E-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY

Size: px
Start display at page:

Download "E-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY"

Transcription

1 E-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY Oana Dolea 7 th Annual Conference March 26th, 2013 Montreal, Canada

2 INTRODUCTION Mobile e-commerce vs. E-commerce Mobile e-commerce: more than just transactions 2

3 PRIVACY AND ONLINE CONFIDENCE Why a discussion about privacy and mobile e-commerce? Exponential growth mobile web economy may double by Confidence in the company behind the online transaction a leading trend influencing online business practices. Appropriate treatment of personal information online - an important tool for maintaining and growing that trust. Presentation will focus on: Applicable normative and self-regulatory mechanisms. Aspects of mobile e-commerce that pose privacy risks and can damage confidence in the brand. Practical strategies to promote privacy and confidence in online transactions. 3

4 NORMATIVE PRIVACY FRAMEWORKS Preserving trust in online transactions by understanding general principles set out in normative frameworks. Canada, US and EU significant differences underlying the complexity of the borderless context of online transactions. 4

5 NORMATIVE PRIVACY FRAMEWORKS: CANADA Applicable legislation Federal and provincial statutes that govern the collection, use, disclosure and management of personal information by private sector organizations. Personal Information Protection and Electronic Documents Act (PIPEDA) Applies to organizations engaged in commercial activities anywhere in Canada and when personal information is moved across borders (between provinces or internationally). 10 principles of PIPEDA: accountability, identifying purposes, consent, limiting collection, limiting use, disclosure and retention, accuracy, safeguards, openness, individual access, challenging compliance. 5

6 NORMATIVE PRIVACY FRAMEWORKS: CANADA Personal Information Defined very broadly as information about an identifiable individual. Organizations are generally required to seek consent for the use or disclosure of the personal information at the time of collection. Consent Requires knowledge as well as an understanding of the collection, use and dissemination of information, the repercussions thereof, and the existence of available alternatives. Freedom of choice is critical to privacy. Consent may be express or implied. 6

7 NORMATIVE PRIVACY FRAMEWORKS: CANADA Limits to Collection, Use and Disclosure Organizations must not require consent to the collection, use or disclosure of personal information beyond what is necessary to provide the product or service. Withdrawal of Consent An individual must be able to withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. Upon receipt of a withdrawal request, individuals must be informed of the implications of such withdrawal. Publicly Available Information Exception to consent requirements for publicly available information found in both federal and provincial legislation. The exception applies to the personal information of an individual that appears in a telephone directory or a professional or business directory, listing or notice that is available to the public. 7

8 NORMATIVE PRIVACY FRAMEWORKS: CANADA Cross-border flows of data: a Canadian provincial perspective Quebec - organizations must take reasonable steps to ensure that personal information transferred to service providers outside Quebec will not be used for other purposes and not be communicated to third parties without consent. Alberta - requires specific notice where the information is being transferred outside of Canada. Notice must include: The countries outside Canada in which the collection, use, disclosure or storage is occurring or may occur, and The purposes for which the service provider outside Canada has been authorized to collect, use or disclose personal information for or on behalf of the organization. 8

9 NORMATIVE PRIVACY FRAMEWORKS: UNITED STATES Constitutional Protection The United States Courts have compensated for the lack of any provision in the U.S. Constitution that grants an explicit right to privacy, by recognizing a right to privacy. Federal Legislation and Privacy Protection Privacy legislation in the U.S. follows a sectoral approach: laws are developed and enforced for a specific industry sector and protect only certain types of information. Information Held by the Federal Government Privacy Act of 1974 and the Computer Matching and Privacy Act - personal information held by the federal government. No authority over the collection and use of personal information held by other private and public sector entities. The United States has largely avoided legislation governing the treatment of sensitive personal information in records systems held by sources other than the federal government. 9

10 NORMATIVE PRIVACY FRAMEWORKS: UNITED STATES Private Sector The Fair Credit Reporting Act: prevents consumer reporting agencies from disclosing personal data on consumer reports without a showing of a legitimate business need. The Financial Services Modernization Act (Gramm-Leach Bliley Act) : contains privacy provisions protecting non-public financial information and requiring that financial institutions employ measures to secure customer data against anticipated threats to confidentiality. The Federal Trade Commission March 2012, FTC Privacy Report - best practices for businesses to protect consumers privacy and give them greater control over their personal data. Calls on companies handling consumer data to adhere to three core principles: Privacy by Design Simplified Consumer Choice Greater Transparency 10

11 NORMATIVE PRIVACY FRAMEWORKS: UNITED STATES State Legislation and Privacy Protection 1. California Online Privacy Protection Act (OPPA) Reaches beyond California s borders - functions as a national law, potentially impacting every commercial website that collects personally identifiable information from consumers. Requires operators of commercial websites or online services to post a privacy policy that must contain certain features. Does not contain any enforcement provisions. However, OPPA presumably could be enforced through California s Unfair Competition Law. 2. Other States Laws Nebraska and Pennsylvania: amended their unfair business practice statutes. Minnesota and Nevada: laws that impose confidentiality requirements on Internet service providers with respect to their subscribers. 11

12 NORMATIVE PRIVACY FRAMEWORKS: EUROPEAN UNION European Data Protection Directive (Directive 95/46/EC ) Applies when the controller is established or operates within the EU, but also whenever the controller uses equipment located inside the EU to process personal data. Controllers from outside the EU who process personal data inside the EU must nevertheless comply with the directive. A controller is a natural or legal person, public authority, agency, or any other body which alone or jointly with others determines the purposes and means of processing of personal data. Based on principles of: Notice Purpose Consent Security Disclosure Access Accountability 12

