Don t miss the Legal Aspects in Cloud Computing

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Don t miss the Legal Aspects in Cloud Computing"

Transcription

1 Don t miss the Legal Aspects in Cloud Computing Nicole Beranek Zanon Lic. iur., EMBA HSG 2 About me

2 3 Agenda Why Cloud Computing? Risks & Responsibilities Overview on the most important legal topics Asset and Data Protection Acceptance & Termination Summary 4 1 IBM

3 5 Don t compare apples and oranges! Use strategic opportunities But, know your risks: What kind of risks do I have with our current on-premise solution? Are we changing as fast as the world / competition does? What kind of flexibility / stability do we need? What kind of data do we have? Is IT our key competence? What legal and regulatory framework applies to Cloud solutions? 6 Cloud-Ecosystem Internet- Accessprovider CH / Abroad IaaS PaaS SaaS XaaS Cloud-Supplier Encryption-Provider IAM-Provider Company Cloud-User CH Abroad

4 7 Operation Modells of the Cloud IaaS/SaaS Szenario 1 Szenario 2 Szenario 3 Szenario 4 Szenario 5 Legende: Service Provider Service Provider Service Provider Service Provider Service Provider Service Provider Software Provider Betrieb Software Middleware Hosting Hardware Netzwerk RZ Infrastruktur Betrieb Software Middleware Hosting Hardware Netzwerk RZ Infrastruktur Betrieb Appl.-SW & Middleware Betrieb Hosting Hardware Netzwerk RZ Infrastruktur & Betrieb Software Middleware Hardware Housing Netzwerk RZ Infrastruktur & Betrieb Software Middleware Hardware Housing Netzwerk RZ Infrastruktur Hosting Provider Szenario 4 SaaS: von Drittanbieter wird bei Hosting Partner auf dessen Hardware in einem RZ eines Dritten betrieben und als Gesamtlösung dem Kunden verkauft 8 2

5 9 Risks and Responsibilities Risks Reputation risk Claims Fines Responsibilities The board of directors has the non-transferable and inalienable duty to determine the company's organisation Art. 716a para. 1 cl. 1 CO Each company needs to have a Internal risk control system (IKS) Periodic check by auditor of such IKS Art. 961c OR Swiss Code of Best Practice Corporate Governance Ziff. 19 IKS Not only financial, but in my opinion also technical and legal risks need to be addressed Foto: delux fotalia.com

6 11 Overview on the most important legal topics What law and forum applies? Who is the supplier + his subcontractors and where are the data hosted? Do we have personal data involved or other critical data categories? If yes, is there the same protection level in place as required by Swiss law or our own standards? How does the supplier deal with acceptance / SLA Termination / Termination Assistance / Escrow / Data destruction 12 Asset and Data Protection 4

7 11 Data Protection I Classification/Categorization Data User categories Access authorization, Access by which tool (App/Device) App Management Device Management Legal & Regulatory Compliance IT Security Use Case Tech./Implementation Techn. Management Management 14 Data Protection I applicable norms and standards according Swiss law Norms Art. 13 Abs. 2 BV Art. 7 DSG Art. 8-12, VDSG Recommendation of Swiss DPA Standards Stand der Technik Certificates such as ISO 27001/27002

8 15 Data Protection II Data Categories Personal data (data): all information relating to an identified or identifiable person (Art. 3 lit. a DSG) Sensitive personal data: data on i) religious, ideological, political or trade union-related views or activities ii) health, the intimate sphere or the racial origin, iii) social security measures, iv) administrative or criminal proceedings and sanctions (Art. 3 lit. c DSG) Personality profile: a collection of data that permits an assessment of essential characteristics of the personality of a natural person (Art. 3 lit. d DSG) 16 Data Protection III principles Justification Data Processing must be processed lawfully Processing only for the purpose indicated at the time of collection, evident from the circumstances, or that is provided for by law. In good faith and proportionate Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. Transparency The collection and processing of personal data must be evident to the data subject. Consent only valid with adequate transparent information. For sensitive personal data or personality profiles consent must be given expressly. Cross-Boarder / Third Parties Equivalence with Swiss DPA for cross boarder transactions and third party suppliers. Appropriate Technical and Organizational Measures According state of the Art.

9 17 Data Protection IV Cross Boarder Disclosure Art. 6 DPA Cross Boarder Disclosure is allowed, if: sufficient safeguards User consent Connected with the conclusion or the performance of a contract public interest or for the establishment, exercise or enforcement of legal claims before the courts to protect the life or the physical integrity of the data subject the data subject has made the data generally accessible + no expressly prohibition (public profiles Facebook/Xing); Disclosure within the same legal person /company or between legal persons or companies with Corporate Binding Rules 18 Data Protection V Data Processing by third parties Art. 10a DPA Assignment of data processing to third parties is allowed, if: the data is processed only in the manner permitted for the instructing party itself; and it is not prohibited by a statutory or contractual duty of confidentiality. The instructing party must in particular ensure that the third party guarantees data security.! Also for Subcontractsors / Supplier Affiliates

