EU Data Protection and Information Security for Banking & Financial Service sectors 4 th December 2014

Size: px
Start display at page:

Download "EU Data Protection and Information Security for Banking & Financial Service sectors 4 th December 2014"

Transcription

1 EU Data Protection and Information Security for Banking & Financial Service sectors 4 th December 2014 Janine Regan, Associate George Willis, Associate charlesrussellspeechlys.com

2 Janine Regan Associate Janine Regan, a solicitor in the data protection team, advises on global data protection compliance and outsourcing projects for multinationals in sectors such as financial services pharmaceutical, construction and marketing and advertising. Janine is also a Certified Information Privacy Professional for Europe. Very impressive data privacy knowledge Client Tel: +44 (0)

3 George Willis Associate George Willis, a solicitor in the team, has particular experience in data protection issues relating to the financial services sector, having recently completed a six month secondment at a global investment bank. George balances technical ability with a commercial approach Client Tel: +44 (0)

4 EU Data Protection and Information Security for Banking & Financial Service sectors Topics 1. Data Protection in Ts&Cs 2. Disclosing personal data to a foreign regulator / the police / HMRC 3. Principles for the Reporting of Arrears, Arrangement and Defaults at Credit Reference Agencies 4. SARs (incl. Elliott v Lloyds TSB) 5. FS under proposed GDPR 6. Consequences for non-compliance 4

5 1. Data Protection in Ts&Cs

6 Data Protection in Ts&Cs Customer Ts&Cs Consent ICO Guidance: Direct marketing: organisations will need to be able to demonstrate that consent was knowingly given, clear and specific, and should keep clear records of consent Data analytics : the complexity of big data analytics is not an excuse for failing to obtain consent where it is required 09 December

7 Data Protection in Ts&Cs Customer Ts&Cs GDPR Consent to be explicit and opt-in Pre-ticked boxes or continued use of a service not sufficient 09 December

8 Data Protection in Ts&Cs Vendor contracts Don t compromise on data protection provisions Target data breach - millions of customers' credit and debit card information accessed via third party systems 09 December

9 2. Disclosing personal data to a foreign regulator / the police / HMRC

10 Disclosing personal data to a foreign regulator / the police / HMRC You are only required to disclose personal data to a regulator if you are under a legal obligation to do so Example An employer is legally required to disclose details of its employees pay to HMRC in the usual course of administering its PAYE arrangements. The employer may disclose this information irrespective of any objection which an employee may raise. 09 December

11 Disclosing personal data to a foreign regulator / the police / HMRC but they say that the request is to prevent crime / fraud and that under section 29 of the DPA we are required to disclose it Data protection law does not compel the disclosure of personal data 09 December

12 Disclosing personal data to a foreign regulator / the police / HMRC but they say that the request is for regulatory purposes 09 December

13 Disclosing personal data to a foreign regulator / the police / HMRC Under the EU Parliament s version of the proposed general DP Regulation Article 43a(1): No judgment of a court or tribunal and no decision of an administrative authority of a third country requiring a controller or processor to disclose personal data shall be recognised or be enforceable in any manner, without prejudice to a mutual legal assistance treaty or an international agreement in force between the requesting third country and the Union or a Member State Article 43a(2): Where a judgment of a court or tribunal or a decision of an administrative authority of a third country requests a controller or processor to disclose personal data, the controller or processor and, if any, the controller s representative, shall notify the supervisory authority of the request without undue delay and must obtain prior authorisation for the transfer of disclosure by the supervisory authority 09 December

14 3. Principles for the Reporting of Arrears, Arrangements and Defaults at Credit Reference Agencies

15 Principles for the Reporting of Arrears, Arrangements and Defaults at Credit Reference Agencies Keith Smearton v Equifax [2013] EWCA Civ 108. The judge held that: 1. Equifax had breached the DPA, in particular the fourth principle (accuracy of data), the first principle (fair processing) and the fifth principle (retention of personal data) on the basis that Equifax had failed to take reasonable steps to ensure the accuracy of its data 2. Equifax owed Smearton a duty of care in tort, which was co-extensive with its duties under the DPA 3. Equifax s breaches of duty caused Smearton loss, in that they prevented Smearton s record company from obtaining a loan in and after mid December

16 Principles for the Reporting of Arrears, Arrangements and Defaults at Credit Reference Agencies Published by the Information Commissioner s Office on 1 Jan 2014 in collaboration with the credit industry, including CRAs and trade associations Purpose is to set out the principles under which information about arrears, arrangements and defaults are filed with the CRAs Addressed to Consumers but will be of interest to regulators, lenders and consumers and their representatives 09 December

17 Principles for the Reporting of Arrears, Arrangements and Defaults at Credit Reference Agencies 1. Data that is reported on a credit file must be fair, accurate, consistent, complete and up to date 2. Should a payment not be made as expected, information to reflect this should be reflected on the credit file 3. If an individual offers or makes a reduced payment, how it is reported will depend on whether it is agreed with the lender 4. If an individual falls in to arrears or does not keep to the revised terms of an arrangement, a default may be recorded to show that the relationship has broken down 5. When an account is closed, the record should properly reflect the closing payment status of the account and any agreement between the parties. 09 December