13 NORMATIVE PRIVACY FRAMEWORKS: EUROPEAN UNION Two broad sets of obligations on data controllers: Registration - Companies are required to register with the relevant national authority in all relevant countries. Compliance - Personal data may only be collected for specified, explicit, and legitimate purposes. Personal data must be adequate, relevant, and not excessive in relation to the purposes for which they are processed. EU Data Directive also requires data controllers to: Only use personal data collected for specific purposes for those purposes (with certain exceptions for historical, statistical, or scientific purposes) and no longer than is necessary. Be clear about the reason it collects personal data and use the data in strict compliance with its declared intentions. Implement appropriate security measures to protect personal information against accidental or unlawful destruction, and against accidental loss, alteration, unauthorized disclosure, or unauthorized access. 13

14 NORMATIVE PRIVACY FRAMEWORKS: EUROPEAN UNION Amendments to the EU Data Protection Directive In February 2013, close to 900 amendments were proposed to the EU Data Protection Directive, generally as follows: Designation of the main establishment Flexibility in the public sector Personal data and pseudonymisation Consent Governance International transfers 14

15 HARMONIZATION OF DIFFERENCES? EU U.S. Transfer of Personal Data Under the EU Directive, personal data may only be transferred outside the EU if the data will receive adequate protection in the importing country. Safe Harbor set of voluntary data protection measures that U.S. companies may undertake to bring them within a safe harbor of adequate protection under the Directive. The Safe Harbor Agreement was adopted in May 2000 and requires compliance with 7 principles: Notice Choice to opt out Notice and choice to opt out when transferring to third parties Access to one s information Protection and security of personal information Data integrity and enforcement. Breach of the Safe Harbor Principles by a company that has committed to them may be actionable under the Federal Trade Commission Act (FTC Act). 15

16 HARMONIZATION OF DIFFERENCES? EU Canada Transfer of Personal Information The EU Commission has recognized PIPEDA as providing adequate protection for the transfer of personal information from the EU to Canada. This allows for the continued flow of personal information between the EU and Canada. Thus, EU companies can share personal information with Canadian companies and store personal information in Canada. 16

17 HARMONIZATION OF DIFFERENCES? Gap between the U.S. and Canada Same harmonization does not exist between Canada and the U.S., leading to a gap in protecting data flows between both countries. FTC and the Office of the Privacy Commissioner of Canada continuously work together in bringing forth legal proceedings and work collectively in enforcing the standards of privacy and security. The Privacy Commissioner recently supported the FTC in legal proceedings over a website operated by a US company which advertised and sold confidential consumer information to third parties without consent. 17

18 SELF-REGULATORY PRIVACY FRAMEWORKS Territorial-based normative frameworks are often insufficient to provide a uniform set of privacy rules, in a borderless online context. Various self-regulating protocols developed in response OECD Privacy Guidelines Platform for Privacy Preferences Standard use of confidentiality policies 18

19 TARGETED BEHAVIOURAL ADVERTISING, PRIVACY AND ONLINE CONFIDENCE E-commerce and online environment Potential challenges to privacy that can affect customer trust in online transactions. Targeted Behavioural Advertising Using cookies, algorithms collect both information identifiable and nonidentifiable information about an individual. Algorithms tracking individuals online activities in order to deliver tailored advertisements that user is more likely to click, view and ultimately purchase. 19

20 TARGETED BEHAVIOURAL ADVERTISING, PRIVACY AND ONLINE CONFIDENCE Why is Targeted Behavioural Advertising problematic for privacy? Rate at which behavioural profiles are growing and accumulating more and more personal information. Even a piece of non-identifiable information, in the presence of many other pieces of information, can quickly become identifiable information. Sensitive information can fall into or be seen by the wrong people. In most cases, lack of awareness means lack of truly informed consent to the collection, use and disclosure of individuals personal information for the purposes of target behavioural advertising. 20

21 TARGETED BEHAVIOURAL ADVERTISING, PRIVACY AND ONLINE CONFIDENCE Consent Implied, Express and In-between Informed consent express consent, rather than the implied consent achieved through notice in a privacy policy. The EU Cookie Directive (Directive 2009/136) goes some way to address the issue of consent to the collection of personal information from a user s Internet activity. Debate about what is sufficient consent: UK Information Commissioner s Office : [ ] The crucial consideration is that the individual must fully understand that by the action in question, they will be giving consent. US Federal Trade Commission 2007 report identified principles for self-regulation of targeted behavioural advertising: Transparency and control Reasonable security, and limited data retention Affirmative express consent for material changes to existing privacy promises Affirmative express consent (or prohibition against) using sensitive data for behavioural advertising 21

22 MOBILE E-COMMERCE: UNIQUE CHALLENGES TO ONLINE CONFIDENCE Practical aspects of Mobile e-commerce present privacy-related questions: Enforcement of inter-jurisdictional compliance Mobile user + divergent legal frameworks = confusing enforcement of privacy. Negative perceptions of geo-location functions Perception of lack of control over personal information that could be extracted from location data. 22

23 PRACTICAL TIPS FOR INCREASING ONLINE CONFIDENCE 1) Adopt a privacy by design approach to all products. 2) Establish business processes with regard privacy that prevent or mitigate negative perceptions. 3) Emphasize a maximum of transparency. 23

24 CONCLUSION Integrity and trust important currencies in the sphere of online commerce. Privacy protection as more than a legal requirement an important marketing tool. 24

25 25 QUESTIONS?

