Big Data for Law Firms DAMIAN BLACKBURN

Size: px
Start display at page:

Download "Big Data for Law Firms DAMIAN BLACKBURN"

Transcription

1 Big Data for Law Firms DAMIAN BLACKBURN PUBLISHED BY IN ASSOCIATION WITH

2 Big data means big business By Simon Briskman, partner, technology & outsourcing group, Field Fisher Waterhouse LLP BIG DATA is set to add several hundred billion dollars to the global economy. Banks, pharmaceuticals, retailers, and government are all embarking on big data programmes. Big data promises to transform interaction with customers, improve business decisions, and promote efficient access to markets. With such major stakes, big data is set to emerge as a mainstream business issue. Law firms will find new work opening up in M&A, new business ventures, and cutting edge projects driven by big data opportunities. Yet, not all organisations are jumping headlong into big data projects. The technologies are still maturing, and technology is not the only barrier to surmount. The biggest advantage of big data the ability to analyse vast quantities of data regardless of source, location or purpose is, from a legal perspective, its biggest challenge. Almost all useful data is subject to legal constraint of one kind or another and companies wanting to exploit big data need to be aware of and manage this. The primary legal issue is privacy. Big data will frequently involve marrying many data sources to help interpret and understand the behaviour of the individual. For example, a company may look at a customer s web browsing habits, previous orders, social media activity, and demographic information to decide how to price services or market its wares. In the European Union and a number of other countries, information concerning an individual can generally only be processed if the individual has been informed about the data held and the purpose for which it is to be used. Sometimes, consent might be necessary. The big data approach does not sit easily alongside data protection requirements, since big data tolls routinely take data gained for one purpose and analyse it for another. Going back to customers or employees to provide 61

3 Big data means big business further information or seek additional consent is not attractive and practical solutions need to be reached. The European Data Protection Directive also requires that data can only be kept for as long as necessary to fulfil the purpose for which it was obtained (and the forthcoming EU Data Protection Regulation, which will replace the Directive, goes further with a right to be forgotten ). Companies are therefore required to delete data which may prove useful for later big data applications. This may on occasion be to the detriment of company and consumer, but it is nevertheless consistent with the EU approach to privacy. Many companies are aware of the privacy implications of big data, but that does not mean all companies are taking the risks sufficiently seriously. Historically, a breach of the data protection laws has meant little for UK companies from a practical perspective, with the sanctions for breaching the UK Data Protection Act usually being no worse than a letter from the Information Commissioner s Office or a small fine. However, since 2011, companies failing to comply with the Data Protection Act face much more substantial penalties, with the ICO now having the power to fine organisations up to 500,000 for serious breaches. In 2012 the ICO began to regularly use these powers in earnest. For example, the ICO imposed 440,000 penalties against the owners of Tetrus Telecoms for spam text messages in November. More severe powers are still to come, with the draft Data Protection Regulation proposing fines of 2 per cent of worldwide turnover for the worst data protection breaches. Some data analytical tools may marry data from within the organisation with profiles on social networking sites, information, and public records. A classic business error in the privacy field is to assume that because data is available and accessible, it is also free to use. This is not true from a data protection perspective (nor from a terms of use perspective). It may still be necessary to notify people or seek consent. Organisations operating in some sectors may well have specific rules applying data handling. Fines for breach of these regulations can be even more severe than those issued by the ICO. In 2010, the FSA fined Zurich UK 2.27m for losing the personal details of 46,000 customers. Other sectors such as healthcare, the public sector, and telecoms are also regulated in how they may exploit the data they hold. While potential fines may be significant, 62

4 Big Data for Law Firms many clients are more concerned with the negative publicity from data privacy breaches. This is rightly so since consumers regularly place trust in the top 10 issues inhibiting them from doing business with companies over the web. Well-informed businesses seek advice early in the development cycle for new technology programmes. Analysing the data privacy implications through a privacy impact assessment and dealing with the consequences should be integral to technology design. Without privacy by design, time and money can be wasted building technologies which cannot be effectively deployed. In the worst case, companies will deploy technologies which are privacy infringing. Privacy is not the only legal implication of implementing big data. In many cases, big data applications can trawl websites or materials held by an organisation but provided by a third party. Obligations of confidentiality, terms of use, database rights, and copyright may all apply. Any use of data without the necessary consent or licence may leave the organisation wishing to exploit the data exposed to claims of infringement, breach of contract, or breach of confidence. For those companies working with the public sector, certain information may also be protectively marked, meaning such data can only be used and disclosed in certain restricted ways. Any impact assessment should cover not just privacy but ensure a close understanding of all the legal implications. For key applications, data can be cleansed or permissions sought to ensure compliance. In some cases data may need to be blocked. Metadata flagging status and permissions attached to data can be used to exclude information which should not be processed. In my own firm our knowledge engine can search any information on our servers from to documents to precedents. However, we protect some documents and isolate other data on encrypted servers. Thus we handle government data to required standards, carve out price sensitive information, and avoid revealing employee data. The patchwork of regulation relevant to big data is not uniform throughout the world and different countries may place different or additional rules on the use of data in particular circumstances. Those companies which operate and collect data internationally will therefore need to understand and take the necessary steps to comply with the relevant laws in each of these countries. This final point may have the effect of allowing new big data applications to flourish in some jurisdictions but not others. With analysts predicting dollar 63

