SPF SANTE PUBLIQUE, SECURITE DE LA CHAINE ALIMENTAIRE ET ENVIRONNEMENT. EPD in the cloud

Size: px
Start display at page:

Download "SPF SANTE PUBLIQUE, SECURITE DE LA CHAINE ALIMENTAIRE ET ENVIRONNEMENT. EPD in the cloud"

Transcription

1 1 EPD in the cloud Jean-Marc Van Gyseghem Head of the «Liberties and Information Society» - Crids, University of Namur Member of the Bar of Brussels, Rawlings Giles lawfirm

2 2 Table of content What s Privacy? Health related data Behind the cloud Cloud and privacy Causes to effects Memorandum.

3 3 What s Privacy? «Il faut se réserver une arrière-boutique toute nôtre, toute franche, en laquelle nous établissons notre vraie liberté et principale retraite et solitude» MONTAIGNE «The right to be let alone» WARREN & BRANDEIS (1890) «La solitude à plusieurs» : The freedom to manage relationships with people without any exposure to any illegal interference. F. RIGAUX (1984)

4 4 What s Privacy? Privacy is one dimension of the human dignity; Privacy is a protection given to the personal sphere of each individual, including the right to establish details of their identity as individual human beings (ECHR, Christine Goodwin v. The United Kingdom, , par. 90) Privacy is a fundamental right

5 5 What s Privacy? Data protection = a tradition on the go: Universal declaration of Human Rights (UN) Privacy guidelines (OECD) European Convention on Human Rights (CoE) in 1950 Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (CETS108; CoE) in 1981 The Charter of Fundamental Rights of the EU in 2000 Privacy/data protection is anchored in Universal principles

6 6 Table of content What s Privacy? Health related data Behind the cloud Cloud and privacy Causes to effects Memorandum.

7 7 Health related data? Health related data = sensitive data; Health related data = extra protection Medical files = in the hospital under the responsability of the medical head (médecin-chef). Art. 25 lois coordonnées sur le hôpitaux de 2008.

8 8 Table of content What s Privacy? Health related data Behind the cloud Cloud and privacy Causes to effects Memorandum.

9 9 Behind the Cloud User Cloud provider User User server server?????

10 10 Behind the cloud Technical aspects Simple data base HTML «dressing» Access policy Legal aspects Administrator draws up the general access management unilateral changes If modifications occur the content accessible might change Secrecy breach.

11 11 Behind the Cloud Security User Cloud provider User User server server?????

12 12 Behind the cloud Technical aspects Recoverability Durability Availability Interconnection with data bases - Crossing of information Necessity of Internet connection Legal aspects Who is the access manager? User? Administrator? Who assures the access? User? Administrator? Who has the control on the data? User? Administrator? Who has the control on the data? User? Administrator? What about the continuity of the service in case of Internet shut down? What about the medical secrecy?

13 Data processor Data processor Cloud computing provider Hospital Data controller Data processor Data processor Cloud computing system Hospital Data controller Personal data flow

14 14 Table of content What s Privacy? Health related data Behind the cloud Cloud and privacy Causes to effects Memorandum.

15 Cloud and Privacy 15 What about the data subject? Principle of transparency and, beyond, which rights for the data subject? Obligation to inform about the recourse to a CCS: do we need a specific information towards the data subject (e.g patients)? Right to access: how to ensure the access when the data are at the CLCS data bases? Case of CLCS bankruptcy? Right of deletion: how can we be sure about the deletion of the data in case of contract s cancellation?

16 16 Cloud and Privacy What about the security/confidentiality? Security of transmission to the CCP and security within the CCP System Cloud computing system Secured connection Data processor Data processor Cloud computing provider Hospital Data processor Hospital

17 17 Cloud and Privacy Appropriate security measures to be supported by the data controller/hospital: obligation for Data controller to use a data processor of good quality (use of label system, need for ISO standards); Contract between the data controller and the data processor; Obligation to have specific clauses in case of termination of activities (problem of transfer and of bankruptcy)?

18 18 Cloud and Privacy Appropriate security measures by the Cloud privider: Information accountability principle (tell what you are doing and ensure that you will do it) Standardization as regards audit, nomination of a security obligation, data segregation, Obligations in case of security breach

19 19 Cloud and Privacy What about liability? Each actor has its own liability: Cloud computing provider: Security; Confidentiality; Etc. Hospital: Under the responsibility of the medical head Security of its own network; Access precaution; Etc.

