INTERNET AND SECURITY
|
|
- Randell Hensley
- 8 years ago
- Views:
Transcription
1 NEWS FROM PLESNER JUNI 2008 INTERNET AND SECURITY Introduction By Attorney-at-Law, junior-partner Michael Hopp In Denmark, a data controller must implement appropriate technical and organizational security measures to protect data against accidental or unlawful destruction, loss or alteration and against unauthorized disclosure and abuse. Until recently, no specific rules, regulations or guidelines had been issued concerning the specific requirements of internet security placed on private data controllers. However, on 16 June 2008 the Danish Data Protection Agency issued a statement in which the Agency's requirements and recommendations regarding transfer of personal data via the internet in the private sector are set out. It follows from the statement that transfer of sensitive data and civil registration numbers via websites must be encrypted. Encryption is also required, if the processing of personal data takes place according to an authorisation issued by the Data Protection Agency with specific terms and conditions in this regard. The Danish Data Protection Agency has not issued an English version of the statement. However, a translation of the statement can be found here below. The requirements and recommendations of the Data Protection Agency regarding private companies' transfer of personal data via the internet In 2007, the Data Protection Agency decided to review the safety regulations of the Act on Processing of Personal Data in relation to private companies' transfer of personal data via the internet. With a total staff of 345, including 195 lawyers, Plesner is one of Denmark's leading international law firms with expertise in all areas of commercial and public law. Plesner's vision is to be the best law firm in Denmark - the natural choice for any Danish or foreign business needing legal advice on commercial matters. 1
2 In this connection, the Data Protection Agency has consulted a number of organisations etc. The hearing responses are reported in a report. Read the Data Protection Agency's hearing report [in Danish] After the Data Protection Council's review, the Data Protection Agency has decided that, until further notice, the requirements and recommendations mentioned below shall constitute the legal basis for the Agency's administration of safety regulations laid down in the Act on Processing of Personal Data in relation to the private sector. By doing so, the Data Protection Agency seeks to find a reasonable balance between the possibilities of use of the internet and throughout the society as effective means of communication and the need for protection of personal data against abuse, loss etc. The Data Protection Agency distinguishes between communication via websites and communication by . The reason for this is that the actual means of protecting data are different for these two types of transfer of data. The decision of the Data Protection Agency implies that the Data Protection Agency only makes specific demands for encryption when: transferring sensitive data via websites, transferring civil registration numbers via websites, and in cases, in which the processing of personal data in the private sector takes place according to an authorisation in which terms and conditions regarding specific safety regulations for transmission over the internet has been determined. In a number of other situations the Data Protection Council recommends that personal data be protected when transferred over the internet. At the same time, the Data Protection Council requests that all interested parties include considerations for protection of personal data when preparing and selecting new technical solutions for transfer of personal data. The Data Protection Agency hopes that, concurrently with the development and distribution of new digital solutions, the possibilities of protecting personal data effectively, and without incurring too much expenditure to the involved parties, will be developed. The present requirements and recommendations from the Data Protection Agency must, therefore, be reconsidered as new technical means of data protection become easily ac- 2
3 cessible. More detailed information about the Data Protection Agency's requirements and recommendations The requirements of the Act on Processing of Personal Data According to the Act on Processing of Personal Data, companies, organisations, associations etc. must protect all personal data processed by them by adequate safety means. According to the act it is, as a starting point, up to the individual company to assess and decide which safety means are required in a given situation. The requirement for protection applies i.a. when data are being transferred via the internet. It also applies when the company etc. makes it possible for customers and other persons to send information to the company via its website. Transfer of personal data via websites Communication via websites may be safeguarded by means of SSL encryption etc. It is possible to implement various degrees of encryption, including what is also described as "strong encryption" (128 bit SSL/TLX-connection). The use of safe communication does not require implementation of a specific solution for the company's customers or users of the website. At the same time, the solution implies that the users by means of the website's certificate are ensured that they are communicating with the right recipient. Requirement for encryption of sensitive personal data Transfer of sensitive personal data via websites must be encrypted. Requirement for encryption of civil registration numbers Transfer of civil registration numbers via websites must be encrypted. 3
