How To Understand Data Privacy In Cloud Computing
|
|
- Simon Baldwin
- 3 years ago
- Views:
Transcription
1 Data Protection ti & Privacy Data Privacy in Cloud environment Kjell Ohlsson 7 th March 2013
2 Who? Presenter: Kjell Ohlsson - AstraZeneca Audience: Swedish Association of Research Quality Assurance SARQA annual meeting. Timing: 45 minutes including Q&A 2 Kjell Ohlsson March 2013 R&D R&D Information
3 Objectives Give basic understanding of Data Protection & Privacy + Cloud Computing Raise awareness around Data Privacy risks in Cloud environments 3 Kjell Ohlsson March 2013 R&D R&D Information
4 Basic understanding of Data Protection & Privacy + Cloud Computing 4 Kjell Ohlsson March 2013 R&D R&D Information
5 Data Privacy Important Definitions Data subject (Den registrerade) Identifiable natural person. I.e. not a legal entity. 5 Kjell Ohlsson March 2013 R&D R&D Information
6 Data Privacy Important Definitions Data subject (Den registrerade) Personal Data (Personuppgift) Examples Name Identification numbers Gender Age Nationality Language(s) spoken Private/home address Telephone number address Sensitive Personal Data (Känslig personuppgift) Examples Health Labour relations Racial or ethnic origin Political opinions Religious beliefs Criminal history Sexual preferences Data that makes the Data Subject identifiable 6 Kjell Ohlsson March 2013 R&D R&D Information
7 Data Privacy Important Definitions Data subject (Den registrerade) Personal Data (Personuppgift) Sensitive Personal Data (Känslig personuppgift) Data Controller (Personuppgiftsansvarig) Typically a company 7 Kjell Ohlsson March 2013 R&D R&D Information
8 Data Privacy Important Definitions Data subject Personal Data Sensitive Personal Data (Den registrerade) (Personuppgift) (Känslig personuppgift) Data Controller (Personuppgiftsansvarig) Typically a company Proce essor(s) (Per rsonupp pgiftsbitr räde(n)) 8 Kjell Ohlsson March 2013 R&D R&D Information
9 Data Privacy Principles Ensuring Transparency and Notification about intended data use 9 Kjell Ohlsson March 2013 R&D R&D Information
10 Data Privacy Principles Using Personal Data for a known purpose only. Keep usage in order and no cheating!?? 10 Kjell Ohlsson March 2013 R&D R&D Information
11 Data Privacy Principles Ensuring Data Quality, meaning data is accurate and up-to-date?? 11 Kjell Ohlsson March 2013 R&D R&D Information
12 Data Privacy Principles Retention. Don t keep data longer than necessary?? 12 Kjell Ohlsson March 2013 R&D R&D Information
13 Data Privacy Principles Honouring individual s rights. Data subjects must have right to access their data and if necessary, correct it.?? 13 Kjell Ohlsson March 2013 R&D R&D Information
14 Data Privacy Principles Taking appropriate security measures to protect data from loss, damage and unauthorized disclosure?? 14 Kjell Ohlsson March 2013 R&D R&D Information
15 Data Privacy Principles 3 rd parties must adopt appropriate security measures 15 Kjell Ohlsson March 2013 R&D R&D Information
16 Data Privacy Principles Overseas Transfers must be controlled and data adequately protected?? 16 Kjell Ohlsson March 2013 R&D R&D Information
17 Data Privacy Principles Sensitive Personal Data must be especially protected and only used with consent (if no exception applies)?? 17 Kjell Ohlsson March 2013 R&D R&D Information
18 Global Data Privacy Laws as of October 2012 HIPAA + Safe Harbor Privacy Protection std Banisar, David, National Right to Information Laws, Regulations and Bills 2012 Map (October 8, 2012). Available at SSRN: or org/ Kjell Ohlsson March 2013 R&D R&D Information
19 Cloud Computing Introduction Cloud computing is a style of computing in which elastic ITenabled capabilities are delivered as a service to external customers using Internet technologies The name comes from the use of a cloud-shaped symbol as an abstraction for the complex infrastructure it contains in system diagrams. Cloud computing entrusts remote services with a user's data, software and/or computation. Source: Wikipedia Source: Wikipedia+Gartner Common examples of services include: Dropbox.com, icloud.com, skydrive.live.com (e.g. for info-sharing) gmail.com, outlook.com, me.com (mail services) Netflix (streaming video) 19 Kjell Ohlsson March 2013 R&D R&D Information
20 Cloud computing Value proposition (detailed in backup slides) 1. Elastic Capacity. 2. Quick and easy deployment. 3. No Capital expenditure, No initial investment. 4. Pay as you go, for what you use. 5. Focus on your business! 20 Kjell Ohlsson March 2013 R&D R&D Information