20 20 Cloud and Privacy Data processor of the Cloud computing provider: Security; Confidentiality; Etc. Internet provider

21 21 Cloud and Privacy What about the probationary strength? Art. 36/1 of the Act of August 21st 2008 on the E-health platform: What about the security? What about the sustainability? What about the data protection itself (Europe, out of Europe, etc)

22 22 Table of content What s Privacy? Health related data Behind the cloud Cloud and privacy Causes to effects Memorandum.

23 23 Causes to effects Cause Breach to the access management Effect Lost of the patient confidence

24 24 Causes to effects Cause Breach to the access management Law enforcement (Patriot Act, etc) Effect Lost of the patient confidence Secrecy breach

25 25 Causes to effects Cause Breach to the access management Law enforcement (Patriot Act, etc) Decision tree Effect Lost of the patient confidence Secrecy breach Choice about the documents to be put in the cloud

26 26 Causes to effects Cause Breach to the access management Law enforcement (Patriot Act, etc) Function tree Back-up by the Cloud provider Effect Lost of the patient confidence Secrecy breach Choice about the documents to be put in the cloud Recoverability of the data (fire, water, etc)

27 27 Causes to effects Cause Breach to the access management Law enforcement (Patriot Act, etc) Function tree Back-up by the Cloud provider Negotiation Effect Lost of the patient confidence Secrecy breach Choice about the documents to be put in the cloud Recoverability of the data (fire, water, virus, etc) Negotiation together with other hospitals to get more strength.

28 28 Causes to effects Cause Breach to the access management Law enforcement (Patriot Act, etc) Function tree Back-up by the Cloud provider Negotiation Use of private cloud computing Effect Lost of the patient confidence Secrecy breach Choice about the documents to be put in the cloud Recoverability of the data (fire, water, etc) Negotiation together with other hospitals to get more strength. Maintaining control on the data.

29 29 Table of content What s Privacy? Health related data Behind the cloud Cloud and privacy Causes to effects Memorandum.

30 Memorandum 30 Long and short terms risks analysis: Adequate security measures (ISO/CEI 27002, for example): Physical security: Access to the data; Access to the server; Technical security: Access management; Network; Communication; Contract with the data processor.

31 31 Memorandum Security breach: Notification to the Privacy Commission within 48 hours (avis 01/2013); Information campaign to the public within 14 to Au public endéans les 24 à 48 heures (avis 01/2013).

32 32 Thanks for your attention

Cloud computing and personal data protection. Gwendal LE GRAND Director of technology and innovation CNIL

Cloud computing and personal data protection. Gwendal LE GRAND Director of technology and innovation CNIL Cloud computing and personal data protection Gwendal LE GRAND Director of technology and innovation CNIL 1 Data protection in Europe Directive 95/46/EC Loi 78-17 du 6 janvier 1978 amended in 2004 (France)

More information

CCBE RESPONSE REGARDING THE EUROPEAN COMMISSION PUBLIC CONSULTATION ON CLOUD COMPUTING

CCBE RESPONSE REGARDING THE EUROPEAN COMMISSION PUBLIC CONSULTATION ON CLOUD COMPUTING CCBE RESPONSE REGARDING THE EUROPEAN COMMISSION PUBLIC CONSULTATION ON CLOUD COMPUTING CCBE response regarding the European Commission Public Consultation on Cloud Computing The Council of Bars and Law

More information

Summary of responses to the public consultation on Cloud computing run by CNIL from October to December 2011 and analysis by CNIL

Summary of responses to the public consultation on Cloud computing run by CNIL from October to December 2011 and analysis by CNIL Summary of responses to the public consultation on Cloud computing run by CNIL from October to December 2011 and analysis by CNIL 1. Definition of Cloud Computing In the public consultation, CNIL defined

More information

AN INSIDE VIEW FROM THE EU EXPERT GROUP ON CLOUD COMPUTING

AN INSIDE VIEW FROM THE EU EXPERT GROUP ON CLOUD COMPUTING AN INSIDE VIEW FROM THE EU EXPERT GROUP ON CLOUD COMPUTING 1. Overview and Background On 27 September 2012, the European Commission adopted a strategy for "Unleashing the potential of cloud computing in

More information

Recommendations for companies planning to use Cloud computing services

Recommendations for companies planning to use Cloud computing services Recommendations for companies planning to use Cloud computing services From a legal standpoint, CNIL finds that Cloud computing raises a number of difficulties with regard to compliance with the legislation

