Big Data for Mutuals. Marc Dautlich 25 November 2013

Size: px
Start display at page:

Download "Big Data for Mutuals. Marc Dautlich 25 November 2013"

Transcription

1 Big Data for Mutuals Marc Dautlich 25 November 2013

2 Agenda BIG DATA What is it? OPPORTUNITIES What are they? LEGAL CHALLENGES How do we overcome them? LEGAL REFORM What can we do now to minimise impact?

3 Big Data What is it?

4

5

6 What is Big Data? data sets that are too large and complex to manipulate or interrogate with standard methods or tools: much IT investment is going towards managing and maintaining big data

7 What is Big Data? Commercial "aggregation, mining, and analysis" of very large, complex and unstructured datasets

8 Buying and selling Big Data Source: Tata Consultancy Services

9 Buying and selling Big Data Source: Financial Times, 13 June 2013

10 Opportunities What are they?

11

12

13 Regulatory Change RDR will push 43 million into advice gap Auto-enrolment: A new generation

14 Profiling Geolocation / daily routine Television viewing Current health data Leisure habits Age and lifestyle of dependents Employment prospects Credit rating Shopping habits Gender Marital status Age Wealth Health Risk appetite Google searches Website browsing

15

16 Big Data Opportunities for Mutuals Big Data-driven marketing? Big Data-driven product development? Big Data-driven risk management?

17

18 Legal Challenges How do we overcome them?

19 Legal Challenges Data protection restrictions attaching to personal data Ownership rights: who owns arrangements of data alteration or license of rights by contract

20 Data Protection and Privacy Using Big Data Back to basics Transparency requirements Marketing rules Storing big data Security requirements The cloud

21 KEY CONCEPTS

22 Profiling: Processing Personal Data? Data Protection Act 1998 controls the way in which the personal data of data subjects is used by data controllers or processed on their behalf by data processors Personal Data is personal information is information which: is about a living person and affects that person s privacy in the sense that the information has the person at its focus and is biographical in nature identifies a person whether by itself, or together with other information in the organisation s possession (or likely to come into its possession) structured files

23 Key Themes Fairness Transparency Choice Individual rights and redress Data quality Security Processing must be fair and lawful No unwarranted prejudice Purpose limitation Fair processing / data protection notices and privacy Consent: specific, fully informed and freely given Right to object to certain types of processing Access to personal data Right to compensation Accurate and up-to-date Relevant and not excessive Not kept for longer than is necessary Appropriate security measures Adequate protection for extra EEA transfers

24 MARKETING RULES

25 Profiling for Direct Marketing Purposes Transparency requirements What marketing is being carried out By what means (eg Telephone, fax, SMS, ) By which organisations (intragroup, carefully selected third parties) Direct marketing rules (PECR) Notify that consents for the time being ( /sms/mms) soft opt-in ( /sms/mms) opt-out (telephone)

26 Marketing Consents: Where there is No Valid Consent Not all communications are marketing communications Customers can be contacted with service communications Must be factual rather than promotional Avoid prize incentives and text suggesting that the customer is missing out because they have opted out of marketing Virgin

27 Refresh of Marketing Consents New marketing significantly and genuinely departs from marketing being carried out at the time of the opt out Overriding customer service justification (targeted and specific) Customers are not required to do anything to retain existing marketing preferences

28 Managing the Risk Compliance Privacy by design Customers expectations and control

29 DATA SECURITY

30 The 7th Principle Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

31 Safe Storage of Data State of technology Cost appropriate technical and organisational measures Nature of the data Reliability of employees Harm 31

32 Appointing a Data Processor Due diligence Data processor providing sufficient guarantees in respect of the technical and organisational security measures governing the process to be carried out Monitoring Take reasonable steps to ensure compliance with those measures Written contract Data processor is required only to act on the instructions of data controller Impose the seventh principle obligations upon the data processors

33 Cases of Data Protection Breach by Principle Proportionality 4. Data Quality 5. Data Retention 7. Data Security

34 Breach of Principle 7 Data Security

35 Vendors and associated legal issues

36

37 Data and the Cloud Data security International transfers Standard terms US PATRIOT Act and other local laws Plan for exit

38 Cloud: Managing the Risks Weak negotiating positions / standard terms Identify security focussed suppliers Data security a deal breaker Location of storage Extra EEA transfers Health data? Audit obligations?

39 LEGAL REFORM What can we do now to minimise impact?

40 EU Data Protection Regulation One Regulation to Rule Them All

41 Regulation Objectives Consistency Harmonisation of data protection laws and enforcement across member states Setting up a one-stop shop in each member state for the resolution of data protection issues Cost savings?