21 Cloud Computing Deployment Models Public Cloud Infrastructure available to anyone via Internet. This is typically what is denoted d The Cloud. Private Cloud Infrastructure dedicated to an individual organisation. Complicated. Doubtful financial and management savings. Hybrid Cloud Dedicated and publicly available infrastructure co-exist. This is most likely where most organizations will end up when going for the cloud. 21 Kjell Ohlsson March 2013 R&D R&D Information
22 Cloud Computing Services (subset of XaaS =Anything as a Svc) 22 Kjell Ohlsson March 2013 R&D R&D Information
23 Cloud Computing Services (subset of XaaS =Anything as a Svc) 23 Kjell Ohlsson March 2013 R&D R&D Information
24 Objectives Data Privacy risks in Cloud environments 24 Kjell Ohlsson March 2013 R&D R&D Information
25 Data Privacy and Cloud Computing Introduction 25 Kjell Ohlsson March 2013 R&D R&D Information
26 Data Privacy and Cloud Computing Introduction 26 Kjell Ohlsson March 2013 R&D R&D Information
27 Cloud Computing Privacy Risks Overview There are 3 main Privacy related risks associated with Cloud Services: Lack of control over the Personal Data Where is it? How is it? Can we get to it? Lack of information about the processing of the Personal Data What is being done with it? By whom? Lack of, or insufficient ability to, influence the contract with the cloud service provider Not trivial to do anything about the previous risks. 27 Kjell Ohlsson March 2013 R&D R&D Information
28 Cloud Computing Privacy Risks Lack of Control over Data A cloud provider may use its physical control over data from different clients to link Personal Data E.g. due to weak interoperability because of vendor relying on proprietary technology, or due to lack of appropriate backup / Disaster Recovery arrangements Lack of isolation Lack of availability A cloud provider may not provide the necessary measures and tools to assist in responding to access, deletion or correction requests Lack of data subject rights A C I Lack of integrity E.g. due to sharing of resources Personal Data emanating from a wide range of sources in terms of data subjects and organisations mean there could be conflicting interests/ different objectives Lack of intervenability Lack of confidentiality Due to the complexity and dynamics of an outsourcing chain Eg E.g. due to law enforcement requests made directly to a cloud provider from foreign governments. (E,g FISAAA in USA) 28 Kjell Ohlsson March 2013 R&D R&D Information
29 Cloud Computing Privacy Risks Lack of Information about processing Insufficient information about a cloud service provider s processing operations poses a risk to Data Controllers and Data Subjects. We may not be aware of potential threats and risks, and therefore can t take measures to mitigate them. Potential threats include: Chain processing is taking place involving multiple processors and subcontractors (sub-processors). Personal Data are processed in different geographic locations within the EEA (=EU + Iceland, Liechtenstein & Norway) this impacts on the law applicable to any data protection disputes which may arise between user and provider. Personal Data is transferred to 3 rd countries outside the EEA. 3 rd countries may not provide an adequate level of protection and transfers may not be safeguarded by appropriate measures (e.g. standard contractual clauses / binding corporate rules) and therefore may be illegal. 29 Kjell Ohlsson March 2013 R&D R&D Information
30 Cloud Computing Privacy Risks Lack of Influence over Contract Under privacy legislation in many countries, Company X will remain the data controller of the personal data and therefore will be liable for any privacy breaches caused by any 3 rd party processors. Company X Authorities Despite this, Company X may not have the ability to negotiate the contractual terms of the cloud service as standardised contracts are a feature of many cloud service providers (e.g. Google, Amazon and Apple). Big Cloud provider It is also difficult to ensure that any contracts between the cloud service provider and their sub-contractors have appropriate protection for Personal Data. 30 Kjell Ohlsson March 2013 R&D R&D Information
31 To summarize Basic concepts of Data Protection & Privacy + Cloud Computing Reasoning around Data Privacy in Cloud environments and the risks introduced 31 Kjell Ohlsson March 2013 R&D R&D Information
32 Questions? 32 Kjell Ohlsson March 2013 R&D R&D Information
33 Backup slides Privacy/Cloud Information from Swedish Data Inspection Board (Datainspektionen) Article about legislation l that t affects privacy Detailed Value proposition for Cloud computing 33 Kjell Ohlsson March 2013 R&D R&D Information
34 Attached documentation Data Inspection Board (Datainspektionen) information material faktablad-molntja nster.pdf faktablad-cloudse rvices.pdf Article about legislation that potentially affects privacy euobserver.com_j ustice_ Kjell Ohlsson March 2013 R&D R&D Information
