Principles of Mobile Privacy. Pat Walshe. Director of Privacy, GSMA
|
|
- Ethel Watkins
- 8 years ago
- Views:
Transcription
1 Principles of Mobile Privacy Pat Walshe Director of Privacy, GSMA
2 Introduction With the rapid expansion of ICT, the law has sought to address, and keep pace with, the privacy and data protection challenges that new technologies and data processing capabilities bring about It has also becoming clearer that new technologies and ways to analyse data can help drive innovation, deliver significant social and economic benefits and meet pressing public policy needs Data protection and privacy are currently regulated by a patchwork of international and regional instruments, as well as by national and sectoral laws A key question is what is the most effective regulatory framework to use in order to secure these benefits, while protecting privacy especially in a connected and increasingly converged world? What is the role of data protection and privacy in creating trust among consumers and citizens? What is the role of trust in economic growth and development? 2
3 Background 3
4 Harmonised policy? 4
5 Harmonising policy for a converged world? Telecoms Act/Licences/Codes Data Protection Act Cyber Security Health Law Enforcement Transport ecommerce Mobile Money Disaster Response 5
6 Privacy, what does it mean to you? 6
7 History, Development and Practice Session Overview What is Privacy? Key Approaches to General Data Protection Laws Privacy and Data Protection in Telecommunications Data Security 7
8 Privacy as a concept it is not new the right to be left alone 8
9 A right to privacy? Data Protection? EU Charter of Fundamental Rights Article 7 - respect for private and family life Everyone has the right to respect for his or her private and family life, home and correspondence Limited interferences permitted that must be set out in law Article 8 - Protection of personal data Everyone has the right to the protection of personal data concerning him or her 9
10 Aspects of online and mobile privacy Informational privacy A person s ability to control, or significantly control, the use of information about them Communications privacy The right of an individual to expect that their personal communications are free from monitoring, observation and intrusion Spatial privacy (location and context) The right of an individual to move about without being identified, tracked and monitored in ways that might impact on their right to freedom of movement and association 10
11 Data protection law developments Over 100 data protection and privacy laws have been influenced by the following reports, guidelines, conventions, directives and regulations: 1973 US Department of Health, Education and Welfare report on Fair Information Practices (FIPS) 1980 OECD Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data (updated 2013) 1980 Council of Europe Convention (108) for the Protection of Individuals with regard to Automatic Processing of Personal Data (under review) 1990 UN Guidelines for the Regulation of Computerised Personal Data Files 1995 EU Directive 95/46EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data (to be replaced with new regulation) 2012 EU draft General Data Protection Regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data 2014 African Union Convention on Cyber Security and Personal Data Protection 11
12 Data protection and privacy Africa Constitutional right to privacy Angola Benin Burkina Faso Cape Verde Cote d Ivoire Gabon Ghana Kenya Habeas Data + communications + communications Data Protection Data Protection Law (2011) Protection of Personally Identifiable Information (2009) Protection of Personal Data Act (2004) Protection of Personal Data (2001 amended 2013 not enacted) Protection of Personal Data (2013) Protection of Personal Data (2011) Data Protection Act (2012) Data Protection Bill 2013 Restrictions on Transfer of Data Constitutional right to privacy Mali Mauritius Morrocco Senegal Seychelles South Africa Tunisia Uganda Privacy of telegraphic, + communications & + communications telephonic or personal electronic information communications Data Protection Restrictions on Transfer of Data Protection of Personal Data 2013 Data Protection Act (2004) Protection of Individuals in Relation to the Processing of Personal Data Protection of Personal Data (2008) Data Protection Act (2003) Protection of Personal Information Act 2013 Personal Data Protection (2004) Data Protection and Privacy Bill
13 Data protection law the basics Data protection law sets out rules that seek to protect privacy by: Placing obligations and restrictions on organisations regarding how they can collect and use personal data Giving individuals rights to: object to direct marketing and automated decision making obtain a copy of data held about them have data corrected, erased or blocked Point to Consider: Data protection laws are intended to protect an individual s privacy, but do they achieve this in a world of converged services? 13
14 Data protection law common principles Process data fairly and lawfully Process data only for specified purposes Collect and use the minimum amount of data necessary Keep data accurate and up-to-date Keep data only as long as necessary Respect the rights of individuals Keep data secure (via technical and organisational means) Ensure adequate protection/follow rules if sending data overseas 14
15 Personal data? Recap: Data protections laws only apply to personal data (e.g., data that can be used to identify a living individual or that relates to an identifiable individual) Examples of personal data may include: Name and address address (even business addresses if they are non generic) MISDN/IMEI/IP Address/MAC Address? Data protection law also covers sensitive personal data that includes any data relating to: Health Race or ethnic origin Political opinions Religious beliefs Trade union membership Sex life Criminal proceedings or convictions 15
16 Data protection revision the EU New General Data Protection Regulation (not a directive): Creates a set of harmonised rules across all EU ember states Introduces fines of up to 5% of global turnover Strengthens obligations to provide information and choice Places stricter requirements on consent Requires Data Protection by Design and Default Requires impact assessments Encourages support for privacy certifications/seals Extends the definition of personal data (to include location data, device identifiers) Gives individuals the right to data portability Extends data breach notification to all sectors (not just telcos) 16