5 Big data means big business benefits in the hundreds of billions, regulators will need to carefully re-assess the balance of valuable regulatory protection versus economic advantage. Impact assessments are an important task for suppliers too. Technology companies selling big data tools will need to understand and articulate to their customers how their products support their customer s legal requirements. Well-informed clients build legal compliance into their product development (and sales). Customers acquiring these tools and databases will need to understand the legal implications early in the procurement cycle and these manage the consequences if they are to achieve value from their big data implementations. The legal challenges associated with big data aren t insurmountable. However, it is necessary to take the legal issues seriously and to deal with them appropriately. The first step for an organisation carrying out an impact assessment is to understand the types of data that it already holds or has access to and that it wishes to analyse. Carrying out audits on this data will help the organisation to understand what restrictions may apply to each of these types of data and what consents, licenses or other approvals are required in order to comply with the various regulations and restrictions. The output of these audits can then be used to determine how to deal with the issues raised whether this involves obtaining the necessary consents from individuals, appropriate licenses for use of third party sources of data, or approvals where information is subject to confidentiality restrictions. Where such approvals, consents, or licenses cannot be obtained, some sources to be analysed may need to be deselected from any future analysis or, in the case of personal data, anonymised. Recent guidance from the ICO in the UK has been helpful in this regard to big data organisations. Under official guidance from the EU anonymisation meant that re-identification must no longer be possible a high bar to pass. However, the ICO has now made it clear that anyone wishing to anonymise data must only prove it has assessed the risk of re-identification and, having done so, reasonably conclude that the risk of re-identification is remote. Companies wishing to collect data going forwards for use in a big data context should implement, police, and enforce policies and procedures to manage data collection and ensure that the appropriate consents and licenses have been obtained. In the case of personal data, privacy policies will need 64

6 Big Data for Law Firms to set out in plain language the purposes for which the data collected will be used and consent obtained where necessary. Impact assessments form the building blocks for good legal advice on big data, but the implications of big data should be seen in a wider context. The immediate future heralds the convergence of a number of game changing key technologies. Mobile network access, tablets and smart phones, apps, mobile payment, and big data are coming together to form a ubiquitous world of technology in which people and objects can be tracked and communicated with. The possibilities are boundless. Organisations are improving access to medical advice in remote locations; looking to exploit big data to make better, quicker decisions on which drugs to trial and bring to market; analysing transactions reduce fraudulent benefit claims. While it is right to ensure that consumers and employees are properly protected, the vast positive side of big data and technological innovation will fuel new markets and new opportunities for legal advisers for some time to come. Simon Briskman is a leading outsourcing and information technology lawyer. He has advised some of the world s largest organisations on emerging technologies including the internet, the web, mobile technologies, convergence, the cloud and big data. Simon is editor of Lexis Nexis online practice note series on technology and outsourcing and a columnist for Outsource.com. He has served on the editorial board of silicon.com and on Intellect s Outsourcing Group Committee, and is general counsel of AccountAbility, a think tank dedicated to accountability and sustainable development. Simon regularly commentates on current outsourcing, technology, privacy and governance issues affecting senior management and their organisations. He has appeared on the BBC s Working Lunch, You and Yours and the Today programme talking about technology and ecommerce issues, and been quoted in publications including the FT, Times, Guardian and the Economist. 65

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft Cyber Security and Privacy Services Working in partnership with you to protect your organisation from cyber security threats and data theft 2 Cyber Security and Privacy Services What drives your security

More information

The potential legal consequences of a personal data breach

The potential legal consequences of a personal data breach The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.

More information

Big Data for Law Firms DAMIAN BLACKBURN

Big Data for Law Firms DAMIAN BLACKBURN Big Data for Law Firms DAMIAN BLACKBURN PUBLISHED BY IN ASSOCIATION WITH Contents Executive summary VII About the author XI Chapter 1: Introduction to big data 1 Factors leading to big data 2 The three

More information

The Information Commissioner s Office response to HM Treasury s Call for Evidence on Data Sharing and Open Data in Banking

The Information Commissioner s Office response to HM Treasury s Call for Evidence on Data Sharing and Open Data in Banking The Information Commissioner s Office response to HM Treasury s Call for Evidence on Data Sharing and Open Data in Banking The Information Commissioner has responsibility for promoting and enforcing the

More information

Mega Transparency Report. March 2015. Requests for Removal of Content and for User Information

Mega Transparency Report. March 2015. Requests for Removal of Content and for User Information Mega Transparency Report March 205 Requests for Removal of Content and for User Information Introduction This is the first transparency report published by Mega since it commenced operations in January

More information

Mitigating and managing cyber risk: ten issues to consider

Mitigating and managing cyber risk: ten issues to consider Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed

More information

Data Security and Extranet

Data Security and Extranet Data Security and Extranet Derek Crabtree Schools ICT Support Manager derek.crabtree@merton.gov.uk Target Operating Model 2011 Merton Audit Organisation name: London Borough of Merton Periodic plan date:

More information

Small businesses: What you need to know about cyber security

Small businesses: What you need to know about cyber security Small businesses: What you need to know about cyber security March 2015 Contents page What you need to know about cyber security... 3 Why you need to know about cyber security... 4 Getting the basics right...