10 19 Data Protection VI Data Security Art. 7 DPA Personal data must be protected against unauthorised processing through adequate technical and organisational measures. The Federal Council issues detailed provisions on the minimum standards for data security. 20 Data Protection VII Technical and Organizational Measures Confidentiality, Availability, Integrity In particular unauthorised or accidental destruction; accidental loss; forgery, theft or unlawful use; technical faults; unauthorised alteration, copying, access or other unauthorised processing. Adequacy in light of: the purpose of the data processing; the nature and extent of the data processing; an assessment of the possible risks to the data subjects; the current state of the art. Periodical review

11 21 Data Protection VIII Anonymization / Pseudonymization Different consequences regarding security / consent Anonymisation might solve the issue, but does not help Pseudonymisation data still personal data. -> Segregations -> Additional Access Policies, Chinese Walls etc. -> consequent security (Logs etc.) 22 5 Tom Bayer Fotolia.com

12 23 Acceptance & Termination Cloud IaaS and SaaS have major leasing contracts components Acceptance as a principle in SaaS not scalable, unless consequence is not warranty, but service credit No adequate protection for termination especially for bankruptcy cases. Possible means in case of SaaS: Termination Assistance Escrow Step-in Rights 24 6

13 25 Summary The more confidential, important or sentive data is, the more the cross boarder transfer and the assignment to a third party, the more likely this shouldn t be done or if so the stricter and complete should contractual and security measures and their checks be. Swiss DPA Deep technical, security and legal assessment necessary if going to the cloud Process is an interdisciplinary one between business, procurement, legal, security et al. Process of contract negotiation needs to be aligned to enable interdisciplinary negotiations) Reduction of the complexity by: Trustworthy partner and contact person Do a legal and security check (including a vendor risk assessment) Best is, to consider Legal Compliance already in the strategy Categorization of data Thank you for your attention!

Appendix 11 - Swiss Data Protection Act

Appendix 11 - Swiss Data Protection Act GLEIF- LOU Restricted Appendix 11 - Swiss Data Protection Act GLEIF Revision Version: 1.0 2015-09-23 Master Copy page 2 of 11 Applicable Provisions of the Swiss Data Protection Act (DPA) including the

More information

Cloud Computing and Privacy Laws! 17.7. 22.7. 2011 Prof. Dr. Thomas Fetzer, LL.M. Technische Universität Dresden Law School

Cloud Computing and Privacy Laws! 17.7. 22.7. 2011 Prof. Dr. Thomas Fetzer, LL.M. Technische Universität Dresden Law School DEUTSCH-FRANZÖSISCHE SOMMERUNIVERSITÄT! FÜR NACHWUCHSWISSENSCHAFTLER 2011! CLOUD COMPUTING : HERAUSFORDERUNGEN UND MÖGLICHKEITEN UNIVERSITÉ DʼÉTÉ FRANCO-ALLEMANDE POUR JEUNES CHERCHEURS 2011! CLOUD COMPUTING

More information

Data Protection Policy.

Data Protection Policy. Data Protection Policy. Data Protection Policy Foreword 2 Foreword Ladies and Gentlemen, In the information age, we offer customers the means to be always connected, even in their cars. This requires data

More information

235.1. Federal Act on Data Protection (FADP) Aim, Scope and Definitions

235.1. Federal Act on Data Protection (FADP) Aim, Scope and Definitions English is not an official language of the Swiss Confederation. This translation is provided for information purposes only and has no legal force. Federal Act on Data Protection (FADP) 235.1 of 19 June

More information

Data Processing Agreement for Oracle Cloud Services

Data Processing Agreement for Oracle Cloud Services Data Processing Agreement for Oracle Cloud Services Version November 3, 2015 1. Scope and order of precedence This agreement (the Data Processing Agreement ) applies to Oracle s Processing of Personal

More information

Binding Corporate Rules ( BCR ) Summary of Third Party Rights

Binding Corporate Rules ( BCR ) Summary of Third Party Rights Binding Corporate Rules ( BCR ) Summary of Third Party Rights This document contains in its Sections 3 9 all provision of the Binding Corporate Rules (BCR) for Siemens Group Companies and Other Adopting

More information

SELECTED LEGAL ISSUES

SELECTED LEGAL ISSUES SELECTED LEGAL ISSUES OF CLOUD COMPUTING Geneva, June 26, 2014 Internet Law Summer School Michel Jaccard Juliette Ancelle id est avocats, Lausanne www.idest.pro @idestavocats 1 What is «cloud computing»?