17 Telecommunications privacy it s not new Council of Europe, Recommendation 509 (1968) on human rights and modern scientific and technological developments: newly developed techniques such as phone-tapping, eavesdropping, surreptitious observation, the illegitimate use of official statistical and similar surveys to obtain private information, and subliminal advertising and propaganda are a threat to the rights and freedoms of individuals and, in particular, to the right to privacy which is protected by Article 8 of the European Convention on Human Rights 17
18 Telecommunications privacy Regulation generally applies to public electronic communications networks and services, and seeks to ensure: Confidentiality of communications Protection against unauthorised monitoring or surveillance Security of communications, networks and data Privacy of traffic, location and billing data Rights for callers to present or withhold calling line identity Restrictions on marketing and secondary use of data 18
19 Telecommunications privacy asymmetries In addition to general data protection and privacy laws, mobile and fixed operators are also subject to: Licence conditions Multimedia/communications laws E-Privacy laws Interception and disclosure laws Data retention laws Electronic transactions laws Statutory codes of conduct or guidelines These may: Restrict, or set conditions on, the use of customer information that could distort the market in data and/or hinder economic growth and public policy objectives Oblige operators to put in place interception and disclosure capabilities for law enforcement/national security reasons Require the erasure or anonymisation of traffic and location data (except for network management, billing, customer services, fraud prevention or delivering Value Added Services with consent) 19
20 Security 20
21 Security is not privacy Security and Privacy are terms that are often used interchangeably Intricately entwined, one often follows the other It is possible to have poor privacy and good security practices It is difficult to have good privacy without security Security confidentiality, integrity and availability Privacy appropriate use of information The true objective of security is the protection of privacy Security is a means to an end Cannot rely solely on technology to ensure privacy requires a good and accountable compliance programme! 21
22 Security and integrity of networks and services Providers of public communications networks, or publicly available electronic communications services, are required to: Take appropriate technical and organisational measures to appropriately manage risks posed to security having regards to the state of the art [of available measures] Take all appropriate steps to guarantee the integrity of. networks [to] ensure the continuity of [the] supply of services Act on and report personal data breach [meaning a breach of security] leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed in connection with the provision of a publicly available electronic communications service 22
23 Rethinking data protection and privacy in the connected world 23
24 Rethinking data protection and privacy in an increasingly mobile and connected world Mobile connectivity always on 24
25 Rethinking privacy converging policy and regulation? As more and more people use a mix of traditional communications services and instant messaging and VoIP services from internet companies, what is the best approach to: Creating legal certainty and a level playing field for business? Creating consistency in privacy experiences for users? Ensuring innovation in technology and data use that drives economic and social opportunities and meets public policy objectives? 25
26 Big Data Session Overview What is it? Opportunities Making it happen realising opportunities while protecting privacy 26
27 Big Data what is it? Big Data is an overarching theme for using multiple data sources to continuously generate new insights to make data-driven decisions. Volume Vast amounts of data Velocity High speed of processing Value Variety Different types of data Veracity Accuracy and reliability of data 27
28 Big Data what can it do? Data driven innovation urban planning and transport systems Personalisation of services (government and commercial) Identity management Humanitarian aid disaster response Disease management Early warnings of environmental threats Agriculture/farming Improving healthcare and patient self-management 28
29 Big Data social good? Potential areas of use Description Rationale for action Predicting the spread of infectious disease Optimising urban planning and management Open data innovation creating opportunities Predicting the spread of infectious disease by combining aggregated health data with mobility patterns Urban planning and management using mobility and demographic data Big Data crowdsourcing for social good Build new capabilities Many social uses combine same datasets as more commercially oriented Big Data deployments Corporate social responsibility Social value of data to both developed and developing economies is significant Regulatory agenda Could over-regulation on user privacy destroy both private value and public good what is the balance? 29
30 Case study using CDRs to help aid agency response in Africa 30