More information

Data controllers and data processors: what the difference is and what the governance implications are

Data controllers and data processors: what the difference is and what the governance implications are ICO lo : what the difference is and what the governance implications are Data Protection Act Contents Introduction... 3 Overview... 3 Section 1 - What is the difference between a data controller and a

More information

Cloud Software Services for Schools

Cloud Software Services for Schools Cloud Software Services for Schools Supplier self-certification statements with service and support commitments Supplier name Address Contact name Contact email Contact telephone Parent Teacher Online

More information

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction LEEDS BECKETT UNIVERSITY Information Security Policy 1.0 Introduction 1.1 Information in all of its forms is crucial to the effective functioning and good governance of our University. We are committed

More information

Cybercrime: risks, penalties and prevention

Cybercrime: risks, penalties and prevention Cybercrime: risks, penalties and prevention Cyber attacks have been appearing in the news with increased frequency and recent victims of cybercrime have included well-known companies such as Sony, LinkedIn,

More information

Big Data for Law Firms DAMIAN BLACKBURN

Big Data for Law Firms DAMIAN BLACKBURN Big Data for Law Firms DAMIAN BLACKBURN PUBLISHED BY IN IN ASSOCIATION WITH Big Data for Law Firms is published by Ark Group UK/EUROPE/ASIA OFFICE Ark Group Ltd 6-14 Underwood Street London N1 7JQ United

More information

Big Data, Not Big Brother: Best Practices for Data Analytics Peter Leonard Gilbert + Tobin Lawyers

Big Data, Not Big Brother: Best Practices for Data Analytics Peter Leonard Gilbert + Tobin Lawyers Big Data, Not Big Brother: Best Practices for Data Analytics Peter Leonard Gilbert + Tobin Lawyers March 2013 How Target Knew a High School Girl Was Pregnant Before Her Parents Did just because you can,

More information

www.bonddickinson.com Cyber Risks October 2014 2

www.bonddickinson.com Cyber Risks October 2014 2 www.bonddickinson.com Cyber Risks October 2014 2 Why this emerging sector matters Justin Tivey Legal Director T: +44(0)845 415 8128 E: justin.tivey The government estimates that the current cost of cyber-crime

More information

Methods and Practices: Cloud in Retail

Methods and Practices: Cloud in Retail Methods and Practices: Cloud in Retail IDC Retail Insights: Retail IT Infrastructure Strategies METHODS AND PRACTICES #RI243398 Kimberly Knickle Leslie Hand Global Headquarters: 5 Speen Street Framingham,

More information

Data Protection Act. Conducting privacy impact assessments code of practice

Data Protection Act. Conducting privacy impact assessments code of practice Data Protection Act Conducting privacy impact assessments code of practice 1 Conducting privacy impact assessments code of practice Data Protection Act Contents Information Commissioner s foreword... 3

More information

The U.K. Information Commissioner s Office Report on Big Data and Data Protection

The U.K. Information Commissioner s Office Report on Big Data and Data Protection reau of National Affairs, Inc. (800-372-1033) http://www.bna.com WORLD DATA PROTECTION REPORT >>> News and analysis of data protection developments around the world. For the latest updates, visit www.bna.com

More information

The Challenge of Securing and Managing Data While Meeting Compliance

The Challenge of Securing and Managing Data While Meeting Compliance ESG Brief Commvault: Integrating Enterprise File Sync and Share Capabilities with Data Protection and Backup Date: September 2015 Author: Terri McClure, Senior Analyst, and Leah Matuson, Research Analyst

More information

The Cloud and Cross-Border Risks - Singapore

The Cloud and Cross-Border Risks - Singapore The Cloud and Cross-Border Risks - Singapore February 2011 What is the objective of the paper? Macquarie Telecom has commissioned this paper by international law firm Freshfields Bruckhaus Deringer in

More information

Helping to protect your business and your customers in the event of a data breach

Helping to protect your business and your customers in the event of a data breach Helping to protect your business and your customers in the event of a data breach Equifax Data Breach Assistance helps you respond more quickly and effectively, limiting the reputational damage to your

More information

Type of Personal Data We Collect and How We Use It

Type of Personal Data We Collect and How We Use It Philips Lumify App Privacy Notice This Privacy Notice was last changed on September 1, 2015. Philips Electronics North America Corporation ("Philips") strongly believes in protecting the privacy of the

More information

FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS

FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS As a world leader in electronic commerce and payment services, First Data Corporation and its subsidiaries ( First Data entity or entities ),

More information

Small businesses: What you need to know about cyber security

Small businesses: What you need to know about cyber security Small businesses: What you need to know about cyber security Contents Why you need to know about cyber security... 3 Understanding the risks to your business... 4 How you can manage the risks... 5 Planning