42 Consent Big Data constraints Consent/Other legal basis for processing: legitimate interest now more or less back in the current position relating to legitimate interests under the EU Data Protection Directive 95/46/EC Amendment to the definition of consent to include a purpose limitation: consent is no longer valid when the purpose for the processing ceases or as soon as the processing is no longer necessary to carry out the purpose for which the personal data was originally collected

43 MARKETING

44 Changes that Impact on Marketing Rules Expanded definition of personal data Focuses solely on the identifiability or the potential identifiability of the data subject Other data now included: location data and online identifiers, biometric data etc Requirement for explicit consent Either by a statement or by a clear affirmative action Burden of proof on data controller Profiling Consent required or suitable safeguards where profiling concerns or significantly affects the data subject

45 Managing the Risk Privacy policies / data protection notices Consent mechanism Compliance Keep marketing preferences under review Privacy by design Customers expectations and control

46 DATA SECURITY

47 Data Security: Contracts with Data Processors Data processors also have statutory obligations Immediately to notify the data controller of a security breach Support the data controller to comply with its obligations Contracts with data processors Expanded mandatory provisions International Transfers: Can no longer rely on selfassessment

48 Impact on negotiations with cloud providers Processors now very motivated to specify exactly the limits of their remit Blurring responsibilities of the controller and processor Preserving liability status quo Who will drive market practice?

49 Data Security: Breach Notification Mandatory notification All breaches to be notified Without undue delay and, where feasible, within 24 hours (latest proposal: breaches that severely affect...within 72 hours) Notify individuals affected where breach likely adversely to affect them Fines: up to 2% of global turnover (including for failure to notify)

50 Prevention or Cure? Many current security incidents uncover OTHER data protection breaches (eg of the retention principle) Meeting the 72 hour deadline for notification where feasible will be a triumph of planning and rehearsal Rehearse now, while the regime is still voluntary

51 Questions? Marc Dautlich E: DDI:

52 Pinsent Masons LLP is a limited liability partnership registered in England & Wales (registered number: OC333653) authorised and regulated by the Solicitors Regulation Authority, and by the appropriate regulatory body in the other jurisdictions in which it operates. The word partner, used in relation to the LLP, refers to a member of the LLP or an employee or consultant of the LLP or any affiliated firm of equivalent standing. A list of the members of the LLP, and of those non-members who are designated as partners, is displayed at the LLP s registered office: 30 Crown Place, London EC2A 4ES, United Kingdom. We use 'Pinsent Masons' to refer to Pinsent Masons LLP, its subsidiaries and any affiliates which it or its partners operate as separate businesses for regulatory or other reasons. Reference to 'Pinsent Masons' is to Pinsent Masons LLP and/or one or more of those subsidiaries or affiliates as the context requires. Pinsent Masons LLP 2013 For a full list of our locations around the globe please visit our websites:

FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS

FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS As a world leader in electronic commerce and payment services, First Data Corporation and its subsidiaries ( First Data entity or entities ),

More information

Financial Regulation: An overview of the FCA s proposal of the new Consumer Credit regime October 2013

Financial Regulation: An overview of the FCA s proposal of the new Consumer Credit regime October 2013 Financial Regulation: An overview of the FCA s proposal of the new Consumer Credit regime October 2013 Consultation Paper 13/10: Detailed Proposals for the FCA regime for Consumer Credit In early October

More information

The potential legal consequences of a personal data breach

The potential legal consequences of a personal data breach The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.

More information

AlixPartners, LLP. General Data Protection Statement

AlixPartners, LLP. General Data Protection Statement AlixPartners, LLP General Data Protection Statement GENERAL DATA PROTECTION STATEMENT 1. INTRODUCTION 1.1 AlixPartners, LLP ( AlixPartners ) is committed to fulfilling its obligations under the data protection

More information

WHISTLEBLOWING: Legislative changes, possible reforms and case law update. Euan Smith

WHISTLEBLOWING: Legislative changes, possible reforms and case law update. Euan Smith WHISTLEBLOWING: Legislative changes, possible reforms and case law update Euan Smith Why is a Whistleblowing Policy Important? PIDA and public policy legislation only intended as a backstop Compliance

More information

The Data Protection Landscape. Before and after GDPR: General Data Protection Regulation

The Data Protection Landscape. Before and after GDPR: General Data Protection Regulation The Data Protection Landscape Before and after GDPR: General Data Protection Regulation Data Protection regulations across Europe Current regulations & guidance European Directives 95/46/EC (Data Protection)

More information

Clause 1. Definitions and Interpretation

Clause 1. Definitions and Interpretation [Standard data protection [agreement/clauses] for the transfer of Personal Data from the University of Edinburgh (as Data Controller) to a Data Processor within the European Economic Area ] In this Agreement:-

More information

VORTRAGSREIHE. Transfer of Undertakings and Restructuring A View from both Sides of the Channel

VORTRAGSREIHE. Transfer of Undertakings and Restructuring A View from both Sides of the Channel VORTRAGSREIHE Donnerstag, 19. März 2015 / 18.30 Uhr Transfer of Undertakings and Restructuring A View from both Sides of the Channel Referenten: Neil Black Pinsent Masons LLP Manfred Schmid Pinsent Masons

More information

Cyber Security : preventing and mitigating incidents. Alexander Brown Robert Allen

Cyber Security : preventing and mitigating incidents. Alexander Brown Robert Allen Cyber Security : preventing and mitigating incidents Alexander Brown Robert Allen 07 & 08 October 2015 Cyber Security context of the threat The magnitude and tempo of [cyber security attacks], basic or

More information

BIG DATA. WHAT S YOUR STRATEGY?

