what can we do with botnet data?

Size: px
Start display at page:

Download "what can we do with botnet data?"

Transcription

1 what can we do with botnet data? prof.dr. Ronald Leenes TILT - Tilburg Institute for Law, Technology, and Society

2 background SURFnet (Dutch NREN) was offered 700 GB of data obtained from a C&C server (Pobelka net) by Digital Investigation (private entity) passing the hot potato law enforcement declined, SURFnet hessitated What can we legally do with the data (if at all)?

3 expert opinions perspectives criminal law is SURFnet criminally liable for handling illegally obtained data? privacy / data protection perspective

4 privacy botnet data contains IP addresses GET/POST data usernames/passwords, (bank) account data, content of communication, sensitive/embarassing/dangerous none of SURFnet s concern, stay off

5 but, people get harmed by botnets processing the data obtained allows warning potential victims the greater good

6 data protection analysis not an ethical analysis yet, gut feeling botnet data is personal data hence, data protection framework applies

7 fairness rinciples fair and lawful processing finality for specific and legitimate purposes proportionality adequate, relevant and non excessive transparency inform data subject

8 unambigiously given consent art. 7 legi necessary for performance of contract legal obligation vital interest of data subject public interest legitimate interest of controller

9 unambigiously given consent art. 7 legi necessary for performance of contract legal obligation vital interest of data subject public interest legitimate interest of controller

10 legitmate interest art 7 f ) DPD processing is necessary for the purposes of the legitimate interests pursued by the controller [or by the third party or parties to whom the data are disclosed], except where such interests are overridden by the interests for fundamental rights and freedoms of the data subject which require protection under Article 1 (1).

11 art 7 balance legitimate interest sees to daily operations of data processor but extends to support activities e.g. fraud detection SURFnet: network security fundamental rights interests data subject privacy security

12 The processing of traffic data to the extent strictly necessary for the purposes of ensuring network and information security, i.e. the ability of a network or an information system to resist, at a given level of confidence, accidental events or unlawful or malicious actions that compromise the availability, authenticity, integrity and confidentiality of stored or transmitted data, and the security of the related services offered by, or accessible via, these networks and systems, by providers of security technologies and services when acting as data controllers is subject to Article 7(f ) of Directive 95/46/ EC. This could, for example, include preventing unauthorised access to electronic communications networks and malicious code distribution and stopping denial of service attacks and damage to computer and electronic communication systems. Directive 2009/136/EC - recital 53

13 back to ethics what to do with the data? process whose data: SURFnet clients/others who to inform: SURFnet/others ISP s clients/ service providers inform how: next slide moral obligation to inform other ISPs? how to handle data: encryption, data minimisation

14 Geachte Welling, u bent mogelijk slachtoffer van een botnet (bekend onder de naam BadBo ). Er zijn gegevens aangetroffen in de op het botnet buitgemaakte gegevens die betrekking hebben op communicatie tussen IP-adres , dat volgens onze gegevens op 6 mei 2013 om 14:23 door u in gebruik was, en de Rabobank.

15 Geachte Rabobank, u bent mogelijk slachtoffer van een botnet (bekend onder de naam BadBo ). Er zijn gegevens aangetroffen in de op het botnet buitgemaakte gegevens die betrekking hebben op communicatie van één van onze medewerkers/studenten met de Rabobank vanaf een computer met IP-adres op 6 mei 2013 om 14:23.

16 food for thought relation between (ethical) values and legally enshrined (fundamental) rights good life vs list of values (e.g EU charter) relation between ethics and law in general

17 thanks.

legal & ethical data sharing prof.dr. Ronald Leenes r.e.leenes@uvt.nl TILT - Tilburg Institute for Law, Technology, and Society

legal & ethical data sharing prof.dr. Ronald Leenes r.e.leenes@uvt.nl TILT - Tilburg Institute for Law, Technology, and Society legal & ethical data sharing prof.dr. Ronald Leenes r.e.leenes@uvt.nl TILT - Tilburg Institute for Law, Technology, and Society overview the problem revisited secondary use data protection regulation Data

More information

Legal Aspects of the MonIKA-Project - Privacy meets Cybersecurity

Legal Aspects of the MonIKA-Project - Privacy meets Cybersecurity Legal Aspects of the MonIKA-Project - Privacy meets Cybersecurity Sebastian Meissner Security Incident Information Sharing Workshop Berlin, 26.07.2013 Introduction Opening question Privacy & cybersecurity:

More information

PRIVACY AND DATA SECURITY MODULE

PRIVACY AND DATA SECURITY MODULE "This project has been funded under the fourth AAL call, AAL-2011-4. This publication [communication] reflects the views only of the author, and the Commission cannot be held responsible for any use which

More information

Online Security, Traffic Data and IP Addresses. Review of the Regulatory Framework for Electronic Communications

Online Security, Traffic Data and IP Addresses. Review of the Regulatory Framework for Electronic Communications Brussels, October 8 th 2008 Online Security, Traffic Data and IP Addresses Review of the Regulatory Framework for Electronic Communications Francisco Mingorance Senior Director Government Affairs franciscom@bsa.org

More information

The potential legal consequences of a personal data breach

The potential legal consequences of a personal data breach The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.