More information

Cyber/ Network Security. FINEX Global

Cyber/ Network Security. FINEX Global Cyber/ Network Security FINEX Global ABOUT US >> We are one of the largest insurance brokers in the world >> We have over 180 years of history and experience in insurance; we currently operate in over

More information

Corporate Code of Conduct

Corporate Code of Conduct 1. Background Corporate Code of Conduct 1.1. For over a century, the Swire group of companies has been recognised as acting responsibly in the course of achieving its commercial success. Our reputation

More information

Corporate Compliance: A Global Perspective

Corporate Compliance: A Global Perspective Corporate Compliance: A Global Perspective 6/27/2012 37 Offices in 18 Countries Current Compliance Environment Ever-intensifying regulatory burden new areas of regulation existing regulations becoming

More information

Data Protection Avoiding Information Commissioner Fines. Caroline Egan 5 June 2014

Data Protection Avoiding Information Commissioner Fines. Caroline Egan 5 June 2014 Data Protection Avoiding Information Commissioner Fines Caroline Egan 5 June 2014 Why is data protection a hot topic in pensions? Pension schemes hold large amounts of personal data Individuals more aware

More information

Data Protection Compensation Claims. White Paper

Data Protection Compensation Claims. White Paper Data Protection Compensation Claims White Paper April 2015 Executive Summary The recent Vidal-Hall v Google case marks a dramatic change in Data Protection law. For the first time, the courts made a definitive

More information

Article 29 Working Party Issues Opinion on Cloud Computing

Article 29 Working Party Issues Opinion on Cloud Computing Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,

More information

E-commerce and Legal Compliance

E-commerce and Legal Compliance E-commerce and Legal Compliance Moving all or part of your business online can be an exciting time, opening up a range of opportunities and new markets for you and your business. Hand in hand with these

More information

a leading UK law firm Technology Big decisions about the future

a leading UK law firm Technology Big decisions about the future a leading UK law firm Technology Big decisions about the future 01 Technology Specialists We understand your business because our approach is as focused on the technology as it is the law. A number of

More information

Privacy and Cloud Computing for Australian Government Agencies

Privacy and Cloud Computing for Australian Government Agencies Privacy and Cloud Computing for Australian Government Agencies Better Practice Guide February 2013 Version 1.1 Introduction Despite common perceptions, cloud computing has the potential to enhance privacy

More information

Merthyr Tydfil County Borough Council. Data Protection Policy

Merthyr Tydfil County Borough Council. Data Protection Policy Merthyr Tydfil County Borough Council Data Protection Policy 2014 Cyfarthfa High School is a Rights Respecting School, we recognise the importance of ensuring that the United Nations Convention of the

More information

Information Security Policy

Information Security Policy Central Bedfordshire Council www.centralbedfordshire.gov.uk Information Security Policy January 2016 Security Classification: Not Protected 1 Approval History Version No Approved by Approval Date Comments

More information

New EU Data Protection legislation comes into force today. What does this mean for your business?

New EU Data Protection legislation comes into force today. What does this mean for your business? 24 th May 2016 New EU Data Protection legislation comes into force today. What does this mean for your business? After years of discussion and proposals, the General Data Protection Regulation ( GDPR )

More information

Selling Telematics Motor Insurance Policies. A Good Practice Guide

Selling Telematics Motor Insurance Policies. A Good Practice Guide Selling Telematics Motor Insurance Policies A Good Practice Guide April 2013 1 INTRODUCTION 1.1 The purpose of the guidance This guidance sets out high-level actions that insurers should seek to achieve

More information

Data and Cyber Laws Up-date 9 July 2015

Data and Cyber Laws Up-date 9 July 2015 Data and Cyber Laws Up-date 9 July 2015 Janine Regan Alexia Zuber Viktoria Protokova Simon Holdsworth charlesrussellspeechlys.com Topics Updates on the key aspects of, and commentary on, the proposed GDPR

More information

IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy. Notification of Policy Release: Distribution by Communication Managers

IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy. Notification of Policy Release: Distribution by Communication Managers IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy DOCUMENT INFORMATION Author: Vince Weldon Associate Director of IM&T Approval: Executive This document replaces: IM&T Policy No. 1 Anti Virus Version

More information

On the edge Lexis PSL Restructuring & Insolvency

On the edge Lexis PSL Restructuring & Insolvency On the edge Lexis PSL Restructuring & Insolvency Data protection law for insolvency practitioners November 2014 Welcome to your third edition of On the edge, a series of guides highlighting a selection

More information

pharmaceutical & biotechnology

pharmaceutical & biotechnology pharmaceutical & biotechnology Our specialist lawyers find practical solutions to legal problems and help pharma and biotech companies to operate and grow their businesses effectively and compliantly.

