Smart Grid and Privacy An International View

Size: px
Start display at page:

Download "Smart Grid and Privacy An International View"

Transcription

1 Smart Grid and Privacy An International View 27 November 2013 By: Nader Farah President ESTA International

2 One US Consumer s Reaction in Texas! 2 Source: SmartGridNews.com July 20, 2012

3 ESTA International (Energy Strategy and Technology Associates) Consultants Focused on the Smarter Grid 3 Smart Grid Regulatory Framework/ Roadmap Smart Grid Transmission Feasibility Study Smart Grid Distribution Feasibility Study Int l Smart Grid Survey/ Study ISGAN Support Smart Meter Lab Design Sensor Technology Study PMU Standards Harmonization Int l Coordination Support Smart Grid PLC Testbed For HAN and EV/EVSE SG Technology Roadmap Guide Draft Roadmap for Saudi Arabia Areas of Expertise Smart Grid Technologies (Smart Meters, AMI, PMU, Renewable Energy, Communication Technologies, Electric Vehicles impacts, Energy Storage, Testing Facilities) Smart Grid Regulation and Policy Real-Time Automation (SCADA, EMS, Distribution Management Systems, Outage Management Systems, Substation Automation, IEC Object Modeling) Cybersecurity, IT and Telecomm for Electric Utilities Power Systems Planning, Analysis, and Studies Asset and Maintenance Management, Failure Analysis Revenue Assurance Operational Support Distributed Energy Resource Integration of Renewable Energy Wholesale electricity market operations Demand Response Programs & Energy Efficiency

4 Many Countries Have Consumer Protection Laws Example - Mexico 4 o Article 1.- This Law is of public interest and of general enforcement throughout the entire Republic (Mexico) and has as its purpose the protection of personal information possessed by private parties, with the goal of regulating its legitimate use, monitored and informed, in order to guarantee privacy and the people s right to informed self-determination. Source: Ley Federal de Protección de Datos Personales en Posesión de los Particulares (LFPDPPP). o Article 6, sections II and III, of the Political Constitution of the United Mexican States (CPEUM) establishes the principles and foundations for exercising human rights to information and privacy in the following manner: II. III. Information regarding private life and personal information will be protected under the terms and with exceptions determined by law. Every person, without need for proving any interest or justifying its use, will have free access to public information, to his/her personal information, or to correction of such. Source: Constitución Política de los Estados Unidos Mexicanos (CPEUM) While Smart Grid privacy concerns may not be expressly addressed in existing laws and regulations, they may still be applicable!

5 Customer Energy Data 5 o Foundational to: o Customer Engagement o Energy Efficiency o Demand Response o Enhanced Outage Management o Improved Grid Operation o Realization of benefits from Smart Grid investments

6 Four Dimensions of Privacy 6 1. Personal information any information relating to an individual, who can be identified, directly or indirectly, by that information and in particular by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural, locational or social identity 2. Personal privacy the right to control the integrity of one s own body 3. Behavioral privacy the right of individuals to make their own choices about what they do and to keep certain personal behaviors from being shared with others 4. Personal communications privacy the right to communicate without undue surveillance, monitoring, or censorship Source: NIST, Guidelines for SG Cyber Security Vol 2, Privacy and the SG, Aug 2010

7 Generally Suggested Issues for Smart Grid Entities 7 o Conduct pre-installation processes and activities for using Smart Grid technologies with utmost transparency. o Conduct an initial privacy impact assessment before making the decision to deploy and/or participate in the Smart Grid. o Provide regular privacy training and ongoing awareness communications and activities to all workers who have access to personal information within the Smart Grid o Develop privacy Use Cases that track data flows containing personal information to address and mitigate common privacy risks that exist for business processes within the Smart Grid o Educate consumers and other individuals about the privacy risks within the Smart Grid and what they can do to mitigate them o Share information with other Smart Grid market participants concerning solutions to common privacy-related risks o Manufacturers and vendors of smart meters, smart appliances, and other types of smart devices, should engineer these devices to collect only the data necessary for the purposes of the smart device operations Source: NIST, Guidelines for SG Cyber Security Vol 2, Privacy and the SG, Aug 2010

8 Smart Grid Privacy 8 o European Union o United States DOE o Unites States, California o Canada, Ontario o United Kingdom

9 European Union 9

10 European Union EU Commission SG Task Force Recommendations 10 o Adequate measures must be deployed to physically protect the contents and nature of data related to the consumer in order to protect that consumer o The EU should perform a form of privacy impact assessment related to SG development to determine upfront if a development causes a privacy impact to the public o Minimizing the amount of data to the only necessary ones o Determine deadlines and timeframes for storage of the data and different types of data usage o Develop procedures for removing / deleting the data o Anonymous data approach o Transparency in all processes and work o Usage of privacy certifications systems by regulatory bodies over any actor that will have access to the data - EU Commission SG Task Force Recommendations -, Essential Regulatory Requirements and Recommendations for Data Handling, Data Safety, and Consumer Protection, pg. 4.

