Smart Grid and Privacy An International View
|
|
- Camron Garrett
- 8 years ago
- Views:
Transcription
1 Smart Grid and Privacy An International View 27 November 2013 By: Nader Farah President ESTA International
2 One US Consumer s Reaction in Texas! 2 Source: SmartGridNews.com July 20, 2012
3 ESTA International (Energy Strategy and Technology Associates) Consultants Focused on the Smarter Grid 3 Smart Grid Regulatory Framework/ Roadmap Smart Grid Transmission Feasibility Study Smart Grid Distribution Feasibility Study Int l Smart Grid Survey/ Study ISGAN Support Smart Meter Lab Design Sensor Technology Study PMU Standards Harmonization Int l Coordination Support Smart Grid PLC Testbed For HAN and EV/EVSE SG Technology Roadmap Guide Draft Roadmap for Saudi Arabia Areas of Expertise Smart Grid Technologies (Smart Meters, AMI, PMU, Renewable Energy, Communication Technologies, Electric Vehicles impacts, Energy Storage, Testing Facilities) Smart Grid Regulation and Policy Real-Time Automation (SCADA, EMS, Distribution Management Systems, Outage Management Systems, Substation Automation, IEC Object Modeling) Cybersecurity, IT and Telecomm for Electric Utilities Power Systems Planning, Analysis, and Studies Asset and Maintenance Management, Failure Analysis Revenue Assurance Operational Support Distributed Energy Resource Integration of Renewable Energy Wholesale electricity market operations Demand Response Programs & Energy Efficiency
4 Many Countries Have Consumer Protection Laws Example - Mexico 4 o Article 1.- This Law is of public interest and of general enforcement throughout the entire Republic (Mexico) and has as its purpose the protection of personal information possessed by private parties, with the goal of regulating its legitimate use, monitored and informed, in order to guarantee privacy and the people s right to informed self-determination. Source: Ley Federal de Protección de Datos Personales en Posesión de los Particulares (LFPDPPP). o Article 6, sections II and III, of the Political Constitution of the United Mexican States (CPEUM) establishes the principles and foundations for exercising human rights to information and privacy in the following manner: II. III. Information regarding private life and personal information will be protected under the terms and with exceptions determined by law. Every person, without need for proving any interest or justifying its use, will have free access to public information, to his/her personal information, or to correction of such. Source: Constitución Política de los Estados Unidos Mexicanos (CPEUM) While Smart Grid privacy concerns may not be expressly addressed in existing laws and regulations, they may still be applicable!
5 Customer Energy Data 5 o Foundational to: o Customer Engagement o Energy Efficiency o Demand Response o Enhanced Outage Management o Improved Grid Operation o Realization of benefits from Smart Grid investments
6 Four Dimensions of Privacy 6 1. Personal information any information relating to an individual, who can be identified, directly or indirectly, by that information and in particular by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural, locational or social identity 2. Personal privacy the right to control the integrity of one s own body 3. Behavioral privacy the right of individuals to make their own choices about what they do and to keep certain personal behaviors from being shared with others 4. Personal communications privacy the right to communicate without undue surveillance, monitoring, or censorship Source: NIST, Guidelines for SG Cyber Security Vol 2, Privacy and the SG, Aug 2010
7 Generally Suggested Issues for Smart Grid Entities 7 o Conduct pre-installation processes and activities for using Smart Grid technologies with utmost transparency. o Conduct an initial privacy impact assessment before making the decision to deploy and/or participate in the Smart Grid. o Provide regular privacy training and ongoing awareness communications and activities to all workers who have access to personal information within the Smart Grid o Develop privacy Use Cases that track data flows containing personal information to address and mitigate common privacy risks that exist for business processes within the Smart Grid o Educate consumers and other individuals about the privacy risks within the Smart Grid and what they can do to mitigate them o Share information with other Smart Grid market participants concerning solutions to common privacy-related risks o Manufacturers and vendors of smart meters, smart appliances, and other types of smart devices, should engineer these devices to collect only the data necessary for the purposes of the smart device operations Source: NIST, Guidelines for SG Cyber Security Vol 2, Privacy and the SG, Aug 2010
8 Smart Grid Privacy 8 o European Union o United States DOE o Unites States, California o Canada, Ontario o United Kingdom
9 European Union 9
10 European Union EU Commission SG Task Force Recommendations 10 o Adequate measures must be deployed to physically protect the contents and nature of data related to the consumer in order to protect that consumer o The EU should perform a form of privacy impact assessment related to SG development to determine upfront if a development causes a privacy impact to the public o Minimizing the amount of data to the only necessary ones o Determine deadlines and timeframes for storage of the data and different types of data usage o Develop procedures for removing / deleting the data o Anonymous data approach o Transparency in all processes and work o Usage of privacy certifications systems by regulatory bodies over any actor that will have access to the data - EU Commission SG Task Force Recommendations -, Essential Regulatory Requirements and Recommendations for Data Handling, Data Safety, and Consumer Protection, pg. 4.