4 Recommendation regarding encryption of ordinary, private personal data The Data Protection Agency recommends that transfer of non-sensitive private (confidential) personal data via websites be protected by encryption. Particulars regarding transfer of personal data via websites from company to user If users gain access to personal data via the website e.g. about themselves - security must be provided to ensure that the information is not passed on to third parties. This may be done through the use of pin codes or digital signatures. If access to sensitive personal data is given, the Data Protection Agency recommends the use of digital signatures. Transfer of personal data via Requirement for encryption in accordance with terms and conditions issued by the Data Protection Agency If processing takes place according to an authorisation from the Data Protection Agency, the processor must comply with the terms and conditions of the permission regarding encryption. This applies to: private research projects warning registers and credit information agencies other private companies etc. that have obtained authorization from the Data Protection Agency prescribing conditions regarding encryption The assessment of the individual company If the Data Protection Agency has not laid down conditions etc. regarding encryption, it is, as a starting point, up to the individual company to assess and decide which safety regulations are required, when personal data are transferred by . The decision of the individual company must be made on the basis of an assessment of among other things: the type of information and the relation in which they take part, including the consequences, loss of information may have, if it is a matter of transfer of personal data between: two professional parties like e.g. attorneys, trade unions, auditors etc., during which other persons are mentioned, or a professional participant and a private person such as e.g. a customer, a client, a 4
5 member etc. the costs related to the implementation of safety regulations. The Data Protection Agency recommends encryption when sending sensitive personal data by via the internet The Data Protection Agency recommends using encryption when an or a document contains sensitive personal data and is sent via the internet. when sending the civil registration number by via the internet Due to the special character of the civil registration number, the Data Protection Agency recommends that civil registration numbers are only sent via the internet using encryption. It is the assessment of the Agency that in many cases it will be possible for companies, wanting to send s without encryption, to omit mentioning the civil registration number in the or the document forwarded. This also applies to situations where a company would like to reply to an from a private person, in which the person himself has forwarded the civil registration number without use of encryption. Datatilsynet [The Danish Data Protetion Agency] Borgergade 28, København K Tel: Fax: dt@datatilsynet.dk 5
Cloud computing and the legal framework
Cloud computing and the legal framework - Guidance on legislative requirement and the contractual environment related to cloud computing Content 1. Introduction 3 2. The Danish Act on Processing of Personal
More informationClause 1. Definitions and Interpretation
[Standard data protection [agreement/clauses] for the transfer of Personal Data from the University of Edinburgh (as Data Controller) to a Data Processor within the European Economic Area ] In this Agreement:-
More informationGuidelines on Data Protection. Draft. Version 3.1. Published by
Guidelines on Data Protection Draft Version 3.1 Published by National Information Technology Development Agency (NITDA) September 2013 Table of Contents Section One... 2 1.1 Preamble... 2 1.2 Authority...
More informationREPUBLIC OF LITHUANIA. LAW ON ELECTRONIC SIGNATURE
REPUBLIC OF LITHUANIA. LAW ON ELECTRONIC SIGNATURE CHAPTER I. GENERAL PROVISIONS... 1 ARTICLE 1. Purpose of the Law... 1 ARTICLE 2. Basic Definitions of this Law... 2 CHAPTER II. SIGNATURE CREATION, VERIFICATION,
More informationData protection compliance checklist
Data protection compliance checklist What is this checklist for? This checklist is drawn up on the basis of analysis of the relevant provisions of European law. Although European law aims at harmonizing
More informationC O N D I T I O N S C H E Q U E A N D C A S H C A R D A C C O U N T S
This is a translation of an original document in the Danish language. In case of discrepancies, the Danish version prevails. C O N D I T I O N S C H E Q U E A N D C A S H C A R D A C C O U N T S Below
More informationPRESIDENT S DECISION No. 40. of 27 August 2013. Regarding Data Protection at the European University Institute. (EUI Data Protection Policy)
PRESIDENT S DECISION No. 40 of 27 August 2013 Regarding Data Protection at the European University Institute (EUI Data Protection Policy) THE PRESIDENT OF THE EUROPEAN UNIVERSITY INSTITUTE, Having regard
More informationThe primary responsibility for the data processing lies within the Administration Department, which the FINCOP Unit is part of.