More information

Data Protection. Processing and Transfer of Personal Data in Kvaerner. Binding Corporate Rules Public Document

Data Protection. Processing and Transfer of Personal Data in Kvaerner. Binding Corporate Rules Public Document Data Protection Processing and Transfer of Personal Data in Kvaerner Binding Corporate Rules Public Document 1 of 19 1 / 19 Table of contents 1 Introduction... 4 1.1 Scope... 4 1.2 Definitions... 4 1.2.1

More information

Welcome to our job search and application platform (the Platform ). Please read our Legal Terms (which includes our Privacy Policy) carefully.

Welcome to our job search and application platform (the Platform ). Please read our Legal Terms (which includes our Privacy Policy) carefully. LEGAL TERMS AND PRIVACY POLICY Welcome to our job search and application platform (the Platform ). Please read our Legal Terms (which includes our Privacy Policy) carefully. The Platform is accessible

More information

Council of the European Union Brussels, 15 January 2015 (OR. en) NOTE German delegation Working Party on Information Exchange and Data Protection

Council of the European Union Brussels, 15 January 2015 (OR. en) NOTE German delegation Working Party on Information Exchange and Data Protection Council of the European Union Brussels, 15 January 2015 (OR. en) Interinstitutional File: 2012/0011 (COD) 14705/1/14 REV 1 LIMITE DATAPROTECT 146 JAI 802 MI 805 DRS 135 DAPIX 150 FREMP 178 COMIX 568 CODEC

More information

Incident Response and Data Protection

Incident Response and Data Protection Incident Response and Data Protection Document Version: 02 Date: September 2011 Author: Andrew Cormack (JANET(UK)) Abstract This paper discusses how the use of information by Computer Security Incident

More information

Practical Overview on responsibilities of Data Protection Officers. Security measures

Practical Overview on responsibilities of Data Protection Officers. Security measures Practical Overview on responsibilities of Data Protection Officers Security measures Manuel Villaseca Spanish Data Protection Agency mvl@agpd.es Security measures Agenda: The rol of DPO on security measures

More information

Data Protection Breach Management Policy

Data Protection Breach Management Policy Data Protection Breach Management Policy Please check the HSE intranet for the most up to date version of this policy http://hsenet.hse.ie/hse_central/commercial_and_support_services/ict/policies_and_procedures/policies/

More information

GLOBAL BUSINESS DIALOGUE ON ELECTRONIC COMMERCE CYBER SECURITY AND CYBER CRIME SEPTEMBER 26, 2000. CEO EDS Corporation

GLOBAL BUSINESS DIALOGUE ON ELECTRONIC COMMERCE CYBER SECURITY AND CYBER CRIME SEPTEMBER 26, 2000. CEO EDS Corporation GLOBAL BUSINESS DIALOGUE ON ELECTRONIC COMMERCE CYBER SECURITY AND CYBER CRIME SEPTEMBER 26, 2000 Issue Chair: Issue Sherpa: Dick Brown CEO EDS Corporation Bill Poulos EDS Corporation Tel: (202) 637-6708

More information

Information Technology Acceptable Use Policy

Information Technology Acceptable Use Policy Information Technology Acceptable Use Policy Overview The information technology resources of Providence College are owned and maintained by Providence College. Use of this technology is a privilege, not

More information

Declaration of Internet Rights Preamble

Declaration of Internet Rights Preamble Declaration of Internet Rights Preamble The Internet has played a decisive role in redefining public and private space, structuring relationships between people and between people and institutions. It

More information

Assuring the Cloud. Hans Bootsma Deloitte Risk Services hbootsma@deloitte.nl +31 (0)6 1098 0182

Assuring the Cloud. Hans Bootsma Deloitte Risk Services hbootsma@deloitte.nl +31 (0)6 1098 0182 Assuring the Cloud Hans Bootsma Deloitte Risk Services hbootsma@deloitte.nl +31 (0)6 1098 0182 Need for Assurance in Cloud Computing Demand Fast go to market Support innovation Lower costs Access everywhere

More information

Comments and proposals on the Chapter II of the General Data Protection Regulation

Comments and proposals on the Chapter II of the General Data Protection Regulation Comments and proposals on the Chapter II of the General Data Protection Regulation Ahead of the trialogue negotiations in September, EDRi, Access, Panoptykon Bits of Freedom, FIPR and Privacy International

More information

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS Mat Wright www.britishcouncil.org CONTENTS Purpose of the code 1 Scope of the code 1 The British Council s data protection commitment and

More information

5.5. Penetration Tests. Report of the Auditor General of the Ville de Montréal to the City Council and to the Urban Agglomeration Council