18 Principles for the Reporting of Arrears, Arrangements and Defaults at Credit Reference Agencies Published September December

19 Principles for the Reporting of Arrears, Arrangements and Defaults at Credit Reference Agencies 09 December

20 4. Subject Access Requests

21 SARs (incl. Elliott v Lloyds TSB) SAR Framework Rights (s7-9a DPA) Personal data (Act vs Durant) Search parameters reasonable and proportionate (Ezsias v Welsh Ministers [2007]), or extensive efforts, leave no stone unturned (ICO)? 09 December

22 SARs (incl. Elliott v Lloyds TSB) Elliott v Lloyds Two key issues Improper purpose? Proportionate search? 09 December

23 5. Financial Services under the proposed general data protection Regulation

24 FS under proposed GDPR GDPR 10 Oct 2014 Council of EU agreed partial general approach on Chap IV GDPR (obligations on controllers and processors) Could be in force by December

25 FS under proposed GDPR Breach Notification Reminder on current position (UK, Germany, Russia, Italy) Articles 31 and 32 GDPR will impose data breach reporting requirements on all data controllers. Data breaches must be notified to the DPA within 72 hours DPA will keep public register Breaches may also need to be notified to the affected individuals 09 December

26 FS under proposed GDPR Obligations on processors Processors required to comply with the GDPR. More of a level playing field with controllers. 09 December

27 FS under proposed GDPR Appointment of DPO Articles 35-37: Mandatory for certain businesses (5000 subjects in consecutive 12-months?) Minimum terms (4 years for internally appointed, 2 for externally) expert knowledge of data protection law 09 December

28 FS under proposed GDPR Fines Up to 5% of annual worldwide turnover or EUR 100m (whichever is greater) DPAs will have the power to investigate organisations without prior notice. 09 December

29 6. The Cost of Non- Compliance

30 Consequences for non-compliance 09 December

31 Consequences for non-compliance 09 December

32 Consequences for non-compliance 09 December

33 Consequences for non-compliance 09 December

34 Consequences for non-compliance 09 December

35 Consequences for non-compliance 09 December

36 Consequences for non-compliance 09 December

37 Consequences for non-compliance 09 December

38 Janine Regan George Willis charlesrussellspeechlys.com

The Data Protection Landscape. Before and after GDPR: General Data Protection Regulation

The Data Protection Landscape. Before and after GDPR: General Data Protection Regulation The Data Protection Landscape Before and after GDPR: General Data Protection Regulation Data Protection regulations across Europe Current regulations & guidance European Directives 95/46/EC (Data Protection)

More information

New EU Data Protection legislation comes into force today. What does this mean for your business?

New EU Data Protection legislation comes into force today. What does this mean for your business? 24 th May 2016 New EU Data Protection legislation comes into force today. What does this mean for your business? After years of discussion and proposals, the General Data Protection Regulation ( GDPR )

More information

Data and Cyber Laws Up-date 9 July 2015

Data and Cyber Laws Up-date 9 July 2015 Data and Cyber Laws Up-date 9 July 2015 Janine Regan Alexia Zuber Viktoria Protokova Simon Holdsworth charlesrussellspeechlys.com Topics Updates on the key aspects of, and commentary on, the proposed GDPR

More information

Using Your Personal Information

Using Your Personal Information Important Using Your Personal Information A guide to how your personal information may be used by the Virgin Money Group and other organisations such as Credit Reference and Fraud Prevention Agencies.

More information

Multi-Jurisdictional Study: Cloud Computing Legal Requirements. Julien Debussche Associate January 2015

Multi-Jurisdictional Study: Cloud Computing Legal Requirements. Julien Debussche Associate January 2015 Multi-Jurisdictional Study: Cloud Computing Legal Requirements Julien Debussche Associate January 2015 Content 1. General Legal Framework 2. Data Protection Legal Framework 3. Security Requirements 4.

More information

CHANGES IN THE WORLD OF CLAIMS MANAGEMENT FROM DEBTORS TO CUSTOMERS

CHANGES IN THE WORLD OF CLAIMS MANAGEMENT FROM DEBTORS TO CUSTOMERS CHANGES IN THE WORLD OF CLAIMS MANAGEMENT FROM DEBTORS TO CUSTOMERS Andreas Aumüller, President of FENCA Federation of European National Collection Associations CONSUMER CREDIT INDUSTRY Annual Convention

More information

OUTSOURCING, HOSTING AND DATA PRIVACY ISSUES

OUTSOURCING, HOSTING AND DATA PRIVACY ISSUES OUTSOURCING, HOSTING AND DATA PRIVACY ISSUES 4 April 2013 James Castro-Edwards Solicitor Monica Salgado Advogada / Portuguese Lawyer OUR TEAM Speechly Bircham is an ambitious, full-service law firm with