More information

Article 29 Working Party Issues Opinion on Cloud Computing

Article 29 Working Party Issues Opinion on Cloud Computing Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,

More information

Cloud computing. Bc. Ondřej Švehla, demonstrator, Faculty of Business and Economics, Mendel University, dukeeenho@gmail.com

Cloud computing. Bc. Ondřej Švehla, demonstrator, Faculty of Business and Economics, Mendel University, dukeeenho@gmail.com Cloud computing Bc. Ondřej Švehla, demonstrator, Faculty of Business and Economics, Mendel University, dukeeenho@gmail.com Abstract This article deals problematic of the cloud computing. In the article

More information

Merthyr Tydfil County Borough Council. Data Protection Policy

Merthyr Tydfil County Borough Council. Data Protection Policy Merthyr Tydfil County Borough Council Data Protection Policy 2014 Cyfarthfa High School is a Rights Respecting School, we recognise the importance of ensuring that the United Nations Convention of the

More information

GUIDE ON DATA PROTECTION REQUIREMENTS IN THE CONTEXT OF CLOUD COMPUTING SERVICES

GUIDE ON DATA PROTECTION REQUIREMENTS IN THE CONTEXT OF CLOUD COMPUTING SERVICES GUIDE ON DATA PROTECTION REQUIREMENTS IN THE CONTEXT OF CLOUD COMPUTING SERVICES CONTENT 1. WHY A CLOUD COMPUTING GUIDE?... 2 2. WHAT IS CLOUD COMPUTING?... 4 3. WHAT ARE THE ROLES OF THE CLOUD SERVICES

More information

Office 365 Data Processing Agreement with Model Clauses

Office 365 Data Processing Agreement with Model Clauses Enrollment for Education Solutions Office 365 Data Processing Agreement (with EU Standard Contractual Clauses) Amendment ID Enrollment for Education Solutions number Microsoft to complete 7392924 GOLDS03081

More information

GAIN CLARITY CRITICAL ISSUES. Your Data in the Cloud : Benefits & Risks GAIN CONTROL. berrydunn.com

GAIN CLARITY CRITICAL ISSUES. Your Data in the Cloud : Benefits & Risks GAIN CONTROL. berrydunn.com GAIN CLARITY CRITICAL ISSUES Your Data in the Cloud : Benefits & Risks berrydunn.com AGENDA Defining Cloud Services Benefits and Risks Core Requirements Myths about Clouds Is Your Data in the Cloud Secure?

More information

Acquia Comments on EU Recommendations for Data Processing in the Cloud

Acquia Comments on EU Recommendations for Data Processing in the Cloud Acquia Comments on EU Recommendations for Data Processing in the Cloud Executive Summary On July 1, 2012, European Union (EU) data protection regulators provided guidelines for service providers processing

More information

Code of Conduct. Corporate Data Protection. We make ICT strategies work

Code of Conduct. Corporate Data Protection. We make ICT strategies work Corporate Data Protection Code of Conduct for the Protection of the Individual s Right to Privacy in the Handling of Personal Data within the Deutsche Telekom Group 2010 / 04 We make ICT strategies work

More information

This Amendment consists of two parts. This is part 1 of 2 and must be accompanied by and signed with part 2 of 2 (Annex 1) to be valid.

This Amendment consists of two parts. This is part 1 of 2 and must be accompanied by and signed with part 2 of 2 (Annex 1) to be valid. Microsoft Online Subscription Agreement Amendment adding Office 365 Data Processing Agreement (with EU Standard Contractual Clauses) Amendment ID Proposal ID MOSA number Microsoft to complete This Amendment

More information

ON MUTUAL COOPERATION AND THE EXCHANGE OF INFORMATION RELATED TO THE OVERSIGHT OF AUDITORS

ON MUTUAL COOPERATION AND THE EXCHANGE OF INFORMATION RELATED TO THE OVERSIGHT OF AUDITORS Mr. Ryutaro Hatanaka Commissioner Financial Services Agency Government of Japan 3-2-1 Kasumigaseki Chiyoda-ku, Tokyo Japan 100-8967 Dr. Kunio Chiyoda Chairman Certified Public Accountants and Auditing

More information

Data Protection Act 1998. Guidance on the use of cloud computing

Data Protection Act 1998. Guidance on the use of cloud computing Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered

More information

Data Processing Agreement for Oracle Cloud Services

Data Processing Agreement for Oracle Cloud Services Data Processing Agreement for Oracle Cloud Services Version December 1, 2013 1. Scope and order of precedence This is an agreement concerning the Processing of Personal Data as part of Oracle s Cloud Services

More information

Recommendations for companies planning to use Cloud computing services

Recommendations for companies planning to use Cloud computing services Recommendations for companies planning to use Cloud computing services From a legal standpoint, CNIL finds that Cloud computing raises a number of difficulties with regard to compliance with the legislation

More information

Data protection compliance checklist

Data protection compliance checklist Data protection compliance checklist What is this checklist for? This checklist is drawn up on the basis of analysis of the relevant provisions of European law. Although European law aims at harmonizing

More information

Corporate Policy. Data Protection for Data of Customers & Partners.