11 United States DOE Task Force Recommendations 11 - DOE, Data Access and Privacy Issues Related to Smart Grid Technologies, Oct, 2010

12 USA - California 12 o California became the first US State to adopt privacy rules for customer data. Senate Bill-1467 o At core are concepts from Fair Information Practice (FIP) principals adopted by the Department of Homeland Security (DHS) o Rules apply to electrical corporations, electrical corporations third-party contractors, and any other third-parties that access customer data directly from the electrical corporation o Rules require: o Electrical corporations provide customers with a privacy notice o That upon a security breach affecting more than 1,000 customers, the electrical corporation notify customers within two weeks of such a breach o Electrical corporations file with the CPUC annually a report on o o o All security breaches of customer information The number of third-parties accessing customer data The number of times the utility or third-party was not in compliance with the rules

13 USA -California 13 o Disclosure - Utilities that collect meter data may not share customers energy information with any third party without the customer s consent o only exception is if data is part of an energy efficiency or demand response program in which the customer participates. In that case, the third party must sign a contract agreeing to implement data protection measures o Data security/protection - Utilities and energy service providers must o provide security to protect the personal information from unauthorized access, destruction, use, modification, or disclosure. o prohibit the use of the data for a secondary commercial purpose not related to the primary purpose of the contract without the customer s consent. o Liability - Utilities that release data to a third party with customer consent shall not be responsible for the security of that data, or its use or misuse unless the utility has a business relationship with the third party. o Removes a major liability concern for utilities o Continued use - Utilities are explicitly granted permission to continue using customer energy data for analysis, reporting, and program management

14 Canada, Ontario 14 o Privacy issues in Ontario are reviewed by the Office of the Information and Privacy Commissioner of Ontario (IPC) o IPC has advocated that local utilities adhere to Privacy by Design principles (PbD) to ensure that privacy is part of the core functionality of the Smart grid o Goal of PbD is the protection of privacy through the use of privacy enhancing technologies o embedding them into the design specifications of information technology, business practices, physical environments and infrastructure o making privacy the default o Ultimate goal in Ontario is to have PbD incorporated into the design and infrastructure of Smart Grid systems as a means of protecting Personal Identifiable Information (PII) Cavoukian, Polonetsky, & Wolf, Smart Privacy for the Smart Grid: embedding privacy into the design of electricity conservation, 2010, p. 276

15 Canada, Ontario Privacy Policy Framework 15

16 United Kingdom 16 o The UK Smart Grid Program has taken a rigorous and systematic approach to assessing and managing the issue of data privacy o It is intended to build on safeguards already in place, notably the Data Protection Act 1998, to develop a privacy policy for smart metering data o The UK plans to utilize the Privacy by Design (PbD) approach toward developing these policies Overall principle: Consumers should be able to choose how their consumption data is used and by whom, except where data is required to fulfill regulated duties

17 United Kingdom 17 The UK approach to privacy is being delivered through: othe development of a Privacy Impact Assessment othe development of a privacy policy framework which will protect the interests of consumers and provide them with assurance oa Privacy Charter to be developed by suppliers to provide transparency about the new arrangements oimplementing the framework, for example through changes to licenses

18 United Kingdom Smart Grid Privacy Policy Proposals 18 o From a privacy perspective consumers have a right to expect that any personal data they might have processed about them is kept secure and cannot be accessed inappropriately o There should be a functional requirement for thirteen months of consumption data to be stored within the meter o For the majority of smart metering data, it is only when the consumption data is accessed and can be combined with other information relating to an individual that it becomes personal data o Explore opportunities for ways of accessing this data without combining it in such a way that it becomes personal data ( anonymising ) o Introduction of a privacy charter to address privacy concerns associated with the rollout of smart metering and in line with best practice as identified by the Information Commissioner s Office (ICO)

19 US DOE - Voluntary Code of Conduct Rights of the Consumers Elements that relate to the rights that the consumers have according with laws and regulations. 2. Obligations of the third parties and vendors Elements that relate to the rights that the consumers have according with laws and regulations. 3. Management And Accountability Elements that relate to the credibility of the utility and/or third party s privacy function. 4. Notice And Purpose Elements that relate to communicating applicable policies, and related choices, to consumers. 5. Choice And Consent Elements that relate to the consumer s granting of authorization for the release/sharing of his or her data. 6. Collection And Scope Elements that relate to the scope of consumer data that is collected, and potentially shared.

20 US DOE - Voluntary Code of Conduct Use And Retention Elements that relate to how long consumer data should be kept, and when it should be destroyed. 8. Individual Access Elements that relate to the consumer accessing his or her own data. 9. Disclosure And Limiting Use Elements that relate to how consumer data is shared with third parties 10. Security And Safeguards Elements that relate to how consumer data should be protected from un-authorized disclosure. 11. Accuracy And Quality Elements that relate to the maintenance of accurate and complete consumer data. 12. Openness, Monitoring, And Challenging Compliance Elements that relate to consumer education and complaints.

21 US DOE - Voluntary Code of Conduct 21 o Mission Statement Work Group o Notice and Awareness Work Group o Self Enforcement Management and Redress Work Group o Choice and Consent Work Group o Integrity and Security Work Group o Access and Participation Work Group Two Public Meetings in Washington D.C. - Open to all participants in person or via web-conferencing (Feb 26, 2013 and Nov 22, 2013)

22 Conclusion 22 o Countries are at different levels of policy development o Common trends for countries reviewed: o Consumer is the owner of the data o Use of consumer data should require an opt-in action (the consumer approving access to their information) in order to use that data. o Other trends not fully developed o Lifespan of data retention should be limited, but there is not yet consensus on how long lifespan should be o What data to include as a set in order to determine the level of personal identification that set gives, and o What level of transparency the process of managing this data will have

23 Contact at ESTA 23 Nader Farah President ESTA International, LLC 2214 Rock Hill Road, Suite 180 Herndon, VA USA Office Phone: Mobile Phone:

3. Consent for the Collection, Use or Disclosure of Personal Information

3. Consent for the Collection, Use or Disclosure of Personal Information PRIVACY POLICY FOR RENNIE MARKETING SYSTEMS Our privacy policy includes provisions of the Personal Information Protection Act (BC) and the Personal Information Protection and Electronic Documents Act (Canada),