11 United States DOE Task Force Recommendations 11 - DOE, Data Access and Privacy Issues Related to Smart Grid Technologies, Oct, 2010
12 USA - California 12 o California became the first US State to adopt privacy rules for customer data. Senate Bill-1467 o At core are concepts from Fair Information Practice (FIP) principals adopted by the Department of Homeland Security (DHS) o Rules apply to electrical corporations, electrical corporations third-party contractors, and any other third-parties that access customer data directly from the electrical corporation o Rules require: o Electrical corporations provide customers with a privacy notice o That upon a security breach affecting more than 1,000 customers, the electrical corporation notify customers within two weeks of such a breach o Electrical corporations file with the CPUC annually a report on o o o All security breaches of customer information The number of third-parties accessing customer data The number of times the utility or third-party was not in compliance with the rules
13 USA -California 13 o Disclosure - Utilities that collect meter data may not share customers energy information with any third party without the customer s consent o only exception is if data is part of an energy efficiency or demand response program in which the customer participates. In that case, the third party must sign a contract agreeing to implement data protection measures o Data security/protection - Utilities and energy service providers must o provide security to protect the personal information from unauthorized access, destruction, use, modification, or disclosure. o prohibit the use of the data for a secondary commercial purpose not related to the primary purpose of the contract without the customer s consent. o Liability - Utilities that release data to a third party with customer consent shall not be responsible for the security of that data, or its use or misuse unless the utility has a business relationship with the third party. o Removes a major liability concern for utilities o Continued use - Utilities are explicitly granted permission to continue using customer energy data for analysis, reporting, and program management
14 Canada, Ontario 14 o Privacy issues in Ontario are reviewed by the Office of the Information and Privacy Commissioner of Ontario (IPC) o IPC has advocated that local utilities adhere to Privacy by Design principles (PbD) to ensure that privacy is part of the core functionality of the Smart grid o Goal of PbD is the protection of privacy through the use of privacy enhancing technologies o embedding them into the design specifications of information technology, business practices, physical environments and infrastructure o making privacy the default o Ultimate goal in Ontario is to have PbD incorporated into the design and infrastructure of Smart Grid systems as a means of protecting Personal Identifiable Information (PII) Cavoukian, Polonetsky, & Wolf, Smart Privacy for the Smart Grid: embedding privacy into the design of electricity conservation, 2010, p. 276
15 Canada, Ontario Privacy Policy Framework 15
16 United Kingdom 16 o The UK Smart Grid Program has taken a rigorous and systematic approach to assessing and managing the issue of data privacy o It is intended to build on safeguards already in place, notably the Data Protection Act 1998, to develop a privacy policy for smart metering data o The UK plans to utilize the Privacy by Design (PbD) approach toward developing these policies Overall principle: Consumers should be able to choose how their consumption data is used and by whom, except where data is required to fulfill regulated duties
17 United Kingdom 17 The UK approach to privacy is being delivered through: othe development of a Privacy Impact Assessment othe development of a privacy policy framework which will protect the interests of consumers and provide them with assurance oa Privacy Charter to be developed by suppliers to provide transparency about the new arrangements oimplementing the framework, for example through changes to licenses
18 United Kingdom Smart Grid Privacy Policy Proposals 18 o From a privacy perspective consumers have a right to expect that any personal data they might have processed about them is kept secure and cannot be accessed inappropriately o There should be a functional requirement for thirteen months of consumption data to be stored within the meter o For the majority of smart metering data, it is only when the consumption data is accessed and can be combined with other information relating to an individual that it becomes personal data o Explore opportunities for ways of accessing this data without combining it in such a way that it becomes personal data ( anonymising ) o Introduction of a privacy charter to address privacy concerns associated with the rollout of smart metering and in line with best practice as identified by the Information Commissioner s Office (ICO)
19 US DOE - Voluntary Code of Conduct Rights of the Consumers Elements that relate to the rights that the consumers have according with laws and regulations. 2. Obligations of the third parties and vendors Elements that relate to the rights that the consumers have according with laws and regulations. 3. Management And Accountability Elements that relate to the credibility of the utility and/or third party s privacy function. 4. Notice And Purpose Elements that relate to communicating applicable policies, and related choices, to consumers. 5. Choice And Consent Elements that relate to the consumer s granting of authorization for the release/sharing of his or her data. 6. Collection And Scope Elements that relate to the scope of consumer data that is collected, and potentially shared.