Opinion on a Notification for Prior Checking received from the Data Protection Officer of the European Training Foundation Regarding the Processing Operations to Manage Calls for Tenders Brussels, 22 April
More informationCard Conditions MasterCard Corporate Virtual
These card conditions apply to both the company and the user. The company is responsible for ensuring that the user knows and complies with the conditions. Definitions Business day: A weekday. Saturdays,
More informationORDER OF THE DIRECTOR OF THE COMMUNICATIONS REGULATORY AUTHORITY OF THE REPUBLIC OF LITHUANIA
ORDER OF THE DIRECTOR OF THE COMMUNICATIONS REGULATORY AUTHORITY OF THE REPUBLIC OF LITHUANIA ON THE AMENDMENT OF THE ORDER NO. 1V-1013 ON THE APPROVAL OF THE RULES ON THE ENSURANCE OF SECURITY AND INTEGRITY
More informationData Protection. Processing and Transfer of Personal Data in Kvaerner. Binding Corporate Rules Public Document
Data Protection Processing and Transfer of Personal Data in Kvaerner Binding Corporate Rules Public Document 1 of 19 1 / 19 Table of contents 1 Introduction... 4 1.1 Scope... 4 1.2 Definitions... 4 1.2.1
More informationPRIVACY AND DATA SECURITY MODULE
"This project has been funded under the fourth AAL call, AAL-2011-4. This publication [communication] reflects the views only of the author, and the Commission cannot be held responsible for any use which
More informationThe potential legal consequences of a personal data breach
The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.
More informationThe supplier shall have appropriate policies and procedures in place to ensure compliance with
Supplier Instructions for Processing of Personal Data 1 PURPOSE SOS International has legal and contractual obligations on the matters of data protection and IT security. As a part of these obligations
More informationRecommendations for companies planning to use Cloud computing services
Recommendations for companies planning to use Cloud computing services From a legal standpoint, CNIL finds that Cloud computing raises a number of difficulties with regard to compliance with the legislation
More informationHIPAA PRIVACY AND SECURITY AWARENESS
HIPAA PRIVACY AND SECURITY AWARENESS Introduction The Health Insurance Portability and Accountability Act (known as HIPAA) was enacted by Congress in 1996. HIPAA serves three main purposes: To protect
More informationAUDIT ACT. 2008 Revised Edition CAP. 32.02
AUDIT ACT CAP. 32.02 Audit Act CAP. 32.02 Arrangement of Sections AUDIT ACT Arrangement of Sections Section PART 1 PRELIMINARY 7 1 Short title... 7 2 Definitions... 7 PART 2 AUDITOR-GENERAL AND THE AUDIT
More informationAppendix 11 - Swiss Data Protection Act
GLEIF- LOU Restricted Appendix 11 - Swiss Data Protection Act GLEIF Revision Version: 1.0 2015-09-23 Master Copy page 2 of 11 Applicable Provisions of the Swiss Data Protection Act (DPA) including the
More informationON MUTUAL COOPERATION AND THE EXCHANGE OF INFORMATION RELATED TO THE OVERSIGHT OF AUDITORS
Mr. Ryutaro Hatanaka Commissioner Financial Services Agency Government of Japan 3-2-1 Kasumigaseki Chiyoda-ku, Tokyo Japan 100-8967 Dr. Kunio Chiyoda Chairman Certified Public Accountants and Auditing
More informationSRI LANKA AUDITING PRACTICE STATEMENT 1013 ELECTRONIC COMMERCE EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS
SRI LANKA AUDITING PRACTICE STATEMENT 1013 ELECTRONIC COMMERCE EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS (This Statement is effective for all the audits commencing on or after 01 April 2010) CONTENTS
More informationINTERNATIONAL AUDITING PRACTICE STATEMENT 1013 ELECTRONIC COMMERCE EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS
INTERNATIONAL PRACTICE STATEMENT 1013 ELECTRONIC COMMERCE EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS (This Statement is effective) CONTENTS Paragraph Introduction... 1 5 Skills and Knowledge... 6 7 Knowledge
More informationBRING YOUR OWN DEVICE
BRING YOUR OWN DEVICE Legal Analysis & Practical TIPs for an effective BYOD corporate Policy CONTENTS 1. What is BYOD? 2. Benefits and risks of BYOD in Europe 3. BYOD and existing Policies 4. Legal issues
More informationInformation Security: Roles, Responsibilities, and Data Classification. Technology Services 1/4/2013
Information Security: Roles, Responsibilities, and Data Classification Technology Services 1/4/2013 Roles, Responsibilities, and Data Classification The purpose of this session is to: Establish that all
More informationCCBE RECOMMENDATIONS FOR THE IMPLEMENTATION OF THE DATA RETENTION DIRECTIVE
Représentant les avocats d Europe Representing Europe s lawyers CCBE RECOMMENDATIONS FOR THE IMPLEMENTATION OF THE DATA RETENTION DIRECTIVE CCBE RECOMMENDATIONS FOR THE IMPLEMENTATION OF THE DATA RETENTION
More informationWelcome to our job search and application platform (the Platform ). Please read our Legal Terms (which includes our Privacy Policy) carefully.