31 Key Big Data challenges Legal framework today key challenges Rules/limits on the collection, use and retention of personal data Relies on notice and informed choice (consent), as well as users actively engaging in the collection/use of their data Big Data reality today/tomorrow Big Data is based on ever increasing volumes and varieties of data Big Data is about the discovery, or inference, of previously unknown facts and patterns (it is impossible to predict and communicate future undiscovered uses) Risks emerge from use, not just the collection of data Transition from simple, well-defined binary exchanges of data to complex, multiplicity of real-time data sharing across borders Evidence shows users don t read, or understand, privacy policies (due to their complexity, length and use of legal language) Choice is often too complex to exercise Often data collection/sharing is passive to the user Machine-to-Machine sharing challenges notice and consent Cannot notify the unknown More detailed notification may burden user and undermine privacy Personal data defined and predetermined, and linked to whether a person is identifiable or not Inference of data permits singling out of individuals and/or their devices without the user being identified Privacy risks increasingly contextual and not tied to identifiability Metadata may hold more risks (e.g., geolocation embedded in images/tweets) Imposes strict rules on overseas transfers Data flows across borders, in real-time and simultaneously between multiple parties Restrictions on profiling (and proposed obligation to notify users about envisaged effects ) Many services are already personalised Big Data is predicated on analysis/profiling Big Data extracts knowledge of significant societal and economic value. Will this knowledge be subject to regulation? Emerging emphasis on anonymisation Does not consider the value of data to be extracted by other privacy protective methods Emerging intent to regulate for Do Not Track Uncertainty as to whether this applies to the collection of data or persistent profiling and targeting 31
32 Economics and user experience of privacy policy? Policy approaches to concerns about data protection and privacy do not sufficiently reflect the economic dimensions of regulation, nor its impact on user experience. Regulation may: Lead to costs for designing and maintaining excessive notice and consent requirements that will erode, rather than strengthen, privacy by burdening consumers with unwarranted choice Involve economic loss to online businesses where consumers disengage from an online transaction due to a need to make excessive privacy choices Preclude the use of data that has significant social and economic benefits and that are crucial to meeting pressing public policy needs (see OECD, WEF, EU, UN) 32
33 Economics and user experience of privacy policy? Organisations such as the OECD, and a number of OECD countries, are actively looking to increase their understanding of the economic and social benefits that can be derived from Big Data. Areas of interest include: Investigation of the attitudes of users towards, and the exchange value they place on, their privacy in the context of Big Data The costs of designing for regulatory notice and consent The economic costs of regulatory restrictions Investigation of the social and economic benefits that Big Data can have on helping to shape not only policy, but also user understanding and acceptance of Big Data frameworks Such research could support a more valued and trusted knowledge-based society, as well as better policy making. 33
34 Research on consumer attitudes and perceptions 34
35 Most mobile internet users are concerned about sharing their personal information 35
36 and want to choose whether to share their information with third party companies 36
37 Users want rules to apply consistently 37
38 What have we learned? Mobile users around the world have similar privacy attitudes. Research shows they: Don t read long T&Cs but want companies to respect their privacy Want simple ways to understand and express their privacy choices Value targeted ads and personalised services from companies they trust This presents an opportunity to find new ways to respect users privacy, create better privacy experiences for them, and build trust in the mobile ecosystem and commercial and government services 38
39 Future-proofing privacy 39
40 Legislative and regulatory policy Around the world, policymakers and regulators are seeking to address the challenges of an always on, connected digital society, as well as issues such as Big Data. There are a number of proposals being made to balance the evolving needs of stakeholders consumers/citizens, businesses, governments and regulators that focus on people not just data. Areas of particular interest include: How to address risks arising from the context of the collection and use of data Ways to demonstrate compliance and accountability (including for cross border transfers), such as selfregulation, codes of conduct, privacy certification schemes, privacy by design and default Anonymisation and pseudonymisation of data Encryption Sanctions 40
41 A risk based approach to privacy 41
42 International regulatory co-operation and enforcement Association of Francophone Data Protection Authorities (AFAPDP) (includes Burkina Faso, Cape Verde, Senegal, Tunisia) Latin American Data Protection Network (RIPD) Global Privacy Enforcement Network (GPEN) International Data Protection and Privacy Commissioners Conference International Working Group on Data Protection in Telecommunications (IWGDPT) 42
43 Bridging privacy 43
44 International regulatory focus and co-operation Data protection and privacy seen as enablers of economic growth and social good 44
45 Industry regulation: The GSMA s mobile privacy initiative A key objective: Identify mobile friendly methods for users to make informed decisions about their privacy and the use of their personal information. Privacy principles: Provide an overall framework to help develop more detailed privacy design guidelines, codes of conduct and business practices. Guidelines: Express the privacy principles in functional terms and establish best practice for applications and services that seek to create, access and share a user s personal information. Accountability framework: To help organisations demonstrate that their business practices comply with the guidelines. 45
46 GSMA: Mobile privacy principles 1 Openness, transparency and notice 2 Purpose and use 3 User choice and control 4 Data minimisation and retention 5 Respect user rights 6 Security 7 Education 8 Children and adolescents 9 Accountability and enforcement 46
47 GSMA privacy by design app guidelines applying the principles in practice Help developers design privacy into apps Uses illustrative examples and use cases Includes modules on: Location Mobile advertising Children Social networking In order to maintain the strong growth in both the sales and popularity of mobile apps, customers need to be confident that their privacy is protected when they use them. and these guidelines set an important standard in defining what consumers should expect from their apps. Stephen Deadman, Group Privacy Officer, Vodafone 47