35 1. Elastic capacity Scaling up and down in minutes No need to provision Optimize resources based on your needs Can easily manage unexpected peaks 35 Kjell Ohlsson March 2013 R&D R&D Information
36 2. Quick deployment IT infrastructure is no longer a barrier Easier to test different solution No need to wait for provisioning Shorter development cycles 36 Kjell Ohlsson March 2013 R&D R&D Information
37 3. No Capital expenditure No initial investment needed No commitments 37 Kjell Ohlsson March 2013 R&D R&D Information
38 4. Pay as you go Clear pricing models Pay for compute power by the hour Pay for storage by the gb Pay for transfer per gb Pay per end user.pay as you go Remember, this is all elastic. Easy to turn on/off resources 38 Kjell Ohlsson March 2013 R&D R&D Information
39 5. Focus on business No need to build from scratch, Services are out there to reuse Much is automated no waiting You can spend more time on value add activities 39 Kjell Ohlsson March 2013 R&D R&D Information
40 Confidentiality Notice This file is private and may contain confidential and proprietary information. If you have received this file in error, please notify us and remove it from your system and note that you must not copy, distribute or take any action in reliance on it. Any unauthorized use or disclosure of the contents of this file is not permitted and may be unlawful. AstraZeneca PLC, 2 Kingdom Street, London, W2 6BD, UK, T: +44(0) , F: +44 (0) , 40 Kjell Ohlsson March 2013 R&D R&D Information
Article 29 Working Party Issues Opinion on Cloud Computing
Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,
More informationAcquia Comments on EU Recommendations for Data Processing in the Cloud
Acquia Comments on EU Recommendations for Data Processing in the Cloud Executive Summary On July 1, 2012, European Union (EU) data protection regulators provided guidelines for service providers processing
More informationAlign Technology. Data Protection Binding Corporate Rules Controller Policy. 2014 Align Technology, Inc. All rights reserved.
Align Technology Data Protection Binding Corporate Rules Controller Policy Contents INTRODUCTION 3 PART I: BACKGROUND AND ACTIONS 4 PART II: CONTROLLER OBLIGATIONS 6 PART III: APPENDICES 13 2 P a g e INTRODUCTION
More informationRecommendations for companies planning to use Cloud computing services
Recommendations for companies planning to use Cloud computing services From a legal standpoint, CNIL finds that Cloud computing raises a number of difficulties with regard to compliance with the legislation
More informationThe HR Skinny: Effectively managing international employee data flows
The HR Skinny: Effectively managing international employee data flows Topics we will cover today Laws affecting HR data flows HR international data protection challenges and strategic solutions Case study
More informationCloud Computing: Legal Risks and Best Practices
Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent
More informationAugust 2011. Report on Cloud Computing and the Law for UK FE and HE (An Overview)
August 2011 Report on Cloud Computing and the Law for UK FE and HE (An Overview) Please Note: This guidance is for information only and is not intended to replace legal advice when faced with a risk decision.
More informationROEHAMPTON UNIVERSITY DATA PROTECTION POLICY
ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY Originated by: Data Protection Working Group: November 2008 Impact Assessment: (to be confirmed) Recommended by Senate: 28 January 2009 Approved by Council:
More informationBRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS
BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS Mat Wright www.britishcouncil.org CONTENTS Purpose of the code 1 Scope of the code 1 The British Council s data protection commitment and
More informationData Protection. Processing and Transfer of Personal Data in Kvaerner. Binding Corporate Rules Public Document
Data Protection Processing and Transfer of Personal Data in Kvaerner Binding Corporate Rules Public Document 1 of 19 1 / 19 Table of contents 1 Introduction... 4 1.1 Scope... 4 1.2 Definitions... 4 1.2.1
More informationData Protection Policy.
Data Protection Policy. Data Protection Policy Foreword 2 Foreword Ladies and Gentlemen, In the information age, we offer customers the means to be always connected, even in their cars. This requires data
More informationCLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES:
CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES: Privacy Responsibilities and Considerations Cloud computing is the delivery of computing services over the Internet, and it offers many potential
More informationCorporate Policy. Data Protection for Data of Customers & Partners.
