
More informationLobbying: Sweet Smell of Success?
Lobbying: Sweet Smell of Success? A case study on the transparency of lobbying around sugar regulation in the European Union and Spain 1. Introduction It is essential that government decision making be
More informationHaving regard to the Charter of Fundamental Rights of the European Union, and in particular Articles 7 and 8 thereof,
Opinion of the European Data Protection Supervisor on the Commission Proposal for a Directive of the European Parliament and of the Council amending Directive 2007/36/EC as regards the encouragement of
More informationEU Data Protection Directive and U.S. Safe Harbor Framework: An Employer Update. By Stephen H. LaCount, Esq.
EU Data Protection Directive and U.S. Safe Harbor Framework: An Employer Update By Stephen H. LaCount, Esq. Overview The European Union Data Protection Directive 95/46/EC ( Directive ) went effective in
More informationLoan Car Legal Cover Terms and Conditions
Loan Car Legal Cover Terms and Conditions As a Loan Car Driver, you also benefit from legal expenses cover. Legal expenses cover pays the legal costs and expenses of any legal proceedings to recover uninsured
More informationOffices across the Midlands see our website for more details. For more information, please call: 0845 894 8966. www.baldwinsaccountants.co.
Offices across the Midlands see our website for more details For more information, please call: 0845 894 8966 ACTIVE PRACTICE UPDATES FEBRUARY 2015 Choosing a company secretary This guide looks at the
More informationPrivacy and Cloud Computing for Australian Government Agencies
Privacy and Cloud Computing for Australian Government Agencies Better Practice Guide February 2013 Version 1.1 Introduction Despite common perceptions, cloud computing has the potential to enhance privacy
More informationThe Data Protection Landscape. Before and after GDPR: General Data Protection Regulation
The Data Protection Landscape Before and after GDPR: General Data Protection Regulation Data Protection regulations across Europe Current regulations & guidance European Directives 95/46/EC (Data Protection)
More informationGet in on the Act. The Care Act 2014. Corporate
Get in on the Act The Care Act 2014 Corporate Get in on the Act The Care Act 2014 Background The Care Act was first published as a Bill in the House of Lords on 9 May 2013, following prelegislative scrutiny.
More informationInstitute for Judicial and Legal Studies
Institute for Judicial and Legal Studies «The Data Protection Reform for Mauritius» Presented by Mrs Drudeisha Madhub (Data Protection Commissioner) Email: pmo-dpo@mail.gov.mu Tel:+230 201 36 04 Helpdesk:+230
More informationA 15-Minute Guide to 15-MINUTE GUIDE
A 15-Minute Guide to Retention Management 15-MINUTE GUIDE Foreword For you as a business professional, time is a precious commodity. You spend much of your day distilling concepts, evaluating options,
More informationContracting for Cloud Computing
Contracting for Cloud Computing Geofrey L Master Mayer Brown JSM Partner +852 2843 4320 geofrey.master@mayerbrownjsm.com April 5th 2011 Mayer Brown is a global legal services organization comprising legal
More informationData Protection for Fundraisers
The Charity First Series Data Protection for Fundraisers Lawrence Simanowitz and Mairéad O Reilly The Charity First series aims to provide practical and straightforward guidance on the challenges confronting
More informationWho s next after TalkTalk?
Who s next after TalkTalk? Frequently Asked Questions on Cyber Risk Fraud threat to millions of TalkTalk customers TalkTalk cyber-attack: website hit by significant breach These are just two of the many
More informationLINES SECTOR MARKET INSURANCE AND LONDON COMMERCIAL THE ABI WORKING FOR YOU. @BritishInsurers abi.org.uk Follow us on Twitter @BritishInsurers
ABI WORKING FOR YOU COMMERCIAL LINES AND LONDON MARKET INSURANCE SECTOR THE ABI WORKING FOR YOU 3 @BritishInsurers abi.org.uk Follow us on Twitter @BritishInsurers The ABI Working for you We know how important
More informationStakeholder workshop Central government. Thursday 26 March 2015
Stakeholder workshop Central government Thursday 26 March 2015 Welcome Sue Markey Government and Society Team Strategic Liaison Introductions This afternoon s programme 13.30 14.20 Data Protection and
More informationWritten evidence for the Department of Business, Innovation and Skills: a small business commissioner
Written evidence for the Department of Business, Innovation and Skills: a small business commissioner About ACCA ACCA is the global body for professional accountants. We aim to offer business-relevant,
More informationGovernment Response to the Call for Evidence
CONVENTION ON INTERNATIONAL INTERESTS IN MOBILE EQUIPMENT AND PROTOCOL THERETO ON MATTERS SPECIFIC TO AIRCRAFT EQUIPMENT Government Response to the Call for Evidence DECEMBER 2013 Contents Contents...2
More informationSubject access code of practice
Data protection Subject access code of practice Dealing with requests from individuals for personal information Contents 3 Contents 1. About this code of practice 4 Purpose of the code 4 Who should use
More informationHow To Respond To The Share Buy Backs And Share Buybacks Consultation
Our Ref JMG/RWC Darren Walcott Business Environment Directorate Department for Business, Innovation and Skills 1 Victoria Street London SW1H 0ET 15 November 2012 National Office Grant Thornton UK LLP Grant
More informationData Protection Ensuring high level of privacy while promoting business innovation and competition
Data Protection Ensuring high level of privacy while promoting business innovation and competition Tele2 AB, Skeppsbron 18 P.O Box 2094, SE-103 13 STOCKHOLM, SWEDEN Tel +46 8 5620 0000, Fax +46 8 5620
More informatione-disclosure Take the driver s seat
e-disclosure Take the driver s seat 1 Building a litigation case can bring with it a number of challenges especially when it comes to e-disclosure. Whether you have completed many cases requiring e-disclosure,
More informationSafeMail April 2015. SafeMail Helping your business reach further with email hosted at UK based, ISO 27001, Tier 4 data centres.