48 Accountability Accountability is found in both the OECD guidelines and APEC privacy framework, and is also proposed in the draft EU General Data Protection Regulation. In the context of the GSMA initiative, accountability is the acceptance and demonstration of compliance with commitments say what you do, and do what you say. 48
49 Mobile app privacy regulatory action Canada Mobile App Privacy Guidelines EUROPE Art 29 WP Opinion on App Privacy Germany App privacy guidelines UK ICO Mobile App Privacy Best Practice JAPAN Smartphone Privacy Initiative USA Cal AG Recommendations FTC Mobile Disclosures Report NTIA Mobile Transparency Code CHINA Mobile Smart Terminal Regulation AUSTRAILIA Mobile App Privacy Guidelines Mauritius Mobile App Privacy Best Practice Hong Kong Mobile App Privacy Best Practice Source: QUALCOMM
50 Conclusions 50
51 Conclusions Data protection and privacy are complex issues There is no one-size-fits-all approach that can be applied to these areas Group discussion 51
52 Conclusion: a trust framework that is interoperable Legal and regulatory structures that create the right incentives for business and users Technology standards and solutions that assist users, aid interoperability, choice and control Consistency of experience through co-regulation, industry standards and common vocabularies Training and awareness developers, users 52
53 Thank you Pat Walshe
ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY
ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY Originated by: Data Protection Working Group: November 2008 Impact Assessment: (to be confirmed) Recommended by Senate: 28 January 2009 Approved by Council:
More informationE-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY
E-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY Oana Dolea 7 th Annual Leg@l.IT Conference March 26th, 2013 Montreal, Canada INTRODUCTION Mobile e-commerce vs. E-commerce Mobile e-commerce:
More informationLegal Aspects of the MonIKA-Project - Privacy meets Cybersecurity
Legal Aspects of the MonIKA-Project - Privacy meets Cybersecurity Sebastian Meissner Security Incident Information Sharing Workshop Berlin, 26.07.2013 Introduction Opening question Privacy & cybersecurity:
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY Approval date: June 2014 Approved by: Board Responsible Manager: Executive Director of Resources Next Review June 2016 Data Protection Policy 1. Introduction Data Protection Policy
More informationHIPSSA Project. Support for Harmonization of the ICT Policies in Sub-Sahara Africa, Second Mission -Namibia
HIPSSA Project Support for Harmonization of the ICT Policies in Sub-Sahara Africa, Second Mission -Namibia PRESENTATION OF THE DRAFT DATA PROTECTION POLICY FOR NAMIBIA Pria Chetty, ITU International Legal
More informationMerthyr Tydfil County Borough Council. Data Protection Policy
Merthyr Tydfil County Borough Council Data Protection Policy 2014 Cyfarthfa High School is a Rights Respecting School, we recognise the importance of ensuring that the United Nations Convention of the
More informationObservations on international efforts to develop frameworks to enhance privacy while realising big data s benefits
Big Data, Key Challenges: Privacy Protection & Cooperation Observations on international efforts to develop frameworks to enhance privacy while realising big data s benefits Seminar arranged by the Office
More informationEuropean Commission initiatives on e- and mhealth
European Commission initiatives on e- and mhealth Fundamental Rights Forum, 22 June 2016 WG 24: E-health: improving rights fulfilment through innovation Claudia Prettner, Unit for Health and Well-Being,
More informationGuidelines on Data Protection. Draft. Version 3.1. Published by
Guidelines on Data Protection Draft Version 3.1 Published by National Information Technology Development Agency (NITDA) September 2013 Table of Contents Section One... 2 1.1 Preamble... 2 1.2 Authority...
More informationValue of the EU Data Protection Reform against the Big Data challenges. Keynote address 5th European Data Protection Days Berlin, 4.5.
Value of the EU Data Protection Reform against the Big Data challenges Keynote address 5th European Data Protection Days Berlin, 4.5.2015 Giovanni Buttarelli European Data Protection Supervisor (Check
More informationData protection compliance checklist
Data protection compliance checklist What is this checklist for? This checklist is drawn up on the basis of analysis of the relevant provisions of European law. Although European law aims at harmonizing
More informationData Compliance. And. Your Obligations
Information Booklet Data Compliance And Your Obligations What is Data Protection? It is the safeguarding of the privacy rights of individuals in relation to the processing of personal data. The Data Protection
More informationInternational Privacy and Data Security Requirements. Benedict Stanberry, LLB LLM MRIN Director, Centre for Law Ethics and Risk in Telemedicine
International Privacy and Data Security Requirements Benedict Stanberry, LLB LLM MRIN Director, Centre for Law Ethics and Risk in Telemedicine Aims of this Presentation. To provide a brief overview of
More informationPRIVACY POLICY Personal information and sensitive information Information we request from you
PRIVACY POLICY Business Chicks Pty Ltd A.C.N. 121 566 934 (we, us, our, or Business Chicks) recognises and values the protection of your privacy. We also understand that you want clarity about how we manage
More informationHow To Understand The Data Protection Act
DATA PROTECTION ACT 2002 The Basics Purpose of the Act Balance the rights of an individual with an organisation s legitimate need to process personal data Promote openness and transparency Establish and
More informationOffice of the Data Protection Commissioner of The Bahamas. Data Protection (Privacy of Personal Information) Act, 2003. A Guide for Data Controllers
Office of the Data Protection Commissioner of The Bahamas Data Protection (Privacy of Personal Information) Act, 2003 A Guide for Data Controllers 1 Acknowledgement Some of the information contained in
More informationMulti-Jurisdictional Study: Cloud Computing Legal Requirements. Julien Debussche Associate January 2015
Multi-Jurisdictional Study: Cloud Computing Legal Requirements Julien Debussche Associate January 2015 Content 1. General Legal Framework 2. Data Protection Legal Framework 3. Security Requirements 4.