20 US DOE - Voluntary Code of Conduct Use And Retention Elements that relate to how long consumer data should be kept, and when it should be destroyed. 8. Individual Access Elements that relate to the consumer accessing his or her own data. 9. Disclosure And Limiting Use Elements that relate to how consumer data is shared with third parties 10. Security And Safeguards Elements that relate to how consumer data should be protected from un-authorized disclosure. 11. Accuracy And Quality Elements that relate to the maintenance of accurate and complete consumer data. 12. Openness, Monitoring, And Challenging Compliance Elements that relate to consumer education and complaints.
21 US DOE - Voluntary Code of Conduct 21 o Mission Statement Work Group o Notice and Awareness Work Group o Self Enforcement Management and Redress Work Group o Choice and Consent Work Group o Integrity and Security Work Group o Access and Participation Work Group Two Public Meetings in Washington D.C. - Open to all participants in person or via web-conferencing (Feb 26, 2013 and Nov 22, 2013)
22 Conclusion 22 o Countries are at different levels of policy development o Common trends for countries reviewed: o Consumer is the owner of the data o Use of consumer data should require an opt-in action (the consumer approving access to their information) in order to use that data. o Other trends not fully developed o Lifespan of data retention should be limited, but there is not yet consensus on how long lifespan should be o What data to include as a set in order to determine the level of personal identification that set gives, and o What level of transparency the process of managing this data will have
23 Contact at ESTA 23 Nader Farah President ESTA International, LLC 2214 Rock Hill Road, Suite 180 Herndon, VA USA Office Phone: Mobile Phone:
Introduction. Along with consulting, I previously. developing regulatory policy initiatives
1 Customer Data Privacy in AMI Applications Will McNamara Sr. Manager, Energy & Utilities West Monroe Partners 2 Introduction Will McNamara, Senior Manager, and Lead for WMP s Regulatory Support & Stakeholder
More information3. Consent for the Collection, Use or Disclosure of Personal Information
PRIVACY POLICY FOR RENNIE MARKETING SYSTEMS Our privacy policy includes provisions of the Personal Information Protection Act (BC) and the Personal Information Protection and Electronic Documents Act (Canada),
More informationMay 2 1,2009. Re: DHS Data Privacy and Integrity Advisory Committee White Paper on DHS Information Sharing and Access Agreements
J. Howard Beales Chair, DHS Data Privacy and Integrity Advisory Committee Via Hand Delivery Secretary Janet Napolitano Department of Homeland Security Washington, DC 20528 Ms. Mary Ellen Callahan Chief
More informationCorporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data
Corporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data *) For the purposes of these Corporate Guidelines, Third Countries are all those countries, which do not
More informationRecommendations for the PIA. Process for Enterprise Services Bus. Development
Recommendations for the PIA Process for Enterprise Services Bus Development A Report by the Data Privacy and Integrity Advisory Committee This report reflects the consensus recommendations provided by
More informationTaking care of what s important to you
A v i v a C a n a d a I n c. P r i v a c y P o l i c y Taking care of what s important to you Table of Contents Introduction Privacy in Canada Definition of Personal Information Privacy Policy: the ten
More informationGUIDELINES FOR RESPONSIBLE USE OF IDENTITY MANAGEMENT SYSTEMS
GUIDELINES FOR RESPONSIBLE USE OF IDENTITY MANAGEMENT SYSTEMS When used appropriately, identity management systems provide safety and security where they are needed. When used improperly, identity management
More informationPACIFIC EXPLORATION & PRODUCTION CORPORATION (the Corporation )
PRIVACY POLICY (Initially adopted by the Board of Directors on November 16, 2007) PACIFIC EXPLORATION & PRODUCTION CORPORATION (the Corporation ) The Corporation is committed to controlling the collection,
More informationBEFORE THE DEPARTMENT OF COMMERCE NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY. Request for Comments Docket # 120214135-2135-01
BEFORE THE DEPARTMENT OF COMMERCE NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY Request for Comments Docket # 120214135-2135-01 Multistakeholder Process to Develop Consumer Privacy Codes of Conduct COMMENTS
More informationThe Manitoba Child Care Association PRIVACY POLICY
The Manitoba Child Care Association PRIVACY POLICY BACKGROUND The Manitoba Child Care Association is committed to comply with the legal obligations imposed by the federal government's Personal Information
More informationFacial Recognition Data Collection Project
Update for the Facial Recognition Data Collection Project DHS/S&T STIDP/PIA-008(c) September 16, 2013 Contact Point Patricia Wolfhope Resilient Systems Division Science and Technology Directorate 202-254-5790
More informationCredit Union Code for the Protection of Personal Information
Introduction Canada is part of a global economy based on the creation, processing, and exchange of information. The technology underlying the information economy provides a number of benefits that improve
More informationINERTIA ETHICS MANUAL
SEVENTH FRAMEWORK PROGRAMME Smart Energy Grids Project Title: Integrating Active, Flexible and Responsive Tertiary INERTIA Grant Agreement No: 318216 Collaborative Project INERTIA ETHICS MANUAL Responsible
