Smart Grid and Privacy An International View

Size: px
Start display at page:

Download "Smart Grid and Privacy An International View"

Transcription

1 Smart Grid and Privacy An International View 27 November 2013 By: Nader Farah President ESTA International

2 One US Consumer s Reaction in Texas! 2 Source: SmartGridNews.com July 20, 2012

3 ESTA International (Energy Strategy and Technology Associates) Consultants Focused on the Smarter Grid 3 Smart Grid Regulatory Framework/ Roadmap Smart Grid Transmission Feasibility Study Smart Grid Distribution Feasibility Study Int l Smart Grid Survey/ Study ISGAN Support Smart Meter Lab Design Sensor Technology Study PMU Standards Harmonization Int l Coordination Support Smart Grid PLC Testbed For HAN and EV/EVSE SG Technology Roadmap Guide Draft Roadmap for Saudi Arabia Areas of Expertise Smart Grid Technologies (Smart Meters, AMI, PMU, Renewable Energy, Communication Technologies, Electric Vehicles impacts, Energy Storage, Testing Facilities) Smart Grid Regulation and Policy Real-Time Automation (SCADA, EMS, Distribution Management Systems, Outage Management Systems, Substation Automation, IEC Object Modeling) Cybersecurity, IT and Telecomm for Electric Utilities Power Systems Planning, Analysis, and Studies Asset and Maintenance Management, Failure Analysis Revenue Assurance Operational Support Distributed Energy Resource Integration of Renewable Energy Wholesale electricity market operations Demand Response Programs & Energy Efficiency

4 Many Countries Have Consumer Protection Laws Example - Mexico 4 o Article 1.- This Law is of public interest and of general enforcement throughout the entire Republic (Mexico) and has as its purpose the protection of personal information possessed by private parties, with the goal of regulating its legitimate use, monitored and informed, in order to guarantee privacy and the people s right to informed self-determination. Source: Ley Federal de Protección de Datos Personales en Posesión de los Particulares (LFPDPPP). o Article 6, sections II and III, of the Political Constitution of the United Mexican States (CPEUM) establishes the principles and foundations for exercising human rights to information and privacy in the following manner: II. III. Information regarding private life and personal information will be protected under the terms and with exceptions determined by law. Every person, without need for proving any interest or justifying its use, will have free access to public information, to his/her personal information, or to correction of such. Source: Constitución Política de los Estados Unidos Mexicanos (CPEUM) While Smart Grid privacy concerns may not be expressly addressed in existing laws and regulations, they may still be applicable!

5 Customer Energy Data 5 o Foundational to: o Customer Engagement o Energy Efficiency o Demand Response o Enhanced Outage Management o Improved Grid Operation o Realization of benefits from Smart Grid investments

6 Four Dimensions of Privacy 6 1. Personal information any information relating to an individual, who can be identified, directly or indirectly, by that information and in particular by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural, locational or social identity 2. Personal privacy the right to control the integrity of one s own body 3. Behavioral privacy the right of individuals to make their own choices about what they do and to keep certain personal behaviors from being shared with others 4. Personal communications privacy the right to communicate without undue surveillance, monitoring, or censorship Source: NIST, Guidelines for SG Cyber Security Vol 2, Privacy and the SG, Aug 2010

7 Generally Suggested Issues for Smart Grid Entities 7 o Conduct pre-installation processes and activities for using Smart Grid technologies with utmost transparency. o Conduct an initial privacy impact assessment before making the decision to deploy and/or participate in the Smart Grid. o Provide regular privacy training and ongoing awareness communications and activities to all workers who have access to personal information within the Smart Grid o Develop privacy Use Cases that track data flows containing personal information to address and mitigate common privacy risks that exist for business processes within the Smart Grid o Educate consumers and other individuals about the privacy risks within the Smart Grid and what they can do to mitigate them o Share information with other Smart Grid market participants concerning solutions to common privacy-related risks o Manufacturers and vendors of smart meters, smart appliances, and other types of smart devices, should engineer these devices to collect only the data necessary for the purposes of the smart device operations Source: NIST, Guidelines for SG Cyber Security Vol 2, Privacy and the SG, Aug 2010

8 Smart Grid Privacy 8 o European Union o United States DOE o Unites States, California o Canada, Ontario o United Kingdom

9 European Union 9

10 European Union EU Commission SG Task Force Recommendations 10 o Adequate measures must be deployed to physically protect the contents and nature of data related to the consumer in order to protect that consumer o The EU should perform a form of privacy impact assessment related to SG development to determine upfront if a development causes a privacy impact to the public o Minimizing the amount of data to the only necessary ones o Determine deadlines and timeframes for storage of the data and different types of data usage o Develop procedures for removing / deleting the data o Anonymous data approach o Transparency in all processes and work o Usage of privacy certifications systems by regulatory bodies over any actor that will have access to the data - EU Commission SG Task Force Recommendations -, Essential Regulatory Requirements and Recommendations for Data Handling, Data Safety, and Consumer Protection, pg. 4.