More information

GDPR & Service Providers ( Cloud Focus )

GDPR & Service Providers ( Cloud Focus ) OASIS / EEMA Digital Enterprise Europe 2015 Building Trust in the Hyperconnected World 8 July 2015 GDPR & Service Providers ( Cloud Focus ) Kuan Hon Senior Researcher, Cloud Legal Project & Microsoft Cloud

More information

GDPR & Cloud Providers Keynote Presentation

GDPR & Cloud Providers Keynote Presentation Cloudscape VII 9 March 2015 GDPR & Cloud Providers Keynote Presentation Kuan Hon Research Consultant, Cloud Legal Project & MCCRC Centre for Commercial Law Studies Queen Mary, University of London w.k.hon@qmul.ac.uk

More information

Cloud computing and personal data protection. Gwendal LE GRAND Director of technology and innovation CNIL

Cloud computing and personal data protection. Gwendal LE GRAND Director of technology and innovation CNIL Cloud computing and personal data protection Gwendal LE GRAND Director of technology and innovation CNIL 1 Data protection in Europe Directive 95/46/EC Loi 78-17 du 6 janvier 1978 amended in 2004 (France)

More information

The Impact of EU Data Protection Legislation. Thomas Rivera Hitachi Data Systems

The Impact of EU Data Protection Legislation. Thomas Rivera Hitachi Data Systems Privacy PRESENTATION vs Data TITLE Protection: GOES HERE The Impact of EU Data Protection Legislation Thomas Rivera Hitachi Data Systems SNIA Legal Notice The material contained in this tutorial is copyrighted

More information

Cambridgeshire Constabulary. Data protection audit report

Cambridgeshire Constabulary. Data protection audit report Cambridgeshire Constabulary Data protection audit report Executive summary November 2014 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with the Data Protection

More information

technical factsheet 176

technical factsheet 176 technical factsheet 176 Data Protection CONTENTS 1. Introduction 1 2. Register with the Information Commissioner s Office 1 3. Period protection rights and duties remain effective 2 4. The data protection

More information

Insurance Europe key messages on the European Commission's proposed General Data Protection Regulation

Insurance Europe key messages on the European Commission's proposed General Data Protection Regulation Position Paper Insurance Europe key messages on the European Commission's proposed General Data Protection Regulation Our reference: SMC-DAT-12-064 Date: 3 September 2012 Related documents: Proposal for

More information

Merthyr Tydfil County Borough Council. Data Protection Policy

Merthyr Tydfil County Borough Council. Data Protection Policy Merthyr Tydfil County Borough Council Data Protection Policy 2014 Cyfarthfa High School is a Rights Respecting School, we recognise the importance of ensuring that the United Nations Convention of the

More information

Impact of EU General Data Protection Regulation

Impact of EU General Data Protection Regulation Impact of EU General Data Protection Regulation A White Paper Thursday 15 October 2015 The law stated is correct as of this date. This does not constitute legal advice and it is highly recommended to seek

More information

White paper. The Essential Guide to the EU Data Law Changes. your technology, expertly marketed

White paper. The Essential Guide to the EU Data Law Changes. your technology, expertly marketed White paper The Essential Guide to the EU Data Law Changes This guide explains exactly what the EU Data Protection Regulation is and how it will change life as we know it when it comes into enforcement

More information

Mitigating and managing cyber risk: ten issues to consider

Mitigating and managing cyber risk: ten issues to consider Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed

More information

Cloud Security under Forthcoming Laws

Cloud Security under Forthcoming Laws SecureCloud 2016 25 May 2016 Cloud Security under Forthcoming Laws Kuan Hon kuan.hon@pinsentmasons.com k@kuan0.com The laws, they are a-changin Cloud security under General Data Protection Regulation Proposed

More information

Privacy and Electronic Communications Regulations

Privacy and Electronic Communications Regulations ICO lo Notification of PECR security breaches Privacy and Electronic Communications Regulations Contents Introduction... 2 Overview... 2 Relevant security breaches... 3 What is a service provider?... 3

More information

Principles for the Reporting of Arrears, Arrangements and Defaults at Credit Reference Agencies

Principles for the Reporting of Arrears, Arrangements and Defaults at Credit Reference Agencies Principles for the Reporting of Arrears, Arrangements and Defaults at Credit Reference Agencies Foreword by the Information Commissioner s Office The Information Commissioner s Office (ICO) published Data

More information

3.6. Please also note, unless your policy confirms otherwise, the rights under your policy may only be pursued in an English court.

3.6. Please also note, unless your policy confirms otherwise, the rights under your policy may only be pursued in an English court. Terms of business agreement - commercial customers M & N Insurance Service Limited Authorised and regulated by the Financial Conduct Authority No: 305837. Registered Office: 248 Hendon Way London NW4 3NL

More information

The potential legal consequences of a personal data breach

The potential legal consequences of a personal data breach The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.