More informationPRIVACY POLICY. To start, it is important for you to know two definitions that are key to understanding our programs and privacy practices:
PRIVACY POLICY At Brand Loyalty International B.V., or any of its subsidiaries or affiliates, including IceMobile, Merison and Edison companies, all Companies (, we, us, or our ), we advise on, implement,
More informationNIST Coordination and Acceleration of Smart Grid Standards. Tom Nelson National Institute of Standards and Technology 8 December, 2010
NIST Coordination and Acceleration of Smart Grid Standards Tom Nelson National Institute of Standards and Technology 8 December, 2010 The Electric Grid One of the largest, most complex infrastructures
More informationREMEDY Enterprise Services Management System
for the Enterprise Services Management System April 28, 2016 Contact Point Marshall Nolan Border Enforcement and Management Systems Division Office of Information Technology U.S. Customs & Border Protection
More informationCredit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information
Credit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information INTRODUCTION Privacy legislation establishes legal privacy rights for individuals and sets enforceable
More informationApplying Privacy by Design Best Practices to SDG&E s Smart Pricing Program
Applying Privacy by Design Best Practices to SDG&E s Smart Pricing Program Ann Cavoukian, Ph.D. Information and Privacy Commissioner Ontario, Canada Caroline Winn Vice President, Customer Services Chief
More informationBinding Corporate Rules ( BCR ) Summary of Third Party Rights
Binding Corporate Rules ( BCR ) Summary of Third Party Rights This document contains in its Sections 3 9 all provision of the Binding Corporate Rules (BCR) for Siemens Group Companies and Other Adopting
More informationBest Practices for. Protecting Privacy, Civil Rights & Civil Liberties. Unmanned Aircraft Systems Programs
U.S. Department of Homeland Security Best Practices for Protecting Privacy, Civil Rights & Civil Liberties In Unmanned Aircraft Systems Programs U.S. Department of Homeland Security Privacy, Civil Rights
More informationCyberprivacy and Cybersecurity for Health Data
Experience the commitment Cyberprivacy and Cybersecurity for Health Data Building confidence in health systems Providing better health care quality at lower cost will be the key aim of all health economies
More informationPRIVACY AND DATA SECURITY MODULE
"This project has been funded under the fourth AAL call, AAL-2011-4. This publication [communication] reflects the views only of the author, and the Commission cannot be held responsible for any use which
More informationStakeholder Engagement Initiative: Customer Relationship Management
for the Stakeholder Engagement Initiative: December 10, 2009 Contact Point Christine Campigotto Private Sector Office Policy 202-612-1623 Reviewing Official Mary Ellen Callahan Chief Privacy Officer Department
More informationPROTECTION OF PERSONAL INFORMATION
PROTECTION OF PERSONAL INFORMATION Definitions Privacy Officer - The person within the Goderich Community Credit Union Limited (GCCU) who is responsible for ensuring compliance with privacy obligations,
More informationGSK Public policy positions
Safeguarding Personally Identifiable Information A Summary of GSK s Binding Corporate Rules The Issue The processing of Personally Identifiable Information (PII) 1 and Sensitive Personally Identifiable
More information(a) the kind of data and the harm that could result if any of those things should occur;
Cloud Computing This information leaflet aims to advise organisations on the factors they should take into account in considering engaging cloud computing. It explains the relevance of the Personal Data
More informationFebruary 17, 2011. Federal Trade Commission 600 Pennsylvania Avenue, NW Washington, DC 20580
February 17, 2011 Federal Trade Commission 600 Pennsylvania Avenue, NW Washington, DC 20580 Re: A Preliminary FTC Staff Report on Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework
More informationIAPP Global Privacy Summit Protecting Privacy Under the Cybersecurity Microscope
IAPP Global Privacy Summit Protecting Privacy Under the Cybersecurity Microscope March 6, 2014 Victoria King UPS (404) 828-6550 vking@ups.com Lisa J. Sotto Hunton & Williams LLP (212) 309-1223 lsotto@hunton.com
More informationAcquia Comments on EU Recommendations for Data Processing in the Cloud
Acquia Comments on EU Recommendations for Data Processing in the Cloud Executive Summary On July 1, 2012, European Union (EU) data protection regulators provided guidelines for service providers processing
More informationPrivacy by Design The 7 Foundational Principles Implementation and Mapping of Fair Information Practices
Privacy by Design The 7 Foundational Principles Implementation and Mapping of Fair Information Practices Ann Cavoukian, Ph.D. Information & Privacy Commissioner, Ontario, Canada Purpose: This document
More informationHow To Protect Your Data In European Law
Corporate Data Protection Code of Conduct for the Protection of the Individual s Right to Privacy in the Handling of Personal Data within the Deutsche Telekom Group 2010 / 04 We make ICT strategies work
More informationAlixPartners, LLP. General Data Protection Statement
AlixPartners, LLP General Data Protection Statement GENERAL DATA PROTECTION STATEMENT 1. INTRODUCTION 1.1 AlixPartners, LLP ( AlixPartners ) is committed to fulfilling its obligations under the data protection
More informationThe 7 Foundational Principles. Implementation and Mapping of Fair Information Practices. Ann Cavoukian, Ph.D.