More information

Data Protection Act 1998. Guidance on the use of cloud computing

Data Protection Act 1998. Guidance on the use of cloud computing Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered

More information

Policy for the Exploitation of University Intellectual property - Formation of New Companies

Policy for the Exploitation of University Intellectual property - Formation of New Companies Policy for the Exploitation of University Intellectual property - Formation of New Companies 1. Introduction By law, the University owns the Intellectual property (IP) generated by its employees in the

More information

Surviving the Era of Hack Attacks Cyber Security on a Global Scale

Surviving the Era of Hack Attacks Cyber Security on a Global Scale Surviving the Era of Hack Attacks Cyber Security on a Global Scale Dr. Adriana Sanford ASU Lincoln Professor of Global Corporate Compliance and Ethics Clinical Associate Professor of Law and Ethics This

More information

Data Protection Policy

Data Protection Policy Data Protection Policy 1. Introduction to the Data Protection Policy Everyone who works for Chorley Council uses personal data in the course of their duties. Chorley Council must gather and process personal

More information

Thought Leadership White Paper

Thought Leadership White Paper Thought Leadership White Paper Introduction Contracts form the foundation of all businesses and every business relationship. They define every aspect of a business s activities procurement, sales, marketing,

More information

UK Data Risks Incident RoadMap

UK Data Risks Incident RoadMap Data breach summary steps Hiscox s data breach Experts Knowing what to do in the event of a data breach ( security incident ) can make the situation much less daunting when it may seem like your house

More information

"Bring Your Own Device" Brings its Own Challenges

Bring Your Own Device Brings its Own Challenges 6 June 2012 "Bring Your Own Device" Brings its Own Challenges By Susan McLean and Alistair Maughan The consumerisation of IT is the growing trend for information technology to emerge first in the consumer

More information

CCBE RESPONSE REGARDING THE EUROPEAN COMMISSION PUBLIC CONSULTATION ON CLOUD COMPUTING

CCBE RESPONSE REGARDING THE EUROPEAN COMMISSION PUBLIC CONSULTATION ON CLOUD COMPUTING CCBE RESPONSE REGARDING THE EUROPEAN COMMISSION PUBLIC CONSULTATION ON CLOUD COMPUTING CCBE response regarding the European Commission Public Consultation on Cloud Computing The Council of Bars and Law

More information

Cloud Computing. Introduction

Cloud Computing. Introduction Cloud Computing Introduction This information leaflet aims to advise organisations which are considering engaging cloud computing on the factors they should consider. It explains the relationship between

More information

FISHER & PAYKEL PRIVACY POLICY

FISHER & PAYKEL PRIVACY POLICY FISHER & PAYKEL PRIVACY POLICY 1. About this Policy Fisher & Paykel Australia Pty Limited (ABN 71 000 042 080) and its related companies ('we', 'us', 'our') understands the importance of, and is committed

More information

Response to the European Commission consultation on. European Data Protection Legal Framework

Response to the European Commission consultation on. European Data Protection Legal Framework Response to the European Commission consultation on European Data Protection Legal Framework A submission by Acxiom (ID number 02737212854-67) Correspondence Address: Martin-Behaim-Straße 12, 63263 Neu-Isenburg,

More information

AASA Online Privacy Policy CRP.020

AASA Online Privacy Policy CRP.020 Introduction Alzheimer s Australia SA Inc values your privacy and takes reasonable steps to protect your personal information (that is, information which identifies or may reasonably be used to identify

More information

Data protection in Switzerland: overview

Data protection in Switzerland: overview Page 1 of 8 Data protection in Switzerland: overview Resource type: Country Q&A Status: Law stated as at 01-Aug-2014 Jurisdiction: Switzerland A Q&A guide to data protection in Switzerland. This Q&A guide

More information

Data, Privacy, Cookies and the FTC in 2013. Kevin Stark - ExactTarget Maltie Maraj - ExactTarget Nicholas Merker - Ice Miller

Data, Privacy, Cookies and the FTC in 2013. Kevin Stark - ExactTarget Maltie Maraj - ExactTarget Nicholas Merker - Ice Miller Data, Privacy, Cookies and the FTC in 2013 Kevin Stark - ExactTarget Maltie Maraj - ExactTarget Nicholas Merker - Ice Miller BIOS Kevin Stark: Product Manager at ExactTarget. Focused on data security,

More information

"choose your own device" : the employer still provides the hardware and the employee can choose e.g. the model.

choose your own device : the employer still provides the hardware and the employee can choose e.g. the model. WHAT IS BYOD? BYOD comes in "different shades of grey". "bring your own device" : employees are allowed to use their privately owned hard- and software. IT-applications and company data of the employer

More information

Cloud Computing: Contracting and Compliance Issues for In-House Counsel

Cloud Computing: Contracting and Compliance Issues for In-House Counsel International In-house Counsel Journal Vol. 6, No. 23, Spring 2013, 1 Cloud Computing: Contracting and Compliance Issues for In-House Counsel SHAHAB AHMED Director Legal and Corporate Affairs, Microsoft,

More information

Information Sheet: Cloud Computing

Information Sheet: Cloud Computing info sheet 03.11 Information Sheet: Cloud Computing Info Sheet 03.11 May 2011 This Information Sheet gives a brief overview of how the Information Privacy Act 2000 (Vic) applies to cloud computing technologies.