26 26 THANK YOU!

Taking care of what s important to you

Taking care of what s important to you A v i v a C a n a d a I n c. P r i v a c y P o l i c y Taking care of what s important to you Table of Contents Introduction Privacy in Canada Definition of Personal Information Privacy Policy: the ten

More information

PIPEDA and Online Backup White Paper

PIPEDA and Online Backup White Paper PIPEDA and Online Backup White Paper The cloud computing era has seen a phenomenal growth of the data backup service industry. Backup service providers, by nature of their business, are compelled to collect

More information

WidePoint Solutions Corp. SAFE HARBOR PRIVACY POLICY

WidePoint Solutions Corp. SAFE HARBOR PRIVACY POLICY WidePoint Solutions Corp. SAFE HARBOR PRIVACY POLICY Your privacy is important to us. At WidePoint Solutions Corp. we value your trust. We want you to know how we collect, use, and share and protect information

More information

Johnson Controls Privacy Notice

Johnson Controls Privacy Notice Johnson Controls Privacy Notice Johnson Controls, Inc. and its affiliated companies (collectively Johnson Controls, we, us or our) care about your privacy and are committed to protecting your personal

More information

CANADIAN PRIVACY AND DATA RESIDENCY REQUIREMENTS. White Paper

CANADIAN PRIVACY AND DATA RESIDENCY REQUIREMENTS. White Paper CANADIAN PRIVACY AND DATA RESIDENCY REQUIREMENTS White Paper Table of Contents Addressing compliance with privacy laws for cloud-based services through persistent encryption and key ownership... Section

More information

Doing Business. A Practical Guide. casselsbrock.com. Canada. Dispute Resolution. Foreign Investment. Aboriginal. Securities and Corporate Finance

Doing Business. A Practical Guide. casselsbrock.com. Canada. Dispute Resolution. Foreign Investment. Aboriginal. Securities and Corporate Finance About Canada Dispute Resolution Forms of Business Organization Aboriginal Law Competition Law Real Estate Securities and Corporate Finance Foreign Investment Public- Private Partnerships Restructuring

More information

Privacy Law in Canada

Privacy Law in Canada Privacy Law in Canada Federal and provincial privacy legislation has a profound impact on the way virtually all organizations carry on business across the country. Canada s privacy laws, while likely the

More information

Privacy Risk Assessments

Privacy Risk Assessments Privacy Risk Assessments Michael Hulet Principal November 8, 2012 Agenda Privacy Review Definition Trends Privacy Program Considerations Privacy Risk Assessment Risk Assessment Tools Generally Accepted

More information

COUNCIL OF THE EUROPEAN UNION. Brussels, 22 November 2006 15644/06 DATAPROTECT 45 EDPS 3

COUNCIL OF THE EUROPEAN UNION. Brussels, 22 November 2006 15644/06 DATAPROTECT 45 EDPS 3 COUNCIL OF THE EUROPEAN UNION Brussels, 22 November 2006 15644/06 DATAPROTECT 45 EDPS 3 COVER NOTE from: Secretary-General of the European Commission, signed by Mr Jordi AYET PUIGARNAU, Director date of

More information

Policy Implications: Privacy, Security and Liability Big Data in Telecom. June 7 2012 TIA 2012: INSIDE THE NETWORK Dallas TX

Policy Implications: Privacy, Security and Liability Big Data in Telecom. June 7 2012 TIA 2012: INSIDE THE NETWORK Dallas TX Policy Implications: Privacy, Security and Liability Big Data in Telecom June 7 2012 TIA 2012: INSIDE THE NETWORK Dallas TX Who We Are Leading trade association in support of information and communications

More information

Data, Privacy, Cookies and the FTC in 2013. Kevin Stark - ExactTarget Maltie Maraj - ExactTarget Nicholas Merker - Ice Miller

Data, Privacy, Cookies and the FTC in 2013. Kevin Stark - ExactTarget Maltie Maraj - ExactTarget Nicholas Merker - Ice Miller Data, Privacy, Cookies and the FTC in 2013 Kevin Stark - ExactTarget Maltie Maraj - ExactTarget Nicholas Merker - Ice Miller BIOS Kevin Stark: Product Manager at ExactTarget. Focused on data security,

More information

Consumer Confidence Trustmarks

Consumer Confidence Trustmarks Consumer Confidence Trustmarks September 14, 2001 Issue Chair Contact Point (Europe/Africa) Contact Point (Asia/Oceania) Carleton S. Fiorina Chairman & CEO Hewlett-Packard Dr. Klaus Mangold CEO DaimlerChrysler

More information

Protecting your privacy

Protecting your privacy Protecting your privacy Table of Contents Answering your questions about privacy Your privacy... 1 Your consent... 1 Answering your questions about privacy... 2 About cookies... 9 Behavioural Advertising/Online

More information

Article 29 Working Party Issues Opinion on Cloud Computing

Article 29 Working Party Issues Opinion on Cloud Computing Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,

More information

Information Governance Policy

Information Governance Policy Information Governance Policy 1 Introduction Healthwatch Rutland (HWR) needs to collect and use certain types of information about the Data Subjects who come into contact with it in order to carry on its

More information

I. Need for Federal Privacy Legislation

I. Need for Federal Privacy Legislation Intel Corporation is pleased to file comments on the Department of Commerce National Telecommunications and Information Administration s Notice of Inquiry, Information Privacy and Innovation in the Internet

More information

QUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN 18 085 048 237. better health cover shouldn t hurt

QUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN 18 085 048 237. better health cover shouldn t hurt QUEENSLAND COUNTRY HEALTH FUND privacy policy Queensland Country Health Fund Ltd ABN 18 085 048 237 better health cover shouldn t hurt 1 2 contents 1. Introduction 4 2. National Privacy Principles 5 3.