LEGAL TERMS AND PRIVACY POLICY Welcome to our job search and application platform (the Platform ). Please read our Legal Terms (which includes our Privacy Policy) carefully. The Platform is accessible
More informationData Protection Consent Clause and Policy Background
Data Protection Consent Clause and Policy Background The Singapore Personal Data Protection Act - 2012 (PDPA) establishes a data protection law that comprises various rules governing the collection, use,
More informationPRACTICE NOTE 1013 ELECTRONIC COMMERCE - EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS
PRACTICE NOTE 1013 ELECTRONIC COMMERCE - EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS (Issued December 2003; revised September 2004 (name change)) PN 1013 (September 04) PN 1013 (December 03) Contents Paragraphs
More information<Choose> Addendum Windows Azure Data Processing Agreement Amendment ID M129
Addendum Amendment ID Proposal ID Enrollment number Microsoft to complete This addendum ( Windows Azure Addendum ) is entered into between the parties identified on the signature form for the
More informationData controllers and data processors: what the difference is and what the governance implications are
ICO lo : what the difference is and what the governance implications are Data Protection Act Contents Introduction... 3 Overview... 3 Section 1 - What is the difference between a data controller and a
More informationProposal of regulation Com 2012 11/4 Directive 95/46/EC Conclusion
Page 1 sur 155 Proposal of regulation Com 2012 11/4 Directive 95/46/EC Conclusion Legal nature of the instrument Règlement Directive Directly applicable act in internal law 91 articles 34 articles Art.
More informationLEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT
LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT 2300 Pursuant to its authority from Article 59 of the Rules of Procedure of the Croatian Parliament, the Legislation Committee determined the revised text
More informationBRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS
BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS Mat Wright www.britishcouncil.org CONTENTS Purpose of the code 1 Scope of the code 1 The British Council s data protection commitment and
More informationPolicy and Procedure Title: Maintaining Secure Learner Records Policy No: CCTP1001 Version: 1.0
PROVIDER NAME: POLICY AREA: College of Computing Technology (CCT) Standard 10: Information Management, Student Information System & Data Protection Policy and Procedure Title: Maintaining Secure Learner
More informationData Protection in Ireland
Data Protection in Ireland 0 Contents Data Protection in Ireland Introduction Page 2 Appointment of a Data Processor Page 2 Security Measures (onus on a data controller) Page 3 8 Principles Page 3 Fair
More informationThis Amendment consists of two parts. This is part 1 of 2 and must be accompanied by and signed with part 2 of 2 (Annex 1) to be valid.