BIG DATA. WHAT S YOUR STRATEGY? TMT Insight Autumn 2013 BIG DATA. WHAT S YOUR STRATEGY? BIG DATA: WHAT S YOUR STRATEGY? INTRODUCTION WE ARE WITNESSING A DATA EXPLOSION THAT IS HAVING AS PROFOUND AN IMPACT ON OUR WAY OF LIFE AS THE LAUNCH

More information

The Most Innovative Law Firm in Europe. Corporate Seminar programme 2016

The Most Innovative Law Firm in Europe. Corporate Seminar programme 2016 The Most Innovative Law Firm in Europe Corporate Seminar programme 2016 Corporate Seminar programme 2016 Set out in the following pages is a selection of the seminars Pinsent Masons Corporate Group is

More information

Privacy and Electronic Communications Regulations

Privacy and Electronic Communications Regulations ICO lo Notification of PECR security breaches Privacy and Electronic Communications Regulations Contents Introduction... 2 Overview... 2 Relevant security breaches... 3 What is a service provider?... 3

More information

Multi-Jurisdictional Study: Cloud Computing Legal Requirements. Julien Debussche Associate January 2015

Multi-Jurisdictional Study: Cloud Computing Legal Requirements. Julien Debussche Associate January 2015 Multi-Jurisdictional Study: Cloud Computing Legal Requirements Julien Debussche Associate January 2015 Content 1. General Legal Framework 2. Data Protection Legal Framework 3. Security Requirements 4.

More information

technical factsheet 176

technical factsheet 176 technical factsheet 176 Data Protection CONTENTS 1. Introduction 1 2. Register with the Information Commissioner s Office 1 3. Period protection rights and duties remain effective 2 4. The data protection

More information

Financial Regulation. Consultation Paper 13/13: The FCA s regulatory approach to crowdfunding (and similar activities) November 2013

Financial Regulation. Consultation Paper 13/13: The FCA s regulatory approach to crowdfunding (and similar activities) November 2013 Financial Regulation Consultation Paper 13/13: The FCA s regulatory approach to crowdfunding (and similar activities) November 2013 5926 Pinsent Masons Financial Regulation In the Entrepreneurship 2020

More information

Data and Cyber Laws Up-date 9 July 2015

Data and Cyber Laws Up-date 9 July 2015 Data and Cyber Laws Up-date 9 July 2015 Janine Regan Alexia Zuber Viktoria Protokova Simon Holdsworth charlesrussellspeechlys.com Topics Updates on the key aspects of, and commentary on, the proposed GDPR

More information

1. Introduction. 2. Sectoral Areas Affected. 3. Data Security. 4. Data Breach Requirements. 5. Traffic Data

1. Introduction. 2. Sectoral Areas Affected. 3. Data Security. 4. Data Breach Requirements. 5. Traffic Data 1. Introduction Special data protection rules apply to the protection of Personal Data by Data Controllers in the electronic communications sector. These are in addition to the general obligations that

More information

Firm Registration Form

Firm Registration Form Firm Registration Form Firm Registration Form This registration form should be completed by firms who are authorised and regulated by the Financial Conduct Authority. All sections of this form are mandatory.

More information

Security breach! A closer look from a data protection law perspective November 2014 Gabriel Voisin (Associate)

Security breach! A closer look from a data protection law perspective November 2014 Gabriel Voisin (Associate) Security breach! A closer look from a data protection law perspective November 2014 Gabriel Voisin (Associate) Why is this a challenge? When personal data is compromised, mandatory or recommended notification

More information

Data Protection. Processing and Transfer of Personal Data in Kvaerner. Binding Corporate Rules Public Document

Data Protection. Processing and Transfer of Personal Data in Kvaerner. Binding Corporate Rules Public Document Data Protection Processing and Transfer of Personal Data in Kvaerner Binding Corporate Rules Public Document 1 of 19 1 / 19 Table of contents 1 Introduction... 4 1.1 Scope... 4 1.2 Definitions... 4 1.2.1

More information

Challenges faced and practical techniques for managing a dispersed or virtual team

Challenges faced and practical techniques for managing a dispersed or virtual team Challenges faced and practical techniques for managing a dispersed or virtual team Rona Blair Pinsent Masons LLP BIALL 2015 Dispersed teams Recognise this? Body Language Agile working Plantronics Smarter

More information

Comments and proposals on the Chapter II of the General Data Protection Regulation

Comments and proposals on the Chapter II of the General Data Protection Regulation Comments and proposals on the Chapter II of the General Data Protection Regulation Ahead of the trialogue negotiations in September, EDRi, Access, Panoptykon Bits of Freedom, FIPR and Privacy International

More information

Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries

Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries Sopra HR Software as a Data Processor Sopra HR Software, 2014 / Ref. : 20141120-101114-m 1/32 1.