Corporate Policy. Data Protection for Data of Customers & Partners. Corporate Policy. Data Protection for Data of Customers & Partners. 02 Preamble Ladies and gentlemen, Dear employees, The electronic processing of virtually all sales procedures, globalization and growing

More information

PRIVACY POLICY. To start, it is important for you to know two definitions that are key to understanding our programs and privacy practices:

PRIVACY POLICY. To start, it is important for you to know two definitions that are key to understanding our programs and privacy practices: PRIVACY POLICY At Brand Loyalty International B.V., or any of its subsidiaries or affiliates, including IceMobile, Merison and Edison companies, all Companies (, we, us, or our ), we advise on, implement,

More information

Policy and Procedure for approving, monitoring and reviewing personal data processing agreements

Policy and Procedure for approving, monitoring and reviewing personal data processing agreements Policy and Procedure for approving, monitoring and reviewing personal data processing agreements 1 Personal data processing by external suppliers, contractors, agents and partners Policy and Procedure

More information

Policy Document Control Page

Policy Document Control Page Policy Document Control Page Title Title: Data Protection Policy Version: 3 Reference Number: CO59 Keywords: Data, access, principles, protection, Act. Data Subject, Information Supersedes Supersedes:

More information

FRANCE. Chapter XX OVERVIEW

FRANCE. Chapter XX OVERVIEW Chapter XX FRANCE Merav Griguer 1 I OVERVIEW France has an omnibus privacy, data protection and cybersecurity framework law. As a member of the European Union, France has implemented the EU Data Protection

More information

Data Protection Act. Privacy & Security in the Information Age. April 26, 2013. Ministry of Communications, Ghana

Data Protection Act. Privacy & Security in the Information Age. April 26, 2013. Ministry of Communications, Ghana Data Protection Act Privacy & Security in the Information Age April 26, 2013 Agenda Privacy in The Information Age The right to privacy Why We Need Legislation Purpose of the Act The Data Protection Act

More information

Data controllers and data processors: what the difference is and what the governance implications are

Data controllers and data processors: what the difference is and what the governance implications are ICO lo : what the difference is and what the governance implications are Data Protection Act Contents Introduction... 3 Overview... 3 Section 1 - What is the difference between a data controller and a

More information

Clause 1. Definitions and Interpretation

Clause 1. Definitions and Interpretation [Standard data protection [agreement/clauses] for the transfer of Personal Data from the University of Edinburgh (as Data Controller) to a Data Processor within the European Economic Area ] In this Agreement:-

More information

FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS

FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS As a world leader in electronic commerce and payment services, First Data Corporation and its subsidiaries ( First Data entity or entities ),

More information

<Choose> Addendum Windows Azure Data Processing Agreement Amendment ID M129

<Choose> Addendum Windows Azure Data Processing Agreement Amendment ID M129 Addendum Amendment ID Proposal ID Enrollment number Microsoft to complete This addendum ( Windows Azure Addendum ) is entered into between the parties identified on the signature form for the

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY DATA PROTECTION POLICY Version 1.3 April 2014 Contents 1 POLICY STATEMENT...2 2 PURPOSE....2 3 LEGAL CONTEXT AND DEFINITIONS...2 3.1 Data Protection Act 1998...2 3.2 Other related legislation.....4 3.3

More information

CORK INSTITUTE OF TECHNOLOGY

CORK INSTITUTE OF TECHNOLOGY CORK INSTITUTE OF TECHNOLOGY DATA PROTECTION POLICY APPROVED BY GOVERNING BODY ON 30 APRIL 2009 INTRODUCTION Cork Institute of Technology is committed to a policy of protecting the rights and privacy of

More information

Software as a Service (SaaS) Contract. I. Subject matter of the Contract. II. Software provision

Software as a Service (SaaS) Contract. I. Subject matter of the Contract. II. Software provision Software as a Service (SaaS) Contract By completing the registration form (ordering bexio), you shall become subject to the following General Terms and Conditions ("General Terms and Conditions"). I. Subject

More information

Privacy and Electronic Communications Regulations

Privacy and Electronic Communications Regulations ICO lo Notification of PECR security breaches Privacy and Electronic Communications Regulations Contents Introduction... 2 Overview... 2 Relevant security breaches... 3 What is a service provider?... 3

More information

Last updated: 30 May 2016. Credit Suisse Privacy Policy

Last updated: 30 May 2016. Credit Suisse Privacy Policy Last updated: 30 May 2016 Credit Suisse Please read this privacy policy (the ) as it describes how we intend to collect, use, store, share, and safeguard your information. By accessing, visiting or using

More information

Guidelines on Data Protection. Draft. Version 3.1. Published by

Guidelines on Data Protection. Draft. Version 3.1. Published by Guidelines on Data Protection Draft Version 3.1 Published by National Information Technology Development Agency (NITDA) September 2013 Table of Contents Section One... 2 1.1 Preamble... 2 1.2 Authority...