More information

Recommendations for the PIA. Process for Enterprise Services Bus. Development

Recommendations for the PIA. Process for Enterprise Services Bus. Development Recommendations for the PIA Process for Enterprise Services Bus Development A Report by the Data Privacy and Integrity Advisory Committee This report reflects the consensus recommendations provided by

More information

Corporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data

Corporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data Corporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data *) For the purposes of these Corporate Guidelines, Third Countries are all those countries, which do not

More information

Introduction. Along with consulting, I previously. developing regulatory policy initiatives

Introduction. Along with consulting, I previously. developing regulatory policy initiatives 1 Customer Data Privacy in AMI Applications Will McNamara Sr. Manager, Energy & Utilities West Monroe Partners 2 Introduction Will McNamara, Senior Manager, and Lead for WMP s Regulatory Support & Stakeholder

More information

May 2 1,2009. Re: DHS Data Privacy and Integrity Advisory Committee White Paper on DHS Information Sharing and Access Agreements

May 2 1,2009. Re: DHS Data Privacy and Integrity Advisory Committee White Paper on DHS Information Sharing and Access Agreements J. Howard Beales Chair, DHS Data Privacy and Integrity Advisory Committee Via Hand Delivery Secretary Janet Napolitano Department of Homeland Security Washington, DC 20528 Ms. Mary Ellen Callahan Chief

More information

The Manitoba Child Care Association PRIVACY POLICY

The Manitoba Child Care Association PRIVACY POLICY The Manitoba Child Care Association PRIVACY POLICY BACKGROUND The Manitoba Child Care Association is committed to comply with the legal obligations imposed by the federal government's Personal Information

More information

PACIFIC EXPLORATION & PRODUCTION CORPORATION (the Corporation )

PACIFIC EXPLORATION & PRODUCTION CORPORATION (the Corporation ) PRIVACY POLICY (Initially adopted by the Board of Directors on November 16, 2007) PACIFIC EXPLORATION & PRODUCTION CORPORATION (the Corporation ) The Corporation is committed to controlling the collection,

More information

Taking care of what s important to you

Taking care of what s important to you A v i v a C a n a d a I n c. P r i v a c y P o l i c y Taking care of what s important to you Table of Contents Introduction Privacy in Canada Definition of Personal Information Privacy Policy: the ten

More information

INERTIA ETHICS MANUAL

INERTIA ETHICS MANUAL SEVENTH FRAMEWORK PROGRAMME Smart Energy Grids Project Title: Integrating Active, Flexible and Responsive Tertiary INERTIA Grant Agreement No: 318216 Collaborative Project INERTIA ETHICS MANUAL Responsible

More information

GUIDELINES FOR RESPONSIBLE USE OF IDENTITY MANAGEMENT SYSTEMS

GUIDELINES FOR RESPONSIBLE USE OF IDENTITY MANAGEMENT SYSTEMS GUIDELINES FOR RESPONSIBLE USE OF IDENTITY MANAGEMENT SYSTEMS When used appropriately, identity management systems provide safety and security where they are needed. When used improperly, identity management

More information

BEFORE THE DEPARTMENT OF COMMERCE NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY. Request for Comments Docket # 120214135-2135-01

BEFORE THE DEPARTMENT OF COMMERCE NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY. Request for Comments Docket # 120214135-2135-01 BEFORE THE DEPARTMENT OF COMMERCE NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY Request for Comments Docket # 120214135-2135-01 Multistakeholder Process to Develop Consumer Privacy Codes of Conduct COMMENTS

More information

REMEDY Enterprise Services Management System

REMEDY Enterprise Services Management System for the Enterprise Services Management System April 28, 2016 Contact Point Marshall Nolan Border Enforcement and Management Systems Division Office of Information Technology U.S. Customs & Border Protection

More information

Facial Recognition Data Collection Project

Facial Recognition Data Collection Project Update for the Facial Recognition Data Collection Project DHS/S&T STIDP/PIA-008(c) September 16, 2013 Contact Point Patricia Wolfhope Resilient Systems Division Science and Technology Directorate 202-254-5790

More information

Credit Union Code for the Protection of Personal Information

Credit Union Code for the Protection of Personal Information Introduction Canada is part of a global economy based on the creation, processing, and exchange of information. The technology underlying the information economy provides a number of benefits that improve

More information

Credit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information

Credit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information Credit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information INTRODUCTION Privacy legislation establishes legal privacy rights for individuals and sets enforceable

More information

PRIVACY POLICY. To start, it is important for you to know two definitions that are key to understanding our programs and privacy practices:

PRIVACY POLICY. To start, it is important for you to know two definitions that are key to understanding our programs and privacy practices: PRIVACY POLICY At Brand Loyalty International B.V., or any of its subsidiaries or affiliates, including IceMobile, Merison and Edison companies, all Companies (, we, us, or our ), we advise on, implement,

More information

Binding Corporate Rules ( BCR ) Summary of Third Party Rights

Binding Corporate Rules ( BCR ) Summary of Third Party Rights Binding Corporate Rules ( BCR ) Summary of Third Party Rights This document contains in its Sections 3 9 all provision of the Binding Corporate Rules (BCR) for Siemens Group Companies and Other Adopting

More information

Code of Conduct. Corporate Data Protection. We make ICT strategies work

Code of Conduct. Corporate Data Protection. We make ICT strategies work Corporate Data Protection Code of Conduct for the Protection of the Individual s Right to Privacy in the Handling of Personal Data within the Deutsche Telekom Group 2010 / 04 We make ICT strategies work