More information

Security breaches: A regulatory overview. Jonathan Bamford Head of Strategic Liaison

Security breaches: A regulatory overview. Jonathan Bamford Head of Strategic Liaison Security breaches: A regulatory overview Jonathan Bamford Head of Strategic Liaison Security breaches and the DPA Data controllers security obligation - principle 7 of the DPA o Appropriate technical and

More information

Data Processing Agreement for Oracle Cloud Services

Data Processing Agreement for Oracle Cloud Services Data Processing Agreement for Oracle Cloud Services Version December 1, 2013 1. Scope and order of precedence This is an agreement concerning the Processing of Personal Data as part of Oracle s Cloud Services

More information

Data Protection in Ireland

Data Protection in Ireland Data Protection in Ireland 0 Contents Data Protection in Ireland Introduction Page 2 Appointment of a Data Processor Page 2 Security Measures (onus on a data controller) Page 3 8 Principles Page 3 Fair

More information

http://www.pcpd.org.hk/english/publications/files/gn_insurance_e.pdf

http://www.pcpd.org.hk/english/publications/files/gn_insurance_e.pdf Briefing Data privacy regulation: Spotlight on Hong Kong insurers Summary Two recent regulatory initiatives will place the Hong Kong insurance industry s use and handling of personal data under greater

More information

Personal Data Protection Policy

Personal Data Protection Policy Personal Data Protection Policy Please take a moment to read the following Policy. If there is anything you do not understand then please contact us. We are committed to protecting privacy. This Personal

More information

Data Protection Avoiding Information Commissioner Fines. Caroline Egan 5 June 2014

Data Protection Avoiding Information Commissioner Fines. Caroline Egan 5 June 2014 Data Protection Avoiding Information Commissioner Fines Caroline Egan 5 June 2014 Why is data protection a hot topic in pensions? Pension schemes hold large amounts of personal data Individuals more aware

More information

1 Data Protection Principles

1 Data Protection Principles Today, our personal information is being collected, shared, stored and analysed everywhere. Whether you are browsing the internet, talking to a friend or making an online purchase, personal data collection

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY Reference number Approved by Information Management and Technology Board Date approved 14 th May 2012 Version 1.1 Last revised N/A Review date May 2015 Category Information Assurance Owner Data Protection

More information

HOW TO HANDLE A WHISTLEBLOWER REPORT IN THE EU

HOW TO HANDLE A WHISTLEBLOWER REPORT IN THE EU HOW TO HANDLE A WHISTLEBLOWER REPORT IN THE EU 10 April 2014 Monica Salgado Advogada registered with the Portuguese Ordem dos Advogados Registered European Lawyer with the SRA Kirsti Laird Solicitor, (qualified

More information

Health and Safety Legal Update. Laura Cameron

Health and Safety Legal Update. Laura Cameron Health and Safety Legal Update Laura Cameron Introduction Corporate Manslaughter update Individual Responsibility Sentencing Guidelines Horizon Scanning Health and Safety: Corporate Homicide Corporate

More information

MIS Privacy Statement. Our Privacy Commitments

MIS Privacy Statement. Our Privacy Commitments MIS Privacy Statement Our Privacy Commitments MIS Training Institute Holdings, Inc. (together "we") respect the privacy of every person who visits or registers with our websites ("you"), and are committed

More information

(a) the kind of data and the harm that could result if any of those things should occur;

(a) the kind of data and the harm that could result if any of those things should occur; Cloud Computing This information leaflet aims to advise organisations on the factors they should take into account in considering engaging cloud computing. It explains the relevance of the Personal Data

More information

Binding Corporate Rules ( BCR ) Summary of Third Party Rights

Binding Corporate Rules ( BCR ) Summary of Third Party Rights Binding Corporate Rules ( BCR ) Summary of Third Party Rights This document contains in its Sections 3 9 all provision of the Binding Corporate Rules (BCR) for Siemens Group Companies and Other Adopting

More information

Privacy and Cloud Computing for Australian Government Agencies

Privacy and Cloud Computing for Australian Government Agencies Privacy and Cloud Computing for Australian Government Agencies Better Practice Guide February 2013 Version 1.1 Introduction Despite common perceptions, cloud computing has the potential to enhance privacy

More information

Overview. Data protection in a swirl of change 28.03.2014. Cloud computing. Software as a service. Infrastructure as a service. Platform as a service

Overview. Data protection in a swirl of change 28.03.2014. Cloud computing. Software as a service. Infrastructure as a service. Platform as a service Data protection in a swirl of change Overview 1 Data protection issues in cloud computing 2 Consent for mobile applications Security Seminar 2014: Privacy Radboud University Nijmegen 3 The WhatsApp case

More information

Merthyr Tydfil County Borough Council. Data Protection Policy

Merthyr Tydfil County Borough Council. Data Protection Policy Merthyr Tydfil County Borough Council Data Protection Policy 2014 Cyfarthfa High School is a Rights Respecting School, we recognise the importance of ensuring that the United Nations Convention of the

More information

Article 29 Working Party Issues Opinion on Cloud Computing

Article 29 Working Party Issues Opinion on Cloud Computing Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,

More information

MEMBI PRIVACY POLICY

MEMBI PRIVACY POLICY MEMBI 1 PURPOSE OF OUR POLICY 1.1 Membi Limited (Company Number 09775238) of 396a Kingston Road, Kingston Road, London SW20 8LL, United Kingdom (Membi, we, us or our) provides the services offered on the

More information

Personal Data (Privacy) (Amendment) Ordinance 2012 - Use and Sale of Personal Data for Direct Marketing.