11 United States DOE Task Force Recommendations 11 - DOE, Data Access and Privacy Issues Related to Smart Grid Technologies, Oct, 2010

12 USA - California 12 o California became the first US State to adopt privacy rules for customer data. Senate Bill-1467 o At core are concepts from Fair Information Practice (FIP) principals adopted by the Department of Homeland Security (DHS) o Rules apply to electrical corporations, electrical corporations third-party contractors, and any other third-parties that access customer data directly from the electrical corporation o Rules require: o Electrical corporations provide customers with a privacy notice o That upon a security breach affecting more than 1,000 customers, the electrical corporation notify customers within two weeks of such a breach o Electrical corporations file with the CPUC annually a report on o o o All security breaches of customer information The number of third-parties accessing customer data The number of times the utility or third-party was not in compliance with the rules

13 USA -California 13 o Disclosure - Utilities that collect meter data may not share customers energy information with any third party without the customer s consent o only exception is if data is part of an energy efficiency or demand response program in which the customer participates. In that case, the third party must sign a contract agreeing to implement data protection measures o Data security/protection - Utilities and energy service providers must o provide security to protect the personal information from unauthorized access, destruction, use, modification, or disclosure. o prohibit the use of the data for a secondary commercial purpose not related to the primary purpose of the contract without the customer s consent. o Liability - Utilities that release data to a third party with customer consent shall not be responsible for the security of that data, or its use or misuse unless the utility has a business relationship with the third party. o Removes a major liability concern for utilities o Continued use - Utilities are explicitly granted permission to continue using customer energy data for analysis, reporting, and program management

14 Canada, Ontario 14 o Privacy issues in Ontario are reviewed by the Office of the Information and Privacy Commissioner of Ontario (IPC) o IPC has advocated that local utilities adhere to Privacy by Design principles (PbD) to ensure that privacy is part of the core functionality of the Smart grid o Goal of PbD is the protection of privacy through the use of privacy enhancing technologies o embedding them into the design specifications of information technology, business practices, physical environments and infrastructure o making privacy the default o Ultimate goal in Ontario is to have PbD incorporated into the design and infrastructure of Smart Grid systems as a means of protecting Personal Identifiable Information (PII) Cavoukian, Polonetsky, & Wolf, Smart Privacy for the Smart Grid: embedding privacy into the design of electricity conservation, 2010, p. 276

15 Canada, Ontario Privacy Policy Framework 15

16 United Kingdom 16 o The UK Smart Grid Program has taken a rigorous and systematic approach to assessing and managing the issue of data privacy o It is intended to build on safeguards already in place, notably the Data Protection Act 1998, to develop a privacy policy for smart metering data o The UK plans to utilize the Privacy by Design (PbD) approach toward developing these policies Overall principle: Consumers should be able to choose how their consumption data is used and by whom, except where data is required to fulfill regulated duties

17 United Kingdom 17 The UK approach to privacy is being delivered through: othe development of a Privacy Impact Assessment othe development of a privacy policy framework which will protect the interests of consumers and provide them with assurance oa Privacy Charter to be developed by suppliers to provide transparency about the new arrangements oimplementing the framework, for example through changes to licenses

18 United Kingdom Smart Grid Privacy Policy Proposals 18 o From a privacy perspective consumers have a right to expect that any personal data they might have processed about them is kept secure and cannot be accessed inappropriately o There should be a functional requirement for thirteen months of consumption data to be stored within the meter o For the majority of smart metering data, it is only when the consumption data is accessed and can be combined with other information relating to an individual that it becomes personal data o Explore opportunities for ways of accessing this data without combining it in such a way that it becomes personal data ( anonymising ) o Introduction of a privacy charter to address privacy concerns associated with the rollout of smart metering and in line with best practice as identified by the Information Commissioner s Office (ICO)

19 US DOE - Voluntary Code of Conduct Rights of the Consumers Elements that relate to the rights that the consumers have according with laws and regulations. 2. Obligations of the third parties and vendors Elements that relate to the rights that the consumers have according with laws and regulations. 3. Management And Accountability Elements that relate to the credibility of the utility and/or third party s privacy function. 4. Notice And Purpose Elements that relate to communicating applicable policies, and related choices, to consumers. 5. Choice And Consent Elements that relate to the consumer s granting of authorization for the release/sharing of his or her data. 6. Collection And Scope Elements that relate to the scope of consumer data that is collected, and potentially shared.

20 US DOE - Voluntary Code of Conduct Use And Retention Elements that relate to how long consumer data should be kept, and when it should be destroyed. 8. Individual Access Elements that relate to the consumer accessing his or her own data. 9. Disclosure And Limiting Use Elements that relate to how consumer data is shared with third parties 10. Security And Safeguards Elements that relate to how consumer data should be protected from un-authorized disclosure. 11. Accuracy And Quality Elements that relate to the maintenance of accurate and complete consumer data. 12. Openness, Monitoring, And Challenging Compliance Elements that relate to consumer education and complaints.

21 US DOE - Voluntary Code of Conduct 21 o Mission Statement Work Group o Notice and Awareness Work Group o Self Enforcement Management and Redress Work Group o Choice and Consent Work Group o Integrity and Security Work Group o Access and Participation Work Group Two Public Meetings in Washington D.C. - Open to all participants in person or via web-conferencing (Feb 26, 2013 and Nov 22, 2013)

22 Conclusion 22 o Countries are at different levels of policy development o Common trends for countries reviewed: o Consumer is the owner of the data o Use of consumer data should require an opt-in action (the consumer approving access to their information) in order to use that data. o Other trends not fully developed o Lifespan of data retention should be limited, but there is not yet consensus on how long lifespan should be o What data to include as a set in order to determine the level of personal identification that set gives, and o What level of transparency the process of managing this data will have

23 Contact at ESTA 23 Nader Farah President ESTA International, LLC 2214 Rock Hill Road, Suite 180 Herndon, VA USA Office Phone: Mobile Phone:

Privacy by Design in Law, Policy and Practice

Privacy by Design in Law, Policy and Practice Privacy by Design in Law, Policy and Practice David Goodis Director of Legal Services and General Counsel Stephen McCammon Legal Counsel Office of the Information and Privacy Commissioner / Ontario IAPP