More information

Navigating the Privacy Law Landscape - US and Europe

Navigating the Privacy Law Landscape - US and Europe 21 January, 2015 Navigating the Privacy Law Landscape - US and Europe Roberta Anderson, Partner, K&L Gates, Pittsburgh Friederike Gräfin von Brühl, Senior Associate, K&L Gates, Berlin Etienne Drouard,

More information

Trade Direct Insurance Services Ltd Trade Direct House Ockford Road Godalming GU7 1RH. Terms and Conditions of Business Agreement

Trade Direct Insurance Services Ltd Trade Direct House Ockford Road Godalming GU7 1RH. Terms and Conditions of Business Agreement Trade Direct Insurance Services Ltd Trade Direct House Ockford Road Godalming GU7 1RH Terms and Conditions of Business Agreement This document is important and sets out the basis upon which we will carry

More information

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS Mat Wright www.britishcouncil.org CONTENTS Purpose of the code 1 Scope of the code 1 The British Council s data protection commitment and

More information

A guide for in-house lawyers

A guide for in-house lawyers A guide for in-house lawyers June 2015 The Proposed EU General Data Protection Regulation Index Introduction to the Regulation - 3 Progress of the Regulation - 4 Using this Guide - 5 Conceptual Overview

More information

Align Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved.

Align Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved. Align Technology Data Protection Binding Corporate Rules Processor Policy Confidential Contents INTRODUCTION TO THIS POLICY 3 PART I: BACKGROUND AND ACTIONS 4 PART II: PROCESSOR OBLIGATIONS 6 PART III:

More information

slaughter and may The new EU Data Protection Regulation revolution or evolution?

slaughter and may The new EU Data Protection Regulation revolution or evolution? slaughter and may The new EU Data Protection Regulation revolution or evolution? BRIEFING April 2012 Reform of Europe s data protection regime moved one step closer this January with the publication of

More information

Privacy vs Data Protection. PRESENTATION TITLE GOES HERE Eric A. Hibbard, CISSP, CISA Hitachi Data Systems

Privacy vs Data Protection. PRESENTATION TITLE GOES HERE Eric A. Hibbard, CISSP, CISA Hitachi Data Systems Privacy vs Data Protection PRESENTATION TITLE GOES HERE Eric A. Hibbard, CISSP, CISA Hitachi Data Systems Introduction The terms privacy and data protection are often used interchangeable In reality they

More information

ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY

ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY Originated by: Data Protection Working Group: November 2008 Impact Assessment: (to be confirmed) Recommended by Senate: 28 January 2009 Approved by Council:

More information

Data Protection and Cloud Computing: an Overview of the Legal Issues

Data Protection and Cloud Computing: an Overview of the Legal Issues Data Protection and Cloud Computing: an Overview of the Legal Issues Christopher Kuner Partner, Hunton & Williams, Brussels Research Assistant, University of Copenhagen Nordic IT Law Conference Copenhagen,

More information

UK Data Protection Newsletter June 2015

UK Data Protection Newsletter June 2015 UK Data Protection Newsletter June 2015 Headlines this month: n Data Protection reform update n New regulation must not lower data protection standards n Raid on Manchester Call Centre n Recent data breaches

More information

Hacks, apps and espionage - how protected are you against cyber crime? Top 10 Legal Need-to-Knows

Hacks, apps and espionage - how protected are you against cyber crime? Top 10 Legal Need-to-Knows Hacks, apps and espionage - how protected are you against cyber crime? Top 10 Legal Need-to-Knows 24 February 2015 Callum Sinclair Faith Jayne Agenda Top 10 legal need-to-knows, including: What is cyber

More information

235.1. Federal Act on Data Protection (FADP) Aim, Scope and Definitions

235.1. Federal Act on Data Protection (FADP) Aim, Scope and Definitions English is not an official language of the Swiss Confederation. This translation is provided for information purposes only and has no legal force. Federal Act on Data Protection (FADP) 235.1 of 19 June

More information

DATA PROTECTION MANUAL

DATA PROTECTION MANUAL DATA PROTECTION MANUAL VERSION TABLE Version Date Published CO Circular 1 September 2008 3 July 2015 July 2015 2 CONTENTS Part A: General Guidance 1 Introduction to the Data Protection Act 1998 5 2 The

More information

Memorandum of understanding between the Gambling Commission ( the Commission ) and PhonepayPlus

Memorandum of understanding between the Gambling Commission ( the Commission ) and PhonepayPlus Memorandum of understanding between the Gambling Commission ( the Commission ) and PhonepayPlus This memorandum provides a framework for cooperation between the Commission and PhonepayPlus ( the Parties

More information

Data Protection & Cyber Security Law Update 1 st October 2015

Data Protection & Cyber Security Law Update 1 st October 2015 Data Protection & Cyber Security Law Update 1 st October 2015 Robert Bond, Partner Janine Regan, Associate Viktoria Protokova, Data Protection Executive charlesrussellspeechlys.com Brief introduction to