More informationProtection. Code of Practice. of Personal Data RPC001147_EN_WB_L_1
Protection of Personal Data RPC001147_EN_WB_L_1 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Responsibility of Employees
More informationArticle 29 Working Party Issues Opinion on Cloud Computing
Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,
More informationInformation Governance Policy
Information Governance Policy 1 Introduction Healthwatch Rutland (HWR) needs to collect and use certain types of information about the Data Subjects who come into contact with it in order to carry on its
More informationPRESIDENT S DECISION No. 40. of 27 August 2013. Regarding Data Protection at the European University Institute. (EUI Data Protection Policy)
PRESIDENT S DECISION No. 40 of 27 August 2013 Regarding Data Protection at the European University Institute (EUI Data Protection Policy) THE PRESIDENT OF THE EUROPEAN UNIVERSITY INSTITUTE, Having regard
More informationBCS, The Chartered Institute for IT Consultation Response to:
BCS, The Chartered Institute for IT Consultation Response to: A Comprehensive Approach to Personal Data Protection in the European Union Dated: 15 January 2011 BCS The Chartered Institute for IT First
More informationAMENDMENTS TO THE DRAFT DATA PROTECTION REGULATION PROPOSED BY BITS OF FREEDOM
AMENDMENTS TO THE DRAFT DATA PROTECTION REGULATION PROPOSED BY BITS OF FREEDOM On 25 January 2012, the European Commission published a proposal to reform the European data protection legal regime. One
More informationResponse of the Northern Ireland Human Rights Commission on the Health and Social Care (Control of Data Processing) NIA Bill 52/11-16
Response of the Northern Ireland Human Rights Commission on the Health and Social Care (Control of Data Processing) NIA Bill 52/11-16 Summary The Northern Ireland Human Rights Commission (the Commission):
More informationDublin City University
Dublin City University Data Protection Policy Data Protection Policy Contents Purpose... 1 Scope... 1 Data Protection Principles... 1 Disclosure of Personal Data... 2 Summary of Responsibilities... 3 Rights
More informationDATA PROTECTION POLICY
Title Author Approved By and Date Review Date Mike Pilling Latest Update- Corporation May 2008 1 Aug 2013 DATA PROTECTION ACT 1998 POLICY FOR ALL STAFF AND STUDENTS 1.0 Introduction 1.1 The Data Protection
More informationResponse of the German Medical Association
Response of the German Medical Association To the Green Paper on mobile Health ( mhealth ) of the European Commission Berlin, 3 July 2014 Bundesärztekammer Herbert-Lewin-Platz 1 10623 Berlin We are grateful
More informationData Protection Act a more detailed guide
Data Protection Act a more detailed guide What does the Act do? The Data Protection Act 1998 places considerable duties on organisations which process personal data; increases the rights of access by data
More informationSTATUTORY INSTRUMENTS. S.I. No. 336 of 2011
STATUTORY INSTRUMENTS. S.I. No. 336 of 2011 EUROPEAN COMMUNITIES (ELECTRONIC COMMUNICATIONS NETWORKS AND SERVICES) (PRIVACY AND ELECTRONIC COMMUNICATIONS) REGULATIONS 2011 (Prn. A11/1165) 2 [336] S.I.
More informationDigital Agenda for Europe Cartagena de Indias, September 1, 2015
Digital Agenda for Europe Cartagena de Indias, September 1, 2015 Javier Huerta Bravo From the Digital Agenda (2010)... Commission ICT strategy for 2010-2020 Problems identified: Lack of investment in networks
More informationQUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN 18 085 048 237. better health cover shouldn t hurt
QUEENSLAND COUNTRY HEALTH FUND privacy policy Queensland Country Health Fund Ltd ABN 18 085 048 237 better health cover shouldn t hurt 1 2 contents 1. Introduction 4 2. National Privacy Principles 5 3.
More informationHow To Protect Your Personal Information At A College
Data Protection Policy Policy Details Produced by Assistant Principal Information Systems Date produced Approved by Senior Leadership Team (SLT) Date approved July 2011 Linked Policies and Freedom of Information
More informationGuidelines on Executive Order on Information and Consent Required in Case of Storing and Accessing Information in End-User Terminal Equipment
Guidelines on Executive Order on Information and Consent Required in Case of Storing and Accessing Information in End-User Terminal Equipment ("Cookie Order") 2nd version, April 2013 Preface...3 1. Introduction...5
More informationBig Data for Law Firms DAMIAN BLACKBURN
Big Data for Law Firms DAMIAN BLACKBURN PUBLISHED BY IN ASSOCIATION WITH Big data means big business By Simon Briskman, partner, technology & outsourcing group, Field Fisher Waterhouse LLP BIG DATA is
More informationComments and proposals on the Chapter II of the General Data Protection Regulation
Comments and proposals on the Chapter II of the General Data Protection Regulation Ahead of the trialogue negotiations in September, EDRi, Access, Panoptykon Bits of Freedom, FIPR and Privacy International
More informationThe Manitowoc Company, Inc.
The Manitowoc Company, Inc. DATA PROTECTION POLICY 11FitzPatrick & Associates 4/5/04 1 Proprietary Material Version 4.0 CONTENTS PART 1 - Policy Statement PART 2 - Processing Personal Data PART 3 - Organisational
More informationFIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS
FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS As a world leader in electronic commerce and payment services, First Data Corporation and its subsidiaries ( First Data entity or entities ),
More informationHealth Data Governance: Privacy, Monitoring and Research - Policy Brief
Health Data Governance: Privacy, Monitoring and Research - Policy Brief October 2015 www.oecd.org/health Highlights All countries can improve their health information systems and make better use of data
More informationThe Data Protection Landscape. Before and after GDPR: General Data Protection Regulation
The Data Protection Landscape Before and after GDPR: General Data Protection Regulation Data Protection regulations across Europe Current regulations & guidance European Directives 95/46/EC (Data Protection)
More informationCorporate Policy. Data Protection for Data of Customers & Partners.