More information

3. Consent for the Collection, Use or Disclosure of Personal Information

3. Consent for the Collection, Use or Disclosure of Personal Information PRIVACY POLICY FOR RENNIE MARKETING SYSTEMS Our privacy policy includes provisions of the Personal Information Protection Act (BC) and the Personal Information Protection and Electronic Documents Act (Canada),

More information

Privacy Policy October 1, 2012

Privacy Policy October 1, 2012 Privacy Policy October 1, 2012 VISION CRITICAL COMMUNICATIONS INC. CORPORATE PRIVACY POLICY OVERVIEW At Vision Critical Communications Inc. ("VCCI"), respecting privacy is an important part of our commitment

More information

Credit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information

Credit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information Credit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information INTRODUCTION Privacy legislation establishes legal privacy rights for individuals and sets enforceable

More information

PACIFIC EXPLORATION & PRODUCTION CORPORATION (the Corporation )

PACIFIC EXPLORATION & PRODUCTION CORPORATION (the Corporation ) PRIVACY POLICY (Initially adopted by the Board of Directors on November 16, 2007) PACIFIC EXPLORATION & PRODUCTION CORPORATION (the Corporation ) The Corporation is committed to controlling the collection,

More information

May 2 1,2009. Re: DHS Data Privacy and Integrity Advisory Committee White Paper on DHS Information Sharing and Access Agreements

May 2 1,2009. Re: DHS Data Privacy and Integrity Advisory Committee White Paper on DHS Information Sharing and Access Agreements J. Howard Beales Chair, DHS Data Privacy and Integrity Advisory Committee Via Hand Delivery Secretary Janet Napolitano Department of Homeland Security Washington, DC 20528 Ms. Mary Ellen Callahan Chief

More information

Corporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data

Corporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data Corporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data *) For the purposes of these Corporate Guidelines, Third Countries are all those countries, which do not

More information

IAPP Global Privacy Summit Protecting Privacy Under the Cybersecurity Microscope

IAPP Global Privacy Summit Protecting Privacy Under the Cybersecurity Microscope IAPP Global Privacy Summit Protecting Privacy Under the Cybersecurity Microscope March 6, 2014 Victoria King UPS (404) 828-6550 vking@ups.com Lisa J. Sotto Hunton & Williams LLP (212) 309-1223 lsotto@hunton.com

More information

Liberty Global s Privacy Policy. Effective as of April 1, 2012

Liberty Global s Privacy Policy. Effective as of April 1, 2012 Liberty Global s Privacy Policy Effective as of April 1, 2012 Content We care about Privacy We care about Privacy Questions & Answers Purpose of the Policy Scope of the Policy Our Global Privacy Policy

More information

DHS SharePoint and Collaboration Sites

DHS SharePoint and Collaboration Sites for the March 22, 2011 Robert Morningstar Information Systems Security Manager DHS Office of the Chief Information Officer/Enterprise Service Delivery Office (202) 447-0467 Reviewing Official Mary Ellen

More information

Recommendations for the PIA. Process for Enterprise Services Bus. Development

Recommendations for the PIA. Process for Enterprise Services Bus. Development Recommendations for the PIA Process for Enterprise Services Bus Development A Report by the Data Privacy and Integrity Advisory Committee This report reflects the consensus recommendations provided by

More information

Introduction. Along with consulting, I previously. developing regulatory policy initiatives

Introduction. Along with consulting, I previously. developing regulatory policy initiatives 1 Customer Data Privacy in AMI Applications Will McNamara Sr. Manager, Energy & Utilities West Monroe Partners 2 Introduction Will McNamara, Senior Manager, and Lead for WMP s Regulatory Support & Stakeholder

More information

(a) the kind of data and the harm that could result if any of those things should occur;

(a) the kind of data and the harm that could result if any of those things should occur; Cloud Computing This information leaflet aims to advise organisations on the factors they should take into account in considering engaging cloud computing. It explains the relevance of the Personal Data

More information

ThinkHQ Public Affairs Inc. Privacy Policy (July 2016)

ThinkHQ Public Affairs Inc. Privacy Policy (July 2016) ThinkHQ Public Affairs Inc. Privacy Policy (July 2016) 523 21 Ave. S.W. Calgary, AB T2S 0G9 Contact: info@thinkhq.ca ThinkHQ Public Affairs Inc. Corporate Privacy Policy ThinkHQ Public Affairs Inc. ( THQ

More information

Privacy and Security Related to Smart Meters 1

Privacy and Security Related to Smart Meters 1 DOC No. INFOSOC 44-11 DATE ISSUED: JUNE 2011 Resolution on Privacy and Security Related to Smart Meters 1 For decades, water, gas, and electric utility service providers have used meters to record household

More information

PRIVACY AND DATA SECURITY MODULE

PRIVACY AND DATA SECURITY MODULE "This project has been funded under the fourth AAL call, AAL-2011-4. This publication [communication] reflects the views only of the author, and the Commission cannot be held responsible for any use which

More information

The Manitoba Child Care Association PRIVACY POLICY

The Manitoba Child Care Association PRIVACY POLICY The Manitoba Child Care Association PRIVACY POLICY BACKGROUND The Manitoba Child Care Association is committed to comply with the legal obligations imposed by the federal government's Personal Information

More information

NO.RM18. RM18 - Data Protection Policy v9_150226

NO.RM18. RM18 - Data Protection Policy v9_150226 DATA PROTECTION POLICY NO.RM18 Applies to: All NHS LA employees, Non-Executive Directors, secondees and consultants, and/or any other parties who will carry out duties on behalf of the NHS LA. Contractors