Personal Data (Privacy) (Amendment) Ordinance 2012 - Use and Sale of Personal Data for Direct Marketing. July 2012 Personal Data (Privacy) (Amendment) Ordinance 2012 - Use and Sale of Personal Data for Direct Marketing. Contents Introduction On 27 June 2012, Hong Kong s Legislative Council ( LegCo ) passed

More information

Last updated: 30 May 2016. Credit Suisse Privacy Policy

Last updated: 30 May 2016. Credit Suisse Privacy Policy Last updated: 30 May 2016 Credit Suisse Please read this privacy policy (the ) as it describes how we intend to collect, use, store, share, and safeguard your information. By accessing, visiting or using

More information

FIRST DATA CORPORATION SUMMARY: BINDING CORPORATE RULES FOR DATA PRIVACY AND PROTECTION

FIRST DATA CORPORATION SUMMARY: BINDING CORPORATE RULES FOR DATA PRIVACY AND PROTECTION FIRST DATA CORPORATION SUMMARY: BINDING CORPORATE RULES FOR DATA PRIVACY AND PROTECTION SUMMARY: BINDING CORPORATE RULES FOR DATA PRIVACY AND PROTECTION v 1.3 Supersedes: v 1.2 Summary Owner: Corporate

More information

Data Protection for Charities

Data Protection for Charities Data Protection for Charities CFG 15 May 2014 Overview Overview and key definitions The data protection principles Fair and lawful processing Data security and outsourcing Rights of data subjects Recent

More information

A Guide to Corporate Governance for QFC Authorised Firms

A Guide to Corporate Governance for QFC Authorised Firms A Guide to Corporate Governance for QFC Authorised Firms January 2012 Disclaimer The goal of the Qatar Financial Centre Regulatory Authority ( Regulatory Authority ) in producing this document is to provide

More information

Authorisation Requirements and Standards for Debt Management Firms

Authorisation Requirements and Standards for Debt Management Firms 2013 Authorisation Requirements and Standards for Debt Management Firms 2 Contents Authorisation Requirements and Standards for Debt Management Firms Contents Chapter Part A: Authorisation Requirements

More information

INTERNATIONAL SOS. Data Protection Policy. Version 1.05

INTERNATIONAL SOS. Data Protection Policy. Version 1.05 INTERNATIONAL SOS Data Protection Policy Document Owner: LCIS Division Document Manager: Group General Counsel Effective: December 2008 Revised: 2015 All copyright in these materials are reserved to AEA

More information

Hong Kong IPO Sponsor Reforms.

Hong Kong IPO Sponsor Reforms. December 2012 Hong Kong IPO Sponsor Reforms. Background The Securities and Futures Commission (the SFC ) published on 12 December 2012 its Consultation Conclusions on the Regulation of IPO Sponsors (the

More information

Indicative Requirements for Cloud Service Providers. connect communicate collaborate

Indicative Requirements for Cloud Service Providers. connect communicate collaborate Requirements Document Cloud Services connect communicate collaborate www.geant.net This document has been produced with the financial assistance of the European Union. The contents of this document are

More information

Position of the retail and wholesale sector on the Draft Data Protection Regulation in view of the trilogue 2015

Position of the retail and wholesale sector on the Draft Data Protection Regulation in view of the trilogue 2015 2 September 2015 Position of the retail and wholesale sector on the Draft Data Protection Regulation in view of the trilogue 2015 We support the efforts of EU legislators to create a harmonised data protection

More information

TERMS OF BUSINESS FROM ROYAL LONDON INCORPORATING OUR TRADING NAME SCOTTISH PROVIDENT

TERMS OF BUSINESS FROM ROYAL LONDON INCORPORATING OUR TRADING NAME SCOTTISH PROVIDENT For advisors only TERMS OF BUSINESS FROM ROYAL LONDON INCORPORATING OUR TRADING NAME SCOTTISH PROVIDENT Protection DOING BUSINESS TOGETHER 1. Our terms of business set out the conditions upon which we

More information

Evolve Financial Solutions Mortgage & Insurance Services & Costs

Evolve Financial Solutions Mortgage & Insurance Services & Costs Evolve Financial Solutions Mortgage & Insurance Services & Costs Authorisation Statement Evolve Financial Solutions is Authorised and Regulated by the Financial Conduct Authority (FCA). The FCA regulates

More information

Corporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data

Corporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data Corporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data *) For the purposes of these Corporate Guidelines, Third Countries are all those countries, which do not

More information

2014 No. ELECTRONIC COMMUNICATIONS. The Data Retention Regulations 2014

2014 No. ELECTRONIC COMMUNICATIONS. The Data Retention Regulations 2014 Draft Regulations laid before Parliament under section 2(5) of the Data Retention and Investigatory Powers Act 2014, for approval by resolution of each House of Parliament. D R A F T S T A T U T O R Y

More information

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS Mat Wright www.britishcouncil.org CONTENTS Purpose of the code 1 Scope of the code 1 The British Council s data protection commitment and