More information

Data protection policy

Data protection policy Data protection policy Introduction 1 This document is the data protection policy for the Nursing and Midwifery Council (NMC). 2 The Data Protection Act 1998 (DPA) governs the processing of personal data

More information

Data Protection and Cloud Computing: an Overview of the Legal Issues

Data Protection and Cloud Computing: an Overview of the Legal Issues Data Protection and Cloud Computing: an Overview of the Legal Issues Christopher Kuner Partner, Hunton & Williams, Brussels Research Assistant, University of Copenhagen Nordic IT Law Conference Copenhagen,

More information

ECSA EuroCloud Star Audit Data Privacy Audit Guide

ECSA EuroCloud Star Audit Data Privacy Audit Guide ECSA EuroCloud Star Audit Data Privacy Audit Guide Page 1 of 15 Table of contents Introduction... 3 ECSA Data Privacy Rules... 4 Governing Law... 6 Sub processing... 6 A. TOMs: Cloud Service... 7 TOMs:

More information

INTERNATIONAL SOS. Data Protection Policy. Version 1.05

INTERNATIONAL SOS. Data Protection Policy. Version 1.05 INTERNATIONAL SOS Data Protection Policy Document Owner: LCIS Division Document Manager: Group General Counsel Effective: December 2008 Revised: 2015 All copyright in these materials are reserved to AEA

More information

The potential legal consequences of a personal data breach

The potential legal consequences of a personal data breach The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.

More information

FISHER & PAYKEL PRIVACY POLICY

FISHER & PAYKEL PRIVACY POLICY FISHER & PAYKEL PRIVACY POLICY 1. About this Policy Fisher & Paykel Australia Pty Limited (ABN 71 000 042 080) and its related companies ('we', 'us', 'our') understands the importance of, and is committed

More information

Cloud Computing: Legal Risks and Best Practices

Cloud Computing: Legal Risks and Best Practices Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent

More information

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS Mat Wright www.britishcouncil.org CONTENTS Purpose of the code 1 Scope of the code 1 The British Council s data protection commitment and

More information

USER AGREEMENT FOR: ELECTRONIC DEALINGS THROUGH THE CUSTOMS CONNECT FACILITY

USER AGREEMENT FOR: ELECTRONIC DEALINGS THROUGH THE CUSTOMS CONNECT FACILITY USER AGREEMENT FOR: ELECTRONIC DEALINGS THROUGH THE CUSTOMS CONNECT FACILITY CONDITIONS OF USE FOR ELECTRONIC DEALINGS THROUGH THE CUSTOMS CONNECT FACILITY Between: the Commonwealth of Australia, acting

More information

Microsoft Online Subscription Agreement/Open Program License Amendment Microsoft Online Services Security Amendment Amendment ID MOS10

Microsoft Online Subscription Agreement/Open Program License Amendment Microsoft Online Services Security Amendment Amendment ID MOS10 Microsoft Online Subscription Agreement/Open Program License Amendment Microsoft Online Services Security Amendment Amendment ID This Microsoft Online Services Security Amendment ( Amendment ) is between

More information

Cloud Computing. Hot topics in relation to security, liability and privacy. Steven De Schrijver

Cloud Computing. Hot topics in relation to security, liability and privacy. Steven De Schrijver Cloud Computing Hot topics in relation to security, liability and privacy Steven De Schrijver Cloud Computing : who and what is involved? Data Cloud Service Provider (e.g. SaaS, PaaS, IaaS) Sub-contractor

More information

DATA PROTECTION AND DATA STORAGE POLICY

DATA PROTECTION AND DATA STORAGE POLICY DATA PROTECTION AND DATA STORAGE POLICY 1. Purpose and Scope 1.1 This Data Protection and Data Storage Policy (the Policy ) applies to all personal data collected and dealt with by Centre 404, whether

More information

SecTor 2009 October 6, 2009. Tracy Ann Kosa

SecTor 2009 October 6, 2009. Tracy Ann Kosa SecTor 2009 October 6, 2009 Tracy Ann Kosa Privacy versus Security Un enforced Privacy Privacy Requirements that Work People Process Technology Territorial Privacy Setting boundaries on intrusion into

More information

ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY

ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY Originated by: Data Protection Working Group: November 2008 Impact Assessment: (to be confirmed) Recommended by Senate: 28 January 2009 Approved by Council:

More information

Align Technology. Data Protection Binding Corporate Rules Controller Policy. 2014 Align Technology, Inc. All rights reserved.

Align Technology. Data Protection Binding Corporate Rules Controller Policy. 2014 Align Technology, Inc. All rights reserved. Align Technology Data Protection Binding Corporate Rules Controller Policy Contents INTRODUCTION 3 PART I: BACKGROUND AND ACTIONS 4 PART II: CONTROLLER OBLIGATIONS 6 PART III: APPENDICES 13 2 P a g e INTRODUCTION

More information

UNIVERSITY COLLEGE LONDON CCTV POLICY. Endorsed by the Security Working Group - 17 October 2012

UNIVERSITY COLLEGE LONDON CCTV POLICY. Endorsed by the Security Working Group - 17 October 2012 UNIVERSITY COLLEGE LONDON CCTV POLICY Endorsed by the Security Working Group - 17 October 2012 Endorsed by the Infrastructure IT Services Strategy Group - 18 October 2012 Reviewed and endorsed (with one