More information

BEFORE THE DEPARTMENT OF COMMERCE NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY. Request for Comments Docket # 120214135-2135-01

BEFORE THE DEPARTMENT OF COMMERCE NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY. Request for Comments Docket # 120214135-2135-01 BEFORE THE DEPARTMENT OF COMMERCE NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY Request for Comments Docket # 120214135-2135-01 Multistakeholder Process to Develop Consumer Privacy Codes of Conduct COMMENTS

More information

Credit Union Code for the Protection of Personal Information

Credit Union Code for the Protection of Personal Information Introduction Canada is part of a global economy based on the creation, processing, and exchange of information. The technology underlying the information economy provides a number of benefits that improve

More information

CIHI Submission: 2011 Prescribed Entity Review

CIHI Submission: 2011 Prescribed Entity Review pic pic CIHI Submission: 2011 Prescribed Entity Review October 2011 Who We Are Established in 1994, CIHI is an independent, not-for-profit corporation that provides essential information on Canada s health

More information

NIST Coordination and Acceleration of Smart Grid Standards. Tom Nelson National Institute of Standards and Technology 8 December, 2010

NIST Coordination and Acceleration of Smart Grid Standards. Tom Nelson National Institute of Standards and Technology 8 December, 2010 NIST Coordination and Acceleration of Smart Grid Standards Tom Nelson National Institute of Standards and Technology 8 December, 2010 The Electric Grid One of the largest, most complex infrastructures

More information

Taking care of what s important to you

Taking care of what s important to you A v i v a C a n a d a I n c. P r i v a c y P o l i c y Taking care of what s important to you Table of Contents Introduction Privacy in Canada Definition of Personal Information Privacy Policy: the ten

More information

Binding Corporate Rules ( BCR ) Summary of Third Party Rights

Binding Corporate Rules ( BCR ) Summary of Third Party Rights Binding Corporate Rules ( BCR ) Summary of Third Party Rights This document contains in its Sections 3 9 all provision of the Binding Corporate Rules (BCR) for Siemens Group Companies and Other Adopting

More information

Smart Grid Data Privacy Concerns: An Overview of Recommended Guidelines

Smart Grid Data Privacy Concerns: An Overview of Recommended Guidelines Smart Grid Data Privacy Concerns: An Overview of Recommended Guidelines August 2014 Contact: Paul Zummo Manager of Policy Research and Analysis American Public Power Association (202) 467-2969 pzummo@publicpower.org

More information

Code of Conduct. Corporate Data Protection. We make ICT strategies work

Code of Conduct. Corporate Data Protection. We make ICT strategies work Corporate Data Protection Code of Conduct for the Protection of the Individual s Right to Privacy in the Handling of Personal Data within the Deutsche Telekom Group 2010 / 04 We make ICT strategies work

More information

Acquia Comments on EU Recommendations for Data Processing in the Cloud

Acquia Comments on EU Recommendations for Data Processing in the Cloud Acquia Comments on EU Recommendations for Data Processing in the Cloud Executive Summary On July 1, 2012, European Union (EU) data protection regulators provided guidelines for service providers processing

More information

INERTIA ETHICS MANUAL

INERTIA ETHICS MANUAL SEVENTH FRAMEWORK PROGRAMME Smart Energy Grids Project Title: Integrating Active, Flexible and Responsive Tertiary INERTIA Grant Agreement No: 318216 Collaborative Project INERTIA ETHICS MANUAL Responsible

More information

THE PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT (PIPEDA) PERSONAL INFORMATION POLICY & PROCEDURE HANDBOOK

THE PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT (PIPEDA) PERSONAL INFORMATION POLICY & PROCEDURE HANDBOOK THE PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT (PIPEDA) PERSONAL INFORMATION POLICY & PROCEDURE HANDBOOK REVISED August 2004 PERSONAL INFORMATION POLICY & PROCEDURE HANDBOOK Introduction

More information

Before the Department of Energy Washington, D.C. 20585 ) ) ) ) ) ) NBP RFI: Data Access, Third Party Use, and Privacy

Before the Department of Energy Washington, D.C. 20585 ) ) ) ) ) ) NBP RFI: Data Access, Third Party Use, and Privacy Before the Department of Energy Washington, D.C. 20585 In the Matter of Implementing the National Broadband Plan by Empowering Consumers and the Smart Grid: Data Access, Third Party Use, and Privacy )

More information

INFORMATION SECURITY MANAGEMENT POLICY

INFORMATION SECURITY MANAGEMENT POLICY INFORMATION SECURITY MANAGEMENT POLICY Security Classification Level 4 - PUBLIC Version 1.3 Status APPROVED Approval SMT: 27 th April 2010 ISC: 28 th April 2010 Senate: 9 th June 2010 Council: 23 rd June

More information

Guidelines on Data Protection. Draft. Version 3.1. Published by

Guidelines on Data Protection. Draft. Version 3.1. Published by Guidelines on Data Protection Draft Version 3.1 Published by National Information Technology Development Agency (NITDA) September 2013 Table of Contents Section One... 2 1.1 Preamble... 2 1.2 Authority...