Privacy by Design The 7 Foundational Principles Implementation and Mapping of Fair Information Practices Ann Cavoukian, Ph.D. Information & Privacy Commissioner Ontario, Canada Purpose: This document provides
More informationGuidelines on Data Protection. Draft. Version 3.1. Published by
Guidelines on Data Protection Draft Version 3.1 Published by National Information Technology Development Agency (NITDA) September 2013 Table of Contents Section One... 2 1.1 Preamble... 2 1.2 Authority...
More informationCW Government Travel Inc. Data Protection and Privacy Policy
CW Government Travel Inc. Data Protection and Privacy Policy Last updated 25 August 2014 Why do we collect personal data? This Data Protection and Privacy Policy explains how CW Government Travel, Inc.,
More informationTHE PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT (PIPEDA) PERSONAL INFORMATION POLICY & PROCEDURE HANDBOOK
THE PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT (PIPEDA) PERSONAL INFORMATION POLICY & PROCEDURE HANDBOOK REVISED August 2004 PERSONAL INFORMATION POLICY & PROCEDURE HANDBOOK Introduction
More informationCloud Computing and Privacy Laws! 17.7. 22.7. 2011 Prof. Dr. Thomas Fetzer, LL.M. Technische Universität Dresden Law School
DEUTSCH-FRANZÖSISCHE SOMMERUNIVERSITÄT! FÜR NACHWUCHSWISSENSCHAFTLER 2011! CLOUD COMPUTING : HERAUSFORDERUNGEN UND MÖGLICHKEITEN UNIVERSITÉ DʼÉTÉ FRANCO-ALLEMANDE POUR JEUNES CHERCHEURS 2011! CLOUD COMPUTING
More informationNational Association of Pharmacy Regulatory Authority s Privacy Policy for Pharmacists' Gateway Canada
Introduction National Association of Pharmacy Regulatory Authority s Privacy Policy for Pharmacists' Gateway Canada This Privacy Policy describes the manner in which the National Association of Pharmacy
More informationPrivacy Policy for Data Collected by Blue State Digital s Clients
Privacy Policy for Data Collected by Blue State Digital s Clients Blue State Digital LLC. ("Blue State Digital", BSD or "we") provides various services to nonprofits and business entities ("Clients"),
More informationHow to Monitor Employee Web Browsing and Email Legally
WHITEPAPER: HOW TO MONITOR EMPLOYEE WEB BROWSING AND EMAIL LEGALLY How to Monitor Employee Web Browsing and Email Legally ABSTRACT The Internet and email are indispensable resources in today s business
More informationPrivacy Impact Assessment
AUGUST 16, 2013 Privacy Impact Assessment CIVIL PENALTY FUND AND BUREAU-ADMINISTERED REDRESS PROGRAM Contact Point: Claire Stapleton Chief Privacy Officer 1700 G Street, NW Washington, DC 20552 202-435-7220
More informationHow To Ensure Health Information Is Protected
pic pic CIHI Submission: 2011 Prescribed Entity Review October 2011 Who We Are Established in 1994, CIHI is an independent, not-for-profit corporation that provides essential information on Canada s health
More information12/4/2013. Regulatory Updates. Eric M. Wright, CPA, CITP. Schneider Downs & Co., Inc. December 5, 2013
Regulatory Updates Eric M. Wright, CPA, CITP Schneider Downs & Co., Inc. December 5, 2013 Eric M. Wright, CPA, CITP Eric has been involved with Information Technology with Schneider Downs since 1983. He
More informationProcessor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries
Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries Sopra HR Software as a Data Processor Sopra HR Software, 2014 / Ref. : 20141120-101114-m 1/32 1.