More information

Data Protection and Cloud Computing: an Overview of the Legal Issues

Data Protection and Cloud Computing: an Overview of the Legal Issues Data Protection and Cloud Computing: an Overview of the Legal Issues Christopher Kuner Partner, Hunton & Williams, Brussels Research Assistant, University of Copenhagen Nordic IT Law Conference Copenhagen,

More information

The HR Skinny: Effectively managing international employee data flows

The HR Skinny: Effectively managing international employee data flows The HR Skinny: Effectively managing international employee data flows Topics we will cover today Laws affecting HR data flows HR international data protection challenges and strategic solutions Case study

More information

ENA SHE12 Major Incident H&S Aspects a Lawyer s perspective. Kevin Bridges Partner and Chartered Safety and Health Practitioner

ENA SHE12 Major Incident H&S Aspects a Lawyer s perspective. Kevin Bridges Partner and Chartered Safety and Health Practitioner ENA SHE12 Major Incident H&S Aspects a Lawyer s perspective Kevin Bridges Partner and Chartered Safety and Health Practitioner Implement an Incident Response Protocol Covering: - Escalating incidents internally

More information

OVERVIEW. stakeholder engagement mechanisms and WP29 consultation mechanisms respectively.

OVERVIEW. stakeholder engagement mechanisms and WP29 consultation mechanisms respectively. Joint work between experts from the Article 29 Working Party and from APEC Economies, on a referential for requirements for Binding Corporate Rules submitted to national Data Protection Authorities in

More information

Dublin City University

Dublin City University Dublin City University Data Protection Policy Data Protection Policy Contents Purpose... 1 Scope... 1 Data Protection Principles... 1 Disclosure of Personal Data... 2 Summary of Responsibilities... 3 Rights

More information

Business Associate Agreement

Business Associate Agreement Business Associate Agreement This Business Associate Agreement (the Agreement ) is made by and between Business Associate, [Name of Business Associate], and Covered Entity, The Connecticut Center for Health,

More information

Infinedi HIPAA Business Associate Agreement RECITALS SAMPLE

Infinedi HIPAA Business Associate Agreement RECITALS SAMPLE Infinedi HIPAA Business Associate Agreement This Business Associate Agreement ( Agreement ) is entered into this day of, 20 between ( Company ) and Infinedi, LLC, a Limited Liability Corporation, ( Contractor

More information

23/1/15 Version 1.0 (final)

23/1/15 Version 1.0 (final) Information Commissioner s Office response to the Cabinet Office s consultation on the proposal to amend the Privacy and Electronic Communications (EC Directive) Regulations 2003 ( PECR ), to enable the

More information

Align Technology. Data Protection Binding Corporate Rules Controller Policy. 2014 Align Technology, Inc. All rights reserved.

Align Technology. Data Protection Binding Corporate Rules Controller Policy. 2014 Align Technology, Inc. All rights reserved. Align Technology Data Protection Binding Corporate Rules Controller Policy Contents INTRODUCTION 3 PART I: BACKGROUND AND ACTIONS 4 PART II: CONTROLLER OBLIGATIONS 6 PART III: APPENDICES 13 2 P a g e INTRODUCTION

More information

Advice Note. An overview of civil proceedings in England. Introduction

Advice Note. An overview of civil proceedings in England. Introduction Advice Note An overview of civil proceedings in England Introduction There is no civil code in England; English civil law comprises of essentially legislation by Parliament and decisions by the courts.

More information

Align Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved.

Align Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved. Align Technology Data Protection Binding Corporate Rules Processor Policy Confidential Contents INTRODUCTION TO THIS POLICY 3 PART I: BACKGROUND AND ACTIONS 4 PART II: PROCESSOR OBLIGATIONS 6 PART III:

More information

means the Eligibility Criteria set forth in clause 4 of these Rules.

means the Eligibility Criteria set forth in clause 4 of these Rules. LIQUIDNET EUROPE LIMITED ( LIQUIDNET ) LIQUIDNET EUROPE FIXED INCOME MTF PARTICIPATION RULES 1 Glossary Term Competent Authority EEA Eligibility Criteria Erroneous Order Erroneous Trade FCA FCA Rules FSMA

More information

Proposed guidance for firms outsourcing to the cloud and other third-party IT services

Proposed guidance for firms outsourcing to the cloud and other third-party IT services Guidance consultation 15/6 Proposed guidance for firms outsourcing to the cloud and other third-party IT services November 2015 1. Introduction and consultation 1.1 The purpose of this draft guidance is

More information

EU Data Protection Reforms Challenges for Business

EU Data Protection Reforms Challenges for Business www.pwc.com Contents EU Data Protection Reforms Challenges for Business July 2014 1. Introduction 2. The need for change 3. Changes and challenges 4. Recommendations 5. Conclusion 6. For a deeper conversation

More information

STATUTORY INSTRUMENTS. S.I. No. 336 of 2011

STATUTORY INSTRUMENTS. S.I. No. 336 of 2011 STATUTORY INSTRUMENTS. S.I. No. 336 of 2011 EUROPEAN COMMUNITIES (ELECTRONIC COMMUNICATIONS NETWORKS AND SERVICES) (PRIVACY AND ELECTRONIC COMMUNICATIONS) REGULATIONS 2011 (Prn. A11/1165) 2 [336] S.I.