More information

National Association of Pharmacy Regulatory Authority s Privacy Policy for Pharmacists' Gateway Canada

National Association of Pharmacy Regulatory Authority s Privacy Policy for Pharmacists' Gateway Canada Introduction National Association of Pharmacy Regulatory Authority s Privacy Policy for Pharmacists' Gateway Canada This Privacy Policy describes the manner in which the National Association of Pharmacy

More information

AlixPartners, LLP. General Data Protection Statement

AlixPartners, LLP. General Data Protection Statement AlixPartners, LLP General Data Protection Statement GENERAL DATA PROTECTION STATEMENT 1. INTRODUCTION 1.1 AlixPartners, LLP ( AlixPartners ) is committed to fulfilling its obligations under the data protection

More information

Department of Homeland Security Web Portals

Department of Homeland Security Web Portals for the Department of Homeland Security Web Portals June 15, 2009 Contact Point Mary Ellen Callahan Chief Privacy Officer Department of Homeland Security (703) 235-0780 Page 2 Abstract Many Department

More information

California State University, Sacramento INFORMATION SECURITY PROGRAM

California State University, Sacramento INFORMATION SECURITY PROGRAM California State University, Sacramento INFORMATION SECURITY PROGRAM 1 I. Preamble... 3 II. Scope... 3 III. Definitions... 4 IV. Roles and Responsibilities... 5 A. Vice President for Academic Affairs...

More information

Article 29 Working Party Issues Opinion on Cloud Computing

Article 29 Working Party Issues Opinion on Cloud Computing Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,

More information

GUIDELINES FOR RESPONSIBLE USE OF IDENTITY MANAGEMENT SYSTEMS

GUIDELINES FOR RESPONSIBLE USE OF IDENTITY MANAGEMENT SYSTEMS GUIDELINES FOR RESPONSIBLE USE OF IDENTITY MANAGEMENT SYSTEMS When used appropriately, identity management systems provide safety and security where they are needed. When used improperly, identity management

More information

Privacy by Design The 7 Foundational Principles Implementation and Mapping of Fair Information Practices

Privacy by Design The 7 Foundational Principles Implementation and Mapping of Fair Information Practices Privacy by Design The 7 Foundational Principles Implementation and Mapping of Fair Information Practices Ann Cavoukian, Ph.D. Information & Privacy Commissioner, Ontario, Canada Purpose: This document

More information

Postmedia Network Canada Corp. PRIVACY POLICY

Postmedia Network Canada Corp. PRIVACY POLICY Postmedia Network Canada Corp. PRIVACY POLICY Date of original issue: June 10, 2011 INTRODUCTION Postmedia Network Canada Corp. and its affiliated and subsidiary entities, are committed to controlling

More information

Cloud Computing and Privacy Laws! 17.7. 22.7. 2011 Prof. Dr. Thomas Fetzer, LL.M. Technische Universität Dresden Law School

Cloud Computing and Privacy Laws! 17.7. 22.7. 2011 Prof. Dr. Thomas Fetzer, LL.M. Technische Universität Dresden Law School DEUTSCH-FRANZÖSISCHE SOMMERUNIVERSITÄT! FÜR NACHWUCHSWISSENSCHAFTLER 2011! CLOUD COMPUTING : HERAUSFORDERUNGEN UND MÖGLICHKEITEN UNIVERSITÉ DʼÉTÉ FRANCO-ALLEMANDE POUR JEUNES CHERCHEURS 2011! CLOUD COMPUTING

More information

AIRBUS GROUP BINDING CORPORATE RULES

AIRBUS GROUP BINDING CORPORATE RULES 1 AIRBUS GROUP BINDING CORPORATE RULES 2 Introduction The Binding Corporate Rules (hereinafter BCRs ) of the Airbus Group finalize the Airbus Group s provisions on the protection of Personal Data. These

More information

Smart Metering Implementation Programme: Data Privacy and Security

Smart Metering Implementation Programme: Data Privacy and Security Smart Metering Implementation Programme: Data Privacy and Security Document type: Supporting Document Ref: 94e/10 Date of publication: 27 July 2010 Deadline for response: 28 October 2010 Target audience:

More information

Cyberprivacy and Cybersecurity for Health Data

Cyberprivacy and Cybersecurity for Health Data Experience the commitment Cyberprivacy and Cybersecurity for Health Data Building confidence in health systems Providing better health care quality at lower cost will be the key aim of all health economies

More information

Roche Directive on the Protection of Personal Data

Roche Directive on the Protection of Personal Data Roche Directive on the Protection of Personal Data PREAMBLE As a Group that operates around the globe, Roche uses systems in all sectors to process data and to exchange data between units within the Group

More information

Business Associate Agreement

Business Associate Agreement Business Associate Agreement This Business Associate Agreement (the Agreement ) is made by and between Business Associate, [Name of Business Associate], and Covered Entity, The Connecticut Center for Health,

More information

Information Security Handbook

Information Security Handbook Information Security Handbook Adopted 6/4/14 Page 0 Page 1 1. Introduction... 5 1.1. Executive Summary... 5 1.2. Governance... 5 1.3. Scope and Application... 5 1.4. Biennial Review... 5 2. Definitions...

More information

Gaming System Monitoring and Analysis Effort

Gaming System Monitoring and Analysis Effort for the Gaming System Monitoring and Analysis Effort DHS/S&T/PIA-025 October 11, 2012 Contact Point Douglas Maughan DHS S&T Cyber Security Division 202-254-6145 Reviewing Official Jonathan R. Cantor Acting

More information

Directive 95/46/EC is the milestone in the history of personal data protection.