Corporate Policy. Data Protection for Data of Customers & Partners. 02 Preamble Ladies and gentlemen, Dear employees, The electronic processing of virtually all sales procedures, globalization and growing
More informationData Protection HEADLINE PART Developments: Implications HEADLINE for the PART Insurance 2 Sector Strategies for Compliance
Data Protection HEADLINE PART Developments: 1 Implications HEADLINE for the PART Insurance 2 Sector Strategies for Compliance Sub-headline Arial 18pt dark gray Optional Name Arial 13pt italic white Venue
More informationData Protection Avoiding Information Commissioner Fines. Caroline Egan 5 June 2014
Data Protection Avoiding Information Commissioner Fines Caroline Egan 5 June 2014 Why is data protection a hot topic in pensions? Pension schemes hold large amounts of personal data Individuals more aware
More informationMobile, privacy and regulation in Latin America: What is the role of self-regulation?
Seminar 2 Mobile, privacy and regulation in Latin America: What is the role of self-regulation? 24th April 2013 - Hotel Marriott Bogotá - Bogotá, Colombia 0 Natasha Jackson, Head of Content GSMA Introduction
More informationCORPORATE TRAVEL MANAGEMENT PRIVACY POLICY
CORPORATE TRAVEL MANAGEMENT PRIVACY POLICY 1. About this Policy Corporate Travel Management Group Pty Ltd (ABN 52 005 000 895) (CTM) ('we', 'us', 'our') understands the importance of, and is committed
More informationData Protection Policy
1. Introduction 1.1 The College needs to keep certain information about its employees, students and other stakeholders, for example to allow it to monitor performance, achievements and health and safety.
More informationHacks, apps and espionage - how protected are you against cyber crime? Top 10 Legal Need-to-Knows
Hacks, apps and espionage - how protected are you against cyber crime? Top 10 Legal Need-to-Knows 24 February 2015 Callum Sinclair Faith Jayne Agenda Top 10 legal need-to-knows, including: What is cyber
More informationDealing with data breaches in Europe and beyond
Dealing with data breaches in Europe and beyond Karin Retzer and Joanna Łopatowska Morrison & Foerster LLP www.practicallaw.com/6-505-9638 The use of increasingly advanced technology means that the ways
More informationProtection. Code of Practice. of Personal Data RPC001147_EN_D_19
Protection of Personal Data RPC001147_EN_D_19 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Rules Responsibility
More informationThe potential legal consequences of a personal data breach
The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.
More informationSecurity breaches: A regulatory overview. Jonathan Bamford Head of Strategic Liaison
Security breaches: A regulatory overview Jonathan Bamford Head of Strategic Liaison Security breaches and the DPA Data controllers security obligation - principle 7 of the DPA o Appropriate technical and
More informationWork programme 2016 2018
ARTICLE 29 Data Protection Working Party 417/16/EN WP235 Work programme 2016 2018 Adopted on 2 February 2016 This Working Party was set up under Article 29 of Directive 95/46/EC. It is an independent European
More informationData Protection Policy
Data Protection Policy Responsible Officer Author Date effective from July 2009 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date last amended December 2012 Review
More informationPrivacy in the Cloud: Data Protection and Security in Cloud Computing
SPEECH/11/859 Viviane REDING Vice-President of the European Commission, EU Justice Commissioner Privacy in the Cloud: Data Protection and Security in Cloud Computing Round-table High Level conference on
More information005ASubmission to the Serious Data Breach Notification Consultation
005ASubmission to the Serious Data Breach Notification Consultation (Consultation closes 4 March 2016 please send electronic submissions to privacy.consultation@ag.gov.au) Your details Name/organisation
More informationAssistant Director of Facilities
Policy Title ID Number Scope Status Reviewed By IT Security Policy P04001 All Users Policy Assistant Director of Facilities Reviewed Date January 2011 Last Reviewed Due for Review January 2013 Impact Assessment
More informationPrivacy vs Data Protection. PRESENTATION TITLE GOES HERE Eric A. Hibbard, CISSP, CISA Hitachi Data Systems
Privacy vs Data Protection PRESENTATION TITLE GOES HERE Eric A. Hibbard, CISSP, CISA Hitachi Data Systems Introduction The terms privacy and data protection are often used interchangeable In reality they
More informationI. Personal data and its use in the business to business environment.
RESPONSE FROM THE DIRECT MARKETING ASSOCIATION (UK) LTD. TO THE EUROPEAN COMMISSION'S CONSULTATION ON THE IMPLEMENTATION OF DIRECTIVE 95/46 EC ON THE PROTECTION OF INDIVIDUALS WITH REGARD TO THE PROCESSING
More informationBig Data for Mutuals. Marc Dautlich 25 November 2013
Big Data for Mutuals Marc Dautlich 25 November 2013 Agenda BIG DATA What is it? OPPORTUNITIES What are they? LEGAL CHALLENGES How do we overcome them? LEGAL REFORM What can we do now to minimise impact?