More information

Information Security Framework Privacy Shield Policy

Information Security Framework Privacy Shield Policy Clinical Computing Inc. Information Security Framework Privacy Shield Policy Date of Release: 30 th September 2016 Document Reference: DOC-0141 Author Company/Job Title Sign / Date Tim Brennan Operations

More information

NIST Coordination and Acceleration of Smart Grid Standards. Tom Nelson National Institute of Standards and Technology 8 December, 2010

NIST Coordination and Acceleration of Smart Grid Standards. Tom Nelson National Institute of Standards and Technology 8 December, 2010 NIST Coordination and Acceleration of Smart Grid Standards Tom Nelson National Institute of Standards and Technology 8 December, 2010 The Electric Grid One of the largest, most complex infrastructures

More information

Best Practices for. Protecting Privacy, Civil Rights & Civil Liberties. Unmanned Aircraft Systems Programs

Best Practices for. Protecting Privacy, Civil Rights & Civil Liberties. Unmanned Aircraft Systems Programs U.S. Department of Homeland Security Best Practices for Protecting Privacy, Civil Rights & Civil Liberties In Unmanned Aircraft Systems Programs U.S. Department of Homeland Security Privacy, Civil Rights

More information

IAPP Global Privacy Summit Protecting Privacy Under the Cybersecurity Microscope

IAPP Global Privacy Summit Protecting Privacy Under the Cybersecurity Microscope IAPP Global Privacy Summit Protecting Privacy Under the Cybersecurity Microscope March 6, 2014 Victoria King UPS (404) 828-6550 vking@ups.com Lisa J. Sotto Hunton & Williams LLP (212) 309-1223 lsotto@hunton.com

More information

Acquia Comments on EU Recommendations for Data Processing in the Cloud

Acquia Comments on EU Recommendations for Data Processing in the Cloud Acquia Comments on EU Recommendations for Data Processing in the Cloud Executive Summary On July 1, 2012, European Union (EU) data protection regulators provided guidelines for service providers processing

More information

Applying Privacy by Design Best Practices to SDG&E s Smart Pricing Program

Applying Privacy by Design Best Practices to SDG&E s Smart Pricing Program Applying Privacy by Design Best Practices to SDG&E s Smart Pricing Program Ann Cavoukian, Ph.D. Information and Privacy Commissioner Ontario, Canada Caroline Winn Vice President, Customer Services Chief

More information

CIHI Submission: 2011 Prescribed Entity Review

CIHI Submission: 2011 Prescribed Entity Review pic pic CIHI Submission: 2011 Prescribed Entity Review October 2011 Who We Are Established in 1994, CIHI is an independent, not-for-profit corporation that provides essential information on Canada s health

More information

Cloud Computing and Privacy Laws! 17.7. 22.7. 2011 Prof. Dr. Thomas Fetzer, LL.M. Technische Universität Dresden Law School

Cloud Computing and Privacy Laws! 17.7. 22.7. 2011 Prof. Dr. Thomas Fetzer, LL.M. Technische Universität Dresden Law School DEUTSCH-FRANZÖSISCHE SOMMERUNIVERSITÄT! FÜR NACHWUCHSWISSENSCHAFTLER 2011! CLOUD COMPUTING : HERAUSFORDERUNGEN UND MÖGLICHKEITEN UNIVERSITÉ DʼÉTÉ FRANCO-ALLEMANDE POUR JEUNES CHERCHEURS 2011! CLOUD COMPUTING

More information

PRIVACY AND DATA SECURITY MODULE

PRIVACY AND DATA SECURITY MODULE "This project has been funded under the fourth AAL call, AAL-2011-4. This publication [communication] reflects the views only of the author, and the Commission cannot be held responsible for any use which

More information

Stakeholder Engagement Initiative: Customer Relationship Management

Stakeholder Engagement Initiative: Customer Relationship Management for the Stakeholder Engagement Initiative: December 10, 2009 Contact Point Christine Campigotto Private Sector Office Policy 202-612-1623 Reviewing Official Mary Ellen Callahan Chief Privacy Officer Department

More information

Cyberprivacy and Cybersecurity for Health Data

Cyberprivacy and Cybersecurity for Health Data Experience the commitment Cyberprivacy and Cybersecurity for Health Data Building confidence in health systems Providing better health care quality at lower cost will be the key aim of all health economies

More information

Privacy by Design The 7 Foundational Principles Implementation and Mapping of Fair Information Practices

Privacy by Design The 7 Foundational Principles Implementation and Mapping of Fair Information Practices Privacy by Design The 7 Foundational Principles Implementation and Mapping of Fair Information Practices Ann Cavoukian, Ph.D. Information & Privacy Commissioner, Ontario, Canada Purpose: This document

More information

Guidelines on Data Protection. Draft. Version 3.1. Published by

Guidelines on Data Protection. Draft. Version 3.1. Published by Guidelines on Data Protection Draft Version 3.1 Published by National Information Technology Development Agency (NITDA) September 2013 Table of Contents Section One... 2 1.1 Preamble... 2 1.2 Authority...