More informationUnited States Visitor and Immigrant Status Indicator Technology Program (US-VISIT)
for the Conversion to 10-Fingerprint Collection for the United States Visitor and Immigrant Status Indicator Technology Program (US-VISIT) November 15, 2007 Contact Point Barbara M. Harrison, Acting Privacy
More informationSUBJECT: VOYAGEUR TRANSPORTATION CORPORATE POLICIES/PROCEDURES TITLE: PRIVACY OF PERSONAL HEALTH INFORMATION
SUBJECT: VOYAGEUR PAGE 1 1.0 PURPOSE: 1.1 To establish and document a policy which defines Voyageur s commitment to the protection of an individual s personal health information in the course of providing
More informationHIPAA BUSINESS ASSOCIATE AGREEMENT
HIPAA BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement ("BA AGREEMENT") supplements and is made a part of any and all agreements entered into by and between The Regents of the University
More informationBefore the Department of Energy Washington, D.C. 20585 ) ) ) ) ) ) NBP RFI: Data Access, Third Party Use, and Privacy
Before the Department of Energy Washington, D.C. 20585 In the Matter of Implementing the National Broadband Plan by Empowering Consumers and the Smart Grid: Data Access, Third Party Use, and Privacy )
More informationPrivacy Impact Assessment
Technology, Planning, Architecture, & E-Government Version: 1.1 Date: April 14, 2011 Prepared for: USDA OCIO TPA&E Privacy Impact Assessment for the April 14, 2011 Contact Point Charles McClam Deputy Chief
More informationAusgrid Privacy Policy
Ausgrid Privacy Policy Ausgrid is responsible for the safe and reliable supply of electricity to homes and businesses throughout Sydney, the Hunter and the Central Coast. Its network is made up of more
More informationPrivacy Impact Assessment (PIA)
Privacy Impact Assessment () Farm Service Agency Customer Name/Address Systems (CN/AS) Customer Name/Address (CN/A) Revised: November 09, 2012 Template Version: FSA--2011-08-19-A Customer Name/Address
More informationWhite Paper on Financial Institution Vendor Management
White Paper on Financial Institution Vendor Management Virtually every organization in the modern economy relies to some extent on third-party vendors that facilitate business operations in a wide variety
More informationAbilities Centre collects personal information for the following purposes:
Privacy Policy Accountability Abilities Centre is responsible for your personal information under its control. We have appointed a Privacy Officer who is accountable for our compliance with this Privacy
More informationBRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS
BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS Mat Wright www.britishcouncil.org CONTENTS Purpose of the code 1 Scope of the code 1 The British Council s data protection commitment and
More informationAIRBUS GROUP BINDING CORPORATE RULES
1 AIRBUS GROUP BINDING CORPORATE RULES 2 Introduction The Binding Corporate Rules (hereinafter BCRs ) of the Airbus Group finalize the Airbus Group s provisions on the protection of Personal Data. These
More informationE-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY
E-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY Oana Dolea 7 th Annual Leg@l.IT Conference March 26th, 2013 Montreal, Canada INTRODUCTION Mobile e-commerce vs. E-commerce Mobile e-commerce:
More informationArticle 29 Working Party Issues Opinion on Cloud Computing
Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,
More informationMerthyr Tydfil County Borough Council. Data Protection Policy
Merthyr Tydfil County Borough Council Data Protection Policy 2014 Cyfarthfa High School is a Rights Respecting School, we recognise the importance of ensuring that the United Nations Convention of the
More informationInformation Technology - Switzerland
Newsletters Law Directory Deals News Subscribe Home Information Technology - Switzerland Data Protection - Key Issues Contributed by Homburger December 2 2003 Introduction No Free Flow of Data within a
More informationBusiness Associate Agreement
Business Associate Agreement This Business Associate Agreement (the Agreement ) is made by and between Business Associate, [Name of Business Associate], and Covered Entity, The Connecticut Center for Health,
More informationBHF Southern African Conference
BHF Southern African Conference Navigating the complexities of the new legislative framework Peter Hill, Director: IT Governance Network TOPICS TO BE COVERED The practical implementation of the PPI Act
More informationCell All Demonstration
for the Cell All Demonstration March 2, 2011 Contact Point Stephen Dennis HSARPA Technical Director (202) 254-5788 Reviewing Official Mary Ellen Callahan Chief Privacy Officer Department of Homeland Security
More informationApril 28, 2014. Ms. Hada Flowers Regulatory Secretariat Division General Services Administration 1800 F Street, NW, 2 nd Floor Washington, DC
April 28, 2014 Ms. Hada Flowers Regulatory Secretariat Division General Services Administration 1800 F Street, NW, 2 nd Floor Washington, DC RE: Information Technology Sector Coordinating Council (IT SCC)
More informationAccountability: Data Governance for the Evolving Digital Marketplace 1
Accountability: Data Governance for the Evolving Digital Marketplace 1 1 For the past three years, the Centre for Information Policy Leadership at Hunton & Williams LLP has served as secretariat for the
More informationGaming System Monitoring and Analysis Effort
for the Gaming System Monitoring and Analysis Effort DHS/S&T/PIA-025 October 11, 2012 Contact Point Douglas Maughan DHS S&T Cyber Security Division 202-254-6145 Reviewing Official Jonathan R. Cantor Acting
More informationBUSINESS ASSOCIATE AGREEMENT
BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (the "Agreement") is made and entered into this day of,, by and between Quicktate and idictate ("Business Associate") and ("Covered Entity").