More informationEmerging Data Protection regulations in Africa. Christophe Fichet
Emerging Data Protection regulations in Africa Christophe Fichet 19 May 2015 Topics Development of data protection laws in Africa Key expectations over the next year Data Protection landscape African organizations
More informationInsurance Europe key messages on the European Commission's proposed General Data Protection Regulation
Position Paper Insurance Europe key messages on the European Commission's proposed General Data Protection Regulation Our reference: SMC-DAT-12-064 Date: 3 September 2012 Related documents: Proposal for
More informationDATE: 1 APRIL 2014. Introduction
INTERNET SOCIETY SUBMISSION TO THE OFFICE OF THE HIGH COMMISSIONER FOR HUMAN RIGHTS IN RESPONSE TO THE CONSULTATION ON THE RIGHT TO PRIVACY IN THE CONTEXT OF THE UN GENERAL ASSEMBLY RESOLUTION 68/167 DATE:
More informationApplication of Data Protection Concepts to Cloud Computing
Application of Data Protection Concepts to Cloud Computing By Denitza Toptchiyska Abstract: The fast technological development and growing use of cloud computing services require implementation of effective
More informationINFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER
INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER 3 APPLIES TO: ALL STAFF 4 COMMITTEE & DATE APPROVED: AUDIT COMMITTEE
More informationPolicy and Procedure Title: Maintaining Secure Learner Records Policy No: CCTP1001 Version: 1.0
PROVIDER NAME: POLICY AREA: College of Computing Technology (CCT) Standard 10: Information Management, Student Information System & Data Protection Policy and Procedure Title: Maintaining Secure Learner
More informationBinding Corporate Rules ( BCR ) Summary of Third Party Rights
Binding Corporate Rules ( BCR ) Summary of Third Party Rights This document contains in its Sections 3 9 all provision of the Binding Corporate Rules (BCR) for Siemens Group Companies and Other Adopting
More informationPrivacy and Electronic Communications Regulations
ICO lo Notification of PECR security breaches Privacy and Electronic Communications Regulations Contents Introduction... 2 Overview... 2 Relevant security breaches... 3 What is a service provider?... 3
More informationData Protection Policy June 2014
Data Protection Policy June 2014 Approving authority: Consultation via: Court Audit and Risk Committee, University Executive, Secretary's Board, Information Governance and Security Group Approval date:
More information1. Introduction. 2. Sectoral Areas Affected. 3. Data Security. 4. Data Breach Requirements. 5. Traffic Data
1. Introduction Special data protection rules apply to the protection of Personal Data by Data Controllers in the electronic communications sector. These are in addition to the general obligations that
More informationCCBE RECOMMENDATIONS FOR THE IMPLEMENTATION OF THE DATA RETENTION DIRECTIVE
Représentant les avocats d Europe Representing Europe s lawyers CCBE RECOMMENDATIONS FOR THE IMPLEMENTATION OF THE DATA RETENTION DIRECTIVE CCBE RECOMMENDATIONS FOR THE IMPLEMENTATION OF THE DATA RETENTION
More informationOBJECTS AND REASONS. (a) the regulation of the collection, keeping, processing, use or dissemination of personal data;
OBJECTS AND REASONS This Bill would provide for (a) the regulation of the collection, keeping, processing, use or dissemination of personal data; (b) the protection of the privacy of individuals in relation
More informationETNO Reflection Document in reply to the EC consultation on Future networks and the Internet early challenges regarding the Internet of things
ETNO Reflection Document in reply to the EC consultation on Future networks and the Internet early challenges regarding the Internet of things November 2008 Executive Summary The Internet of the future
More informationThe Information Commissioner s Office response to HM Treasury s Call for Evidence on Data Sharing and Open Data in Banking
The Information Commissioner s Office response to HM Treasury s Call for Evidence on Data Sharing and Open Data in Banking The Information Commissioner has responsibility for promoting and enforcing the
More informationAccountability: Data Governance for the Evolving Digital Marketplace 1
Accountability: Data Governance for the Evolving Digital Marketplace 1 1 For the past three years, the Centre for Information Policy Leadership at Hunton & Williams LLP has served as secretariat for the
More informationComments and proposals on the Chapter IV of the General Data Protection Regulation
Comments and proposals on the Chapter IV of the General Data Protection Regulation Ahead of the trialogue negotiations later this month, EDRi, Access, Panoptykon Bits of Freedom, FIPR and Privacy International
More informationI. Need for Federal Privacy Legislation
Intel Corporation is pleased to file comments on the Department of Commerce National Telecommunications and Information Administration s Notice of Inquiry, Information Privacy and Innovation in the Internet
More informationData Security and Extranet
Data Security and Extranet Derek Crabtree Schools ICT Support Manager derek.crabtree@merton.gov.uk Target Operating Model 2011 Merton Audit Organisation name: London Borough of Merton Periodic plan date:
More informationAlixPartners, LLP. General Data Protection Statement
AlixPartners, LLP General Data Protection Statement GENERAL DATA PROTECTION STATEMENT 1. INTRODUCTION 1.1 AlixPartners, LLP ( AlixPartners ) is committed to fulfilling its obligations under the data protection
More informationCloud Computing and Privacy Laws! 17.7. 22.7. 2011 Prof. Dr. Thomas Fetzer, LL.M. Technische Universität Dresden Law School
DEUTSCH-FRANZÖSISCHE SOMMERUNIVERSITÄT! FÜR NACHWUCHSWISSENSCHAFTLER 2011! CLOUD COMPUTING : HERAUSFORDERUNGEN UND MÖGLICHKEITEN UNIVERSITÉ DʼÉTÉ FRANCO-ALLEMANDE POUR JEUNES CHERCHEURS 2011! CLOUD COMPUTING