More information

Plus500UK Limited. Statement on Privacy and Cookie Policy

Plus500UK Limited. Statement on Privacy and Cookie Policy Plus500UK Limited Statement on Privacy and Cookie Policy Statement on Privacy and Cookie Policy This website is operated by Plus500UK Limited ("we, us or our"). It is our policy to respect the confidentiality

More information

Attitudes to Use of Social Networks in the Workplace and Protection of Personal Data

Attitudes to Use of Social Networks in the Workplace and Protection of Personal Data Attitudes to Use of Social Networks in the Workplace and Protection of Personal Data David Haynes, City University, School of Informatics, Department of Information Science August 2011 Background Two surveys

More information

Governance. Information. Bulletin. Welcome to the nineteenth edition of the information governance bulletin

Governance. Information. Bulletin. Welcome to the nineteenth edition of the information governance bulletin Welcome to the nineteenth edition of the information governance bulletin Our regular bulletin about information governance and the work of the IG transition programme Publication Gateway Reference: 02465

More information

Dealing with data breaches in Europe and beyond

Dealing with data breaches in Europe and beyond Dealing with data breaches in Europe and beyond Karin Retzer and Joanna Łopatowska Morrison & Foerster LLP www.practicallaw.com/6-505-9638 The use of increasingly advanced technology means that the ways

More information

SWITCH ON THINK BUYERS. All procurement transactions in one system

SWITCH ON THINK BUYERS. All procurement transactions in one system SWITCH ON THINK BUYERS All procurement transactions in one system INTRODUCTION At think we believe in challenging the status quo and that doing business should be simple. An organisation s employees are

More information

Cloud Computing and Privacy Toolkit. Protecting Privacy Online. May 2016 CLOUD COMPUTING AND PRIVACY TOOLKIT 1

Cloud Computing and Privacy Toolkit. Protecting Privacy Online. May 2016 CLOUD COMPUTING AND PRIVACY TOOLKIT 1 Cloud Computing and Privacy Toolkit Protecting Privacy Online May 2016 CLOUD COMPUTING AND PRIVACY TOOLKIT 1 Table of Contents ABOUT THIS TOOLKIT... 4 What is this Toolkit?... 4 Purpose of this Toolkit...

More information

Code of Conduct 1. The Financial Services Authority

Code of Conduct 1. The Financial Services Authority The Financial Services Authority Code of Conduct 1 1 The FSA's Code of Conduct should be read in conjunction with the guidance, which is designed to help you understand and apply the provisions of the

More information

Privacy Policy Draft

Privacy Policy Draft Introduction Privacy Policy Draft Please note this is a draft policy pending final approval Alzheimer s Australia values your privacy and takes reasonable steps to protect your personal information (that

More information

EXECUTIVE BRIEF SPON. File Synchronization and Sharing Market Forecast, 2012-2017. Published May 2013. An Osterman Research Executive Brief

EXECUTIVE BRIEF SPON. File Synchronization and Sharing Market Forecast, 2012-2017. Published May 2013. An Osterman Research Executive Brief EXECUTIVE BRIEF N Sharing Market Forecast, sponsored by An Osterman Research Executive Brief Published May 2013 SPON sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington 98010-1058

More information

Modernising Powers, Deterrents and Safeguards Working with Tax Agents

Modernising Powers, Deterrents and Safeguards Working with Tax Agents Modernising Powers, Deterrents and Safeguards Working with Tax Agents 1. The Society of Trust and Estate Practitioners (STEP) is the worldwide professional body for practitioners in the fields of trusts

More information

External Communication to Third Parties

External Communication to Third Parties External Communication to Third Parties Egress Software Technologies Ltd Unit 16 Quadrant Business Center, 135 Salusbury Road, London, NW6 6RJ T: +44 (0)20 7624 8500 / F: +44 (0)20 7624 8200 / E: info@egress.com

More information

Resolution on Consumer Protection in Cloud Computing

Resolution on Consumer Protection in Cloud Computing DOC NO: INFOSOC 46-11 DATE ISSUED: JUNE 2011 Resolution on Consumer Protection in Cloud Computing Consumers, businesses and governments are increasingly using cloud computing services to store and share

More information

Unleashing the Potential of Cloud Computing in Europe - What is it and what does it mean for me?

Unleashing the Potential of Cloud Computing in Europe - What is it and what does it mean for me? EUROPEAN COMMISSION MEMO Brussels, 27 September 2012 Unleashing the Potential of Cloud Computing in Europe - What is it and what does it mean for me? See also IP/12/1025 What is Cloud Computing? Cloud

More information

COMPLYING WITH THE E-COMMERCE REGULATIONS 2002

COMPLYING WITH THE E-COMMERCE REGULATIONS 2002 COMPLYING WITH THE E-COMMERCE REGULATIONS 2002 You should read this guide if you. advertise goods or services online (i.e. via the Internet, interactive television or mobile telephone) sell goods or services

More information

Institute for Judicial and Legal Studies

Institute for Judicial and Legal Studies Institute for Judicial and Legal Studies «The Data Protection Reform for Mauritius» Presented by Mrs Drudeisha Madhub (Data Protection Commissioner) Email: pmo-dpo@mail.gov.mu Tel:+230 201 36 04 Helpdesk:+230

More information

FINAL NOTICE. 1.2. Nationwide has confirmed that it will not be referring the matter to the Financial Services and Markets Tribunal.