More information

PROTECTION OF PERSONAL INFORMATION

PROTECTION OF PERSONAL INFORMATION PROTECTION OF PERSONAL INFORMATION Definitions Privacy Officer - The person within the Goderich Community Credit Union Limited (GCCU) who is responsible for ensuring compliance with privacy obligations,

More information

GSK Public policy positions

GSK Public policy positions Safeguarding Personally Identifiable Information A Summary of GSK s Binding Corporate Rules The Issue The processing of Personally Identifiable Information (PII) 1 and Sensitive Personally Identifiable

More information

(a) the kind of data and the harm that could result if any of those things should occur;

(a) the kind of data and the harm that could result if any of those things should occur; Cloud Computing This information leaflet aims to advise organisations on the factors they should take into account in considering engaging cloud computing. It explains the relevance of the Personal Data

More information

February 17, 2011. Federal Trade Commission 600 Pennsylvania Avenue, NW Washington, DC 20580

February 17, 2011. Federal Trade Commission 600 Pennsylvania Avenue, NW Washington, DC 20580 February 17, 2011 Federal Trade Commission 600 Pennsylvania Avenue, NW Washington, DC 20580 Re: A Preliminary FTC Staff Report on Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework

More information

The 7 Foundational Principles. Implementation and Mapping of Fair Information Practices. Ann Cavoukian, Ph.D.

The 7 Foundational Principles. Implementation and Mapping of Fair Information Practices. Ann Cavoukian, Ph.D. Privacy by Design The 7 Foundational Principles Implementation and Mapping of Fair Information Practices Ann Cavoukian, Ph.D. Information & Privacy Commissioner Ontario, Canada Purpose: This document provides

More information

Information Technology - Switzerland

Information Technology - Switzerland Newsletters Law Directory Deals News Subscribe Home Information Technology - Switzerland Data Protection - Key Issues Contributed by Homburger December 2 2003 Introduction No Free Flow of Data within a

More information

How to Monitor Employee Web Browsing and Email Legally

How to Monitor Employee Web Browsing and Email Legally WHITEPAPER: HOW TO MONITOR EMPLOYEE WEB BROWSING AND EMAIL LEGALLY How to Monitor Employee Web Browsing and Email Legally ABSTRACT The Internet and email are indispensable resources in today s business

More information

Privacy Impact Assessment

Privacy Impact Assessment AUGUST 16, 2013 Privacy Impact Assessment CIVIL PENALTY FUND AND BUREAU-ADMINISTERED REDRESS PROGRAM Contact Point: Claire Stapleton Chief Privacy Officer 1700 G Street, NW Washington, DC 20552 202-435-7220

More information

Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries

Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries Sopra HR Software as a Data Processor Sopra HR Software, 2014 / Ref. : 20141120-101114-m 1/32 1.

More information

AlixPartners, LLP. General Data Protection Statement

AlixPartners, LLP. General Data Protection Statement AlixPartners, LLP General Data Protection Statement GENERAL DATA PROTECTION STATEMENT 1. INTRODUCTION 1.1 AlixPartners, LLP ( AlixPartners ) is committed to fulfilling its obligations under the data protection

More information

Business Associate Agreement

Business Associate Agreement Business Associate Agreement This Business Associate Agreement (the Agreement ) is made by and between Business Associate, [Name of Business Associate], and Covered Entity, The Connecticut Center for Health,

More information

DHS SharePoint and Collaboration Sites

DHS SharePoint and Collaboration Sites for the March 22, 2011 Robert Morningstar Information Systems Security Manager DHS Office of the Chief Information Officer/Enterprise Service Delivery Office (202) 447-0467 Reviewing Official Mary Ellen

More information

CW Government Travel Inc. Data Protection and Privacy Policy

CW Government Travel Inc. Data Protection and Privacy Policy CW Government Travel Inc. Data Protection and Privacy Policy Last updated 25 August 2014 Why do we collect personal data? This Data Protection and Privacy Policy explains how CW Government Travel, Inc.,

More information

Privacy Impact Assessment

Privacy Impact Assessment Technology, Planning, Architecture, & E-Government Version: 1.1 Date: April 14, 2011 Prepared for: USDA OCIO TPA&E Privacy Impact Assessment for the April 14, 2011 Contact Point Charles McClam Deputy Chief

More information

Article 29 Working Party Issues Opinion on Cloud Computing

Article 29 Working Party Issues Opinion on Cloud Computing Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,

More information

AIRBUS GROUP BINDING CORPORATE RULES

AIRBUS GROUP BINDING CORPORATE RULES 1 AIRBUS GROUP BINDING CORPORATE RULES 2 Introduction The Binding Corporate Rules (hereinafter BCRs ) of the Airbus Group finalize the Airbus Group s provisions on the protection of Personal Data. These

More information

Before the Department of Energy Washington, D.C. 20585 ) ) ) ) ) ) NBP RFI: Data Access, Third Party Use, and Privacy

Before the Department of Energy Washington, D.C. 20585 ) ) ) ) ) ) NBP RFI: Data Access, Third Party Use, and Privacy Before the Department of Energy Washington, D.C. 20585 In the Matter of Implementing the National Broadband Plan by Empowering Consumers and the Smart Grid: Data Access, Third Party Use, and Privacy )

More information

THE PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT (PIPEDA) PERSONAL INFORMATION POLICY & PROCEDURE HANDBOOK

THE PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT (PIPEDA) PERSONAL INFORMATION POLICY & PROCEDURE HANDBOOK THE PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT (PIPEDA) PERSONAL INFORMATION POLICY & PROCEDURE HANDBOOK REVISED August 2004 PERSONAL INFORMATION POLICY & PROCEDURE HANDBOOK Introduction

More information

Merthyr Tydfil County Borough Council. Data Protection Policy

Merthyr Tydfil County Borough Council. Data Protection Policy Merthyr Tydfil County Borough Council Data Protection Policy 2014 Cyfarthfa High School is a Rights Respecting School, we recognise the importance of ensuring that the United Nations Convention of the

More information

National Association of Pharmacy Regulatory Authority s Privacy Policy for Pharmacists' Gateway Canada

National Association of Pharmacy Regulatory Authority s Privacy Policy for Pharmacists' Gateway Canada Introduction National Association of Pharmacy Regulatory Authority s Privacy Policy for Pharmacists' Gateway Canada This Privacy Policy describes the manner in which the National Association of Pharmacy

More information

Gaming System Monitoring and Analysis Effort

Gaming System Monitoring and Analysis Effort for the Gaming System Monitoring and Analysis Effort DHS/S&T/PIA-025 October 11, 2012 Contact Point Douglas Maughan DHS S&T Cyber Security Division 202-254-6145 Reviewing Official Jonathan R. Cantor Acting

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (the "Agreement") is made and entered into this day of,, by and between Quicktate and idictate ("Business Associate") and ("Covered Entity").