More information

Financial Services Guidance Note Outsourcing

Financial Services Guidance Note Outsourcing Financial Services Guidance Note Issued: April 2005 Revised: August 2007 Table of Contents 1. Introduction... 3 1.1 Background... 3 1.2 Definitions... 3 2. Guiding Principles... 5 3. Key Risks of... 14

More information

Data Protection Act a more detailed guide

Data Protection Act a more detailed guide Data Protection Act a more detailed guide What does the Act do? The Data Protection Act 1998 places considerable duties on organisations which process personal data; increases the rights of access by data

More information

University of Liverpool Online Programmes - Privacy Policy for Visitors and Students

University of Liverpool Online Programmes - Privacy Policy for Visitors and Students University of Liverpool Online Programmes - Privacy Policy for Visitors and Students PLEASE NOTE: The following privacy terms relate to the University of Liverpool s online programmes and not The University

More information

Compliance Policy ALCO recommended standard

Compliance Policy ALCO recommended standard 1. PURPOSE In accordance with CSSF Circular 2004/155, the board of directors of [NAME OF COMPANY] (hereafter the Company ) has adopted the following Compliance Policy. The Company s Compliance function

More information

CCBE GUIDELINES ON THE USE OF CLOUD COMPUTING SERVICES BY LAWYERS

CCBE GUIDELINES ON THE USE OF CLOUD COMPUTING SERVICES BY LAWYERS CCBE GUIDELINES ON THE USE OF CLOUD COMPUTING SERVICES BY LAWYERS CCBE guidelines on the use of cloud computing services by lawyers TABLE OF CONTENTS I. INTRODUCTION... 3 1. Scope of the guidelines...

More information

Multi-Jurisdictional Study: Cloud Computing Legal Requirements. Julien Debussche Associate January 2015

Multi-Jurisdictional Study: Cloud Computing Legal Requirements. Julien Debussche Associate January 2015 Multi-Jurisdictional Study: Cloud Computing Legal Requirements Julien Debussche Associate January 2015 Content 1. General Legal Framework 2. Data Protection Legal Framework 3. Security Requirements 4.

More information

QUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN 18 085 048 237. better health cover shouldn t hurt

QUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN 18 085 048 237. better health cover shouldn t hurt QUEENSLAND COUNTRY HEALTH FUND privacy policy Queensland Country Health Fund Ltd ABN 18 085 048 237 better health cover shouldn t hurt 1 2 contents 1. Introduction 4 2. National Privacy Principles 5 3.

More information

GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT. CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4

GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT. CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4 GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4 PREFACE The following provides general guidance on data protection

More information

Cloud Security Trust Cisco to Protect Your Data

Cloud Security Trust Cisco to Protect Your Data Trust Cisco to Protect Your Data As cloud adoption accelerates, organizations are increasingly placing their trust in third-party cloud service providers (CSPs). But can you fully trust your most sensitive

More information

CORPORATE TRAVEL MANAGEMENT PRIVACY POLICY

CORPORATE TRAVEL MANAGEMENT PRIVACY POLICY CORPORATE TRAVEL MANAGEMENT PRIVACY POLICY 1. About this Policy Corporate Travel Management Group Pty Ltd (ABN 52 005 000 895) (CTM) ('we', 'us', 'our') understands the importance of, and is committed

More information

Review of Cloud Risks: What if

Review of Cloud Risks: What if Review of Cloud Risks: What if Availability of Data Ownership of Data Security of Information Privacy Controls there is no way to prevent Twitter from sharing your data (like when & where you tweeted from)

More information

Orchestrating the New Paradigm Cloud Assurance

Orchestrating the New Paradigm Cloud Assurance Orchestrating the New Paradigm Cloud Assurance Amsterdam 17 January 2012 John Hermans - Partner Current business challenges versus traditional IT Organizations are challenged with: Traditional IT seems

More information

Corporate ICT & Data Management. Data Protection Policy

Corporate ICT & Data Management. Data Protection Policy 90 Corporate ICT & Data Management Data Protection Policy Classification: Unclassified Date Created: January 2012 Date Reviewed January Version: 2.0 Author: Owner: Data Protection Policy V2 1 Version Control

More information

CLOUD COMPUTING FOR ehealth DATA PROTECTION ISSUES

CLOUD COMPUTING FOR ehealth DATA PROTECTION ISSUES CLOUD COMPUTING FOR ehealth DATA PROTECTION ISSUES GLOBAL FORUM 2009 ICT & The Future of the Internet - Monday, October 19 th 2009 paolo.balboni@bakernet.com Introduction & Structure ENISA Working Group

More information

Legal aspects of cloud computing

Legal aspects of cloud computing Legal aspects of cloud computing Belrim Events Cloud Computing - Revolution or Nightmare? Antoon Dierick, DLA Piper Brussels 20 March 2014 Agenda 1. What is Cloud computing? 2. Cloud from a regulatory

More information

Align Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved.