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY DATA PROTECTION POLICY Approval date: June 2014 Approved by: Board Responsible Manager: Executive Director of Resources Next Review June 2016 Data Protection Policy 1. Introduction Data Protection Policy

More information

What's Up with Apps in Hong Kong July 2013

What's Up with Apps in Hong Kong July 2013 What's Up with Apps in Hong Kong July 2013 In May this year, the Hong Kong Privacy Commissioner for Personal Data ("Privacy Commissioner") joined the Global Privacy Enforcement Network ("GPEN") to conduct

More information

OUTSOURCING, HOSTING AND DATA PRIVACY ISSUES

OUTSOURCING, HOSTING AND DATA PRIVACY ISSUES OUTSOURCING, HOSTING AND DATA PRIVACY ISSUES 4 April 2013 James Castro-Edwards Solicitor Monica Salgado Advogada / Portuguese Lawyer OUR TEAM Speechly Bircham is an ambitious, full-service law firm with

More information

Hamblin-Martin Financial: Service Charter Mortgage & Insurance

Hamblin-Martin Financial: Service Charter Mortgage & Insurance Hamblin-Martin Financial: Service Charter Mortgage & Insurance OUR SERVICES 2 TERMS OF BUSINESS 3 THE COST OF OUR SERVICES 6 TERMS OF AGREEMENT 9 CUSTOMER CHARTER & OUR CONTACT DETAILS 10 Client Agreement

More information

Client Agreement Mortgages, Equity Release and Insurance

Client Agreement Mortgages, Equity Release and Insurance Client Agreement Mortgages, Equity Release and Insurance An overview of the services we offer I am an Independent Adviser, which means that I offer a range of services designed to meet the financial goals

More information

OBJECTS AND REASONS. (a) the regulation of the collection, keeping, processing, use or dissemination of personal data;

OBJECTS AND REASONS. (a) the regulation of the collection, keeping, processing, use or dissemination of personal data; OBJECTS AND REASONS This Bill would provide for (a) the regulation of the collection, keeping, processing, use or dissemination of personal data; (b) the protection of the privacy of individuals in relation

More information

Cloud Computing: Legal Risks and Best Practices

Cloud Computing: Legal Risks and Best Practices Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent

More information

GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT. CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4

GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT. CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4 GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4 PREFACE The following provides general guidance on data protection

More information

7.08.2 Privacy Rules for Customer, Supplier and Business Partner Data. Directive 7.08 Protection of Personal Data

7.08.2 Privacy Rules for Customer, Supplier and Business Partner Data. Directive 7.08 Protection of Personal Data Akzo Nobel N.V. Executive Committee Rules 7.08.2 Privacy Rules for Customer, Supplier and Business Partner Data Source Directive Content Owner Directive 7.08 Protection of Personal Data AkzoNobel Legal

More information

I. Personal data and its use in the business to business environment.

I. Personal data and its use in the business to business environment. RESPONSE FROM THE DIRECT MARKETING ASSOCIATION (UK) LTD. TO THE EUROPEAN COMMISSION'S CONSULTATION ON THE IMPLEMENTATION OF DIRECTIVE 95/46 EC ON THE PROTECTION OF INDIVIDUALS WITH REGARD TO THE PROCESSING

More information

Comments and proposals on the Chapter IV of the General Data Protection Regulation

Comments and proposals on the Chapter IV of the General Data Protection Regulation Comments and proposals on the Chapter IV of the General Data Protection Regulation Ahead of the trialogue negotiations later this month, EDRi, Access, Panoptykon Bits of Freedom, FIPR and Privacy International

More information

Tracking Compliance: Data Protection Risks and Remedies for Retail Janine Regan. charlesrussellspeechlys.com

Tracking Compliance: Data Protection Risks and Remedies for Retail Janine Regan. charlesrussellspeechlys.com Tracking Compliance: Data Protection Risks and Remedies for Retail Janine Regan charlesrussellspeechlys.com Janine Regan Associate +44 (0)20 7427 6798 janine.regan@crsblaw.com Janine has extensive experience

More information

Corporate ICT & Data Management. Data Protection Policy

Corporate ICT & Data Management. Data Protection Policy 90 Corporate ICT & Data Management Data Protection Policy Classification: Unclassified Date Created: January 2012 Date Reviewed January Version: 2.0 Author: Owner: Data Protection Policy V2 1 Version Control

More information

Cloud Computing. Introduction

Cloud Computing. Introduction Cloud Computing Introduction This information leaflet aims to advise organisations which are considering engaging cloud computing on the factors they should consider. It explains the relationship between

More information

If you are unclear about the implications of Auto Enrolment you will find our Guide to Auto Enrolment a good starting point.