5.5. Penetration Tests. Report of the Auditor General of the Ville de Montréal to the City Council and to the Urban Agglomeration Council Report of the Auditor General of the Ville de Montréal to the City Council and to the Urban Agglomeration Council 5.5 For the Year Ended December 31, 2013 Penetration Tests 5.5. Penetration Tests Table

More information

Inspection of Encrypted HTTPS Traffic

Inspection of Encrypted HTTPS Traffic Technical Note Inspection of Encrypted HTTPS Traffic StoneGate version 5.0 SSL/TLS Inspection T e c h n i c a l N o t e I n s p e c t i o n o f E n c r y p t e d H T T P S T r a f f i c 1 Table of Contents

More information

Privacy and Electronic Communications Regulations

Privacy and Electronic Communications Regulations ICO lo Notification of PECR security breaches Privacy and Electronic Communications Regulations Contents Introduction... 2 Overview... 2 Relevant security breaches... 3 What is a service provider?... 3

More information

Estée Lauder Companies Global Jobs Website Privacy Policy

Estée Lauder Companies Global Jobs Website Privacy Policy Effective Date: August 14, 2014 Estée Lauder Companies Global Jobs Website Privacy Policy The Estée Lauder Companies ( we, us, or our ) respects your concerns about privacy and value the relationship we

More information

Internet Use Policy and Code of Conduct

Internet Use Policy and Code of Conduct Internet Use Policy and Code of Conduct UNIQUE REF NUMBER: AC/IG/023/V1.1 DOCUMENT STATUS: Agreed by Audit Committee 18 July 2013 DATE ISSUED: July 2013 DATE TO BE REVIEWED: July 2014 1 P age AMENDMENT

More information

Citrix Access Gateway: Implementing Enterprise Edition Feature 9.0

Citrix Access Gateway: Implementing Enterprise Edition Feature 9.0 coursemonstercom/uk Citrix Access Gateway: Implementing Enterprise Edition Feature 90 View training dates» Overview Nederlands Deze cursus behandelt informatie die beheerders en andere IT-professionals

More information

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL Title: Computer and Network Security Policy Policy Number: 04.72.12 Effective Date: November 4, 2003 Issuing Authority: Office of the Vice President for

More information

Mega Transparency Report. March 2015. Requests for Removal of Content and for User Information

Mega Transparency Report. March 2015. Requests for Removal of Content and for User Information Mega Transparency Report March 205 Requests for Removal of Content and for User Information Introduction This is the first transparency report published by Mega since it commenced operations in January

More information

Office of the Data Protection Commissioner of The Bahamas. Data Protection (Privacy of Personal Information) Act, 2003. A Guide for Data Controllers

Office of the Data Protection Commissioner of The Bahamas. Data Protection (Privacy of Personal Information) Act, 2003. A Guide for Data Controllers Office of the Data Protection Commissioner of The Bahamas Data Protection (Privacy of Personal Information) Act, 2003 A Guide for Data Controllers 1 Acknowledgement Some of the information contained in

More information

4-column document Net neutrality provisions (including recitals)

4-column document Net neutrality provisions (including recitals) 4-column document Net neutrality provisions (including recitals) [Text for technical discussions. It does not express any position of the Commission or its services] Proposal for a REGULATION OF THE EUROPEAN

More information

Enrollment for Education Solutions Addendum Microsoft Online Services Agreement Amendment 10 EES17 --------------

Enrollment for Education Solutions Addendum Microsoft Online Services Agreement Amendment 10 EES17 -------------- w Microsoft Volume Licensing Enrollment for Education Solutions Addendum Microsoft Online Services Agreement Amendment 10 Enrollment for Education Solutions number Microsoft to complete --------------

More information

Microsoft Online Subscription Agreement/Open Program License Amendment Microsoft Online Services Security Amendment Amendment ID MOS10

Microsoft Online Subscription Agreement/Open Program License Amendment Microsoft Online Services Security Amendment Amendment ID MOS10 Microsoft Online Subscription Agreement/Open Program License Amendment Microsoft Online Services Security Amendment Amendment ID This Microsoft Online Services Security Amendment ( Amendment ) is between

More information

INFORMATION WE MAY COLLECT FROM YOU

INFORMATION WE MAY COLLECT FROM YOU Privacy Policy ABOUT Prolific Academic Ltd. ("We") are committed to protecting and respecting your privacy. This policy (together with our terms of use and any other documents referred to on it) sets out

More information

AlixPartners, LLP. General Data Protection Statement

AlixPartners, LLP. General Data Protection Statement AlixPartners, LLP General Data Protection Statement GENERAL DATA PROTECTION STATEMENT 1. INTRODUCTION 1.1 AlixPartners, LLP ( AlixPartners ) is committed to fulfilling its obligations under the data protection

More information

Virgin Media Business Acceptable Use Policy (Internet)

Virgin Media Business Acceptable Use Policy (Internet) Virgin Media Business Acceptable Use Policy (Internet) 1 Introduction 1.1 This Acceptable Use Policy ( AUP ) specifies actions prohibited by Virgin Media Business to users of the Internet Services (in