Align Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved. Align Technology Data Protection Binding Corporate Rules Processor Policy Confidential Contents INTRODUCTION TO THIS POLICY 3 PART I: BACKGROUND AND ACTIONS 4 PART II: PROCESSOR OBLIGATIONS 6 PART III:

More information

Cloud Governance is more than Security. Cloud Law or Legal Cloud?

Cloud Governance is more than Security. Cloud Law or Legal Cloud? more than Security Cloud Law or Legal Cloud? more than Security Governance principles more than Security Governance principles 1. Context definition Which organisation/ structure? Which roles and responsibilities?

More information

Privacy Impact Assessment and Information Governance Checklist

Privacy Impact Assessment and Information Governance Checklist Privacy Impact Assessment and Information Governance Checklist Review and Amendment Log / Control Sheet Responsible Officer: Clinical Chief Officer Clinical Lead: Author: Dr. Dave Mitchell Medical Director/Caldicott

More information

7.08.2 Privacy Rules for Customer, Supplier and Business Partner Data. Directive 7.08 Protection of Personal Data

7.08.2 Privacy Rules for Customer, Supplier and Business Partner Data. Directive 7.08 Protection of Personal Data Akzo Nobel N.V. Executive Committee Rules 7.08.2 Privacy Rules for Customer, Supplier and Business Partner Data Source Directive Content Owner Directive 7.08 Protection of Personal Data AkzoNobel Legal

More information

CODE OF ETHICS. CARLO GAVAZZI IMPIANTI S.p.A

CODE OF ETHICS. CARLO GAVAZZI IMPIANTI S.p.A CODE OF ETHICS CARLO GAVAZZI IMPIANTI S.p.A Doc. OR-050-P Version 1 of 27.02.2009 Date: 27.02.2009 Page 1 of 10 CONTENTS 1.0 INTRODUCTION 2.0 ADOPTION OF THE CODE OF ETHICS BY CARLO GAVAZZI IMPIANTI S.p.A.

More information

The EDGE 2014 User Conference Information Governance Workshop

The EDGE 2014 User Conference Information Governance Workshop The EDGE 2014 User Conference Information Governance Workshop Monday 17 th March 2014 Debbie Terry Agenda What is Information Governance? New developments in legislation Your questions answered Caldicott

More information

Anti-corruption and Anti-bribery policy

Anti-corruption and Anti-bribery policy Declaration of the strategic position with respect to anticorruption and anti-bribery practices Anti-corruption and Anti-bribery policy January, 2015 Table of Contents Justification... 3 1. Purpose...

More information

13772/14 GS/np 1 DG D 2C

13772/14 GS/np 1 DG D 2C Council of the European Union Brussels, 3 October 2014 (OR. en) Interinstitutional File: 2012/0011 (COD) 13772/14 DATAPROTECT 129 JAI 730 MI 726 DRS 120 DAPIX 137 FREMP 164 COMIX 503 CODEC 1926 NOTE From:

More information

Board means the Board of Directors of each of Scentre Group Limited, Scentre Management Limited, RE1 Limited and RE2 Limited.

Board means the Board of Directors of each of Scentre Group Limited, Scentre Management Limited, RE1 Limited and RE2 Limited. Board Charter SCENTRE GROUP LIMITED ABN 66 001 671 496 SCENTRE MANAGEMENT LIMITED ABN 41 001 670 579 AFS Licence No: 230329 as responsible entity of Scentre Group Trust 1 ABN 55 191 750 378 ARSN 090 849

More information

Data Protection Policy

Data Protection Policy 1 Data Protection Policy Version 1: June 2014 1 2 Contents 1. Introduction 3 2. Policy Statement 3 3. Purpose of the Data Protection Act 1998 3 4. The principles of the Data Protection Act 1998 4 5 The

More information

Enrollment for Education Solutions Addendum Microsoft Online Services Agreement Amendment 10 EES17 --------------

Enrollment for Education Solutions Addendum Microsoft Online Services Agreement Amendment 10 EES17 -------------- w Microsoft Volume Licensing Enrollment for Education Solutions Addendum Microsoft Online Services Agreement Amendment 10 Enrollment for Education Solutions number Microsoft to complete --------------

More information

Submitted by email: john.aspden@fsc.gov.im. 21 July 2014. Dear Mr Aspden,

Submitted by email: john.aspden@fsc.gov.im. 21 July 2014. Dear Mr Aspden, Submitted by email: john.aspden@fsc.gov.im 21 July 2014 Dear Mr Aspden, ICSA response to the Group of International Finance Centre Supervisors consultation on the Draft International Standard on the Regulation

More information

Cloud Computing Contracts. October 11, 2012

Cloud Computing Contracts. October 11, 2012 Cloud Computing Contracts October 11, 2012 Lorene Novakowski Karam Bayrakal Covering Cloud Computing Cloud Computing Defined Models Manage Cloud Computing Risk Mitigation Strategy Privacy Contracts Best

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources

More information

In-House Counsel Day Priorities for 2012

In-House Counsel Day Priorities for 2012 In-House Counsel Day Priorities for 2012 Cloud Computing the benefits, potential risks and security for the future Presented by Anthony Willis Group Head IP and Technology Thursday 1 March 2012 WIN: What

More information

Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries

Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries Sopra HR Software as a Data Processor Sopra HR Software, 2014 / Ref. : 20141120-101114-m 1/32 1.