More informationSTATEMENT OF PATRICIA HOFFMAN ACTING ASSISTANT SECRETARY FOR ELECTRICITY DELIVERY AND ENERGY RELIABILITY U.S. DEPARTMENT OF ENERGY BEFORE THE
STATEMENT OF PATRICIA HOFFMAN ACTING ASSISTANT SECRETARY FOR ELECTRICITY DELIVERY AND ENERGY RELIABILITY U.S. DEPARTMENT OF ENERGY BEFORE THE COMMITTEE ON ENERGY AND NATURAL RESOURCES UNITED STATES SENATE
More informationRPM INTERNATIONAL INC. AND ITS SUBSIDIARIES AND OPERATING COMPANIES SAFE HARBOR PRIVACY NOTICE. EFFECTIVE AS OF: August 12, 2015
RPM INTERNATIONAL INC. AND ITS SUBSIDIARIES AND OPERATING COMPANIES SAFE HARBOR PRIVACY NOTICE EFFECTIVE AS OF: August 12, 2015 This Notice sets forth the principles followed by RPM International Inc.,
More informationCloud Computing: Legal Risks and Best Practices
Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent
More informationReport of the Information & Privacy Commissioner/Ontario. Review of the Canadian Institute for Health Information:
Information and Privacy Commissioner of Ontario Report of the Information & Privacy Commissioner/Ontario Review of the Canadian Institute for Health Information: A Prescribed Entity under the Personal
More informationBefore the Department of Energy Washington, D.C. 20585. Smart Grid RFI: Addressing Policy and Logistical Challenges
Before the Department of Energy Washington, D.C. 20585 In the Matter of Addressing Policy and Logistical Challenges to Smart Grid Implementation I. Introduction Smart Grid RFI: Addressing Policy and Logistical
More informationPersonal Information Protection and Electronic Documents Act (PIPEDA)
Introduction Personal Information Protection and Electronic Documents Act (PIPEDA) Policy and The Insurance Brokers Association of Alberta is committed to respect the privacy rights of individuals by ensuring
More informationInformation Governance Framework. June 2015
Information Governance Framework June 2015 Information Security Framework Janice McNay June 2015 1 Company Thirteen Group Lead Manager Janice McNay Date of Final Draft and Version Number June 2015 Review
More informationISO/RTO Council Comments on National Institute of Standards and Technology Proposed Smart Grid Interoperability Standards
ISO/RTO Council Comments on National Institute of Standards and Technology Proposed Smart Grid Interoperability Standards Pursuant to the Notice posted in the Federal Register on June 9, 2009, the ISO/RTO
More informationDHS SharePoint and Collaboration Sites
for the March 22, 2011 Robert Morningstar Information Systems Security Manager DHS Office of the Chief Information Officer/Enterprise Service Delivery Office (202) 447-0467 Reviewing Official Mary Ellen
More informationThis chapter provides an overview of cyber security issues and activities by state and federal organizations Cyber security is an ongoing, high
This chapter provides an overview of cyber security issues and activities by state and federal organizations Cyber security is an ongoing, high priority, active initiative within the utility industry.
More informationWhat to do When Faced With a Privacy Breach: Guidelines for the Health Sector ANN CAVOUKIAN, PH.D. COMMISSIONER
What to do When Faced With a Privacy Breach: Guidelines for the Health Sector ANN CAVOUKIAN, PH.D. COMMISSIONER INFORMATION AND PRIVACY COMMISSIONER/ONTARIO Table of Contents What is a privacy breach?...1
More informationData protection compliance checklist
Data protection compliance checklist What is this checklist for? This checklist is drawn up on the basis of analysis of the relevant provisions of European law. Although European law aims at harmonizing
More informationFederal Trade Commission Privacy Impact Assessment
Federal Trade Commission Privacy Impact Assessment for the: W120023 ONLINE FAX SERVICE December 2012 1 System Overview The Federal Trade Commission (FTC, Commission or the agency) is an independent federal
More informationHow To Understand The Data Protection Act
DATA PROTECTION ACT 2002 The Basics Purpose of the Act Balance the rights of an individual with an organisation s legitimate need to process personal data Promote openness and transparency Establish and
More informationComments and proposals on the Chapter IV of the General Data Protection Regulation
Comments and proposals on the Chapter IV of the General Data Protection Regulation Ahead of the trialogue negotiations later this month, EDRi, Access, Panoptykon Bits of Freedom, FIPR and Privacy International
More informationfuture data and infrastructure
White Paper Smart Grid Security: Preparing for the Standards-Based Future without Neglecting the Needs of Today Are you prepared for future data and infrastructure security challenges? Steve Chasko Principal
More informationNew system Significant modification to an existing system To update existing PIA for a triennial security reauthorization
1. Contact Information Department of State Privacy Coordinator Margaret P. Grafeld Bureau of Administration Global Information Services Office of Information Programs and Services 2. System Information
More informationUniversity of Limerick Data Protection Compliance Regulations June 2015
University of Limerick Data Protection Compliance Regulations June 2015 1. Purpose of Data Protection Compliance Regulations 1.1 The purpose of these Compliance Regulations is to assist University of Limerick
More informationData Protection in Ireland
Data Protection in Ireland 0 Contents Data Protection in Ireland Introduction Page 2 Appointment of a Data Processor Page 2 Security Measures (onus on a data controller) Page 3 8 Principles Page 3 Fair
More informationPrivacy Guidelines for RFID Information Systems (RFID Privacy Guidelines)
Privacy Guidelines for RFID Information Systems (RFID Privacy Guidelines) Information and Privacy Ann Cavoukian, Ph.D. Commissioner June 2006 Commissioner Ann Cavoukian gratefully acknowledges the work
More informationPrivacy Impact Assessment
MAY 24, 2012 Privacy Impact Assessment matters management system Contact Point: Claire Stapleton Chief Privacy Officer 1700 G Street, NW Washington, DC 20552 202-435-7220 claire.stapleton@cfpb.gov DOCUMENT
More informationCorporate Policy. Data Protection for Data of Customers & Partners.