More information

Cloud Computing and Privacy Laws! 17.7. 22.7. 2011 Prof. Dr. Thomas Fetzer, LL.M. Technische Universität Dresden Law School

Cloud Computing and Privacy Laws! 17.7. 22.7. 2011 Prof. Dr. Thomas Fetzer, LL.M. Technische Universität Dresden Law School DEUTSCH-FRANZÖSISCHE SOMMERUNIVERSITÄT! FÜR NACHWUCHSWISSENSCHAFTLER 2011! CLOUD COMPUTING : HERAUSFORDERUNGEN UND MÖGLICHKEITEN UNIVERSITÉ DʼÉTÉ FRANCO-ALLEMANDE POUR JEUNES CHERCHEURS 2011! CLOUD COMPUTING

More information

CentralNic Privacy Policy Last Updated: July 31, 2012 Page 1 of 12. CentralNic. Version 1.0. July 31, 2012. https://www.centralnic.

CentralNic Privacy Policy Last Updated: July 31, 2012 Page 1 of 12. CentralNic. Version 1.0. July 31, 2012. https://www.centralnic. CentralNic Privacy Policy Last Updated: July 31, 2012 Page 1 of 12 CentralNic Privacy Policy Version 1.0 July 31, 2012 https://www.centralnic.com/ CentralNic Privacy Policy Last Updated: February 6, 2012

More information

Cablelynx Acceptable Use Policy

Cablelynx Acceptable Use Policy Cablelynx provides a variety of Internet Services (the Services) to both residential and business customers (the Customer). Below, you will find the terms and conditions that you agree to by subscribing

More information

***I DRAFT REPORT. EN United in diversity EN 2012/0011(COD) 17.12.2012

***I DRAFT REPORT. EN United in diversity EN 2012/0011(COD) 17.12.2012 EUROPEAN PARLIAMT 2009-2014 Committee on Civil Liberties, Justice and Home Affairs 17.12.2012 2012/0011(COD) ***I DRAFT REPORT on the proposal for a regulation of the European Parliament and of the Council

More information

Acceptable Use Policy

Acceptable Use Policy Acceptable Use Policy TERMS & CONDITIONS www.tagadab.com INTRODUCTION Tagadab has created this (AUP) for our customers to protect our resources, our customer s resources, and to ensure that Tagadab Ltd

More information

Cloud and Fraud Issues in the context of fraud

Cloud and Fraud Issues in the context of fraud Cloud and Fraud Issues in the context of fraud Data Expert, Intelligence Experience 2013 3 October 2013 Peter Kits, Attorney at Law IP/IT Legal&Regulatory compliance In practice Clients & Providers perspective

More information

Chapter 6: Fundamental Cloud Security

Chapter 6: Fundamental Cloud Security Chapter 6: Fundamental Cloud Security Nora Almezeini MIS Department, CBA, KSU From Cloud Computing by Thomas Erl, Zaigham Mahmood, and Ricardo Puttini(ISBN: 0133387526) Copyright 2013 Arcitura Education,

More information

ECSA EuroCloud Star Audit Data Privacy Audit Guide

ECSA EuroCloud Star Audit Data Privacy Audit Guide ECSA EuroCloud Star Audit Data Privacy Audit Guide Page 1 of 15 Table of contents Introduction... 3 ECSA Data Privacy Rules... 4 Governing Law... 6 Sub processing... 6 A. TOMs: Cloud Service... 7 TOMs:

More information

UNIVERSITY OF ST ANDREWS. EMAIL POLICY November 2005

UNIVERSITY OF ST ANDREWS. EMAIL POLICY November 2005 UNIVERSITY OF ST ANDREWS EMAIL POLICY November 2005 I Introduction 1. Email is an important method of communication for University business, and carries the same weight as paper-based communications. The

More information

General Statement and Verification of Standards

General Statement and Verification of Standards Privacy Statement General Statement and Verification of Standards HealthHighway.com has adopted this privacy statement in order to demonstrate our firm commitment to Provider and Patient privacy. This

More information

1. Computer Security: An Introduction. Definitions Security threats and analysis Types of security controls Security services

1. Computer Security: An Introduction. Definitions Security threats and analysis Types of security controls Security services 1. Computer Security: An Introduction Definitions Security threats and analysis Types of security controls Security services Mar 2012 ICS413 network security 1 1.1 Definitions A computer security system

More information

FRANCE. Chapter XX OVERVIEW

FRANCE. Chapter XX OVERVIEW Chapter XX FRANCE Merav Griguer 1 I OVERVIEW France has an omnibus privacy, data protection and cybersecurity framework law. As a member of the European Union, France has implemented the EU Data Protection

More information

Council of the European Union Brussels, 15 December 2015 (OR. en)

Council of the European Union Brussels, 15 December 2015 (OR. en) Council of the European Union Brussels, 15 December 2015 (OR. en) Interinstitutional File: 2012/0011 (COD) 15039/15 LIMITE DATAPROTECT 229 JAI 976 MI 786 DIGIT 108 DAPIX 235 FREMP 295 COMIX 663 CODEC 1676

More information

ARTICLE 29 Data Protection Working Party

ARTICLE 29 Data Protection Working Party ARTICLE 29 Data Protection Working Party 5401/01/EN/Final WP 55 Working document on the surveillance of electronic communications in the workplace Adopted on 29 May 2002 Comments: * national chapters might

More information

Information Security Risks when going cloud. How to deal with data security: an EU perspective.