More information

Tracking Compliance: Data Protection Risks and Remedies for Retail Janine Regan. charlesrussellspeechlys.com

Tracking Compliance: Data Protection Risks and Remedies for Retail Janine Regan. charlesrussellspeechlys.com Tracking Compliance: Data Protection Risks and Remedies for Retail Janine Regan charlesrussellspeechlys.com Janine Regan Associate +44 (0)20 7427 6798 janine.regan@crsblaw.com Janine has extensive experience

More information

Ethical hotlines and whistleblowing ensuring businesses are not in conflict. with EU laws 10 May 2012. James Castro-Edwards, solicitor.

Ethical hotlines and whistleblowing ensuring businesses are not in conflict. with EU laws 10 May 2012. James Castro-Edwards, solicitor. James Castro-Edwards, solicitor and Alexia Zuber, solicitor Data Protection & Information Law Group Ethical hotlines and whistleblowing ensuring businesses are not in conflict with EU laws 10 May 2012

More information

HOW TO HANDLE A WHISTLEBLOWER REPORT IN THE EU

HOW TO HANDLE A WHISTLEBLOWER REPORT IN THE EU HOW TO HANDLE A WHISTLEBLOWER REPORT IN THE EU 10 April 2014 Monica Salgado Advogada registered with the Portuguese Ordem dos Advogados Registered European Lawyer with the SRA Kirsti Laird Solicitor, (qualified

More information

Code of Conduct for Business Lending to Small and Medium Enterprises

Code of Conduct for Business Lending to Small and Medium Enterprises 2012 Code of Conduct for Business Lending to Small and Medium Enterprises Scope This Code applies to all business lending by regulated entities. This Code shall not apply to Credit Unions. Credit Union

More information

first direct credit card terms

first direct credit card terms first direct credit card terms 1 Definitions These are the definitions used in this Agreement: : a transfer to the Account of an amount you owe to another lender (who is not a member of the HSBC Group)

More information

South East Asia: Data Protection Update

South East Asia: Data Protection Update Data Privacy and Security Team To: Our Clients and Friends September 2013 South East Asia: Data Protection Update Europe has had data protection laws in place for over a decade. Such laws regulate how

More information

Example Authorisation Clauses

Example Authorisation Clauses Example Authorisation Clauses Below, are some example clauses that you can use to help meet your obligations to us to get authorisation from the consumer. We have set out some example clauses below that

More information

We will not collect, use or disclose your personal information without your consent, except where required or permitted by law.

We will not collect, use or disclose your personal information without your consent, except where required or permitted by law. HSBC Privacy Notice HSBC's Privacy Principles HSBC Bank Canada is a subsidiary of HSBC Holdings plc which, together with its subsidiaries and affiliates, is one of the world s largest banking and financial

More information

Factsheet on the Right to be

Factsheet on the Right to be 101010 100101 1010 101 Factsheet on the Right to be 100 Forgotten ruling (C-131/12) 101 101 1) What is the case about and what did 100 the Court rule? 10 In 2010 a Spanish citizen lodged a complaint against

More information

Consumer Protection Code for Licensed Moneylenders

Consumer Protection Code for Licensed Moneylenders Consumer Protection Code for Licensed Moneylenders January 2009 Legislative Basis This Code is issued by and in the name of the Irish Financial Services Regulatory Authority ( the Financial Regulator )

More information

The guidance will be developed over time in the light of practical experience.

The guidance will be developed over time in the light of practical experience. Freedom of Information Act Awareness Guidance No. 14 International Relations The Information Commissioner s Office (ICO) has produced this guidance as part of a series of good practice guidance designed

More information

Information Security Risks when going cloud. How to deal with data security: an EU perspective.

Information Security Risks when going cloud. How to deal with data security: an EU perspective. Separating fact from fiction about new software licensing /SaaS/ cloud computing models: advantages, disadvantages and ethical implications. Information Security Risks when going cloud. How to deal with

More information

Big Data for Mutuals. Marc Dautlich 25 November 2013

Big Data for Mutuals. Marc Dautlich 25 November 2013 Big Data for Mutuals Marc Dautlich 25 November 2013 Agenda BIG DATA What is it? OPPORTUNITIES What are they? LEGAL CHALLENGES How do we overcome them? LEGAL REFORM What can we do now to minimise impact?