Directive 95/46/EC is the milestone in the history of personal data protection. How do DSOs ensure data protection? Implementation of existing EU legislation Valentina Alagna Regulatory and Antitrust Brussels, May 21 st 2015 EU Data protection Directive Directive 95/46/EC is the milestone

More information

Information Governance Framework. June 2015

Information Governance Framework. June 2015 Information Governance Framework June 2015 Information Security Framework Janice McNay June 2015 1 Company Thirteen Group Lead Manager Janice McNay Date of Final Draft and Version Number June 2015 Review

More information

Missing Persons Community of Interest (MPCI) Using Fair Information Practices to Develop Privacy Best Practices For Missing Persons Organizations

Missing Persons Community of Interest (MPCI) Using Fair Information Practices to Develop Privacy Best Practices For Missing Persons Organizations Missing Persons Community of Interest (MPCI) Using Fair Information Practices to Develop Privacy For Missing Persons Organizations Editor: Contributors: Bob Gellman (bob@bobgellman.com) Tim Schwartz (tim@timschwartz.org)

More information

Cell All Demonstration

Cell All Demonstration for the Cell All Demonstration March 2, 2011 Contact Point Stephen Dennis HSARPA Technical Director (202) 254-5788 Reviewing Official Mary Ellen Callahan Chief Privacy Officer Department of Homeland Security

More information

Facial Recognition Data Collection Project

Facial Recognition Data Collection Project Update for the Facial Recognition Data Collection Project DHS/S&T STIDP/PIA-008(c) September 16, 2013 Contact Point Patricia Wolfhope Resilient Systems Division Science and Technology Directorate 202-254-5790

More information

February 17, 2011. Federal Trade Commission 600 Pennsylvania Avenue, NW Washington, DC 20580

February 17, 2011. Federal Trade Commission 600 Pennsylvania Avenue, NW Washington, DC 20580 February 17, 2011 Federal Trade Commission 600 Pennsylvania Avenue, NW Washington, DC 20580 Re: A Preliminary FTC Staff Report on Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework

More information

The Ten privacy principles and our commitment to them are as follows:

The Ten privacy principles and our commitment to them are as follows: Your Privacy is Our Concern Federated Insurance Company of Canada 1 is committed to protecting your personal information, whether you are a customer of Federated or not, and, no matter how we came to be

More information

Information Security Program

Information Security Program Stephen F. Austin State University Information Security Program Revised: September 2014 2014 Table of Contents Overview... 1 Introduction... 1 Purpose... 1 Authority... 2 Scope... 2 Information Security

More information

Information Security Framework Privacy Shield Policy

Information Security Framework Privacy Shield Policy Clinical Computing Inc. Information Security Framework Privacy Shield Policy Date of Release: 30 th September 2016 Document Reference: DOC-0141 Author Company/Job Title Sign / Date Tim Brennan Operations

More information

How to Monitor Employee Web Browsing and Email Legally

How to Monitor Employee Web Browsing and Email Legally WHITEPAPER: HOW TO MONITOR EMPLOYEE WEB BROWSING AND EMAIL LEGALLY How to Monitor Employee Web Browsing and Email Legally ABSTRACT The Internet and email are indispensable resources in today s business

More information

Personal Information Protection and Electronic Documents Act (PIPEDA)

Personal Information Protection and Electronic Documents Act (PIPEDA) Introduction Personal Information Protection and Electronic Documents Act (PIPEDA) Policy and The Insurance Brokers Association of Alberta is committed to respect the privacy rights of individuals by ensuring

More information

INTRODUCTION. This Handbook is based on:

INTRODUCTION. This Handbook is based on: Privacy Handbook INTRODUCTION Compliance with the federal Personal Information Protection and Electronic Documents Act (PIPEDA) and related provincial legislation is a key component of HUNTERS business

More information

Accountability: Data Governance for the Evolving Digital Marketplace 1

Accountability: Data Governance for the Evolving Digital Marketplace 1 Accountability: Data Governance for the Evolving Digital Marketplace 1 1 For the past three years, the Centre for Information Policy Leadership at Hunton & Williams LLP has served as secretariat for the

More information

White Paper on Financial Institution Vendor Management

White Paper on Financial Institution Vendor Management White Paper on Financial Institution Vendor Management Virtually every organization in the modern economy relies to some extent on third-party vendors that facilitate business operations in a wide variety

More information

RPM INTERNATIONAL INC. AND ITS SUBSIDIARIES AND OPERATING COMPANIES SAFE HARBOR PRIVACY NOTICE. EFFECTIVE AS OF: August 12, 2015

RPM INTERNATIONAL INC. AND ITS SUBSIDIARIES AND OPERATING COMPANIES SAFE HARBOR PRIVACY NOTICE. EFFECTIVE AS OF: August 12, 2015 RPM INTERNATIONAL INC. AND ITS SUBSIDIARIES AND OPERATING COMPANIES SAFE HARBOR PRIVACY NOTICE EFFECTIVE AS OF: August 12, 2015 This Notice sets forth the principles followed by RPM International Inc.,

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (the "Agreement") is made and entered into this day of,, by and between Quicktate and idictate ("Business Associate") and ("Covered Entity").

More information

Privacy Engineers Wanted

Privacy Engineers Wanted Fred Carter Senior Policy & Technology Advisor IPC Ontario Privacy Engineers Wanted SC/CSE 3000 Computer Ethics York University, Keele Campus 13 October 2015 Overview / Objectives What is Privacy? What

More information

Data Protection for the Guidance Counsellor. Issues To Plan For

Data Protection for the Guidance Counsellor. Issues To Plan For Data Protection for the Guidance Counsellor Issues To Plan For Author: Hugh Jones Data Protection Specialist Longstone Management Ltd. Published by the National Centre for Guidance in Education (NCGE)

More information

PROTECTION OF PERSONAL INFORMATION

PROTECTION OF PERSONAL INFORMATION PROTECTION OF PERSONAL INFORMATION Definitions Privacy Officer - The person within the Goderich Community Credit Union Limited (GCCU) who is responsible for ensuring compliance with privacy obligations,

More information

HIPAA Business Associate Contract. Definitions

HIPAA Business Associate Contract. Definitions HIPAA Business Associate Contract Definitions Terms used, but not otherwise defined, in this Agreement shall have the same meaning as those terms in the Privacy Rule. Examples of specific definitions:

More information

Align Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved.