Corporate Policy. Data Protection for Data of Customers & Partners. 02 Preamble Ladies and gentlemen, Dear employees, The electronic processing of virtually all sales procedures, globalization and growing
More informationPrivacy and Cloud Computing for Australian Government Agencies
Privacy and Cloud Computing for Australian Government Agencies Better Practice Guide February 2013 Version 1.1 Introduction Despite common perceptions, cloud computing has the potential to enhance privacy
More informationFIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS
FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS As a world leader in electronic commerce and payment services, First Data Corporation and its subsidiaries ( First Data entity or entities ),
More informationData Compliance. And. Your Obligations
Information Booklet Data Compliance And Your Obligations What is Data Protection? It is the safeguarding of the privacy rights of individuals in relation to the processing of personal data. The Data Protection
More informationPersonal data and cloud computing, the cloud now has a standard. by Luca Bolognini
Personal data and cloud computing, the cloud now has a standard by Luca Bolognini Lawyer, President of the Italian Institute for Privacy and Data Valorization, founding partner ICT Legal Consulting Last
More informationData Protection Act 1998. Guidance on the use of cloud computing
Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered
More informationATMD Bird & Bird. Singapore Personal Data Protection Policy
ATMD Bird & Bird Singapore Personal Data Protection Policy Contents 1. PURPOSE 1 2. SCOPE 1 3. COMMITMENT TO COMPLY WITH DATA PROTECTION LAWS 1 4. PERSONAL DATA PROTECTION SAFEGUARDS 3 5. ATMDBB EXCEPTIONS:
More informationProcessor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries
Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries Sopra HR Software as a Data Processor Sopra HR Software, 2014 / Ref. : 20141120-101114-m 1/32 1.
More informationGSK Public policy positions
Safeguarding Personally Identifiable Information A Summary of GSK s Binding Corporate Rules The Issue The processing of Personally Identifiable Information (PII) 1 and Sensitive Personally Identifiable
More informationPersonal information, for purposes of this Policy, includes any information which relates to an identified or an identifiable person.
PART I: INTRODUCTION AND BACKGROUND Purpose This Data Protection Binding Corporate Rules Policy ( Policy ) establishes the approach of Fluor to compliance with European data protection law and specifically
More informationJeanne Kelly, Partner Cloud Computing: The Legal Issues
Jeanne Kelly, Partner Cloud Computing: The Legal Issues 14 June 2010 One of the things we really need to watch out for is that we don t hold cloud deployment back because we have some storyline about how
More informationCity of Venice Information Technology Usage Policy
City of Venice Information Technology Usage Policy The City of Venice considers information technology (IT) resources to be city resources. It shall be the policy of the city to maintain these resources
More informationHIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT
HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.
More informationVirginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101
Virginia Government Finance Officers Association Spring Conference May 28, 2014 Cloud Security 101 Presenters: John Montoro, RealTime Accounting Solutions Ted Brown, Network Alliance Presenters John Montoro
More informationThe problem of cloud data governance
The problem of cloud data governance Vasilis Tountopoulos, Athens Technology Center S.A. (ATC) CSP EU Forum 2014 - Thursday, 22 nd May, 2014 Focus on data protection in the cloud Why data governance in
More informationThis Applicant Privacy Notice Continental Europe is dated: July 2012 WILLIS.COM: PRIVACY NOTICE
Applicant Privacy Notice for Positions in Willis Companies Located in the European Union and European Economic Area Excluding the United Kingdom ( Applicant Privacy Notice Continental Europe ) This Applicant
More informationData protection compliance checklist
Data protection compliance checklist What is this checklist for? This checklist is drawn up on the basis of analysis of the relevant provisions of European law. Although European law aims at harmonizing
More informationData Protection in Ireland
Data Protection in Ireland 0 Contents Data Protection in Ireland Introduction Page 2 Appointment of a Data Processor Page 2 Security Measures (onus on a data controller) Page 3 8 Principles Page 3 Fair
More informationAlixPartners, LLP. General Data Protection Statement
AlixPartners, LLP General Data Protection Statement GENERAL DATA PROTECTION STATEMENT 1. INTRODUCTION 1.1 AlixPartners, LLP ( AlixPartners ) is committed to fulfilling its obligations under the data protection
More informationOPINION MAY 2012 ON CLOUD COMPUTING Article 29 Data Protection Working Party (July 1, 2012)
OPINION MAY 2012 ON CLOUD COMPUTING Article 29 Data Protection Working Party (July 1, 2012) ARTICLE 29 DATA PROTECTION WORKING PARTY 01037/12/EN WP 196 Opinion 05/2012 on Cloud Computing Adopted July 1
More informationThe potential legal consequences of a personal data breach
The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.