FINAL NOTICE. 1.2. Nationwide has confirmed that it will not be referring the matter to the Financial Services and Markets Tribunal. Financial Services Authority FINAL NOTICE To: Of: Nationwide Building Society Nationwide House Pipers Way Swindon SN38 1NW Date: 14 February 2007 TAKE NOTICE: The Financial Services Authority of 25 The

More information

Data Protection Policy. Information Security Review Group. Version Date Author Notes on Revisions

Data Protection Policy. Information Security Review Group. Version Date Author Notes on Revisions Document Control Table Document Title: Author(s) (name, job title and Division): Version Number: Document Status: Date Approved: Approved By: Effective Date: Date of Next Review: Superseded Version: Data

More information

PRIVACY POLICY. In this policy, the terms Adelaide Unicare and The Practice are used interchangeably and mean the same.

PRIVACY POLICY. In this policy, the terms Adelaide Unicare and The Practice are used interchangeably and mean the same. PRIVACY POLICY Note: The definition of Staff in this policy refers to all Employees, Contractors, Healthcare Providers at Adelaide Unicare and Students who attend the practice as part of their studies.

More information

CORPORATE TRAVEL MANAGEMENT PRIVACY POLICY

CORPORATE TRAVEL MANAGEMENT PRIVACY POLICY CORPORATE TRAVEL MANAGEMENT PRIVACY POLICY 1. About this Policy Corporate Travel Management Group Pty Ltd (ABN 52 005 000 895) (CTM) ('we', 'us', 'our') understands the importance of, and is committed

More information

HOW WILL FRANCHISORS IN EUROPE MEET THE CHALLENGES EU PROPOSED CYBERCRIME DIRECTIVE

HOW WILL FRANCHISORS IN EUROPE MEET THE CHALLENGES EU PROPOSED CYBERCRIME DIRECTIVE HOW WILL FRANCHISORS IN EUROPE MEET THE CHALLENGES OF THE PROPOSED CYBERCRIME DIRECTIVE? Dr Mark Abell, Graeme Payne and Joseph Jackson, Bird & Bird, London, UK Cybersecurity is arguably receiving more

More information

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY SMALL BUSINESSES WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY ONE CLICK CAN CHANGE EVERYTHING SMALL BUSINESSES My reputation was ruined by malicious emails ONE CLICK CAN CHANGE EVERYTHING Cybercrime comes

More information

Data Protection for the Guidance Counsellor. Issues To Plan For

Data Protection for the Guidance Counsellor. Issues To Plan For Data Protection for the Guidance Counsellor Issues To Plan For Author: Hugh Jones Data Protection Specialist Longstone Management Ltd. Published by the National Centre for Guidance in Education (NCGE)

More information

Outsourcing. FSA Regulated firms (including offshore outsourcing) Contents. March 2004

Outsourcing. FSA Regulated firms (including offshore outsourcing) Contents. March 2004 Outsourcing FSA Regulated firms (including offshore outsourcing) March 2004 Contents 2. Introduction 2. How do the regulations impact an outsourcing? 3. Prudential Sourcebooks 4. Service Level Agreements

More information

Data Management Session: Privacy, the Cloud and Data Breaches

Data Management Session: Privacy, the Cloud and Data Breaches Data Management Session: Privacy, the Cloud and Data Breaches Annelies Moens Head of Sales and Operations, IIS President, iappanz IACCM APAC Australia Sydney, 1 August 2012 Overview Changing privacy regulation

More information

BYOD: Bring Your Own Policy. Bring Your Own Device (BYOD) is already making a significant impact on the way the private sector works.

BYOD: Bring Your Own Policy. Bring Your Own Device (BYOD) is already making a significant impact on the way the private sector works. BYOD: Bring Your Own Policy Bring Your Own Device (BYOD) is already making a significant impact on the way the private sector works. BYOD: Bring Your Own Policy Bring Your Own Device (BYOD) is already

More information

Response of the German Medical Association

Response of the German Medical Association Response of the German Medical Association To the Green Paper on mobile Health ( mhealth ) of the European Commission Berlin, 3 July 2014 Bundesärztekammer Herbert-Lewin-Platz 1 10623 Berlin We are grateful

More information

NHS DORSET CLINICAL COMMISSIONING GROUP GOVERNING BODY INFORMATION GOVERNANCE TOOLKIT REPORT

NHS DORSET CLINICAL COMMISSIONING GROUP GOVERNING BODY INFORMATION GOVERNANCE TOOLKIT REPORT NHS DORSET CLINICAL COMMISSIONING GROUP GOVERNING BODY INFORMATION GOVERNANCE TOOLKIT REPORT 9.7 Date of the meeting 15/07/2015 Author Sponsoring Clinician Purpose of Report Recommendation J Green - Head

More information

Telehealth and the Law: An Update from Both Sides of the Atlantic

Telehealth and the Law: An Update from Both Sides of the Atlantic Telehealth and the Law: An Update from Both Sides of the Atlantic John Williams, MD Associate Medical Director, University of Pittsburgh Medical Center International and Commercial Services Division (Moderator)

More information

HIPAA PRIVACY AND SECURITY AWARENESS

HIPAA PRIVACY AND SECURITY AWARENESS HIPAA PRIVACY AND SECURITY AWARENESS Introduction The Health Insurance Portability and Accountability Act (known as HIPAA) was enacted by Congress in 1996. HIPAA serves three main purposes: To protect

More information

August 2011. Report on Cloud Computing and the Law for UK FE and HE (An Overview)

August 2011. Report on Cloud Computing and the Law for UK FE and HE (An Overview) August 2011 Report on Cloud Computing and the Law for UK FE and HE (An Overview) Please Note: This guidance is for information only and is not intended to replace legal advice when faced with a risk decision.