Align Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved. Align Technology Data Protection Binding Corporate Rules Processor Policy Confidential Contents INTRODUCTION TO THIS POLICY 3 PART I: BACKGROUND AND ACTIONS 4 PART II: PROCESSOR OBLIGATIONS 6 PART III:

More information

New Ross Credit Union Web Site Statement

New Ross Credit Union Web Site Statement Privacy New Ross Credit Union Web Site Statement YOUR PRIVACY IS OUR PRIORITY Credit unions have a history of respecting the privacy of our members. Your Board of Directors has adopted the Credit Union

More information

Information Technology - Switzerland

Information Technology - Switzerland Newsletters Law Directory Deals News Subscribe Home Information Technology - Switzerland Data Protection - Key Issues Contributed by Homburger December 2 2003 Introduction No Free Flow of Data within a

More information

Mobile Application User Privacy Policy

Mobile Application User Privacy Policy Mobile Application User Privacy Policy This User Privacy Policy (Privacy Policy) is dated December 5, 2016 and it is effective, upon acceptance of any user, as of December 5, 2016 (Effective Date). Proceq

More information

An Executive Overview of GAPP. Generally Accepted Privacy Principles

An Executive Overview of GAPP. Generally Accepted Privacy Principles An Executive Overview of GAPP Generally Accepted Privacy Principles Current Environment One of today s key business imperatives is maintaining the privacy of your customers personal information. As business

More information

E-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY

E-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY E-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY Oana Dolea 7 th Annual Leg@l.IT Conference March 26th, 2013 Montreal, Canada INTRODUCTION Mobile e-commerce vs. E-commerce Mobile e-commerce:

More information

Privacy Policy Last Modified: April 3, 2015 1

Privacy Policy Last Modified: April 3, 2015 1 Privacy Policy Last Modified: April 3, 2015 1 Introduction Jamberry Nails, LLC, a Utah limited liability company, U.S.A., (referred to herein as Jamberry, we, us and our ) understands the importance of

More information

Cybersecurity and Data Breach: Mitigating Risk and How Government Policymakers Approach These Critical Issues

Cybersecurity and Data Breach: Mitigating Risk and How Government Policymakers Approach These Critical Issues Cybersecurity and Data Breach: Mitigating Risk and How Government Policymakers Approach These Critical Issues Todd Bertoson Daniel Gibb Erin Sheppard Principal Senior Managing Associate Counsel todd.bertoson@dentons.com

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

April 28, 2014. Ms. Hada Flowers Regulatory Secretariat Division General Services Administration 1800 F Street, NW, 2 nd Floor Washington, DC

April 28, 2014. Ms. Hada Flowers Regulatory Secretariat Division General Services Administration 1800 F Street, NW, 2 nd Floor Washington, DC April 28, 2014 Ms. Hada Flowers Regulatory Secretariat Division General Services Administration 1800 F Street, NW, 2 nd Floor Washington, DC RE: Information Technology Sector Coordinating Council (IT SCC)

More information

ISO/RTO Council Comments on National Institute of Standards and Technology Proposed Smart Grid Interoperability Standards

ISO/RTO Council Comments on National Institute of Standards and Technology Proposed Smart Grid Interoperability Standards ISO/RTO Council Comments on National Institute of Standards and Technology Proposed Smart Grid Interoperability Standards Pursuant to the Notice posted in the Federal Register on June 9, 2009, the ISO/RTO

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Agreement ( Agreement ) is made and entered into this day of [Month], [Year] by and between [Business Name] ( Covered Entity ), [Type of Entity], whose business address

More information

BHF Southern African Conference

BHF Southern African Conference BHF Southern African Conference Navigating the complexities of the new legislative framework Peter Hill, Director: IT Governance Network TOPICS TO BE COVERED The practical implementation of the PPI Act

More information

SCHNEIDER ELECTRIC SMART GRID LABORATORY

SCHNEIDER ELECTRIC SMART GRID LABORATORY Now Open for Collaboration! SCHNEIDER ELECTRIC SMART GRID LABORATORY Test your products, demonstrate solutions and train with us WHAT IS THE SCHNEIDER ELECTRIC SMART GRID LABORATORY? Located in the Centre

More information

NORTHWESTEL CODE OF FAIR INFORMATION PRACTICES. Effective January 1, 2001

NORTHWESTEL CODE OF FAIR INFORMATION PRACTICES. Effective January 1, 2001 NORTHWESTEL CODE OF FAIR INFORMATION PRACTICES Effective January 1, 2001 The Northwestel Code of Fair Practices complies fully with the Personal Protection and Electronic Documents Act and incorporates

More information

Applying Privacy by Design Best Practices to SDG&E s Smart Pricing Program

Applying Privacy by Design Best Practices to SDG&E s Smart Pricing Program Applying Privacy by Design Best Practices to SDG&E s Smart Pricing Program Ann Cavoukian, Ph.D. Information and Privacy Commissioner Ontario, Canada Caroline Winn Vice President, Customer Services Chief