More informationCloud Computing Legal Considerations for Data Controllers
Cloud Computing Legal Considerations for Data Controllers CLOUD COMPUTING LEGAL CONSIDERATIONS FOR DATA CONTROLLERS What is cloud computing and why is it relevant? Cloud computing can be described as technology
More information7.08.2 Privacy Rules for Customer, Supplier and Business Partner Data. Directive 7.08 Protection of Personal Data
Akzo Nobel N.V. Executive Committee Rules 7.08.2 Privacy Rules for Customer, Supplier and Business Partner Data Source Directive Content Owner Directive 7.08 Protection of Personal Data AkzoNobel Legal
More informationData Protection and Cloud Computing: an Overview of the Legal Issues
Data Protection and Cloud Computing: an Overview of the Legal Issues Christopher Kuner Partner, Hunton & Williams, Brussels Research Assistant, University of Copenhagen Nordic IT Law Conference Copenhagen,
More informationGUIDE ON DATA PROTECTION REQUIREMENTS IN THE CONTEXT OF CLOUD COMPUTING SERVICES
GUIDE ON DATA PROTECTION REQUIREMENTS IN THE CONTEXT OF CLOUD COMPUTING SERVICES CONTENT 1. WHY A CLOUD COMPUTING GUIDE?... 2 2. WHAT IS CLOUD COMPUTING?... 4 3. WHAT ARE THE ROLES OF THE CLOUD SERVICES
More informationDATA PROTECTION POLICY
Reference number Approved by Information Management and Technology Board Date approved 14 th May 2012 Version 1.1 Last revised N/A Review date May 2015 Category Information Assurance Owner Data Protection
More informationCloud Computing: Contracting and Compliance Issues for In-House Counsel
International In-house Counsel Journal Vol. 6, No. 23, Spring 2013, 1 Cloud Computing: Contracting and Compliance Issues for In-House Counsel SHAHAB AHMED Director Legal and Corporate Affairs, Microsoft,
More informationData Protection Avoiding Information Commissioner Fines. Caroline Egan 5 June 2014
Data Protection Avoiding Information Commissioner Fines Caroline Egan 5 June 2014 Why is data protection a hot topic in pensions? Pension schemes hold large amounts of personal data Individuals more aware
More informationInformation Privacy Policy
Information Privacy Policy pol-032 Version: 2.01 Last amendment: Oct 2014 Next Review: Aug 2017 Approved By: Council Date: 04 May 2005 Contact Officer: Director, Strategic Services and Governance INTRODUCTION
More informationData Processing Agreement for Oracle Cloud Services
Data Processing Agreement for Oracle Cloud Services Version December 1, 2013 1. Scope and order of precedence This is an agreement concerning the Processing of Personal Data as part of Oracle s Cloud Services
More informationPersonal Data Protection Policy
Personal Data Protection Policy Please take a moment to read the following Policy. If there is anything you do not understand then please contact us. We are committed to protecting privacy. This Personal
More informationCloud Computing. Introduction
Cloud Computing Introduction This information leaflet aims to advise organisations which are considering engaging cloud computing on the factors they should consider. It explains the relationship between
More informationCloud computing and personal data protection. Gwendal LE GRAND Director of technology and innovation CNIL
Cloud computing and personal data protection Gwendal LE GRAND Director of technology and innovation CNIL 1 Data protection in Europe Directive 95/46/EC Loi 78-17 du 6 janvier 1978 amended in 2004 (France)
More informationBriefly summarised, SURFmarket has submitted the following questions to the Dutch DPA:
UNOFFICIAL TRANSLATION Written opinion on the application of the Wet bescherming persoonsgegevens [Dutch Data Protection Act] in the case of a contract for cloud computing services from an American provider
More informationAlign Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved.
Align Technology Data Protection Binding Corporate Rules Processor Policy Confidential Contents INTRODUCTION TO THIS POLICY 3 PART I: BACKGROUND AND ACTIONS 4 PART II: PROCESSOR OBLIGATIONS 6 PART III:
More informationAustralia s unique approach to trans-border privacy and cloud computing
Australia s unique approach to trans-border privacy and cloud computing Peter Leonard Partner, Gilbert + Tobin Lawyers and Director, iappanz In Australia, as in many jurisdictions, there have been questions
More informationA Sponsor Perspective on Validating Regulated Systems
A Sponsor Perspective on Validating Regulated Systems From Traditional Waterfall Approaches to Agile Continuous Improvement Ø Ø PhUSE Wayne PA Single Day Event Nate Blevins, IS Business Relationship Director,
More informationLEGAL ISSUES IN CLOUD COMPUTING
LEGAL ISSUES IN CLOUD COMPUTING RITAMBHARA AGRAWAL INTELLIGERE 1 CLOUD COMPUTING Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing
More informationOffice of the Data Protection Commissioner of The Bahamas. Data Protection (Privacy of Personal Information) Act, 2003. A Guide for Data Controllers
Office of the Data Protection Commissioner of The Bahamas Data Protection (Privacy of Personal Information) Act, 2003 A Guide for Data Controllers 1 Acknowledgement Some of the information contained in
More informationData Protection for the Guidance Counsellor. Issues To Plan For
Data Protection for the Guidance Counsellor Issues To Plan For Author: Hugh Jones Data Protection Specialist Longstone Management Ltd. Published by the National Centre for Guidance in Education (NCGE)
More informationARTICLE 29 DATA PROTECTION WORKING PARTY
ARTICLE 29 DATA PROTECTION WORKING PARTY 01037/12/EN WP 196 Opinion 05/2012 on Cloud Computing Adopted July 1 st 2012 This Working Party was set up under Article 29 of Directive 95/46/EC. It is an independent
More information2. What personal information do we collect and hold?