SafeMail April 2015 Secure cloud solutions with guaranteed UK data sovereignty. SafeMail Helping your business reach further with email hosted at UK based, ISO 27001, Tier 4 data centres. Detailing the
More informationCHANGES IN THE WORLD OF CLAIMS MANAGEMENT FROM DEBTORS TO CUSTOMERS
CHANGES IN THE WORLD OF CLAIMS MANAGEMENT FROM DEBTORS TO CUSTOMERS Andreas Aumüller, President of FENCA Federation of European National Collection Associations CONSUMER CREDIT INDUSTRY Annual Convention
More informationSummary of responses to the public consultation on Cloud computing run by CNIL from October to December 2011 and analysis by CNIL
Summary of responses to the public consultation on Cloud computing run by CNIL from October to December 2011 and analysis by CNIL 1. Definition of Cloud Computing In the public consultation, CNIL defined
More informationChanges to Consumer Credit Regulation
A Guide for Motor Dealers Introduction Motor Dealers are invariably also credit brokers and are currently required to be licensed by the Office of Fair Trading (OFT) for (at least) their credit broking
More informationUK Government call for views
DRAFT DIRECTIVES ON THE ONLINE SALE OF DIGITAL CONTENT AND TANGIBLE GOODS UK Government call for views JANUARY 2016 Contents Draft Directives on the online sale of digital content and tangible goods...
More informationSummary of replies to the public consultation on crossborder inheritance tax obstacles within the EU and possible solutions
EUROPEAN COMMISSION DIRECTORATE-GENERAL TAXATION AND CUSTOMS UNION ANALYSES AND TAX POLICIES Direct tax policy & co-operation Brussels, Summary of replies to the public consultation on crossborder inheritance
More informationMemorandum of Understanding between the Competition and Markets Authority and the Crown Office and Procurator Fiscal Service.
Memorandum of Understanding between the Competition and Markets Authority and the Crown Office and Procurator Fiscal Service Introduction July 2014 1. This Memorandum of Understanding (MOU) records the
More informationPERSONAL INJURIES ASSESSMENT BOARD DATA PROTECTION CODE OF PRACTICE
PERSONAL INJURIES ASSESSMENT BOARD DATA PROTECTION CODE OF PRACTICE ADOPTED ON 9 th January 2008 TABLE OF CONTENTS Page No. 1 Introduction...3 2 Glossary...3 3 Types of Personal Data held by Us...3 4 Obligations
More informationSection 1: Development of the EU s competence in the field of police and judicial cooperation in criminal matters
CALL FOR EVIDENCE ON THE GOVERNMENT S REVIEW OF THE BALANCE OF COMPETENCES BETWEEN THE UNITED KINGDOM AND THE EUROPEAN UNION Police and Criminal Justice LEGAL ANNEX Section 1: Development of the EU s competence
More informationEmployers' Liability Insurance Notice of Change
Employers' Liability Insurance Employers' Liability Insurance Significant Policy Cover Changes Your policy has been revised as a response to a need to update and/or clarify cover. The undernoted summarizes
More informationCorporations Take Control of E-Discovery
Guidance Software Whitepaper Corporations Take Control of E-Discovery Chris Dale edisclosure Information Project What Does Your In-House E-Discovery Look Like? 53% indicate a GROWING CASE LOAD 55 % review
More informationAlign Technology. Data Protection Binding Corporate Rules Controller Policy. 2014 Align Technology, Inc. All rights reserved.
Align Technology Data Protection Binding Corporate Rules Controller Policy Contents INTRODUCTION 3 PART I: BACKGROUND AND ACTIONS 4 PART II: CONTROLLER OBLIGATIONS 6 PART III: APPENDICES 13 2 P a g e INTRODUCTION
More informationReduce Engineering Project Complexity
M A Y 2 0 1 3 Reduce Engineering Project Complexity Engineering Document Management Enables Secure Collaboration and Concurrent Design and Revision Control In a recent industry survey conducted with PennEnergy,
More informationCloud Computing Hits Snag in Europe
Cloud Computing Hits Snag in Europe By KEVIN J. O'BRIEN Published: September 19, 2010 BERLIN in the world of ideas, cloud computing has the potential to revolutionize the way people work. Spain Is Ripe
More information