More information

Corporate Policy. Data Protection for Data of Customers & Partners.

Corporate Policy. Data Protection for Data of Customers & Partners. Corporate Policy. Data Protection for Data of Customers & Partners. 02 Preamble Ladies and gentlemen, Dear employees, The electronic processing of virtually all sales procedures, globalization and growing

More information

Privacy Policy for Data Collected by Blue State Digital s Clients

Privacy Policy for Data Collected by Blue State Digital s Clients Privacy Policy for Data Collected by Blue State Digital s Clients Blue State Digital LLC. ("Blue State Digital", BSD or "we") provides various services to nonprofits and business entities ("Clients"),

More information

An Executive Overview of GAPP. Generally Accepted Privacy Principles

An Executive Overview of GAPP. Generally Accepted Privacy Principles An Executive Overview of GAPP Generally Accepted Privacy Principles Current Environment One of today s key business imperatives is maintaining the privacy of your customers personal information. As business

More information

BHF Southern African Conference

BHF Southern African Conference BHF Southern African Conference Navigating the complexities of the new legislative framework Peter Hill, Director: IT Governance Network TOPICS TO BE COVERED The practical implementation of the PPI Act

More information

Cell All Demonstration

Cell All Demonstration for the Cell All Demonstration March 2, 2011 Contact Point Stephen Dennis HSARPA Technical Director (202) 254-5788 Reviewing Official Mary Ellen Callahan Chief Privacy Officer Department of Homeland Security

More information

12/4/2013. Regulatory Updates. Eric M. Wright, CPA, CITP. Schneider Downs & Co., Inc. December 5, 2013

12/4/2013. Regulatory Updates. Eric M. Wright, CPA, CITP. Schneider Downs & Co., Inc. December 5, 2013 Regulatory Updates Eric M. Wright, CPA, CITP Schneider Downs & Co., Inc. December 5, 2013 Eric M. Wright, CPA, CITP Eric has been involved with Information Technology with Schneider Downs since 1983. He

More information

United States Visitor and Immigrant Status Indicator Technology Program (US-VISIT)

United States Visitor and Immigrant Status Indicator Technology Program (US-VISIT) for the Conversion to 10-Fingerprint Collection for the United States Visitor and Immigrant Status Indicator Technology Program (US-VISIT) November 15, 2007 Contact Point Barbara M. Harrison, Acting Privacy

More information

The Bureau of the Fiscal Service. Privacy Impact Assessment

The Bureau of the Fiscal Service. Privacy Impact Assessment The Bureau of the Fiscal Service Privacy Impact Assessment The mission of the Bureau of the Fiscal Service (Fiscal Service) is to promote the financial integrity and operational efficiency of the federal

More information

Cloud Computing: Legal Risks and Best Practices

Cloud Computing: Legal Risks and Best Practices Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent

More information

Ausgrid Privacy Policy

Ausgrid Privacy Policy Ausgrid Privacy Policy Ausgrid is responsible for the safe and reliable supply of electricity to homes and businesses throughout Sydney, the Hunter and the Central Coast. Its network is made up of more

More information

SUBJECT: VOYAGEUR TRANSPORTATION CORPORATE POLICIES/PROCEDURES TITLE: PRIVACY OF PERSONAL HEALTH INFORMATION

SUBJECT: VOYAGEUR TRANSPORTATION CORPORATE POLICIES/PROCEDURES TITLE: PRIVACY OF PERSONAL HEALTH INFORMATION SUBJECT: VOYAGEUR PAGE 1 1.0 PURPOSE: 1.1 To establish and document a policy which defines Voyageur s commitment to the protection of an individual s personal health information in the course of providing

More information

Information Governance Framework. June 2015

Information Governance Framework. June 2015 Information Governance Framework June 2015 Information Security Framework Janice McNay June 2015 1 Company Thirteen Group Lead Manager Janice McNay Date of Final Draft and Version Number June 2015 Review

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement ("BA AGREEMENT") supplements and is made a part of any and all agreements entered into by and between The Regents of the University

More information

OSRAM BCR Binding Corporate Rules ( BCR ) for OSRAM Group Companies and Adopting Companies for the protection of personal data

OSRAM BCR Binding Corporate Rules ( BCR ) for OSRAM Group Companies and Adopting Companies for the protection of personal data OSRAM BCR Binding Corporate Rules ( BCR ) for OSRAM Group Companies and Adopting Companies for the protection of personal data Terms Adopting company an OSRAM associated company in Germany or overseas

More information

Privacy Impact Assessment (PIA)

Privacy Impact Assessment (PIA) Privacy Impact Assessment () Farm Service Agency Customer Name/Address Systems (CN/AS) Customer Name/Address (CN/A) Revised: November 09, 2012 Template Version: FSA--2011-08-19-A Customer Name/Address

More information

New system Significant modification to an existing system To update existing PIA for a triennial security reauthorization