Information Security Risks when going cloud. How to deal with data security: an EU perspective. Separating fact from fiction about new software licensing /SaaS/ cloud computing models: advantages, disadvantages and ethical implications. Information Security Risks when going cloud. How to deal with

More information

CHAPTER I GENERAL PROVISIONS

CHAPTER I GENERAL PROVISIONS Proposal for a regulation of the European Parliament and of the Council on the protection of individual with regard to the processing of personal data and on the free movement of such data (General Data

More information

MONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY

MONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY MONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY Page 1 of 16 Contents Policy Information 3 Introduction 4 Responsibilities 7 Confidentiality 9 Data recording and storage 11 Subject Access 12 Transparency

More information

Responsible Use of Technology and Information Resources

Responsible Use of Technology and Information Resources Responsible Use of Technology and Information Resources Introduction: The policies and guidelines outlined in this document apply to the entire Wagner College community: students, faculty, staff, alumni

More information

TERMS AND CONDITIONS

TERMS AND CONDITIONS TERMS AND CONDITIONS BACKGROUND: These Terms and Conditions, together with any and all other documents referred to herein, set out the terms of use under which you may use this website, www.wellingtonwise.co.uk

More information

How To Protect Decd Information From Harm

How To Protect Decd Information From Harm Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the

More information

The state of DIY. Mix Express DIY event Maarssen 14 mei 2014

The state of DIY. Mix Express DIY event Maarssen 14 mei 2014 The state of DIY!! Mix Express DIY event Maarssen 14 mei 2014 Inleiding Mix press DIY sessie Maarssen 14 mei 2014 Deze presentatie is gemaakt voor het Mix DIY congres en gebaseerd op onze analyse van de

More information

Information Security and Electronic Communications Acceptable Use Policy (AUP)

Information Security and Electronic Communications Acceptable Use Policy (AUP) Policy No.: AUP v2.0 Effective Date: August 16, 2004 Revision Date: January 17, 2013 Revision No.: 1 Approval jwv / mkb Information Security and Electronic Communications (AUP) 1. INTRODUCTION Southwestern

More information

REGULATION (EU) No XXX/2016 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

REGULATION (EU) No XXX/2016 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL REGULATION (EU) No XXX/2016 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General

More information

MYACCLAIM PRIVACY POLICY

MYACCLAIM PRIVACY POLICY MYACCLAIM PRIVACY POLICY 1. Introduction MyAcclaim is an online collaboration tool that allows users to annotate video. MyAcclaim s mission is to allow its users, with ease and simplicity, to unleash the

More information

Privacy Impact Assessment of the Supervisory Enforcement Actions and Special Examinations Tracking System

Privacy Impact Assessment of the Supervisory Enforcement Actions and Special Examinations Tracking System Privacy Impact Assessment of the Supervisory Enforcement Actions and Special Examinations Tracking System Program or application name. Supervisory Enforcement Actions and Special Examinations Tracking

More information

The Benefits of the thawte ISP Program

The Benefits of the thawte ISP Program The Benefits of the thawte ISP Program Earn additional revenue by reselling thawte digital certificate products... 1. Overview 2. Who Should Join? 3. The ISP Program what are the Benefits? 4. How can you

More information

UGANDA REVENUE AUTHORITY TERMS AND CONDITIONS FOR WEB PORTAL USE

UGANDA REVENUE AUTHORITY TERMS AND CONDITIONS FOR WEB PORTAL USE 1. DISCLAIMER NOTICE UGANDA REVENUE AUTHORITY TERMS AND CONDITIONS FOR WEB PORTAL USE The information provided by UGANDA REVENUE AUTHORITY (URA) on the web portal relating to products and services (or

More information

UNILEVER PRIVACY PRINCIPLES UNILEVER PRIVACY POLICY

UNILEVER PRIVACY PRINCIPLES UNILEVER PRIVACY POLICY UNILEVER PRIVACY PRINCIPLES Unilever takes privacy seriously. The following five principles underpin our approach to respecting your privacy: 1. We value the trust that you place in us by giving us your

More information

ORDER MO-3283. Appeal MA13-638. Peel Regional Police Services Board. January 28, 2016

ORDER MO-3283. Appeal MA13-638. Peel Regional Police Services Board. January 28, 2016 ORDER MO-3283 Appeal MA13-638 Peel Regional Police Services Board January 28, 2016 Summary: The police received a request under the Municipal Freedom of Information and Protection of Privacy Act for access

More information

Alternative Measures and illicit (P2P) file sharing: enforcement issues. Allard Ringnalda Willem Grosheide CIER