More information

Legal Aspects of Cloud Computing. Dr. Susann Wolfgram & Ulrike Weinbrenner Dr. Alexander Duisberg (Bird&Bird)

Legal Aspects of Cloud Computing. Dr. Susann Wolfgram & Ulrike Weinbrenner Dr. Alexander Duisberg (Bird&Bird) Legal Aspects of Cloud Computing Dr. Susann Wolfgram & Ulrike Weinbrenner Dr. Alexander Duisberg (Bird&Bird) Agenda Cloud Computing Overview Role Play on Hot Topics SAAS versus on-premise software licensing

More information

UNIVERSITY OF MAINE SYSTEM STANDARDS FOR SAFEGUARDING INFORMATION ATTACHMENT C

UNIVERSITY OF MAINE SYSTEM STANDARDS FOR SAFEGUARDING INFORMATION ATTACHMENT C UNIVERSITY OF MAINE SYSTEM STANDARDS FOR SAFEGUARDING INFORMATION ATTACHMENT C This Attachment addresses the Contractor s responsibility for safeguarding Compliant Data and Business Sensitive Information

More information

Law enforcement in the clouds - challenges

Law enforcement in the clouds - challenges Octopus Conference 2010 Outlook session on security and privacy in the clouds Law enforcement in the clouds - challenges Strasbourg, 25 March 2010 Alexander Seger Council of Europe, Strasbourg, France

More information

Data Processing Agreement for Oracle Cloud Services

Data Processing Agreement for Oracle Cloud Services Data Processing Agreement for Oracle Cloud Services Version December 1, 2013 1. Scope and order of precedence This is an agreement concerning the Processing of Personal Data as part of Oracle s Cloud Services

More information

Article 29 Working Party Issues Opinion on Cloud Computing

Article 29 Working Party Issues Opinion on Cloud Computing Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,

More information

Data protection issues on an EU outsourcing

Data protection issues on an EU outsourcing Data protection issues on an EU outsourcing Saam Golshani, Alastair Gorrie and Diego Rigatti, Orrick Herrington & Sutcliffe www.practicallaw.com/8-380-8496 Outsourcing can mean subcontracting a process

More information

Privacy and Personal Data Protection: Legal Context and Social Perception

Privacy and Personal Data Protection: Legal Context and Social Perception Privacy and Personal Data Protection: Legal Context and Social Perception Estelle De Marco Inthemis FIA 2011 Budapest Economics of Privacy Wednesday 18 May 2011 Privacy (12 UDHR, 17 ICCPR, 8 ECHR, 7 EU

More information

BYOD Privacy and Security in Europe

BYOD Privacy and Security in Europe BYOD Privacy and Security in Europe BYOD: Overview 2 BYOD Overview 38% of companies expect to stop providing electronic devices to their employees by 2016 (1) According to a 2013 survey conducted by Cisco,

More information

Data Protection and Cloud Computing: an Overview of the Legal Issues

Data Protection and Cloud Computing: an Overview of the Legal Issues Data Protection and Cloud Computing: an Overview of the Legal Issues Christopher Kuner Partner, Hunton & Williams, Brussels Research Assistant, University of Copenhagen Nordic IT Law Conference Copenhagen,

More information

Response of the Northern Ireland Human Rights Commission on the Health and Social Care (Control of Data Processing) NIA Bill 52/11-16

Response of the Northern Ireland Human Rights Commission on the Health and Social Care (Control of Data Processing) NIA Bill 52/11-16 Response of the Northern Ireland Human Rights Commission on the Health and Social Care (Control of Data Processing) NIA Bill 52/11-16 Summary The Northern Ireland Human Rights Commission (the Commission):

More information

I. Background information

I. Background information A clean and open Internet: Public consultation on procedures for notifying and acting on illegal content hosted by online intermediaries I. Background information 1. Please indicate your role for the purpose

More information

Cloud computing Alessandro Galtieri Pavel Klimov Severin Loeffler

Cloud computing Alessandro Galtieri Pavel Klimov Severin Loeffler Cloud computing Alessandro Galtieri, Senior Lawyer, Colt Technology Services, London, UK Pavel Klimov, General Counsel EMEA, Unisys, London, UK Severin Loeffler, Assistant General Counsel, Central Eastern