More information

INTRODUCTION. Application of the Principles

INTRODUCTION. Application of the Principles INTRODUCTION These Canadian Self-Regulatory Principles for Online Behavioural Advertising (the Principles ) were developed by the Digital Advertising Alliance of Canada (the DAAC ), a consortium of leading

More information

CIHI Submission: 2011 Prescribed Entity Review

CIHI Submission: 2011 Prescribed Entity Review pic pic CIHI Submission: 2011 Prescribed Entity Review October 2011 Who We Are Established in 1994, CIHI is an independent, not-for-profit corporation that provides essential information on Canada s health

More information

We will not collect, use or disclose your personal information without your consent, except where required or permitted by law.

We will not collect, use or disclose your personal information without your consent, except where required or permitted by law. HSBC Privacy Notice HSBC's Privacy Principles HSBC Bank Canada is a subsidiary of HSBC Holdings plc which, together with its subsidiaries and affiliates, is one of the world s largest banking and financial

More information

Best Practices for Protecting Individual Privacy in Conducting Survey Research

Best Practices for Protecting Individual Privacy in Conducting Survey Research Best Practices for Protecting Individual Privacy in Conducting Survey Research CONTENTS Foreword... 1 Introduction... 2 Privacy Considerations at Each Stage of a Survey Research Project... 5 Stage 1: Issue

More information

PROTECTION OF PERSONAL INFORMATION

PROTECTION OF PERSONAL INFORMATION PROTECTION OF PERSONAL INFORMATION Definitions Privacy Officer - The person within the Goderich Community Credit Union Limited (GCCU) who is responsible for ensuring compliance with privacy obligations,

More information

Binding Corporate Rules ( BCR ) Summary of Third Party Rights

Binding Corporate Rules ( BCR ) Summary of Third Party Rights Binding Corporate Rules ( BCR ) Summary of Third Party Rights This document contains in its Sections 3 9 all provision of the Binding Corporate Rules (BCR) for Siemens Group Companies and Other Adopting

More information

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS Mat Wright www.britishcouncil.org CONTENTS Purpose of the code 1 Scope of the code 1 The British Council s data protection commitment and

More information

Cloud Computing: Legal Risks and Best Practices

Cloud Computing: Legal Risks and Best Practices Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent

More information

Application of Data Protection Concepts to Cloud Computing

Application of Data Protection Concepts to Cloud Computing Application of Data Protection Concepts to Cloud Computing By Denitza Toptchiyska Abstract: The fast technological development and growing use of cloud computing services require implementation of effective

More information

EU Data Protection Directive and U.S. Safe Harbor Framework: An Employer Update. By Stephen H. LaCount, Esq.

EU Data Protection Directive and U.S. Safe Harbor Framework: An Employer Update. By Stephen H. LaCount, Esq. EU Data Protection Directive and U.S. Safe Harbor Framework: An Employer Update By Stephen H. LaCount, Esq. Overview The European Union Data Protection Directive 95/46/EC ( Directive ) went effective in

More information

Law Firm Compliance: Key Privacy Considerations for Lawyers and Law Firms in Ontario

Law Firm Compliance: Key Privacy Considerations for Lawyers and Law Firms in Ontario PRIVACY COMPLIANCE ISSUES FOR LAW FIRMS IN ONTARIO By Sara A. Levine 1 Presented at Law Firm Compliance: Key Privacy Considerations for Lawyers and Law Firms in Ontario Ontario Bar Association, May 6,

More information

The Manitoba Child Care Association PRIVACY POLICY

The Manitoba Child Care Association PRIVACY POLICY The Manitoba Child Care Association PRIVACY POLICY BACKGROUND The Manitoba Child Care Association is committed to comply with the legal obligations imposed by the federal government's Personal Information

More information

technical factsheet 176

technical factsheet 176 technical factsheet 176 Data Protection CONTENTS 1. Introduction 1 2. Register with the Information Commissioner s Office 1 3. Period protection rights and duties remain effective 2 4. The data protection

More information

AN INTRODUCTION TO THE EU DIRECTIVE ON THE PROTECTION OF PERSONAL DATA

AN INTRODUCTION TO THE EU DIRECTIVE ON THE PROTECTION OF PERSONAL DATA AN INTRODUCTION TO THE EU DIRECTIVE ON THE PROTECTION OF PERSONAL DATA By Peter K. Yu Introduction The Internet and new communications technologies have made shopping more convenient than ever. Online

More information

CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES:

CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES: CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES: Privacy Responsibilities and Considerations Cloud computing is the delivery of computing services over the Internet, and it offers many potential

More information

Privacy and Electronic Communications Regulations

Privacy and Electronic Communications Regulations ICO lo Notification of PECR security breaches Privacy and Electronic Communications Regulations Contents Introduction... 2 Overview... 2 Relevant security breaches... 3 What is a service provider?... 3

More information

Corporate Policy. Data Protection for Data of Customers & Partners.