If you are unclear about the implications of Auto Enrolment you will find our Guide to Auto Enrolment a good starting point. The Pay Check Auto Enrolment Service A service designed for Pay Check clients who are looking for a first class pension solution that is simple to administer, cost effective and guarantees full compliance

More information

UNIVERSITY OF ABERDEEN POLICY ON DATA PROTECTION

UNIVERSITY OF ABERDEEN POLICY ON DATA PROTECTION UNIVERSITY OF ABERDEEN POLICY ON DATA PROTECTION The Data Protection Act 1998 (DPA) was passed in order to implement the EU Data Protection Directive (95/46/EC) and applies to all data relating to, and

More information

DailyMailz may collect and process the following personal information about you:

DailyMailz may collect and process the following personal information about you: Privacy Policy DailyMailz is committed to preserving the privacy of all visitors to its website www.dailymailz.nl ("Website"). This privacy policy along with DailyMailz s terms and conditions of use and

More information

RPM INTERNATIONAL INC. AND ITS SUBSIDIARIES AND OPERATING COMPANIES SAFE HARBOR PRIVACY NOTICE. EFFECTIVE AS OF: August 12, 2015

RPM INTERNATIONAL INC. AND ITS SUBSIDIARIES AND OPERATING COMPANIES SAFE HARBOR PRIVACY NOTICE. EFFECTIVE AS OF: August 12, 2015 RPM INTERNATIONAL INC. AND ITS SUBSIDIARIES AND OPERATING COMPANIES SAFE HARBOR PRIVACY NOTICE EFFECTIVE AS OF: August 12, 2015 This Notice sets forth the principles followed by RPM International Inc.,

More information

Norwegian Data Inspectorate

Norwegian Data Inspectorate Norwegian Data Inspectorate Narvik kommune Postboks 64 8501 NARVIK Norway Your reference Our reference (please quote in any reply) Date 1111/1210-6/PEJA 11/00593-7/SEV 16 January 2012 Notification of decision

More information

GSK Public policy positions

GSK Public policy positions Safeguarding Personally Identifiable Information A Summary of GSK s Binding Corporate Rules The Issue The processing of Personally Identifiable Information (PII) 1 and Sensitive Personally Identifiable

More information

Public Consultation regarding Data Sharing and Governance Bill. Contribution of Office of the Data Protection Commissioner

Public Consultation regarding Data Sharing and Governance Bill. Contribution of Office of the Data Protection Commissioner Submission of the Office of the Data Protection Commissioner (DPC) on the data-sharing and Governance Bill: - Policy Proposals (dated the 1 st of August 2014) Public Consultation regarding Data Sharing

More information

Privacy Policy. February, 2015 Page: 1

Privacy Policy. February, 2015 Page: 1 February, 2015 Page: 1 Revision History Revision # Date Author Sections Altered Approval/Date Rev 1.0 02/15/15 Ben Price New Document Rev 1.1 07/24/15 Ben Price Verify Privacy Grid Requirements are met

More information

Summary of Data Protection Requirements When transferring Data Outside the UK End Users

Summary of Data Protection Requirements When transferring Data Outside the UK End Users Summary of Data Protection Requirements When transferring Data Outside the UK End Users 14 May 2010 Background to transfers of the Data outside the UK Data can be transferred in a couple of ways in relation

More information

Corporate Policy. Data Protection for Data of Customers & Partners.

Corporate Policy. Data Protection for Data of Customers & Partners. Corporate Policy. Data Protection for Data of Customers & Partners. 02 Preamble Ladies and gentlemen, Dear employees, The electronic processing of virtually all sales procedures, globalization and growing

More information

The U.K. Information Commissioner s Office Report on Big Data and Data Protection

The U.K. Information Commissioner s Office Report on Big Data and Data Protection reau of National Affairs, Inc. (800-372-1033) http://www.bna.com WORLD DATA PROTECTION REPORT >>> News and analysis of data protection developments around the world. For the latest updates, visit www.bna.com

More information

Crossing Borders New Guidance on the Transfer of Personal Data outside Hong Kong

Crossing Borders New Guidance on the Transfer of Personal Data outside Hong Kong Legal Update Privacy & Security Hong Kong 20 January 2015 Crossing Borders New Guidance on the Transfer of Personal Data outside Hong Kong Section 33 of the Hong Kong Personal Data (Privacy) Ordinance

More information

Draft Code of Conduct on privacy for mobile health applications

Draft Code of Conduct on privacy for mobile health applications Draft Code of Conduct on privacy for mobile health applications I. About this Code 1) Introduction To be drafted as a last step, when the rest of the Code is more or less stable Ed. 2) Purpose The purpose

More information

INSIGNIA MEDICAL SYSTEMS LTD PRIVACY POLICY

INSIGNIA MEDICAL SYSTEMS LTD PRIVACY POLICY INSIGNIA MEDICAL SYSTEMS LTD PRIVACY POLICY This Website is owned by Insignia Medical Systems Ltd (hereafter Company ), a company registered in England and Wales. We take user privacy seriously and take

More information

AIRBUS GROUP BINDING CORPORATE RULES

AIRBUS GROUP BINDING CORPORATE RULES 1 AIRBUS GROUP BINDING CORPORATE RULES 2 Introduction The Binding Corporate Rules (hereinafter BCRs ) of the Airbus Group finalize the Airbus Group s provisions on the protection of Personal Data. These

More information