More information

Privacy Policy for PDV Limited

Privacy Policy for PDV Limited Privacy Policy for PDV Limited PDV Limited ( PDV or We ) are specialists in the provision of consumer data for marketing and market research purposes. We are committed to protecting and respecting your

More information

Please Note: This guidance is for information only and is not intended to replace legal advice when faced with a risk decision.

Please Note: This guidance is for information only and is not intended to replace legal advice when faced with a risk decision. May 2013 Bring Your Own Device Policy Template for Further Education Please Note: This guidance is for information only and is not intended to replace legal advice when faced with a risk decision. Table

More information

stacktools.io Services Device Account and Profile Information

stacktools.io Services Device Account and Profile Information Privacy Policy Introduction This Privacy Policy explains what information Super7ui LLC collect about you and why, what we do with that information, how we share it, and how we handle the content you place

More information

Investigating the prevalence of unsecured financial, health and personally identifiable information in corporate data

Investigating the prevalence of unsecured financial, health and personally identifiable information in corporate data Nuix And EDRM Case Study: Removing PII from Nuix the and EDRM EDRM Enron Case Data Study Set Removing PII from the EDRM Enron Data Set Investigating the prevalence of unsecured financial, health and personally

More information

Ten Tips for Managing Risks on Convergent Networks The Risk Management Group

Ten Tips for Managing Risks on Convergent Networks The Risk Management Group Ten Tips for Managing Risks on Convergent Networks The Risk Management Group April 2012 Sponsored by: Lavastorm Analytics is a global business performance analytics company that enables companies to analyze,

More information

I. Personal data and its use in the business to business environment.

I. Personal data and its use in the business to business environment. RESPONSE FROM THE DIRECT MARKETING ASSOCIATION (UK) LTD. TO THE EUROPEAN COMMISSION'S CONSULTATION ON THE IMPLEMENTATION OF DIRECTIVE 95/46 EC ON THE PROTECTION OF INDIVIDUALS WITH REGARD TO THE PROCESSING

More information

SEMGROUP CORPORATION. Anti-Corruption Compliance Policy August, 2011

SEMGROUP CORPORATION. Anti-Corruption Compliance Policy August, 2011 SEMGROUP CORPORATION Anti-Corruption Compliance Policy August, 2011 SCOPE This is a global policy (the Policy ) applicable to the worldwide operations of SemGroup Corporation ("SemGroup") and all of its

More information

INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER

INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER INFORMATION GOVERNANCE AND SECURITY 1 POLICY DRAFTED BY: INFORMATION GOVERNANCE LEAD 2 ACCOUNTABLE DIRECTOR: SENIOR INFORMATION RISK OWNER 3 APPLIES TO: ALL STAFF 4 COMMITTEE & DATE APPROVED: AUDIT COMMITTEE

More information

Principles of Best Practice applicable to the distribution of Life Insurance Products on a Cross-border Basis within the EU or a Third Country

Principles of Best Practice applicable to the distribution of Life Insurance Products on a Cross-border Basis within the EU or a Third Country 2015 Principles of Best Practice applicable to the distribution of Life Insurance Products on a Cross-border Basis within the EU or a Third Country 1 Principles of Best Practice applicable to the distribution

More information

The Data Protection Landscape. Before and after GDPR: General Data Protection Regulation

The Data Protection Landscape. Before and after GDPR: General Data Protection Regulation The Data Protection Landscape Before and after GDPR: General Data Protection Regulation Data Protection regulations across Europe Current regulations & guidance European Directives 95/46/EC (Data Protection)

More information

EGUIDE BRIDGING THE GAP BETWEEN HEALTHCARE & HIPAA COMPLIANT CLOUD TECHNOLOGY

EGUIDE BRIDGING THE GAP BETWEEN HEALTHCARE & HIPAA COMPLIANT CLOUD TECHNOLOGY Bridging The Gap Between Healthcare & Hipaa Compliant Cloud Technology and outsource computing resources to external entities, would provide substantial relief to healthcare service providers. Data stored

More information

PCL2\13991300\1 CYBER RISKS: RISK MANAGEMENT STRATEGIES

PCL2\13991300\1 CYBER RISKS: RISK MANAGEMENT STRATEGIES PCL2\13991300\1 CYBER RISKS: RISK MANAGEMENT STRATEGIES Cyber Attacks: How prepared are you? With barely a day passing without a reported breach of corporate information security, the threat to financial

More information