Corporate Policy. Data Protection for Data of Customers & Partners. Corporate Policy. Data Protection for Data of Customers & Partners. 02 Preamble Ladies and gentlemen, Dear employees, The electronic processing of virtually all sales procedures, globalization and growing

More information

Index All entries in the index reference page numbers.

Index All entries in the index reference page numbers. Index All entries in the index reference page numbers. A Audit of organizations, 37-38, Access to personal information 162-163 by individual, 22, 31, 151-154 B assistance by organization, Biometrics, 123-125

More information

Safe Harbor Questionnaire

Safe Harbor Questionnaire Safe Harbor Questionnaire This questionnaire is aimed at gathering relevant information with regard to the Safe Harbor certification of the data importer. It should be completed by personnel with knowledge

More information

Personal Information Protection and Electronic Documents Act

Personal Information Protection and Electronic Documents Act PIPEDA Self-Assessment Tool Personal Information Protection and Electronic Documents Act table of contents Why this tool is needed... 3 How to use this tool... 4 PART 1: Compliance Assessment Guide Principle

More information

MIS Privacy Statement. Our Privacy Commitments

MIS Privacy Statement. Our Privacy Commitments MIS Privacy Statement Our Privacy Commitments MIS Training Institute Holdings, Inc. (together "we") respect the privacy of every person who visits or registers with our websites ("you"), and are committed

More information

Breast Cancer Awareness Campaign Privacy Policy

Breast Cancer Awareness Campaign Privacy Policy Effective Date: September 11, 2015 Breast Cancer Awareness Campaign Privacy Policy The Estée Lauder Companies ( we, us, or our ) respect your concerns about privacy and value the relationship we have with

More information

The HR Skinny: Effectively managing international employee data flows

The HR Skinny: Effectively managing international employee data flows The HR Skinny: Effectively managing international employee data flows Topics we will cover today Laws affecting HR data flows HR international data protection challenges and strategic solutions Case study

More information

Privacy Statement. What Personal Information We Collect. Australia

Privacy Statement. What Personal Information We Collect. Australia Privacy Statement Kelly Services, Inc. and its subsidiaries ("Kelly Services" or Kelly ) respect your privacy and we acknowledge that you have certain rights related to any personal information we collect

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY DATA PROTECTION POLICY Approval date: June 2014 Approved by: Board Responsible Manager: Executive Director of Resources Next Review June 2016 Data Protection Policy 1. Introduction Data Protection Policy

More information

PRIVACY AND DATA SECURITY MODULE

PRIVACY AND DATA SECURITY MODULE "This project has been funded under the fourth AAL call, AAL-2011-4. This publication [communication] reflects the views only of the author, and the Commission cannot be held responsible for any use which

More information

Cloud Computing: Privacy and Other Risks

Cloud Computing: Privacy and Other Risks December 2013 Cloud Computing: Privacy and Other Risks by George Waggott, Michael Reid and Mitch Koczerginski, McMillan LLP Introduction While the benefits of outsourcing organizational data storage to

More information

The Health Information Act. Use and Disclosure of Health Information for Research

The Health Information Act. Use and Disclosure of Health Information for Research The Health Information Act Use and Disclosure of Health Information for Research The Health Information Act (HIA) sets out rules respecting the use and disclosure of health information for research purposes

More information

The Impact of EU Data Protection Legislation. Thomas Rivera Hitachi Data Systems

The Impact of EU Data Protection Legislation. Thomas Rivera Hitachi Data Systems Privacy PRESENTATION vs Data TITLE Protection: GOES HERE The Impact of EU Data Protection Legislation Thomas Rivera Hitachi Data Systems SNIA Legal Notice The material contained in this tutorial is copyrighted

More information

European Privacy Reporter

European Privacy Reporter Is this email not displaying correctly? Try the web version or print version. ISSUE 02 European Privacy Reporter An Update on Legal Developments in European Privacy and Data Protection November 2012 In

More information

JOB APPLICANT PRIVACY NOTICE

JOB APPLICANT PRIVACY NOTICE JOB APPLICANT PRIVACY NOTICE Table of Contents 1. Purpose... 3 2. What Personal Information ADM Collects... 3 3. How ADM Uses Your Personal Information... 4 4. How ADM Protects Your Personal Information...

More information

The U.S.-EU Safe Harbor Guide to Self-Certification

The U.S.-EU Safe Harbor Guide to Self-Certification U.S.-EU Safe Harbor Framework A Guide to Self-Certification Table of Contents Introduction.............................................................1 Overview...............................................................3

More information

1. Introduction. 2. Sectoral Areas Affected. 3. Data Security. 4. Data Breach Requirements. 5. Traffic Data

1. Introduction. 2. Sectoral Areas Affected. 3. Data Security. 4. Data Breach Requirements. 5. Traffic Data 1. Introduction Special data protection rules apply to the protection of Personal Data by Data Controllers in the electronic communications sector. These are in addition to the general obligations that

More information

Office of the Data Protection Commissioner of The Bahamas. Data Protection (Privacy of Personal Information) Act, 2003. A Guide for Data Controllers

Office of the Data Protection Commissioner of The Bahamas. Data Protection (Privacy of Personal Information) Act, 2003. A Guide for Data Controllers Office of the Data Protection Commissioner of The Bahamas Data Protection (Privacy of Personal Information) Act, 2003 A Guide for Data Controllers 1 Acknowledgement Some of the information contained in