Alternative Measures and illicit (P2P) file sharing: enforcement issues. Allard Ringnalda Willem Grosheide CIER Alternative Measures and illicit (P2P) file sharing: enforcement issues Allard Ringnalda Willem Grosheide CIER Outline What are technical measures Why would we need them Three practical enforcement issues

More information

AIRBUS GROUP BINDING CORPORATE RULES

AIRBUS GROUP BINDING CORPORATE RULES 1 AIRBUS GROUP BINDING CORPORATE RULES 2 Introduction The Binding Corporate Rules (hereinafter BCRs ) of the Airbus Group finalize the Airbus Group s provisions on the protection of Personal Data. These

More information

A Privacy framework for DNS big data. November 28, 2014 Jelte Jansen

A Privacy framework for DNS big data. November 28, 2014 Jelte Jansen A Privacy framework for DNS big data November 28, 2014 Jelte Jansen SIDN.nl (Registry voor Nederland) 5.5M domain names, >1.600 registrars > 1.300.000.000 DNS queries per day Private foundation with public

More information

ORDER OF THE DIRECTOR OF THE COMMUNICATIONS REGULATORY AUTHORITY OF THE REPUBLIC OF LITHUANIA

ORDER OF THE DIRECTOR OF THE COMMUNICATIONS REGULATORY AUTHORITY OF THE REPUBLIC OF LITHUANIA ORDER OF THE DIRECTOR OF THE COMMUNICATIONS REGULATORY AUTHORITY OF THE REPUBLIC OF LITHUANIA ON THE AMENDMENT OF THE ORDER NO. 1V-1013 ON THE APPROVAL OF THE RULES ON THE ENSURANCE OF SECURITY AND INTEGRITY

More information

PRIVACY POLICY. I. Introduction. II. Information We Collect

PRIVACY POLICY. I. Introduction. II. Information We Collect PRIVACY POLICY school2life, Inc. ( school2life ) Privacy Policy is designed to provide clarity about the information we collect and how we use it to provide a better social gaming experience. By accepting

More information

How To Protect Your Computer From Attack

How To Protect Your Computer From Attack FREQUENTLY ASKED QUESTIONS on C Y B E R S E C U R I T Y By IEEE USA s Committee on Communications Policy December 2011 This Frequently Asked Questions (FAQs) was prepared by IEEE-USA s Committee on Communications

More information

ACCEPTABLE USE POLICY OF BROADVOX, INC; BROADVOX, LLC; WWW.BROADVOX.COM; WWW.BROADVOX.NET (COLLECTIVELY BROADVOX )

ACCEPTABLE USE POLICY OF BROADVOX, INC; BROADVOX, LLC; WWW.BROADVOX.COM; WWW.BROADVOX.NET (COLLECTIVELY BROADVOX ) ACCEPTABLE USE POLICY OF BROADVOX, INC; BROADVOX, LLC; WWW.BROADVOX.COM; WWW.BROADVOX.NET (COLLECTIVELY BROADVOX ) 1. ACCEPTANCE OF TERMS THROUGH USE This website (the Site ) provides you (the Customer

More information

Council of the European Union Brussels, 27 November 2015 (OR. en)

Council of the European Union Brussels, 27 November 2015 (OR. en) Council of the European Union Brussels, 27 November 2015 (OR. en) Interinstitutional File: 2012/0011 (COD) 14481/15 LIMITE DATAPROTECT 215 JAI 914 MI 755 DIGIT 100 DAPIX 223 FREMP 276 COMIX 622 CODEC 1569

More information

Embedded Network Solutions Australia Pty Ltd (ENSA) INTERNET ACCEPTABLE USE POLICY

Embedded Network Solutions Australia Pty Ltd (ENSA) INTERNET ACCEPTABLE USE POLICY T: 1300 00 ENSA (3672) F: 03 9421 6109 (ENSA) INTERNET ACCEPTABLE USE POLICY 1 ABOUT THIS POLICY... 2 2 GENERAL... 2 3 ILLEGAL ACTIVITY... 2 4 SECURITY... 2 5 RISKS OF THE INTERNET... 3 6 CONTENT PUBLISHING...

More information

Data Protection Act. Privacy & Security in the Information Age. April 26, 2013. Ministry of Communications, Ghana

Data Protection Act. Privacy & Security in the Information Age. April 26, 2013. Ministry of Communications, Ghana Data Protection Act Privacy & Security in the Information Age April 26, 2013 Agenda Privacy in The Information Age The right to privacy Why We Need Legislation Purpose of the Act The Data Protection Act

More information

Hack Proof Your Webapps

Hack Proof Your Webapps Hack Proof Your Webapps About ERM About the speaker Web Application Security Expert Enterprise Risk Management, Inc. Background Web Development and System Administration Florida International University

More information

The Benefits of SSL Content Inspection ABSTRACT

The Benefits of SSL Content Inspection ABSTRACT The Benefits of SSL Content Inspection ABSTRACT SSL encryption is the de-facto encryption technology for delivering secure Web browsing and the benefits it provides is driving the levels of SSL traffic