Corporate Policy. Data Protection for Data of Customers & Partners. 02 Preamble Ladies and gentlemen, Dear employees, The electronic processing of virtually all sales procedures, globalization and growing
More informationInvestor day. November 17, 2010. Energy business Michel Crochon Executive Vice President
Investor day November 17, 2010 Energy business Michel Crochon Executive Vice President We built a global leadership in medium voltage and grid automation with Areva Distribution MV switchgears & systems
More informationUnited States Citizenship and Immigration Services (USCIS) Enterprise Service Bus (ESB)
for the United States Citizenship and Immigration Services (USCIS) June 22, 2007 Contact Point Harry Hopkins Office of Information Technology (OIT) (202) 272-8953 Reviewing Official Hugo Teufel III Chief
More informationPrivacy Statement. What Personal Information We Collect. Australia
Privacy Statement Kelly Services, Inc. and its subsidiaries ("Kelly Services" or Kelly ) respect your privacy and we acknowledge that you have certain rights related to any personal information we collect
More informationMulti-Jurisdictional Study: Cloud Computing Legal Requirements. Julien Debussche Associate January 2015
Multi-Jurisdictional Study: Cloud Computing Legal Requirements Julien Debussche Associate January 2015 Content 1. General Legal Framework 2. Data Protection Legal Framework 3. Security Requirements 4.
More informationCOMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER THE FEDERAL TRADE COMMISSION. In the Matter of Myspace, LLC. FTC File No. 102 3058.
COMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER to THE FEDERAL TRADE COMMISSION In the Matter of Myspace, LLC FTC File No. 102 3058 June 8, 2012 By notice published on May 14, 2012, the Federal Trade
More informationPrivacy Law in Canada
Privacy Law in Canada Federal and provincial privacy legislation has a profound impact on the way virtually all organizations carry on business across the country. Canada s privacy laws, while likely the
More informationAlign Technology. Data Protection Binding Corporate Rules Controller Policy. 2014 Align Technology, Inc. All rights reserved.
Align Technology Data Protection Binding Corporate Rules Controller Policy Contents INTRODUCTION 3 PART I: BACKGROUND AND ACTIONS 4 PART II: CONTROLLER OBLIGATIONS 6 PART III: APPENDICES 13 2 P a g e INTRODUCTION
More informationPII Compliance Guidelines
Personally Identifiable Information (PII): Individually identifiable information from or about an individual customer including, but not limited to: (a) a first and last name or first initial and last
More informationSmart Metering Implementation Programme: Data Privacy and Security
Smart Metering Implementation Programme: Data Privacy and Security Document type: Supporting Document Ref: 94e/10 Date of publication: 27 July 2010 Deadline for response: 28 October 2010 Target audience:
More informationOSRAM BCR Binding Corporate Rules ( BCR ) for OSRAM Group Companies and Adopting Companies for the protection of personal data
OSRAM BCR Binding Corporate Rules ( BCR ) for OSRAM Group Companies and Adopting Companies for the protection of personal data Terms Adopting company an OSRAM associated company in Germany or overseas
More informationProposal of regulation Com 2012 11/4 Directive 95/46/EC Conclusion
Page 1 sur 155 Proposal of regulation Com 2012 11/4 Directive 95/46/EC Conclusion Legal nature of the instrument Règlement Directive Directly applicable act in internal law 91 articles 34 articles Art.
More informationData Processing Agreement for Oracle Cloud Services
Data Processing Agreement for Oracle Cloud Services Version December 1, 2013 1. Scope and order of precedence This is an agreement concerning the Processing of Personal Data as part of Oracle s Cloud Services
More information