More information

Addendum Windows Azure Data Processing Agreement Amendment ID M129

<Choose> Addendum Windows Azure Data Processing Agreement Amendment ID M129 Addendum Amendment ID Proposal ID Enrollment number Microsoft to complete This addendum ( Windows Azure Addendum ) is entered into between the parties identified on the signature form for the

More information

Credit Union Code for the Protection of Personal Information

Credit Union Code for the Protection of Personal Information Introduction Canada is part of a global economy based on the creation, processing, and exchange of information. The technology underlying the information economy provides a number of benefits that improve

More information

Best Practices in Data Management - A Guide for Marketers -

Best Practices in Data Management - A Guide for Marketers - Best Practices in Data Management - A Guide for Marketers - Prepared with support from the Office of the Privacy Commissioner of Canada s Contributions Program INTRODUCTION As consumers personal information

More information

Privacy by Design The 7 Foundational Principles Implementation and Mapping of Fair Information Practices

Privacy by Design The 7 Foundational Principles Implementation and Mapping of Fair Information Practices Privacy by Design The 7 Foundational Principles Implementation and Mapping of Fair Information Practices Ann Cavoukian, Ph.D. Information & Privacy Commissioner, Ontario, Canada Purpose: This document

More information

singapore american school

singapore american school Background The Singapore Personal Data Protection Act - 2012 (PDPA) establishes a data protection law that comprises various rules governing the collection, use, disclosure, and care of personal data.

More information

Data Protection Policy.

Data Protection Policy. Data Protection Policy. Data Protection Policy Foreword 2 Foreword Ladies and Gentlemen, In the information age, we offer customers the means to be always connected, even in their cars. This requires data

More information

THE PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT (PIPEDA) PERSONAL INFORMATION POLICY & PROCEDURE HANDBOOK

THE PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT (PIPEDA) PERSONAL INFORMATION POLICY & PROCEDURE HANDBOOK THE PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT (PIPEDA) PERSONAL INFORMATION POLICY & PROCEDURE HANDBOOK REVISED August 2004 PERSONAL INFORMATION POLICY & PROCEDURE HANDBOOK Introduction

More information

Privacy Law in Canada

Privacy Law in Canada by PATRICIA WILSON & MICHAEL FEKETE Protection of personal information remains at the forefront of public policy debate in. Federal and provincial privacy legislation has a profound impact on the way virtually

More information

AlixPartners, LLP. General Data Protection Statement

AlixPartners, LLP. General Data Protection Statement AlixPartners, LLP General Data Protection Statement GENERAL DATA PROTECTION STATEMENT 1. INTRODUCTION 1.1 AlixPartners, LLP ( AlixPartners ) is committed to fulfilling its obligations under the data protection

More information

Privacy Law Basics and Best Practices

Privacy Law Basics and Best Practices Privacy Law Basics and Best Practices Information Privacy in a Digital World Stephanie Skaff sskaff@fbm.com What Is Information Privacy? Your name? Your phone number or home address? Your email address?

More information

INTERNATIONAL SOS. Data Protection Policy. Version 1.05

INTERNATIONAL SOS. Data Protection Policy. Version 1.05 INTERNATIONAL SOS Data Protection Policy Document Owner: LCIS Division Document Manager: Group General Counsel Effective: December 2008 Revised: 2015 All copyright in these materials are reserved to AEA

More information

Privacy Policy. Effective Date: November 20, 2014

Privacy Policy. Effective Date: November 20, 2014 Privacy Policy Effective Date: November 20, 2014 Welcome to the American Born Moonshine website (this Site ). This policy describes the Privacy Policy (this Policy ) for this Site and describes how Windy

More information

The Digital Marketing Ecosystem: Trends, Risks and Obligations

The Digital Marketing Ecosystem: Trends, Risks and Obligations The Digital Marketing Ecosystem: Trends, Risks and Obligations Teena H. Lee, Vice President, Privacy and E-commerce Counsel The Estée Lauder Companies Inc. Bridget C. Treacy, Partner, Hunton & Williams

More information

Data protection compliance checklist

Data protection compliance checklist Data protection compliance checklist What is this checklist for? This checklist is drawn up on the basis of analysis of the relevant provisions of European law. Although European law aims at harmonizing

More information

Privacy Policy for Data Collected by Blue State Digital s Clients

Privacy Policy for Data Collected by Blue State Digital s Clients Privacy Policy for Data Collected by Blue State Digital s Clients Blue State Digital LLC. ("Blue State Digital", BSD or "we") provides various services to nonprofits and business entities ("Clients"),

More information

CLOUD COMPUTING & THE PATRIOT ACT: A RED HERRING?

CLOUD COMPUTING & THE PATRIOT ACT: A RED HERRING? CLOUD COMPUTING & THE PATRIOT ACT: A RED HERRING? Lindsey Finch Senior Global Privacy Counsel Salesforce.com lfinch@salesforce.com David T.S. Fraser Partner McInnes Cooper David.fraser@mcinnescooper.com

More information

UNILEVER PRIVACY PRINCIPLES UNILEVER PRIVACY POLICY

UNILEVER PRIVACY PRINCIPLES UNILEVER PRIVACY POLICY UNILEVER PRIVACY PRINCIPLES Unilever takes privacy seriously. The following five principles underpin our approach to respecting your privacy: 1. We value the trust that you place in us by giving us your

More information

Report of the Information & Privacy Commissioner/Ontario. Review of the Canadian Institute for Health Information:

Report of the Information & Privacy Commissioner/Ontario. Review of the Canadian Institute for Health Information: Information and Privacy Commissioner of Ontario Report of the Information & Privacy Commissioner/Ontario Review of the Canadian Institute for Health Information: A Prescribed Entity under the Personal