Microsoft Online Subscription Agreement Amendment adding Office 365 Data Processing Agreement (with EU Standard Contractual Clauses) Amendment ID Proposal ID MOSA number Microsoft to complete This Amendment
More informationDIFC LAW NO. 1 OF 2007
DATA PROTECTION LAW DIFC LAW NO. 1 OF 2007 Consolidated Version (December 2012) Amended by Data Protection Law Amendment Law DIFC Law No. 5 of 2012 CONTENTS PART 1: GENERAL... 4 1. Title... 4 2. Legislative
More informationSECURITY MEASURES RELATED WITH DATA PROTECTION. A PRACTICAL APPROACH: THE IMPORTANCE OF THE ORGANIZATIONAL MEASURES
21 22 September 2007, BULGARIA 19 Proceedings of the International Conference on Information Technologies (InfoTech-2007) 21 st 22 nd September 2007, Bulgaria vol. 1 SECURITY MEASURES RELATED WITH DATA
More informationData Processing Agreement for Oracle Cloud Services
Data Processing Agreement for Oracle Cloud Services Version December 1, 2013 1. Scope and order of precedence This is an agreement concerning the Processing of Personal Data as part of Oracle s Cloud Services
More informationTHE TRANSFER OF PERSONAL DATA ABROAD
THE TRANSFER OF PERSONAL DATA ABROAD MARCH 2014 THIS NOTE CONSIDERS THE SITUATION OF AN IRISH ORGANISATION OR BUSINESS SEEKING TO TRANSFER PERSONAL DATA ABROAD FOR STORAGE OR PROCESSING, IN LIGHT OF THE
More informationPersonal Data Act (1998:204);
Personal Data Act (1998:204); issued 29 April 1998. Be it enacted as follows. General provisions Purpose of this Act Section 1 The purpose of this Act is to protect people against the violation of their
More informationPractical Overview on responsibilities of Data Protection Officers. Security measures
Practical Overview on responsibilities of Data Protection Officers Security measures Manuel Villaseca Spanish Data Protection Agency mvl@agpd.es Security measures Agenda: The rol of DPO on security measures
More informationCertification Practice Statement
Certification Practice Statement Revision R1 2013-01-09 1 Copyright Printed: January 9, 2013 This work is the intellectual property of Salzburger Banken Software. Reproduction and distribution require
More informationSTATE BANK OF INDIA. Rules and Regulations of Internet Banking. General Information:
STATE BANK OF INDIA Rules and Regulations of Internet Banking General Information: 1. The OnlineSBIGlobal registration form(s) should be addressed and sent directly to the branch (i e SBI Hong Kong (the
More informationFirst State Bank, Belmond
First State Bank, Belmond Online Banking Agreement These are the current terms of your Agreement with First State Bank for accessing your accounts and making use of other services via the Internet through
More informationFinancial Advisers (Amendment) Bill
Financial Advisers (Amendment) Bill Bill No. 15/2015. Read the first time on 11 May 2015. A BILL intituled An Act to amend the Financial Advisers Act (Chapter 110 of the 2007 Revised Edition). Be it enacted
More information2014 No. ELECTRONIC COMMUNICATIONS. The Data Retention Regulations 2014
Draft Regulations laid before Parliament under section 2(5) of the Data Retention and Investigatory Powers Act 2014, for approval by resolution of each House of Parliament. D R A F T S T A T U T O R Y
More informationsingapore american school
Background The Singapore Personal Data Protection Act - 2012 (PDPA) establishes a data protection law that comprises various rules governing the collection, use, disclosure, and care of personal data.
More informationExecutive Order no. 922 of 28 September 2009
Executive Order on Registration of Assets in Direct-Business Insurance Companies, Multi-employer occupational pension funds, Company Pension Funds and Branches in Denmark of Foreign Direct-Business Insurance
More informationData protection policy
Data protection policy Introduction 1 This document is the data protection policy for the Nursing and Midwifery Council (NMC). 2 The Data Protection Act 1998 (DPA) governs the processing of personal data
More informationOnline Banking Security Guide Internet-based version
Online Banking Security Guide Internet-based version Contents Introduction to the Security Guide... 2 Security Guide... 2 Using the internet securely... 2 Security solutions in Online Banking... 3 What
More informationFirm Registration Form
Firm Registration Form Firm Registration Form This registration form should be completed by firms who are authorised and regulated by the Financial Conduct Authority. All sections of this form are mandatory.
More informationIn order to consider your application we kindly ask that you undertake the following tasks:
The University of Queensland Brisbane Qld 4072 Australia Telephone (07) 336 52857 Facsimile (07) 334 67684 Email: cardservices@uq.edu.au Internet: www.fbs.uq.edu.au Dear UQ Corporate Credit Applicant,
More informationACCESS TO MEDICAL RECORDS. By Felicia Jolaoye Blavo & Co Solicitors Ltd.