PRIVACY POLICY Conexus Financial Pty Ltd [ABN 51 120 292 257], (referred to as Conexus, us, we" or our"), are committed to protecting the privacy of the personal information that we collect and complying
More informationUsing AWS in the context of Australian Privacy Considerations October 2015
Using AWS in the context of Australian Privacy Considerations October 2015 (Please consult https://aws.amazon.com/compliance/aws-whitepapers/for the latest version of this paper) Page 1 of 13 Overview
More informationMerthyr Tydfil County Borough Council. Data Protection Policy
Merthyr Tydfil County Borough Council Data Protection Policy 2014 Cyfarthfa High School is a Rights Respecting School, we recognise the importance of ensuring that the United Nations Convention of the
More informationtechnical factsheet 176
technical factsheet 176 Data Protection CONTENTS 1. Introduction 1 2. Register with the Information Commissioner s Office 1 3. Period protection rights and duties remain effective 2 4. The data protection
More informationFIRST DATA CORPORATION SUMMARY: BINDING CORPORATE RULES FOR DATA PRIVACY AND PROTECTION
FIRST DATA CORPORATION SUMMARY: BINDING CORPORATE RULES FOR DATA PRIVACY AND PROTECTION SUMMARY: BINDING CORPORATE RULES FOR DATA PRIVACY AND PROTECTION v 1.3 Supersedes: v 1.2 Summary Owner: Corporate
More informationDean Bank Primary and Nursery School. Secure Storage of Data and Cloud Storage
Dean Bank Primary and Nursery School Secure Storage of Data and Cloud Storage January 2015 All school e-mail is disclosable under Freedom of Information and Data Protection legislation. Be aware that anything
More informationDESTINATION MELBOURNE PRIVACY POLICY
DESTINATION MELBOURNE PRIVACY POLICY 2 Destination Melbourne Privacy Policy Statement Regarding Privacy Policy Destination Melbourne Limited recognises the importance of protecting the privacy of personally
More informationCloud Computing and Risk: A look at the EU and the application of. Protection Directive to cloud computing
Infopreneurship Journal (IJ) Available online at www.infopreneurship.net Infopreneurship Journal (IJ), 2013, Vol.1, No.1 Cloud Computing and Risk: A look at the EU and the application of the Data Protection
More informationInformation Governance Policy
Information Governance Policy 1 Introduction Healthwatch Rutland (HWR) needs to collect and use certain types of information about the Data Subjects who come into contact with it in order to carry on its
More informationPrivacy Level Agreement Outline for the Sale of Cloud Services in the European Union
Privacy Level Agreement Working Group Privacy Level Agreement Outline for the Sale of Cloud Services in the European Union February 2013 The PLA Outline has been developed within CSA by an expert working
More informationCLOUD COMPUTING. 11 December 2013 TOWNSHIP OF KING TATTA 1
CLOUD COMPUTING (outsourcing records storage) TATTA SRINIVASA RECORDS MANAGER 11 December 2013 TOWNSHIP OF KING TATTA 1 Cloud computing A style of computing where scalable and elasticity ITenabled capabilities
More informationData protection legislation influence on cloud computing from local as well as EU perspective
mag. Andrej Tomšič Deputy Information Commissioner Information Commissioner Data protection legislation influence on cloud computing from local as well as EU perspective CLASS conference 2012 I Cloud Assisted
More informationDublin City University
Dublin City University Data Protection Policy Data Protection Policy Contents Purpose... 1 Scope... 1 Data Protection Principles... 1 Disclosure of Personal Data... 2 Summary of Responsibilities... 3 Rights
More informationCloud Security Trust Cisco to Protect Your Data
Trust Cisco to Protect Your Data As cloud adoption accelerates, organizations are increasingly placing their trust in third-party cloud service providers (CSPs). But can you fully trust your most sensitive
More informationAIRBUS GROUP BINDING CORPORATE RULES
1 AIRBUS GROUP BINDING CORPORATE RULES 2 Introduction The Binding Corporate Rules (hereinafter BCRs ) of the Airbus Group finalize the Airbus Group s provisions on the protection of Personal Data. These
More informationCloud Computing in a Government Context
Cloud Computing in a Government Context Introduction There has been a lot of hype around cloud computing to the point where, according to Gartner, 1 it has become 'deafening'. However, it is important