More information

Data Processing Agreement for Oracle Cloud Services

Data Processing Agreement for Oracle Cloud Services Data Processing Agreement for Oracle Cloud Services Version December 1, 2013 1. Scope and order of precedence This is an agreement concerning the Processing of Personal Data as part of Oracle s Cloud Services

More information

Office 365 Data Processing Agreement with Model Clauses

Office 365 Data Processing Agreement with Model Clauses Enrollment for Education Solutions Office 365 Data Processing Agreement (with EU Standard Contractual Clauses) Amendment ID Enrollment for Education Solutions number Microsoft to complete 7392924 GOLDS03081

More information

7.0 Information Security Protections The aggregation and analysis of large collections of data and the development

7.0 Information Security Protections The aggregation and analysis of large collections of data and the development 7.0 Information Security Protections The aggregation and analysis of large collections of data and the development of interconnected information systems designed to facilitate information sharing is revolutionizing

More information

ESTRO PRIVACY AND DATA SECURITY NOTICE

ESTRO PRIVACY AND DATA SECURITY NOTICE ESTRO PRIVACY AND DATA SECURITY NOTICE This Data Privacy and Security Policy is a dynamic document, which will reflect our continuing vigilance to properly handle and secure information that we are trusted

More information

FINANCIAL PLANNING CLIENT AGREEMENT

FINANCIAL PLANNING CLIENT AGREEMENT FINANCIAL PLANNING CLIENT AGREEMENT This Financial Planning Agreement ( Agreement ) is entered into by and among LPL Financial Corporation ( LPL ), a registered investment advisor, the LPL Investment Adviser

More information

Align Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved.

Align Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved. Align Technology Data Protection Binding Corporate Rules Processor Policy Confidential Contents INTRODUCTION TO THIS POLICY 3 PART I: BACKGROUND AND ACTIONS 4 PART II: PROCESSOR OBLIGATIONS 6 PART III:

More information

Credit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information

Credit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information Credit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information INTRODUCTION Privacy legislation establishes legal privacy rights for individuals and sets enforceable

More information

Taking care of what s important to you

Taking care of what s important to you National Home Warranty Group Inc. Privacy Policy Taking care of what s important to you Table of Contents Introduction Privacy in Canada Definition of Personal Information Privacy Policy: the ten principles

More information

AN INTRO TO. Privacy Laws. An introductory guide to Canadian Privacy Laws and how to be in compliance. Laura Brown

AN INTRO TO. Privacy Laws. An introductory guide to Canadian Privacy Laws and how to be in compliance. Laura Brown AN INTRO TO Privacy Laws An introductory guide to Canadian Privacy Laws and how to be in compliance Laura Brown Air Interactive Media Senior DMS Advisor A Publication of 1 TABLE OF CONTENTS Introduction

More information

Personal Information Protection Act ( PIPA ) Privacy-Proofing Your Retail Business Tips for Protecting Customers Personal Information 1

Personal Information Protection Act ( PIPA ) Privacy-Proofing Your Retail Business Tips for Protecting Customers Personal Information 1 Personal Information Protection Act ( PIPA ) Tips for Protecting Customers Personal Information 1 More than ever before, retailers have to be prepared to deal with customers who ask questions about the

More information

Merthyr Tydfil County Borough Council. Data Protection Policy

Merthyr Tydfil County Borough Council. Data Protection Policy Merthyr Tydfil County Borough Council Data Protection Policy 2014 Cyfarthfa High School is a Rights Respecting School, we recognise the importance of ensuring that the United Nations Convention of the

More information

We ask that you contact our Privacy Officer in the event you have any questions or concerns regarding this Code or its implementation.

We ask that you contact our Privacy Officer in the event you have any questions or concerns regarding this Code or its implementation. PRIVACY AND ANTI-SPAM CODE FOR OUR DENTAL OFFICE Please refer to Appendix A for a glossary of defined terms. INTRODUCTION The Personal Health Information Act (PHIA) came into effect on December 11, 1997,

More information

Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries

Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries Sopra HR Software as a Data Processor Sopra HR Software, 2014 / Ref. : 20141120-101114-m 1/32 1.

More information

ADVANCED CABLE COMMUNICATIONS WEBSITE PRIVACY POLICY COLLECTION AND USE OF INFORMATION FROM USERS

ADVANCED CABLE COMMUNICATIONS WEBSITE PRIVACY POLICY COLLECTION AND USE OF INFORMATION FROM USERS ADVANCED CABLE COMMUNICATIONS WEBSITE PRIVACY POLICY Advanced Cable Communications ( Company ) strives to offer visitors to its website (the Site ) the many advantages of Internet technology and to provide

More information

// CODE OF ETHICS FOR DENTISTS IN THE EUROPEAN UNION

// CODE OF ETHICS FOR DENTISTS IN THE EUROPEAN UNION // CODE OF ETHICS FOR DENTISTS IN THE EUROPEAN UNION Adopted unanimously by the CED General Meeting on 30 November 2007, amending earlier versions of the CED Code of Ethics from 1965, 1982, 1998 and 2002.

More information

STATUTORY INSTRUMENTS. S.I. No. 336 of 2011

STATUTORY INSTRUMENTS. S.I. No. 336 of 2011 STATUTORY INSTRUMENTS. S.I. No. 336 of 2011 EUROPEAN COMMUNITIES (ELECTRONIC COMMUNICATIONS NETWORKS AND SERVICES) (PRIVACY AND ELECTRONIC COMMUNICATIONS) REGULATIONS 2011 (Prn. A11/1165) 2 [336] S.I.