More information

TERMS AND CONDITIONS OF USE OF THE WEBSITE GENERAL TERMS AND CONDITIONS

TERMS AND CONDITIONS OF USE OF THE WEBSITE GENERAL TERMS AND CONDITIONS TERMS AND CONDITIONS OF USE OF THE WEBSITE GENERAL TERMS AND CONDITIONS Preamble Touscoprod, an EURL with capital of 7,500 Euros, listed on the Paris Companies Registry as number 510 096 365, with registered

More information

Personal data and cloud computing, the cloud now has a standard. by Luca Bolognini

Personal data and cloud computing, the cloud now has a standard. by Luca Bolognini Personal data and cloud computing, the cloud now has a standard by Luca Bolognini Lawyer, President of the Italian Institute for Privacy and Data Valorization, founding partner ICT Legal Consulting Last

More information

Personnalisez votre intérieur avec les revêtements imprimés ALYOS design

Personnalisez votre intérieur avec les revêtements imprimés ALYOS design Plafond tendu à froid ALYOS technology ALYOS technology vous propose un ensemble de solutions techniques pour vos intérieurs. Spécialiste dans le domaine du plafond tendu, nous avons conçu et développé

More information

Cloud Service Agreements: Avoiding the Pitfalls of the Cloud as a Commodity. Amy Mushahwar, Esq.

Cloud Service Agreements: Avoiding the Pitfalls of the Cloud as a Commodity. Amy Mushahwar, Esq. Cloud Service Agreements: Avoiding the Pitfalls of the Cloud as a Commodity Amy Mushahwar, Esq. What s New? Not That Much. Some have their heads in the cloud we prefer to stay down in the weeds and know

More information

Employee monitoring in France. January 2010. Contents. Legal Framework 1

Employee monitoring in France. January 2010. Contents. Legal Framework 1 Employee monitoring in France January 2010 Contents Legal Framework 1 Principal situations where an individual's privacy is restricted in the workplace 1 Potential disciplinary sanctions applied to employees

More information

Overview. Data protection in a swirl of change 28.03.2014. Cloud computing. Software as a service. Infrastructure as a service. Platform as a service

Overview. Data protection in a swirl of change 28.03.2014. Cloud computing. Software as a service. Infrastructure as a service. Platform as a service Data protection in a swirl of change Overview 1 Data protection issues in cloud computing 2 Consent for mobile applications Security Seminar 2014: Privacy Radboud University Nijmegen 3 The WhatsApp case

More information

Cyber Security and Cloud Computing. Dr Daniel Prince Course Director MSc in Cyber Security d.prince@lancaster.ac.uk

Cyber Security and Cloud Computing. Dr Daniel Prince Course Director MSc in Cyber Security d.prince@lancaster.ac.uk Cyber Security and Cloud Computing Dr Daniel Prince Course Director MSc in Cyber Security d.prince@lancaster.ac.uk Scope of Today SME Attractors for Cloud Switching to the Cloud Public Private Hybrid Big

More information

The Use of Cloud Computing for the Storing and Accessing of Client Information: Some Practical and Ethical Considerations

The Use of Cloud Computing for the Storing and Accessing of Client Information: Some Practical and Ethical Considerations The Use of Cloud Computing for the Storing and Accessing of Client Information: Some Practical and Ethical Considerations Jeffrey D. Scott Jeffrey D. Scott, Legal Professional Corporation Practice Advisors

More information

Application of Data Protection Concepts to Cloud Computing

Application of Data Protection Concepts to Cloud Computing Application of Data Protection Concepts to Cloud Computing By Denitza Toptchiyska Abstract: The fast technological development and growing use of cloud computing services require implementation of effective

More information

Terms & Conditions of HYPE Softwaretechnik GmbH ( HYPE ) for HYPE Enterprise Express (Version October 2015) 1 Scope

Terms & Conditions of HYPE Softwaretechnik GmbH ( HYPE ) for HYPE Enterprise Express (Version October 2015) 1 Scope 1 Scope 1 (1) These terms and conditions (the T&C HYPE Enterprise Express ) together with the description of the Software Services provided by HYPE accepted by Customer by completing the HYPE Enterprise

More information

Cloud Computing: Trust But Verify

Cloud Computing: Trust But Verify Cloud Computing: Trust But Verify 14th Annual Privacy and Security Conference February 8, 2013, Victoria Martin P.J. Kratz, QC Bennett Jones LLP Cloud Computing Provision of services available on the Internet