More information

Using Your Personal Information

Using Your Personal Information Important Using Your Personal Information A guide to help you understand how the personal information we hold about you may be used by Virgin Money and other organisations such as Credit Reference and

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY Reference number Approved by Information Management and Technology Board Date approved 14 th May 2012 Version 1.1 Last revised N/A Review date May 2015 Category Information Assurance Owner Data Protection

More information

Professional Direct Insurance Ockford Mill Ockford Road Godalming GU7 1RH. Terms and Conditions of Business Agreement. Our Service

Professional Direct Insurance Ockford Mill Ockford Road Godalming GU7 1RH. Terms and Conditions of Business Agreement. Our Service Professional Direct Insurance Ockford Mill Ockford Road Godalming GU7 1RH Terms and Conditions of Business Agreement This document is important and sets out the basis upon which we will carry on our business

More information

Preparing for the EU General Data Protection Regulation

Preparing for the EU General Data Protection Regulation RESEARCH REPORT Preparing for the EU General Data Protection Regulation Assessing Awareness, Readiness & Impact of the Proposed Changes in US, UK, France & Germany TRUSTe Inc. 1 888 878 7830 +44 203 078

More information

Overview. Data protection in a swirl of change 28.03.2014. Cloud computing. Software as a service. Infrastructure as a service. Platform as a service

Overview. Data protection in a swirl of change 28.03.2014. Cloud computing. Software as a service. Infrastructure as a service. Platform as a service Data protection in a swirl of change Overview 1 Data protection issues in cloud computing 2 Consent for mobile applications Security Seminar 2014: Privacy Radboud University Nijmegen 3 The WhatsApp case

More information

Dealing with data breaches in Europe and beyond

Dealing with data breaches in Europe and beyond Dealing with data breaches in Europe and beyond Karin Retzer and Joanna Łopatowska Morrison & Foerster LLP www.practicallaw.com/6-505-9638 The use of increasingly advanced technology means that the ways

More information

Security breaches: A regulatory overview. Jonathan Bamford Head of Strategic Liaison

Security breaches: A regulatory overview. Jonathan Bamford Head of Strategic Liaison Security breaches: A regulatory overview Jonathan Bamford Head of Strategic Liaison Security breaches and the DPA Data controllers security obligation - principle 7 of the DPA o Appropriate technical and

More information

On the edge Lexis PSL Restructuring & Insolvency

On the edge Lexis PSL Restructuring & Insolvency On the edge Lexis PSL Restructuring & Insolvency Data protection law for insolvency practitioners November 2014 Welcome to your third edition of On the edge, a series of guides highlighting a selection

More information

DATA PROTECTION AUDIT GUIDANCE

DATA PROTECTION AUDIT GUIDANCE DATA PROTECTION AUDIT GUIDANCE CONTENTS Section I: Section II: Audit of Processing of Personal Data Audit Procedure Appendices: A B C D E Audit Form List of Purposes List of data subjects List of data

More information

Policy and Procedure for approving, monitoring and reviewing personal data processing agreements

Policy and Procedure for approving, monitoring and reviewing personal data processing agreements Policy and Procedure for approving, monitoring and reviewing personal data processing agreements 1 Personal data processing by external suppliers, contractors, agents and partners Policy and Procedure

More information

GSK Public policy positions

GSK Public policy positions Safeguarding Personally Identifiable Information A Summary of GSK s Binding Corporate Rules The Issue The processing of Personally Identifiable Information (PII) 1 and Sensitive Personally Identifiable

More information

Terms of business agreement - Commercial clients

Terms of business agreement - Commercial clients Terms of business agreement - Commercial clients Please read this document carefully. It sets out the terms on which Finch Insurance Brokers Ltd agree to act for clients and contains details of our responsibilities

More information

Personal Data Protection Policy

Personal Data Protection Policy Personal Data Protection Policy Please take a moment to read the following Policy. If there is anything you do not understand then please contact us. We are committed to protecting privacy. This Personal

More information

AlixPartners, LLP. General Data Protection Statement

AlixPartners, LLP. General Data Protection Statement AlixPartners, LLP General Data Protection Statement GENERAL DATA PROTECTION STATEMENT 1. INTRODUCTION 1.1 AlixPartners, LLP ( AlixPartners ) is committed to fulfilling its obligations under the data protection

More information

LEGAL SCHEME REGULATIONS

LEGAL SCHEME REGULATIONS LEGAL SCHEME REGULATIONS These Regulations came into force on 1 July 2014. 1 Introduction 1.1 These Regulations govern the Union s legal Scheme. The Rules of the Union set out your other rights and entitlements.

More information

3.4 Standard terms and conditions of business for conveyancing

3.4 Standard terms and conditions of business for conveyancing 3.4 Standard terms and conditions of business for conveyancing clients PLEASE SIGN AND RETURN Deibel & Allen Terms and Conditions of business - property transactions We set out in this statement the basis

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY DATA PROTECTION POLICY Version 1.3 April 2014 Contents 1 POLICY STATEMENT...2 2 PURPOSE....2 3 LEGAL CONTEXT AND DEFINITIONS...2 3.1 Data Protection Act 1998...2 3.2 Other related legislation.....4 3.3

More information

DATA AND PAYMENT SECURITY PART 1

DATA AND PAYMENT SECURITY PART 1 STAR has teamed up with Prevention of Fraud in Travel (PROFiT) and the Fraud Intelligence Network (FIN) to offer our members the best advice about fraud prevention. We recognise the increasing threat of

More information

ONLINE SAVINGS ACCOUNT.