ACCESS TO MEDICAL RECORDS. Dorset Healthcare NHS Foundation Trust v MH (2009) : A full disclosure of all relevant material should generally be given and should not present a problem in the vast majority
More informationHIPAA Security. 4 Security Standards: Technical Safeguards. Security Topics
HIPAA Security S E R I E S Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical
More informationPRIVACY REGULATIONS regarding the Web Health History ("W.H.H.") Service called LifepassportPRO provided by Meshpass SA
PRIVACY REGULATIONS regarding the Web Health History ("W.H.H.") Service called LifepassportPRO provided by Meshpass SA Updated: 20 Jun 2015 (substitutes previous versions) This Privacy Policy describes
More informationAct CLXV of 2013. on Complaints and Public Interest Disclosures. 1. Complaint and public interest disclosure
Act CLXV of 2013 on Complaints and Public Interest Disclosures The National Assembly, committed to increasing public confidence in the functioning of public bodies, recognising the importance of complaints
More informationInternal Control Guide & Resources
Internal Control Guide & Resources Section 5- Internal Control Activities & Best Practices Managers must establish internal control activities that support the five internal control components discussed
More informationTechnical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and
Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and procedures to govern who has access to electronic protected
More informationHIPAA BUSINESS ASSOCIATE AGREEMENT
HIPAA BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement ("BA AGREEMENT") supplements and is made a part of any and all agreements entered into by and between The Regents of the University
More informationMultiple SSL Certificates on a single IP address without losing any backward compatibility
GlobalSign. A GMO Internet Inc group company. Multiple SSL Certificates on a single IP address without losing any backward compatibility Paul van Brouwershaven Business Development Director EMEA, GlobalSign
More informationCCBE RESPONSE REGARDING THE EUROPEAN COMMISSION PUBLIC CONSULTATION ON CLOUD COMPUTING
CCBE RESPONSE REGARDING THE EUROPEAN COMMISSION PUBLIC CONSULTATION ON CLOUD COMPUTING CCBE response regarding the European Commission Public Consultation on Cloud Computing The Council of Bars and Law
More information1. COMPANY APPLICATION, ELECTRICAL INSTALLATIONS AREA:
COMPANY APPLICATION, ELECTRICAL INSTALLATIONS AREA. 1. COMPANY APPLICATION, ELECTRICAL INSTALLATIONS AREA: Tick off: Electrical contractor The authorisation entitles your company to carry out heavy current
More information2. Information concerning the host company s contact person the inviting party PLEASE COMPLETE IN CAPITAL LETTERS
Invitation - business Invitation form for business visa applications VU1_en_150415_v1.1 1. Information concerning the inviting company Company name Homepage Company address in Denmark Field of business
More informationLASTING POWER OF ATTORNEY QUESTIONNAIRE
LASTING POWER OF ATTORNEY QUESTIONNAIRE The purpose of this questionnaire is to gather the information needed to complete your LPA(s). We will need your full name and address etc and those of your attorneys
More informationArticle 29 Working Party Issues Opinion on Cloud Computing
Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,
More informationCROATIAN PARLIAMENT 1364
CROATIAN PARLIAMENT 1364 Pursuant to Article 88 of the Constitution of the Republic of Croatia, I hereby pass the DECISION PROMULGATING THE ACT ON PERSONAL DATA PROTECTION I hereby promulgate the Act on
More informationHong Kong E-Account Registration Requirements and Procedure
Print Director-General of Trade and Industry Strategic Trade Controls Branch Trade and Industry Department Trade and Industry Tower 3 Concorde Road, Kowloon City Hong Kong TRADE AND INDUSTRY DEPARTMENT
More informationWelcome to Highlands State Bank Internet Banking Center. Important Information for New Users. System Security and Browser Information
Welcome to Highlands State Bank Internet Banking Center You must have a deposit account, loan account or a Highlands State Bank ATM/Debit Card to enroll in Internet Banking. We are sure you will find Internet
More informationINERTIA ETHICS MANUAL
SEVENTH FRAMEWORK PROGRAMME Smart Energy Grids Project Title: Integrating Active, Flexible and Responsive Tertiary INERTIA Grant Agreement No: 318216 Collaborative Project INERTIA ETHICS MANUAL Responsible