More informationData Protection for the Guidance Counsellor. Issues To Plan For
Data Protection for the Guidance Counsellor Issues To Plan For Author: Hugh Jones Data Protection Specialist Longstone Management Ltd. Published by the National Centre for Guidance in Education (NCGE)
More informationData Protection & Cyber Security Law Update 1 st October 2015
Data Protection & Cyber Security Law Update 1 st October 2015 Robert Bond, Partner Janine Regan, Associate Viktoria Protokova, Data Protection Executive charlesrussellspeechlys.com Brief introduction to
More informationCOMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS
EUROPEAN COMMISSION Brussels, XXX [ ](2011) XXX draft COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS
More informationHealthcare Coalition on Data Protection
Healthcare Coalition on Data Protection Recommendations and joint statement supporting citizens interests in the benefits of data driven healthcare in a secure environment Representing leading actors in
More informationThe RFID agenda of the European Commission. Florent Frederix European Commission Directorate General Information Society and Media
The RFID agenda of the European Commission RFID i Danmark 2011 May 3, 2011, IT-University in Copenhagen Florent Frederix European Commission Directorate General Information Society and Media This document
More informationData, Privacy, Cookies and the FTC in 2013. Kevin Stark - ExactTarget Maltie Maraj - ExactTarget Nicholas Merker - Ice Miller
Data, Privacy, Cookies and the FTC in 2013 Kevin Stark - ExactTarget Maltie Maraj - ExactTarget Nicholas Merker - Ice Miller BIOS Kevin Stark: Product Manager at ExactTarget. Focused on data security,
More informationMitigating and managing cyber risk: ten issues to consider
Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed
More informationtechnical factsheet 176
technical factsheet 176 Data Protection CONTENTS 1. Introduction 1 2. Register with the Information Commissioner s Office 1 3. Period protection rights and duties remain effective 2 4. The data protection
More informationData for the Public Good. The Government Statistical Service Data Strategy
Data for the Public Good The Government Statistical Service Data Strategy November 2013 1 Foreword by the National Statistician When I launched Building the Community - The Strategy for the Government
More informationScottish Rowing Data Protection Policy
Revision Approved by the Board August 2010 1. Introduction As individuals, we want to know that personal information about ourselves is handled properly, and we and others have specific rights in this
More informationData Protection Act. Privacy & Security in the Information Age. April 26, 2013. Ministry of Communications, Ghana
Data Protection Act Privacy & Security in the Information Age April 26, 2013 Agenda Privacy in The Information Age The right to privacy Why We Need Legislation Purpose of the Act The Data Protection Act
More informationWritten Contribution of the National Association of Statutory Health Insurance Funds of 16.11.2015
Written Contribution of the National Association of Statutory Health Insurance Funds of 16.11.2015 to the Public Consultation of the European Commission on Standards in the Digital : setting priorities
More informationData Protection in Ireland
Data Protection in Ireland 0 Contents Data Protection in Ireland Introduction Page 2 Appointment of a Data Processor Page 2 Security Measures (onus on a data controller) Page 3 8 Principles Page 3 Fair
More informationUniversity of Limerick Data Protection Compliance Regulations June 2015
University of Limerick Data Protection Compliance Regulations June 2015 1. Purpose of Data Protection Compliance Regulations 1.1 The purpose of these Compliance Regulations is to assist University of Limerick
More informationPrivacy and Data Protection
Hewlett-Packard Company 3000 Hanover Street Palo Alto, CA 94304 hp.com HP Policy Position Privacy and Data Protection Current Global State of Privacy and Data Protection The rapid expansion and pervasiveness
More informationEXPLANATORY MEMORANDUM TO THE DATA RETENTION (EC DIRECTIVE) REGULATIONS 2007. 2007 No. 2199
EXPLANATORY MEMORANDUM TO THE DATA RETENTION (EC DIRECTIVE) REGULATIONS 2007 2007 No. 2199 1. This explanatory memorandum has been prepared by the Home Office and is laid before Parliament by Command of
More informationProposal of regulation Com 2012 11/4 Directive 95/46/EC Conclusion
Page 1 sur 155 Proposal of regulation Com 2012 11/4 Directive 95/46/EC Conclusion Legal nature of the instrument Règlement Directive Directly applicable act in internal law 91 articles 34 articles Art.
More informationHonourable members of the National Parliaments of the EU member states and candidate countries,
Speech by Mr Rudolf Peter ROY, Head of division for Security Policy and Sanctions of the European External Action Service, at the L COSAC Meeting 29 October 2013, Vilnius Honourable members of the National
More informationHaving regard to the Treaty on the Functioning of the European Union, and in particular Article 16 thereof,
Opinion of the European Data Protection Supervisor on the Joint Communication of the Commission and of the High Representative of the European Union for Foreign Affairs and Security Policy on a 'Cyber
More informationInformation & ICT Security Policy Framework
Information & ICT Security Framework Version: 1.1 Date: September 2012 Unclassified Version Control Date Version Comments November 2011 1.0 First draft for comments to IT & Regulation Group and IMG January
More informationInformation Management Strategy. July 2012
Information Management Strategy July 2012 Contents Executive summary 6 Introduction 9 Corporate context 10 Objective one: An appropriate IM structure 11 Objective two: An effective policy framework 13
More information