More informationAnnex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015
Annex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015 The following comprises a checklist of areas that genomic research organizations or consortia (collectively referred
More informationCLOUD COMPUTING FOR ehealth DATA PROTECTION ISSUES
CLOUD COMPUTING FOR ehealth DATA PROTECTION ISSUES GLOBAL FORUM 2009 ICT & The Future of the Internet - Monday, October 19 th 2009 paolo.balboni@bakernet.com Introduction & Structure ENISA Working Group
More informationSummary of responses to the public consultation on Cloud computing run by CNIL from October to December 2011 and analysis by CNIL
Summary of responses to the public consultation on Cloud computing run by CNIL from October to December 2011 and analysis by CNIL 1. Definition of Cloud Computing In the public consultation, CNIL defined
More informationCLOUD COMPUTING ISSUES FOR SCHOOL DISTRICTS. Presented to the 2013 BRADLEY F. KIDDER LAW CONFERENCE. October 2, 2013
CLOUD COMPUTING ISSUES FOR SCHOOL DISTRICTS Presented to the 2013 BRADLEY F. KIDDER LAW CONFERENCE October 2, 2013 By: Diane M. Gorrow Soule, Leslie, Kidder, Sayward & Loughman, P.L.L.C. 220 Main Street
More informationGUIDANCE NOTE OUTSOURCING OF FUNCTIONS BY ENTITIES LICENSED UNDER THE PROTECTION OF INVESTORS (BAILIWICK OF GUERNSEY) LAW, 1987
GUIDANCE NOTE OUTSOURCING OF FUNCTIONS BY ENTITIES LICENSED UNDER THE PROTECTION OF INVESTORS (BAILIWICK OF GUERNSEY) LAW, 1987 CONTENTS Page 1. Introduction 3-4 2. The Commission s Policy 5 3. Outsourcing
More informationData Protection Act. Privacy & Security in the Information Age. April 26, 2013. Ministry of Communications, Ghana
Data Protection Act Privacy & Security in the Information Age April 26, 2013 Agenda Privacy in The Information Age The right to privacy Why We Need Legislation Purpose of the Act The Data Protection Act
More informationCLOUD MIGRATION. Celina Alexandre M6807
CLOUD MIGRATION M6807 S Content 1. Introduction 2. Methodology 3. Requirements Definition Phase 3.1. Strategy 3.2. Knowledge 06/05/15 2 Content 4. Analysis Phase 4.1. Aplications and Systems 4.2. Development
More informationOverview of Topics Covered
How to Effectively Collaborate with Cloud Providers Agenda Overview of Topics Covered Agenda Evolution of the Cloud Comparison of Private vs. Public Clouds Other Regulatory Frameworks Similar to HIPAA
More informationThe Manitowoc Company, Inc.
The Manitowoc Company, Inc. DATA PROTECTION POLICY 11FitzPatrick & Associates 4/5/04 1 Proprietary Material Version 4.0 CONTENTS PART 1 - Policy Statement PART 2 - Processing Personal Data PART 3 - Organisational
More informationGENOA, a QoL HEALTHCARE COMPANY GENOA ONLINE SYSTEM TERMS OF USE
GENOA, a QoL HEALTHCARE COMPANY GENOA ONLINE SYSTEM TERMS OF USE By using the Genoa Online system (the System ), you acknowledge and accept the following terms of use: This document details the terms of
More informationData Protection for Charities
Data Protection for Charities CFG 15 May 2014 Overview Overview and key definitions The data protection principles Fair and lawful processing Data security and outsourcing Rights of data subjects Recent
More informationInformation Technology - Switzerland
Newsletters Law Directory Deals News Subscribe Home Information Technology - Switzerland Data Protection - Key Issues Contributed by Homburger December 2 2003 Introduction No Free Flow of Data within a
More informationPrivacy, the Cloud and Data Breaches
Privacy, the Cloud and Data Breaches Annelies Moens Head of Sales and Operations, Information Integrity Solutions Legalwise Seminars Sydney, 20 March 2013 About IIS Building trust and privacy through global
More informationDHHIT Network Security Standards and Procedures
DHHIT Network Security Standards and Procedures Contents 1. Introduction 2 2. Scope 2 3. Definitions 2 4 Employment practices 2 5 Employee responsibility 3 6 Physical security 3 7 Network and Systems Security
More informationFrom PLI s Online Program Cloud Computing: Pointers for Addressing the New Legal Issues Arising from this Emerging Technology #21735
From PLI s Online Program Cloud Computing: Pointers for Addressing the New Legal Issues Arising from this Emerging Technology #21735 16 PREPACKAGED BANKRUPTCY AND PREARRANGED BANKRUPTCY PROCESS Deryck
More informationA list of CIArb subsidiaries relevant to this notice and their activities is set out below.