More informationECSA EuroCloud Star Audit Data Privacy Audit Guide
ECSA EuroCloud Star Audit Data Privacy Audit Guide Page 1 of 15 Table of contents Introduction... 3 ECSA Data Privacy Rules... 4 Governing Law... 6 Sub processing... 6 A. TOMs: Cloud Service... 7 TOMs:
More informationSample Engagement Letter September 2012
Sample Engagement Letter September 2012 This sample engagement letter has not been approved by any outside authority, such as the Department of Health and Human Services. A Community Action Agency (CAA)
More informationTECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES
TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES Contents Introduction... 3 The Technical and Organizational Data Security Measures... 3 Access Control of Processing Areas (Physical)... 3 Access Control
More informationBest Practices in Identity and Access Management (I&AM) for Regulatory Compliance. RSA Security and Accenture February 26, 2004 9:00 AM
Best Practices in Identity and Access Management (I&AM) for Regulatory Compliance RSA Security and Accenture February 26, 2004 9:00 AM Agenda Laura Robinson, Industry Analyst, RSA Security Definition of
More informationAlixPartners, LLP. General Data Protection Statement
AlixPartners, LLP General Data Protection Statement GENERAL DATA PROTECTION STATEMENT 1. INTRODUCTION 1.1 AlixPartners, LLP ( AlixPartners ) is committed to fulfilling its obligations under the data protection
More informationEMAIL SERVICES ADDENDUM TO EULA
Page 1 of 6 EMAIL SERVICES ADDENDUM TO EULA This Email Services Addendum to EULA (this Addendum ) applies to licenses of XMPie Software ( Users ) who have contracted with XMPie for services. This Addendum
More informationLeathes Prior Solicitors Terms of Business
Leathes Prior Solicitors Terms of Business 1. Contacting us Our reception is open from 8.30am to 5.30pm Monday to Friday, excluding Bank Holidays. Arrangements can be made to see clients outside these
More informationBinding Corporate Rules ( BCR ) Summary of Third Party Rights
Binding Corporate Rules ( BCR ) Summary of Third Party Rights This document contains in its Sections 3 9 all provision of the Binding Corporate Rules (BCR) for Siemens Group Companies and Other Adopting
More informationDanish Act on Approved Auditors and Audit Firms (Lov om godkendte revisorer og revisionsvirksomheder) 1
While this translation was carried out by a professional translation agency, the text is to be regarded as an unofficial translation based on the latest official Act no. 468 of 17 June 2008. Only the Danish
More informationBSP Internet Banking Terms and Conditions
1.0 Introduction These Terms and Conditions between you and BSP outline and govern the Terms and Conditions for accessing your personal accounts via BSP Internet Banking Services. This Terms and Conditions
More informationWeb Time and Attendance
Privacy Impact Assessment for the Web Time and Attendance October 31, 2006 Contact Point Mr. Mark Danter Bureau of Alcohol, Tobacco, Firearms and Explosives Office of Management/ Financial Management Division
More informationSCOTLAND S COMMISSIONER FOR CHILDREN AND YOUNG PEOPLE STANDARD CONDITIONS OF CONTRACT FOR SERVICES
SCOTLAND S COMMISSIONER FOR CHILDREN AND YOUNG PEOPLE STANDARD CONDITIONS OF CONTRACT FOR SERVICES 1 1 Definitions In these conditions:- We means Scotland s Commissioner for Children and Young People,
More informationGUIDE TO THE ISLE OF MAN DATA PROTECTION ACT. CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4
GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4 PREFACE The following provides general guidance on data protection
More informationFederal Trade Commission Privacy Impact Assessment
Federal Trade Commission Privacy Impact Assessment for the: W120023 ONLINE FAX SERVICE December 2012 1 System Overview The Federal Trade Commission (FTC, Commission or the agency) is an independent federal
More informationScottish Rowing Data Protection Policy
Revision Approved by the Board August 2010 1. Introduction As individuals, we want to know that personal information about ourselves is handled properly, and we and others have specific rights in this
More informationLOANS ACT. Section 2-Authenticating of Agreements, Securities, Etc. Section 3-Authority to raise External Loans.