More information

Guidance for Data Users on the Collection and Use of Personal Data through the Internet 1

Guidance for Data Users on the Collection and Use of Personal Data through the Internet 1 Guidance for Data Users on the Collection and Use of Personal Data through the Internet Introduction Operating online businesses or services, whether by commercial enterprises, non-government organisations

More information

Broadband Acceptable Use Policy

Broadband Acceptable Use Policy Broadband Acceptable Use Policy Contents General... 3 Your Responsibilities... 3 Use of Email with particular regards to SPAM... 4 Bulk Email... 5 Denial of Service... 5 Administration of Policy... 6 2

More information

Document Control. Version Control. Sunbeam House Services Policy Document. Data Breach Management Policy. Effective Date: 01 October 2014

Document Control. Version Control. Sunbeam House Services Policy Document. Data Breach Management Policy. Effective Date: 01 October 2014 Document Control Policy Title Data Breach Management Policy Policy Number 086 Owner Information & Communication Technology Manager Contributors Information & Communication Technology Team Version 1.0 Date

More information

Our Customer Relationship Agreement HOSTING & DOMAINS SERVICE DESCRIPTION

Our Customer Relationship Agreement HOSTING & DOMAINS SERVICE DESCRIPTION Our Customer Relationship Agreement HOSTING & DOMAINS SERVICE DESCRIPTION iinet Limited ACN 068 628 937 Phone: 13 22 58 Westnet Pty Ltd ACN 086 416 908 Phone: 1300 786 068 Adam Internet Pty Ltd ACN 055

More information

Optum Website Privacy Policy

Optum Website Privacy Policy Optum Website Privacy Policy 1 Privacy Website Privacy Policy Introduction We recognize that the privacy of your personal information is important. The purpose of this policy is to let you know how we

More information

Additional Security Considerations and Controls for Virtual Private Networks

Additional Security Considerations and Controls for Virtual Private Networks CYBER SECURITY OPERATIONS CENTRE APRIL 2013 (U) LEGAL NOTICE: THIS PUBLICATION HAS BEEN PRODUCED BY THE DEFENCE SIGNALS DIRECTORATE (DSD), ALSO KNOWN AS THE AUSTRALIAN SIGNALS DIRECTORATE (ASD). ALL REFERENCES

More information

HIPAA Privacy Regulations: Frequently Asked Questions

HIPAA Privacy Regulations: Frequently Asked Questions HIPAA Privacy Regulations: Frequently Asked Questions *** (Note: This information is from the national perspective. Health care facilities must comply with state privacy laws that may impose additional

More information

The Anti-Corruption Compliance Platform

The Anti-Corruption Compliance Platform The Anti-Corruption Compliance Platform DATA COLLECTION RISK IDENTIFICATION SCREENING INTEGRITY DUE DILIGENCE CERTIFICATIONS GIFTS, TRAVEL AND ENTERTAINMENT TRACKING SECURITY AND DATA PROTECTION The ComplianceDesktop

More information

Online Ads: A new challenge for privacy? Jörg Polakiewicz*

Online Ads: A new challenge for privacy? Jörg Polakiewicz* 31st International Conference of Data Protection and Privacy Commissioners, Madrid Thursday 5 November 2009, 15.00-16.30 Parallel Session A Smile! There s a camera behind the ad or Send it to a friend

More information

How To Understand The Legal Protection Requirements In Cloud Services

How To Understand The Legal Protection Requirements In Cloud Services ISSN 2029-7564 (online) SOCIALINĖS TECHNOLOGIJOS SOCIAL TECHNOLOGIES 2013, 3(2), p. 390 414. EVALUATION OF LEGAL DATA PROTECTION REQUIREMENTS IN CLOUD SERVICES IN THE CONTEXT OF CONTRACTUAL RELATIONS WITH

More information

Data Protection Policy.

Data Protection Policy. Data Protection Policy. Data Protection Policy Foreword 2 Foreword Ladies and Gentlemen, In the information age, we offer customers the means to be always connected, even in their cars. This requires data

More information

Council of the European Union Brussels, 5 March 2015 (OR. en)

Council of the European Union Brussels, 5 March 2015 (OR. en) Council of the European Union Brussels, 5 March 2015 (OR. en) Interinstitutional File: 2013/0027 (COD) 6788/15 LIMITE TELECOM 59 DATAPROTECT 23 CYBER 13 MI 139 CSC 55 CODEC 279 NOTE From: Presidency To:

More information

GUIDELINES ON MARKET CONDUCT FOR INSURANCE INVESTIGATORS AND MOTOR ASSESSORS

GUIDELINES ON MARKET CONDUCT FOR INSURANCE INVESTIGATORS AND MOTOR ASSESSORS GUIDELINES ON MARKET CONDUCT FOR INSURANCE INVESTIGATORS AND MOTOR ASSESSORS JUNE 2012 TO: ALL REINSURANCE COMPANIES ALL INSURANCE COMPANIES ALL INSURANCE INTERMEDIARIES ALL MOTOR ASSESSORS ALL INSURANCE