More information

The United States Federal Trade Commission ("FTC") and the Office of the Data Protection Commissioner of Ireland (collectively, "the Participants"),

The United States Federal Trade Commission (FTC) and the Office of the Data Protection Commissioner of Ireland (collectively, the Participants), MEMORANDUM OF UNDERSTANDING BETWEEN THE UNITED STATES FEDERAL TRADE COMMISSION AND THE OFFICE OF THE DATA PROTECTION COMMISSIONER OF IRELAND ON MUTUAL ASSISTANCE IN THE ENFORCEMENT OF LAWS PROTECTING PERSONAL

More information

Personal Information Protection and Electronic Documents Act (PIPEDA)

Personal Information Protection and Electronic Documents Act (PIPEDA) Introduction Personal Information Protection and Electronic Documents Act (PIPEDA) Policy and The Insurance Brokers Association of Alberta is committed to respect the privacy rights of individuals by ensuring

More information

DATA PROTECTION ACT 2002 The Basics

DATA PROTECTION ACT 2002 The Basics DATA PROTECTION ACT 2002 The Basics Purpose of the Act Balance the rights of an individual with an organisation s legitimate need to process personal data Promote openness and transparency Establish and

More information

U. S. EU SAFE HARBOR FRAMEWORK GUIDE TO SELF-CERTIFICATION MARCH 2009

U. S. EU SAFE HARBOR FRAMEWORK GUIDE TO SELF-CERTIFICATION MARCH 2009 U. S. EU SAFE HARBOR FRAMEWORK GUIDE TO SELF-CERTIFICATION MARCH 2009 U.S.- EU Safe Harbor Framework A Guide to Self-Certification Table of Contents Introduction... 1 Overview... 3 Helpful Hints Guide...

More information

Estée Lauder Companies Global Jobs Website Privacy Policy

Estée Lauder Companies Global Jobs Website Privacy Policy Effective Date: August 14, 2014 Estée Lauder Companies Global Jobs Website Privacy Policy The Estée Lauder Companies ( we, us, or our ) respects your concerns about privacy and value the relationship we

More information

Data Protection Good Practice Note

Data Protection Good Practice Note Data Protection Good Practice Note This explanatory document explains what charities and voluntary organisations need to do to comply with the Data Protection Act 1988 as amended by the Data Protection

More information

Personal Data Protection Policy

Personal Data Protection Policy Personal Data Protection Policy Please take a moment to read the following Policy. If there is anything you do not understand then please contact us. We are committed to protecting privacy. This Personal

More information

ORDER OF THE DIRECTOR OF THE COMMUNICATIONS REGULATORY AUTHORITY OF THE REPUBLIC OF LITHUANIA

ORDER OF THE DIRECTOR OF THE COMMUNICATIONS REGULATORY AUTHORITY OF THE REPUBLIC OF LITHUANIA ORDER OF THE DIRECTOR OF THE COMMUNICATIONS REGULATORY AUTHORITY OF THE REPUBLIC OF LITHUANIA ON THE AMENDMENT OF THE ORDER NO. 1V-1013 ON THE APPROVAL OF THE RULES ON THE ENSURANCE OF SECURITY AND INTEGRITY

More information

4-column document Net neutrality provisions (including recitals)

4-column document Net neutrality provisions (including recitals) 4-column document Net neutrality provisions (including recitals) [Text for technical discussions. It does not express any position of the Commission or its services] Proposal for a REGULATION OF THE EUROPEAN

More information

ChangeIt Privacy Policy - Canada

ChangeIt Privacy Policy - Canada ChangeIt Privacy Policy - Canada 1. Policy on Privacy of Personal Information Formulating Change Inc. ( FCI, we, us or our ) is committed to protecting the privacy and security of your Personal Information

More information

Declaration of Internet Rights Preamble

Declaration of Internet Rights Preamble Declaration of Internet Rights Preamble The Internet has played a decisive role in redefining public and private space, structuring relationships between people and between people and institutions. It

More information

SHAREYOURJOB.COM PRIVACY POLICY

SHAREYOURJOB.COM PRIVACY POLICY SHAREYOURJOB.COM PRIVACY POLICY (last updated 9th October 2014) 1. Introduction 1.1 Shareyourjob.com Ltd ( Shareyourjob.com or we ) respects the privacy of our users and has developed this Privacy Policy

More information

Abilities Centre collects personal information for the following purposes:

Abilities Centre collects personal information for the following purposes: Privacy Policy Accountability Abilities Centre is responsible for your personal information under its control. We have appointed a Privacy Officer who is accountable for our compliance with this Privacy

More information

Privacy and Transparency for Consumer Trust and Consumer Centrality

Privacy and Transparency for Consumer Trust and Consumer Centrality 1 1 2 2 Ecommerce Europe is the association representing around 5000+ companies selling products and/or services online to consumers in Europe. Ecommerce Europe is a major stakeholder in policy issues

More information

Briefly summarised, SURFmarket has submitted the following questions to the Dutch DPA:

Briefly summarised, SURFmarket has submitted the following questions to the Dutch DPA: UNOFFICIAL TRANSLATION Written opinion on the application of the Wet bescherming persoonsgegevens [Dutch Data Protection Act] in the case of a contract for cloud computing services from an American provider

More information