New system Significant modification to an existing system To update existing PIA for a triennial security reauthorization 1. Contact Information Department of State Privacy Coordinator Margaret P. Grafeld Bureau of Administration Global Information Services Office of Information Programs and Services 2. System Information

More information

White Paper on Financial Institution Vendor Management

White Paper on Financial Institution Vendor Management White Paper on Financial Institution Vendor Management Virtually every organization in the modern economy relies to some extent on third-party vendors that facilitate business operations in a wide variety

More information

DATA PROTECTION ACT 2002 The Basics

DATA PROTECTION ACT 2002 The Basics DATA PROTECTION ACT 2002 The Basics Purpose of the Act Balance the rights of an individual with an organisation s legitimate need to process personal data Promote openness and transparency Establish and

More information

National Examination Risk Alert

National Examination Risk Alert National Examination Risk Alert By the Office of Compliance Inspections and Examinations 1 In this Alert: Topic: Observations related to the use of social media by registered investment advisers. Key Takeaways:

More information

Privacy Impact Assessment

Privacy Impact Assessment M AY 2, 2013 Privacy Impact Assessment CFPB BUSINESS INTELLIGENCE TOOL Contact Point: Claire Stapleton Chief Privacy Officer 1700 G Street, NW Washington, DC 20552 202-435-7220 claire.stapleton@cfpb.gov

More information

ISO/RTO Council Comments on National Institute of Standards and Technology Proposed Smart Grid Interoperability Standards

ISO/RTO Council Comments on National Institute of Standards and Technology Proposed Smart Grid Interoperability Standards ISO/RTO Council Comments on National Institute of Standards and Technology Proposed Smart Grid Interoperability Standards Pursuant to the Notice posted in the Federal Register on June 9, 2009, the ISO/RTO

More information

E-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY

E-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY E-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY Oana Dolea 7 th Annual Leg@l.IT Conference March 26th, 2013 Montreal, Canada INTRODUCTION Mobile e-commerce vs. E-commerce Mobile e-commerce:

More information

Abilities Centre collects personal information for the following purposes:

Abilities Centre collects personal information for the following purposes: Privacy Policy Accountability Abilities Centre is responsible for your personal information under its control. We have appointed a Privacy Officer who is accountable for our compliance with this Privacy

More information

COMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER THE FEDERAL TRADE COMMISSION. In the Matter of Myspace, LLC. FTC File No. 102 3058.

COMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER THE FEDERAL TRADE COMMISSION. In the Matter of Myspace, LLC. FTC File No. 102 3058. COMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER to THE FEDERAL TRADE COMMISSION In the Matter of Myspace, LLC FTC File No. 102 3058 June 8, 2012 By notice published on May 14, 2012, the Federal Trade

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY DATA PROTECTION POLICY DATA PROTECTION POLICY Document Control Information Title Data Protection Policy Version V1.0 Author Diana Watt Date Approved 21 February 2013 Review Date Annually, on the anniversary

More information

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS Mat Wright www.britishcouncil.org CONTENTS Purpose of the code 1 Scope of the code 1 The British Council s data protection commitment and

More information

Data Protection for the Guidance Counsellor. Issues To Plan For

Data Protection for the Guidance Counsellor. Issues To Plan For Data Protection for the Guidance Counsellor Issues To Plan For Author: Hugh Jones Data Protection Specialist Longstone Management Ltd. Published by the National Centre for Guidance in Education (NCGE)

More information

Privacy Impact Assessment

Privacy Impact Assessment MAY 24, 2012 Privacy Impact Assessment matters management system Contact Point: Claire Stapleton Chief Privacy Officer 1700 G Street, NW Washington, DC 20552 202-435-7220 claire.stapleton@cfpb.gov DOCUMENT

More information

Data protection compliance checklist

Data protection compliance checklist Data protection compliance checklist What is this checklist for? This checklist is drawn up on the basis of analysis of the relevant provisions of European law. Although European law aims at harmonizing

More information

PII Compliance Guidelines

PII Compliance Guidelines Personally Identifiable Information (PII): Individually identifiable information from or about an individual customer including, but not limited to: (a) a first and last name or first initial and last

More information

SCHNEIDER ELECTRIC SMART GRID LABORATORY

SCHNEIDER ELECTRIC SMART GRID LABORATORY Now Open for Collaboration! SCHNEIDER ELECTRIC SMART GRID LABORATORY Test your products, demonstrate solutions and train with us WHAT IS THE SCHNEIDER ELECTRIC SMART GRID LABORATORY? Located in the Centre

More information

University of Limerick Data Protection Compliance Regulations June 2015

University of Limerick Data Protection Compliance Regulations June 2015 University of Limerick Data Protection Compliance Regulations June 2015 1. Purpose of Data Protection Compliance Regulations 1.1 The purpose of these Compliance Regulations is to assist University of Limerick

More information

Proposal of regulation Com 2012 11/4 Directive 95/46/EC Conclusion

Proposal of regulation Com 2012 11/4 Directive 95/46/EC Conclusion Page 1 sur 155 Proposal of regulation Com 2012 11/4 Directive 95/46/EC Conclusion Legal nature of the instrument Règlement Directive Directly applicable act in internal law 91 articles 34 articles Art.