More information

INDEX PRIVACY POLICY...2

INDEX PRIVACY POLICY...2 INDEX PRIVACY POLICY...2 WHAT PERSONAL INFORMATION DOES RENTINGCARZ GATHER FROM ME AND HOW IS THIS INFORMATION USED?...2 MAKING A PURCHASE...2 NEWSLETTERS...2 ONLINE SURVEYS...2 PROMOTIONS & SWEEPSTAKES...3

More information

Summary of the Dutch Data Protection Authority s guidelines for the Data Breach Notification Act

Summary of the Dutch Data Protection Authority s guidelines for the Data Breach Notification Act Summary of the Dutch Data Protection Authority s guidelines for the Data Breach Notification Act On 1 January 2016, the Dutch Data Breach Notification Act will enter into force. The Dutch DPA issued Guidelines

More information

Acceptable Use Policy

Acceptable Use Policy Sell your Products Online and Web by Numbers are brands of Web by Numbers Ltd (hereinafter referred to as Web by Numbers ) Acceptable Use Policy Web by Numbers has created this Acceptable Use Policy (AUP)

More information

JHSPH Acceptable Use Policy

JHSPH Acceptable Use Policy 1.0 Purpose JHSPH Acceptable Use Policy Use of the Johns Hopkins Bloomberg School of Public Health (JHSPH) information technology (IT) resources is a privilege that is extended to users for the purpose

More information

Security Awareness. A Supplier Guide/Employee Training Pack. May 2011 (updated November 2011)

Security Awareness. A Supplier Guide/Employee Training Pack. May 2011 (updated November 2011) Security Awareness A Supplier Guide/Employee Training Pack May 2011 (updated November 2011) Contents/Chapters 1. How do I identify a DWP asset 2. Delivering on behalf of DWP - Accessing DWP assets 3. How

More information

Terms and Conditions. Acceptable Use Policy Introduction. Compliance with UK Law. Compliance with foreign law

Terms and Conditions. Acceptable Use Policy Introduction. Compliance with UK Law. Compliance with foreign law Terms and Conditions Acceptable Use Policy Introduction (hereafter called Hosted Developments) has created this Acceptable Use Policy (AUP) for hosting customers to protect our resources, and the resources

More information

technical factsheet 176

technical factsheet 176 technical factsheet 176 Data Protection CONTENTS 1. Introduction 1 2. Register with the Information Commissioner s Office 1 3. Period protection rights and duties remain effective 2 4. The data protection

More information

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 16 thereof,

Having regard to the Treaty on the Functioning of the European Union, and in particular Article 16 thereof, Opinion of the European Data Protection Supervisor on the Joint Communication of the Commission and of the High Representative of the European Union for Foreign Affairs and Security Policy on a 'Cyber

More information

AS APPROVED BY CONVOCATION, MARCH 25, 2004. (new/amended rules and commentary for rule 2.02)

AS APPROVED BY CONVOCATION, MARCH 25, 2004. (new/amended rules and commentary for rule 2.02) AS APPROVED BY CONVOCATION, MARCH 25, 2004 (new/amended rules and commentary for rule 2.02) When Client an Organization (1.1) Notwithstanding that the instructions may be received from an officer, employee,

More information

So the security measures you put in place should seek to ensure that:

So the security measures you put in place should seek to ensure that: Guidelines This guideline offers an overview of what the Data Protection Act requires in terms of information security and aims to help you decide how to manage the security of the personal data you hold.

More information

UNIVERSITY OF ROCHESTER INFORMATION TECHNOLOGY POLICY

UNIVERSITY OF ROCHESTER INFORMATION TECHNOLOGY POLICY PURPOSE The University of Rochester recognizes the vital role information technology plays in the University s missions and related administrative activities as well as the importance in an academic environment

More information

GUIDE TO MANAGING DATA BREACHES

GUIDE TO MANAGING DATA BREACHES 8 MAY 2015 CONTENT PURPOSE OF THE GUIDE 3 INTRODUCTION 4 HOW DATA BREACHES COULD OCCUR 5 RESPONDING TO A DATA BREACH 6 i. DATA BREACH MANAGEMENT PLAN 6 ii. CONTAINING THE BREACH 7 iii. ASSESSING RISK AND

More information

If you have any questions about any of our policies, please contact the Customer Services Team.

If you have any questions about any of our policies, please contact the Customer Services Team. Acceptable Use Policy (AUP) 1. Introduction Blue Monkee has created this Acceptable Use Policy (AUP) for hosting customers to protect our resources and the resources of our other customers and hosting

More information

Incident Reporting Guidelines for Constituents (Public)

Incident Reporting Guidelines for Constituents (Public) Incident Reporting Guidelines for Constituents (Public) Version 3.0-2016.01.19 (Final) Procedure (PRO 301) Department: GOVCERT.LU Classification: PUBLIC Contents 1 Introduction 3 1.1 Overview.................................................

More information