ONLINE SAVINGS ACCOUNT. ONLINE SAVINGS ACCOUNT. TERMS AND CONDITIONS. THE FINE PRINT. All the details to keep everyone smiling. ABOUT THIS BOOKLET. Congratulations on choosing an Online Savings Account with ME Bank. We know that

More information

2015 No. 0000 FINANCIAL SERVICES AND MARKETS. The Small and Medium Sized Business (Finance Platforms) Regulations 2015

2015 No. 0000 FINANCIAL SERVICES AND MARKETS. The Small and Medium Sized Business (Finance Platforms) Regulations 2015 Draft Regulations to illustrate the Treasury s current intention as to the exercise of powers under clause 5 of the Small Business, Enterprise and Employment Bill. D R A F T S T A T U T O R Y I N S T R

More information

Credit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information

Credit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information Credit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information INTRODUCTION Privacy legislation establishes legal privacy rights for individuals and sets enforceable

More information

(Unofficial translation by the Financial and Capital Market Commission)

(Unofficial translation by the Financial and Capital Market Commission) (Unofficial translation by the Financial and Capital Market Commission) Text consolidated with amending laws of 12 December 2008; 01 December 2009; 10 December 2009. If a whole or part of a section has

More information

Position of the retail and wholesale sector on the Draft Data Protection Regulation in view of the trilogue 2015

Position of the retail and wholesale sector on the Draft Data Protection Regulation in view of the trilogue 2015 2 September 2015 Position of the retail and wholesale sector on the Draft Data Protection Regulation in view of the trilogue 2015 We support the efforts of EU legislators to create a harmonised data protection

More information

Data Protection for Charities

Data Protection for Charities Data Protection for Charities CFG 15 May 2014 Overview Overview and key definitions The data protection principles Fair and lawful processing Data security and outsourcing Rights of data subjects Recent

More information

An overview of UK data protection law

An overview of UK data protection law An overview of UK data protection law Our team Vinod Bange Partner +44 (0)20 7300 4600 v.bange@taylorwessing.com Graham Hann Partner +44 (0)20 7300 4839 g.hann@taylorwessing.com Chris Jeffery Partner +44

More information

EU Regulatory Trends in Data Protection & Cybersecurity What should be on the industry s agenda?

EU Regulatory Trends in Data Protection & Cybersecurity What should be on the industry s agenda? EU Regulatory Trends in Data Protection & Cybersecurity What should be on the industry s agenda? Dr. Jörg Hladjk Counsel European Data Protection & Privacy Practice Hunton & Williams, Brussels Cyber Security

More information

Data controllers and data processors: what the difference is and what the governance implications are

Data controllers and data processors: what the difference is and what the governance implications are ICO lo : what the difference is and what the governance implications are Data Protection Act Contents Introduction... 3 Overview... 3 Section 1 - What is the difference between a data controller and a

More information

GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT. CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4

GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT. CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4 GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4 PREFACE The following provides general guidance on data protection

More information

1.4 For information about our management of your other personal information, please see our Privacy Policy available at www.iba.gov.au.

1.4 For information about our management of your other personal information, please see our Privacy Policy available at www.iba.gov.au. Indigenous Business Australia Credit Information Policy 1 Purpose and application of this policy 1.1 This credit reporting policy (Credit Information Policy) describes and establishes how Indigenous Business

More information

Cyber Security : preventing and mitigating incidents. Alexander Brown Robert Allen

Cyber Security : preventing and mitigating incidents. Alexander Brown Robert Allen Cyber Security : preventing and mitigating incidents Alexander Brown Robert Allen 07 & 08 October 2015 Cyber Security context of the threat The magnitude and tempo of [cyber security attacks], basic or

More information

Data Protection for Fundraisers

Data Protection for Fundraisers The Charity First Series Data Protection for Fundraisers Lawrence Simanowitz and Mairéad O Reilly The Charity First series aims to provide practical and straightforward guidance on the challenges confronting

More information

Debt Management Plan. Terms of Business

Debt Management Plan. Terms of Business Debt Management Plan Terms of Business Important Note These terms of business (the Terms ) explain the rights and obligations of You and Us regarding the provision of your Debt Management Plan. You should

More information

Doing Business. A Practical Guide. casselsbrock.com. Canada. Dispute Resolution. Foreign Investment. Aboriginal. Securities and Corporate Finance

Doing Business. A Practical Guide. casselsbrock.com. Canada. Dispute Resolution. Foreign Investment. Aboriginal. Securities and Corporate Finance About Canada Dispute Resolution Forms of Business Organization Aboriginal Law Competition Law Real Estate Securities and Corporate Finance Foreign Investment Public- Private Partnerships Restructuring

More information

Data Protection Avoiding Information Commissioner Fines. Caroline Egan 5 June 2014