More information

The supplier shall have appropriate policies and procedures in place to ensure compliance with

The supplier shall have appropriate policies and procedures in place to ensure compliance with Supplier Instructions for Processing of Personal Data 1 PURPOSE SOS International has legal and contractual obligations on the matters of data protection and IT security. As a part of these obligations

More information

An Agreement dated [ enter date ] governing the conduct of Insurance Business between:

An Agreement dated [ enter date ] governing the conduct of Insurance Business between: Terms of Business Agreement (Non Risk Transfer) An Agreement dated [ enter date ] governing the conduct of Insurance Business between: and [Name of Managing Agent] on its own behalf and on behalf of the

More information

The Cadence Partnership Service Definition

The Cadence Partnership Service Definition The Cadence Partnership Service Definition About Cadence The Cadence Partnership is an independent management consultancy, specialising in working with a wide range of organisations, solving complex issues

More information

Conflicts of Interest Policy Deutsche Bank Group

Conflicts of Interest Policy Deutsche Bank Group Level 2 Conflicts of Interest Policy Deutsche Bank Group Table of Contents 1. STATEMENT OF PRINCIPLE... 3 2. INTRODUCTION... 3 3. OBJECTIVE... 3 4. SCOPE... 3 5. RULES AND REGULATIONS... 5 6. GENERAL GUIDANCE...

More information

Firm Registration Form

Firm Registration Form Firm Registration Form Firm Registration Form This registration form should be completed by firms who are authorised and regulated by the Financial Conduct Authority. All sections of this form are mandatory.

More information

ATMD Bird & Bird. Singapore Personal Data Protection Policy

ATMD Bird & Bird. Singapore Personal Data Protection Policy ATMD Bird & Bird Singapore Personal Data Protection Policy Contents 1. PURPOSE 1 2. SCOPE 1 3. COMMITMENT TO COMPLY WITH DATA PROTECTION LAWS 1 4. PERSONAL DATA PROTECTION SAFEGUARDS 3 5. ATMDBB EXCEPTIONS:

More information

Information Security Policies. Version 6.1

Information Security Policies. Version 6.1 Information Security Policies Version 6.1 Information Security Policies Contents: 1. Information Security page 3 2. Business Continuity page 5 3. Compliance page 6 4. Outsourcing and Third Party Access

More information

Security and Privacy in Cloud Computing

Security and Privacy in Cloud Computing Security and Privacy in Cloud Computing - Study Report Sai Lakshmi General Manager Enterprise Security Solutions 2 Agenda Background & Objective Current Scenario & Future of Cloud Computing Challenges

More information

Corporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data

Corporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data Corporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data *) For the purposes of these Corporate Guidelines, Third Countries are all those countries, which do not

More information

Scottish Rowing Data Protection Policy

Scottish Rowing Data Protection Policy Revision Approved by the Board August 2010 1. Introduction As individuals, we want to know that personal information about ourselves is handled properly, and we and others have specific rights in this

More information

Public Cloud Workshop Offerings

Public Cloud Workshop Offerings Cloud Perspectives a division of Woodward Systems Inc. Public Cloud Workshop Offerings Cloud Computing Measurement and Governance in the Cloud Duration: 1 Day Purpose: This workshop will benefit those

More information

Cloud Computing and Data Protection Compliance - Experiences from Norway

Cloud Computing and Data Protection Compliance - Experiences from Norway Cloud Computing and Data Protection Compliance - Experiences from Norway PhD Thomas Olsen Legal Aspects of Cloud Computing, UiO, 27 January 2015 www.svw.no Overview Cloud Computing Introduction to EU and

More information

Annex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015

Annex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015 Annex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015 The following comprises a checklist of areas that genomic research organizations or consortia (collectively referred

More information

Lots of clouds: a stormy weather for information privacy?

Lots of clouds: a stormy weather for information privacy? Lots of clouds: a stormy weather for information privacy? Michel Jaccard Sylvain Métille Web idest.pro Twitter @idestavocats Introduction Purpose: know what you do, why you do it, the risks and the best

More information

This Applicant Privacy Notice Continental Europe is dated: July 2012 WILLIS.COM: PRIVACY NOTICE

This Applicant Privacy Notice Continental Europe is dated: July 2012 WILLIS.COM: PRIVACY NOTICE Applicant Privacy Notice for Positions in Willis Companies Located in the European Union and European Economic Area Excluding the United Kingdom ( Applicant Privacy Notice Continental Europe ) This Applicant

More information

Information Governance Checklist and Privacy Impact Assessments

Information Governance Checklist and Privacy Impact Assessments Information Governance Checklist and Privacy Impact Assessments Authorship: Committee Approved: Chris Wallace Information Governance Manager Quality and Clinical Governance Committee Approved date: 1 Feb

More information