LOANS ACT 1970 (ACT 335) Section 1-Raising of Loans in Ghana. (1) The Government may, subject to the provisions of this Act raise within Ghana whether on behalf of itself or any other public institution
More informationDisclosing Client Information
CPE/CE 2 Credit Hours Disclosing Client Information Disclosures, Use, Consent Requirements Interactive Self-Study CPE/CE Course Course Overview Program Content: Publication Date: September 2015. Expiration
More informationOBJECTS AND REASONS. (a) the regulation of the collection, keeping, processing, use or dissemination of personal data;
OBJECTS AND REASONS This Bill would provide for (a) the regulation of the collection, keeping, processing, use or dissemination of personal data; (b) the protection of the privacy of individuals in relation
More informationHIPAA 203: Security. An Introduction to the Draft HIPAA Security Regulations
HIPAA 203: Security An Introduction to the Draft HIPAA Security Regulations Presentation Agenda Security Introduction Security Component Requirements and Impacts Administrative Procedures Physical Safeguards
More informationGENERAL TERMS AND CONDITIONS FOR LEGAL SERVICES
GENERAL TERMS AND CONDITIONS FOR LEGAL SERVICES This document sets forth the general terms and conditions under which AS Advokaadibüroo Tark Grunte Sutkiene provides legal services. 1. THE PARTIES 1.1
More informationONLINE BANKING DISCLOSURE AND AGREEMENT
ONLINE BANKING DISCLOSURE AND AGREEMENT Please note: Our website is best viewed using the most updated version of Microsoft Internet Explorer, Apple Safari (Mac, iphone, ipad, etc.), Google Chrome, and
More informationQUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN 18 085 048 237. better health cover shouldn t hurt
QUEENSLAND COUNTRY HEALTH FUND privacy policy Queensland Country Health Fund Ltd ABN 18 085 048 237 better health cover shouldn t hurt 1 2 contents 1. Introduction 4 2. National Privacy Principles 5 3.
More informationSoftware Support and Maintenance Terms
Software Support and Maintenance Terms 1. Definitions and interpretation 1.1 This agreement uses some terms with special meanings. These terms are set out in schedule 1 to this agreement. The schedule
More informationCorporate Policy. Data Protection for Data of Customers & Partners.
Corporate Policy. Data Protection for Data of Customers & Partners. 02 Preamble Ladies and gentlemen, Dear employees, The electronic processing of virtually all sales procedures, globalization and growing
More informationMatrix Technical Support Mailer - 72 Procedure for Image Upload through Email Server in SATATYA DVR,NVR & HVR
Matrix Technical Support Mailer - 72 Procedure for Image Upload through Email Server in SATATYA DVR,NVR & HVR Dear Friends, This mailer will help you configure Email Notification in SATATYA Web Client
More informationSecure Email Client User Guide Receiving Secure Email from Mercantile Bank
Receiving Secure Email from Contents This document provides a brief, end-user overview of the Secure Email system which has been implemented by. Why Secure Email? When someone sends you an email, the email
More informationDATA PROTECTION ACT 1998 COUNCIL POLICY
DATA PROTECTION ACT 1998 COUNCIL POLICY Page 1 of 5 POLICY STATEMENT Blackpool Council recognises the need to fully comply with the requirements of the Data Protection Act 1998 (DPA) and the obligations
More informationSOP 502L: INTERNET/SOCIAL MEDIA-BASED RESEARCH
University of Oklahoma Office of Human Research Participant Protection : INTERNET/SOCIAL MEDIA-BASED RESEARCH 1. POLICY Internet/social media-based research projects are reviewed by the IRB just as any
More informationApproved by the Board of Trustees, Certification No. 72 (1999-2000)
THE UNIVERSITY OF PUERTO RICO S INSTITUTIONAL POLICY AND PROCEDURE FOR THE LEGAL ETHICAL USE OF INFORMATION TECHNOLOGY Approved by the Board of Trustees, Certification No. 72 () I. INTRODUCTION Institutions
More informationCOMPUTER MISUSE AND CYBERSECURITY ACT (CHAPTER 50A)
COMPUTER MISUSE AND CYBERSECURITY ACT (CHAPTER 50A) (Original Enactment: Act 19 of 1993) REVISED EDITION 2007 (31st July 2007) An Act to make provision for securing computer material against unauthorised
More informationMicrosoft Online Services - Data Processing Agreement
Microsoft Online Subscription Agreement/Open Program License Amendment Microsoft Online Services Data Processing Agreement (with EU Standard Contractual Clauses) Amendment ID This Amendment consists of
More information