CHARTERED INSTITUTE OF ARBITRATORS DATA PRIVACY NOTICE INTRODUCTION This data protection notice explains what personal data will be collected by the Chartered Institute of Arbitrators and its subsidiary
More informationCPNI VIEWPOINT 01/2010 CLOUD COMPUTING
CPNI VIEWPOINT 01/2010 CLOUD COMPUTING MARCH 2010 Acknowledgements This viewpoint is based upon a research document compiled on behalf of CPNI by Deloitte. The findings presented here have been subjected
More informationIndex. Definitions. What is Data Protection? Rights of Individuals. The 8 Principles of Data Protection
Data Protection Awareness Based on DIT s Data Protection Policy, the Data Protection Acts, 1988 & 2003 and guidance from the Office of the Data Protection Commissioner Index Definitions What is Data Protection?
More informationVENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium
1 VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium 2 Agenda Introduction Vendor Management what is? Available Guidance Vendor Management
More informationPRIVACY POLICIES AND FORMS FOR BUSINESS ASSOCIATES
PRIVACY POLICIES AND FORMS FOR BUSINESS ASSOCIATES TABLE OF CONTENTS A. Overview of HIPAA Compliance Program B. General Policies 1. Glossary of Defined Terms Used in HIPAA Policies and Procedures 2. Privacy
More informationDirect Recruitment Privacy Policy
Direct Recruitment Privacy Policy Direct Recruitment manages personal information in accordance with the Privacy Act 1988 and Australian Privacy Principles (APP). This policy applies to information collected
More informationInformation Collected. Type of Information Collected. We may collect two general types of information when you use the Site:
Privacy Policy (Last revised March 1, 2016) This website is owned and operated by Temple Square Hospitality Corporation ( Operator ). The following Privacy Policy (the Policy ) describes how Operator collects,
More informationOUTSOURCING, HOSTING AND DATA PRIVACY ISSUES
OUTSOURCING, HOSTING AND DATA PRIVACY ISSUES 4 April 2013 James Castro-Edwards Solicitor Monica Salgado Advogada / Portuguese Lawyer OUR TEAM Speechly Bircham is an ambitious, full-service law firm with
More informationCCBE RESPONSE REGARDING THE EUROPEAN COMMISSION PUBLIC CONSULTATION ON CLOUD COMPUTING
CCBE RESPONSE REGARDING THE EUROPEAN COMMISSION PUBLIC CONSULTATION ON CLOUD COMPUTING CCBE response regarding the European Commission Public Consultation on Cloud Computing The Council of Bars and Law
More informationSMS and Texting - A Guide to the Future
NHS Information Governance: Information Risk Management Guidance: Short Message Service (SMS) & Texting Department of Health Informatics Directorate April 2010 1 Amendment History Version Date Amendment
More informationPresentation by: Dr. Nathalie Moreno Partner. Cloud Computing and Data Protection: an Update 4 October 2012
Presentation by: Dr. Nathalie Moreno Partner Cloud Computing and Data Protection: an Update 4 October 2012 Our team Speechly Bircham is an ambitious, international mid-size fullservice law firm head-quartered
More informationData Protection Standard
Data Protection Standard Processing and Transfer of Personal Data in Aker Solutions (Binding Corporate Rules) Aker Solutions www.akersolutions.com Table of contents 1 Introduction... 3 1.1 Scope... 3 1.2
More informationThe Privacy Act 1988 contains 10 National Privacy Principles (the NPPs) which specify how organisations should handle personal information.
Privacy policy Abstract Page 1 Preamble The Privacy Act 1988 contains 10 National s (the NPPs) which specify how organisations should handle personal information. The Anglican Church Diocese of Sydney
More informationConsiderations for Outsourcing Records Storage to the Cloud
Considerations for Outsourcing Records Storage to the Cloud 2 Table of Contents PART I: Identifying the Challenges 1.0 Are we even allowed to move the records? 2.0 Maintaining Legal Control 3.0 From Storage
More informationMy Docs Online HIPAA Compliance
My Docs Online HIPAA Compliance Updated 10/02/2013 Using My Docs Online in a HIPAA compliant fashion depends on following proper usage guidelines, which can vary based on a particular use, but have several
More informationHEALTHCARE SECURITY AND PRIVACY CATALOG OF SERVICES
HEALTHCARE SECURITY AND PRIVACY CATALOG OF SERVICES OCTOBER 2014 3300 North Fairfax Drive, Suite 308 Arlington, Virginia 22201 USA +1.571.481.9300 www.lunarline.com OUR CLIENTS INCLUDE Contents Healthcare
More information