More information

Biomet Safe Harbor Policy

Biomet Safe Harbor Policy Biomet Safe Harbor Policy POLICY STATEMENT Biomet, Inc. and its subsidiaries (collectively, Biomet or us ) are committed to protecting the privacy of those who entrust us with their Personal Data. All

More information

DHS Data Privacy & Integrity Advisory Committee 07 May 2007. Comments of the. DHS Data Privacy & Integrity Advisory Committee

DHS Data Privacy & Integrity Advisory Committee 07 May 2007. Comments of the. DHS Data Privacy & Integrity Advisory Committee DHS Data Privacy & Integrity Advisory Committee 07 May 2007 Comments of the DHS Data Privacy & Integrity Advisory Committee Regarding the Notice of Propose Rulemaking For Implementation of the REAL ID

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement ("BA AGREEMENT") supplements and is made a part of any and all agreements entered into by and between The Regents of the University

More information

Communication Networks and Cyber Security. Mitul Thapliyal Principal Infosys Ltd

Communication Networks and Cyber Security. Mitul Thapliyal Principal Infosys Ltd Communication Networks and Cyber Security Mitul Thapliyal Principal Infosys Ltd Contents Introduction Power sector's key security concerns How to address these concerns CIPS based approach for handling

More information

CW Government Travel Inc. Data Protection and Privacy Policy

CW Government Travel Inc. Data Protection and Privacy Policy CW Government Travel Inc. Data Protection and Privacy Policy Last updated 25 August 2014 Why do we collect personal data? This Data Protection and Privacy Policy explains how CW Government Travel, Inc.,

More information

PRIVACY POLICY. To start, it is important for you to know two definitions that are key to understanding our programs and privacy practices:

PRIVACY POLICY. To start, it is important for you to know two definitions that are key to understanding our programs and privacy practices: PRIVACY POLICY At Brand Loyalty International B.V., or any of its subsidiaries or affiliates, including IceMobile, Merison and Edison companies, all Companies (, we, us, or our ), we advise on, implement,

More information

I. INTRODUCTION. Voluntary Best Practices for UAS Privacy, Transparency, and Accountability

I. INTRODUCTION. Voluntary Best Practices for UAS Privacy, Transparency, and Accountability I. INTRODUCTION The benefits of commercial and private unmanned aircraft systems (UAS) are substantial. Technology has moved forward rapidly, and what used to be considered toys are quickly becoming powerful

More information

Exhibit 2. Business Associate Addendum

Exhibit 2. Business Associate Addendum Exhibit 2 Business Associate Addendum This Business Associate Addendum ( Addendum ) governs the use and disclosure of Protected Health Information by EOHHS when functioning as a Business Associate in performing

More information

MEMORANDUM. I. Accurate Framing of Communications Privacy Policy Should Acknowledge Full Range of Threats to Consumer Privacy

MEMORANDUM. I. Accurate Framing of Communications Privacy Policy Should Acknowledge Full Range of Threats to Consumer Privacy MEMORANDUM To: Interested Persons From: Claire Gartland, Khaliah Barnes, and Marc Rotenberg, Electronic Privacy Information Center (EPIC) Re: FCC Communications Privacy Rulemaking Date: EPIC is circulating

More information

Tomorrow s Electric Power System: Challenges & Opportunities

Tomorrow s Electric Power System: Challenges & Opportunities Tomorrow s Electric Power System: Challenges & Opportunities Lecture 18 edmp: 14.43 / 15.031 / 21A.341 / 11.161 1 Despite Complexity and Exceptional Policy & Institutional Fragmentation, the U.S. Grid

More information

SAFE HARBOR PRIVACY POLICY

SAFE HARBOR PRIVACY POLICY SAFE HARBOR PRIVACY POLICY Varroc Lighting Systems, Inc. respects individuals privacy, and strives to collect, use and disclose personal information in a manner consistent with the laws of the countries

More information

IEEE CYBER SECURITY FOR THE SMART GRID

IEEE CYBER SECURITY FOR THE SMART GRID IEEE SMART GRID RESEARCH IEEE CYBER SECURITY FOR THE SMART GRID IEEE 3 Park Avenue New York, NY 10016-5997 USA Trademarks and Disclaimers IEEE believes the information in this publication is accurate

More information

Financial Fitness Centre Privacy Policy

Financial Fitness Centre Privacy Policy Financial Fitness Centre Privacy Policy Date of Original Issue: Jan 15,2004 Date of Last Review: Jan 21,2004 Date Review Approved: Jan 28, 2004. Table of Contents Preamble:... 1 Application:... 2 Definitions:...

More information

The 7 Foundational Principles. Implementation and Mapping of Fair Information Practices. Ann Cavoukian, Ph.D.

The 7 Foundational Principles. Implementation and Mapping of Fair Information Practices. Ann Cavoukian, Ph.D. Privacy by Design The 7 Foundational Principles Implementation and Mapping of Fair Information Practices Ann Cavoukian, Ph.D. Information & Privacy Commissioner Ontario, Canada Purpose: This document provides

More information

Virginia Systems Repository (VSR): Data Repositories DHS/FEMA/PIA 038(a)

Virginia Systems Repository (VSR): Data Repositories DHS/FEMA/PIA 038(a) for the (VSR): DHS/FEMA/PIA 038(a) May 12, 2014 Contact Point Tammy Rinard Recovery Directorate (540) 686-3754 Reviewing Official Karen L. Neuman Chief Privacy Officer Department of Homeland Security (202)

More information

PII Compliance Guidelines

PII Compliance Guidelines Personally Identifiable Information (PII): Individually identifiable information from or about an individual customer including, but not limited to: (a) a first and last name or first initial and last

More information