More information

Smart Metering Implementation Programme: Data Privacy and Security

Smart Metering Implementation Programme: Data Privacy and Security Smart Metering Implementation Programme: Data Privacy and Security Document type: Supporting Document Ref: 94e/10 Date of publication: 27 July 2010 Deadline for response: 28 October 2010 Target audience:

More information

Department of the Interior Privacy Impact Assessment

Department of the Interior Privacy Impact Assessment Department of the Interior August 15, 2014 Name of Project: email Enterprise Records and Document Management System (eerdms) Bureau: Office of the Secretary Project s Unique ID: Not Applicable A. CONTACT

More information

Multi-Jurisdictional Study: Cloud Computing Legal Requirements. Julien Debussche Associate January 2015

Multi-Jurisdictional Study: Cloud Computing Legal Requirements. Julien Debussche Associate January 2015 Multi-Jurisdictional Study: Cloud Computing Legal Requirements Julien Debussche Associate January 2015 Content 1. General Legal Framework 2. Data Protection Legal Framework 3. Security Requirements 4.

More information

Accountability: Data Governance for the Evolving Digital Marketplace 1

Accountability: Data Governance for the Evolving Digital Marketplace 1 Accountability: Data Governance for the Evolving Digital Marketplace 1 1 For the past three years, the Centre for Information Policy Leadership at Hunton & Williams LLP has served as secretariat for the

More information

Canine Website System (CWS System) DHS/TSA/PIA-036 January 13, 2012

Canine Website System (CWS System) DHS/TSA/PIA-036 January 13, 2012 for the (CWS System) DHS/TSA/PIA-036 January 13, 2012 Contact Point Carolyn Y. Dorgham Program Manager, National Explosives Detection Canine Team Program Carolyn.Dorgham@dhs.gov Reviewing Official Mary

More information

April 28, 2014. Ms. Hada Flowers Regulatory Secretariat Division General Services Administration 1800 F Street, NW, 2 nd Floor Washington, DC

April 28, 2014. Ms. Hada Flowers Regulatory Secretariat Division General Services Administration 1800 F Street, NW, 2 nd Floor Washington, DC April 28, 2014 Ms. Hada Flowers Regulatory Secretariat Division General Services Administration 1800 F Street, NW, 2 nd Floor Washington, DC RE: Information Technology Sector Coordinating Council (IT SCC)

More information

NORTHWESTEL CODE OF FAIR INFORMATION PRACTICES. Effective January 1, 2001

NORTHWESTEL CODE OF FAIR INFORMATION PRACTICES. Effective January 1, 2001 NORTHWESTEL CODE OF FAIR INFORMATION PRACTICES Effective January 1, 2001 The Northwestel Code of Fair Practices complies fully with the Personal Protection and Electronic Documents Act and incorporates

More information

Department of Homeland Security Web Portals

Department of Homeland Security Web Portals for the Department of Homeland Security Web Portals June 15, 2009 Contact Point Mary Ellen Callahan Chief Privacy Officer Department of Homeland Security (703) 235-0780 Page 2 Abstract Many Department

More information

RPM INTERNATIONAL INC. AND ITS SUBSIDIARIES AND OPERATING COMPANIES SAFE HARBOR PRIVACY NOTICE. EFFECTIVE AS OF: August 12, 2015

RPM INTERNATIONAL INC. AND ITS SUBSIDIARIES AND OPERATING COMPANIES SAFE HARBOR PRIVACY NOTICE. EFFECTIVE AS OF: August 12, 2015 RPM INTERNATIONAL INC. AND ITS SUBSIDIARIES AND OPERATING COMPANIES SAFE HARBOR PRIVACY NOTICE EFFECTIVE AS OF: August 12, 2015 This Notice sets forth the principles followed by RPM International Inc.,

More information

Personal Information Protection and Electronic Documents Act (PIPEDA)

Personal Information Protection and Electronic Documents Act (PIPEDA) Introduction Personal Information Protection and Electronic Documents Act (PIPEDA) Policy and The Insurance Brokers Association of Alberta is committed to respect the privacy rights of individuals by ensuring

More information

HIPAA Business Associate Contract. Definitions

HIPAA Business Associate Contract. Definitions HIPAA Business Associate Contract Definitions Terms used, but not otherwise defined, in this Agreement shall have the same meaning as those terms in the Privacy Rule. Examples of specific definitions:

More information

SCHEDULE "C" to the MEMORANDUM OF UNDERSTANDING BETWEEN ALBERTA HEALTH SERVICES AND THE ALBERTA MEDICAL ASSOCIATION (CMA ALBERTA DIVISION)

SCHEDULE C to the MEMORANDUM OF UNDERSTANDING BETWEEN ALBERTA HEALTH SERVICES AND THE ALBERTA MEDICAL ASSOCIATION (CMA ALBERTA DIVISION) SCHEDULE "C" to the MEMORANDUM OF UNDERSTANDING BETWEEN ALBERTA HEALTH SERVICES AND THE ALBERTA MEDICAL ASSOCIATION (CMA ALBERTA DIVISION) ELECTRONIC MEDICAL RECORD INFORMATION EXCHANGE PROTOCOL (AHS AND

More information

STATEMENT OF PATRICIA HOFFMAN ACTING ASSISTANT SECRETARY FOR ELECTRICITY DELIVERY AND ENERGY RELIABILITY U.S. DEPARTMENT OF ENERGY BEFORE THE

STATEMENT OF PATRICIA HOFFMAN ACTING ASSISTANT SECRETARY FOR ELECTRICITY DELIVERY AND ENERGY RELIABILITY U.S. DEPARTMENT OF ENERGY BEFORE THE STATEMENT OF PATRICIA HOFFMAN ACTING ASSISTANT SECRETARY FOR ELECTRICITY DELIVERY AND ENERGY RELIABILITY U.S. DEPARTMENT OF ENERGY BEFORE THE COMMITTEE ON ENERGY AND NATURAL RESOURCES UNITED STATES SENATE

More information