Data Protection Avoiding Information Commissioner Fines. Caroline Egan 5 June 2014 Data Protection Avoiding Information Commissioner Fines Caroline Egan 5 June 2014 Why is data protection a hot topic in pensions? Pension schemes hold large amounts of personal data Individuals more aware

More information

A Guide to the use of your personal and business data by PACCAR Financial PLC and Credit Reference and Fraud

A Guide to the use of your personal and business data by PACCAR Financial PLC and Credit Reference and Fraud Important Data Protection A Guide to the use of your personal and business data by PACCAR Financial PLC and Credit Reference and Fraud Prevention Agencies commercial v 11.00 final June 2009 Q: What is

More information

Act on Payment Services

Act on Payment Services Act on Payment Services No. 120 27 September 2011 Entered into force 1 December 2011. EEA Agreement: Annex IX, Directive 2007/64/EC. Amended by Act No. 17/2013 (entered into force on 1 April 2013; EEA

More information

I loved reading the terms & conditions! said no one, ever. term deposit terms + conditions

I loved reading the terms & conditions! said no one, ever. term deposit terms + conditions I loved reading the terms & conditions! said no one, ever term deposit terms + conditions index. Part a - general terms and conditions. 2 1 Purpose of this booklet. 2 2 Meaning of words used. 2 3 Opening

More information

Appendix A Data Protection and Marketing Regulatory Considerations for the European Union

Appendix A Data Protection and Marketing Regulatory Considerations for the European Union Appendix A Data Protection and Marketing Regulatory Considerations for the European Union Notes: Soft opt-in rules, denoted with a * within the consent for marketing columns below, generally allow marketing

More information

SAN FRANCISCO ADMINISTRATIVE CODE CHAPTER 96: COORDINATION BETWEEN THE POLICE DEPARTMENT AND THE OFFICE OF CITIZEN COMPLAINTS

SAN FRANCISCO ADMINISTRATIVE CODE CHAPTER 96: COORDINATION BETWEEN THE POLICE DEPARTMENT AND THE OFFICE OF CITIZEN COMPLAINTS SAN FRANCISCO ADMINISTRATIVE CODE CHAPTER 96: COORDINATION BETWEEN THE POLICE DEPARTMENT AND THE OFFICE OF CITIZEN COMPLAINTS SEC. 96.1. DEFINITIONS. (a) "Chief of Police" shall mean the Chief of the Police

More information

Privacy Policy Statement

Privacy Policy Statement Privacy Policy Statement Our Commitment While information is the foundation for providing you with superior service, protecting the privacy of your personal information is of the highest importance to

More information

Data protection issues on an EU outsourcing

Data protection issues on an EU outsourcing Data protection issues on an EU outsourcing Saam Golshani, Alastair Gorrie and Diego Rigatti, Orrick Herrington & Sutcliffe www.practicallaw.com/8-380-8496 Outsourcing can mean subcontracting a process

More information

The Role and Function of a Data Protection Officer in the European Commission s Proposed General Data Protection Regulation. Initial Discussion Paper

The Role and Function of a Data Protection Officer in the European Commission s Proposed General Data Protection Regulation. Initial Discussion Paper The Role and Function of a Data Protection Officer in the European Commission s Proposed General Data Protection Regulation 1. Introduction Initial Discussion Paper The data protection officer ( DPO )

More information

DATRET/EXPGRP (2009) 6 FINAL 11 10 2010. Document 6

DATRET/EXPGRP (2009) 6 FINAL 11 10 2010. Document 6 DATRET/EXPGRP (2009) 6 FINAL 11 10 2010 EXPERTS GROUP "THE PLATFORM FOR ELECTRONIC DATA RETENTION FOR THE INVESTIGATION, DETECTION AND PROSECUTION OF SERIOUS CRIME" ESTABLISHED BY COMMISSION DECISION 2008/324/EC

More information

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction LEEDS BECKETT UNIVERSITY Information Security Policy 1.0 Introduction 1.1 Information in all of its forms is crucial to the effective functioning and good governance of our University. We are committed

More information

Helping to protect your business and your customers in the event of a data breach

Helping to protect your business and your customers in the event of a data breach Helping to protect your business and your customers in the event of a data breach Equifax Data Breach Assistance helps you respond more quickly and effectively, limiting the reputational damage to your

More information

Revised Code of Practice for Disclosure and Barring Service Registered Persons. November 2015

Revised Code of Practice for Disclosure and Barring Service Registered Persons. November 2015 Revised Code of Practice for Disclosure and Barring Service Registered Persons November 2015 Revised Code of Practice for Disclosure and Barring Service Registered Persons Presented to Parliament pursuant

More information

Business Account(s) Opening Form for businesses introduced by an accountant

Business Account(s) Opening Form for businesses introduced by an accountant Business Account(s) Opening Form for businesses introduced by an accountant Please use black or blue ink and write clearly in the spaces provided in BLOCK CAPITAL letters. Mark relevant boxes with a clear

More information