More information

Cloud Computing: Legal Risks and Best Practices

Cloud Computing: Legal Risks and Best Practices Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent

More information

Legal Issues Associated with Cloud Computing. Laurin H. Mills May 13, 2009

Legal Issues Associated with Cloud Computing. Laurin H. Mills May 13, 2009 Legal Issues Associated with Cloud Computing Laurin H. Mills May 13, 2009 What Is Cloud Computing? The cloud is a metaphor for the Internet Leverages the connectivity of the Internet to optimize the utility

More information

LAWYERING IN THE CLOUD CRIB NOTES 2012 Charles F. Luce, Jr. coloradolegalethics.com/ (alpha release)

LAWYERING IN THE CLOUD CRIB NOTES 2012 Charles F. Luce, Jr. coloradolegalethics.com/ (alpha release) CHARLES LUCE S LAWYERING IN THE CLOUD CRIB NOTES 2012 Charles F. Luce, Jr. coloradolegalethics.com/ (alpha release) A. Cloud Computing Defined: n. A loosely defined term for any system providing access

More information

ISO 27001 Controls and Objectives

ISO 27001 Controls and Objectives ISO 27001 s and Objectives A.5 Security policy A.5.1 Information security policy Objective: To provide management direction and support for information security in accordance with business requirements

More information

Data Privacy in the Cloud: A Dozen Myths & Facts

Data Privacy in the Cloud: A Dozen Myths & Facts Data Privacy in the Cloud: A Dozen Myths & Facts March 7-9 Washington DC Presented by: Barbara Cosgrove, Chief Security Officer, Workday, Inc. Lothar Determann, Partner, Baker & McKenzie LLP We re taking

More information

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS

BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS Mat Wright www.britishcouncil.org CONTENTS Purpose of the code 1 Scope of the code 1 The British Council s data protection commitment and

More information

PROPOSAL 20. Resolution 130 of Marrakesh on the role of ITU in information and communication network security

PROPOSAL 20. Resolution 130 of Marrakesh on the role of ITU in information and communication network security PROPOSAL 20 Resolution 130 of Marrakesh on the role of ITU in information and network security Submitted by the following Member States: Germany (Federal Republic of), Austria, Belarus (Republic of), Bulgaria

More information

ISO27001 Controls and Objectives

ISO27001 Controls and Objectives Introduction This reference document for the University of Birmingham lists the control objectives, specific controls and background information, as given in Annex A to ISO/IEC 27001:2005. As such, the

More information

Cloud Computing. Hot topics in relation to security, liability and privacy. Steven De Schrijver

Cloud Computing. Hot topics in relation to security, liability and privacy. Steven De Schrijver Cloud Computing Hot topics in relation to security, liability and privacy Steven De Schrijver Cloud Computing : who and what is involved? Data Cloud Service Provider (e.g. SaaS, PaaS, IaaS) Sub-contractor

More information

Master in ICT. Comment passer 1 an ailleurs en Europe, puis revenir à UNS dans le M2 IFI Parcours UBINET

Master in ICT. Comment passer 1 an ailleurs en Europe, puis revenir à UNS dans le M2 IFI Parcours UBINET EIT ICT Labs Information & Communication Technology Labs Master in ICT Comment passer 1 an ailleurs en Europe, puis revenir à UNS dans le M2 IFI Parcours UBINET EIT ICT Labs Strategy Integrating the Knowledge

More information

Altiris Patch Management Solution for Windows 7.6 from Symantec Third-Party Legal Notices

Altiris Patch Management Solution for Windows 7.6 from Symantec Third-Party Legal Notices Appendix A Altiris Patch Management Solution for Windows 7.6 from Symantec Third-Party Legal Notices This appendix includes the following topics: Third-Party Legal Attributions CabDotNet MICROSOFT PLATFORM

More information

Title Sujet: MDM Professional Services Solicitation No. Nº de l invitation Date: 1000313802_A August 13, 2013

Title Sujet: MDM Professional Services Solicitation No. Nº de l invitation Date: 1000313802_A August 13, 2013 RETURN BID TO/ RETOURNER LES SOUMISSIONS À : Canada Border Services Agency Cheque Distribution and Bids Receiving Area 473 Albert Street, 6 th floor Ottawa, ON K1A 0L8 Facsimile No: (613) 941-7658 Bid

More information

Cloud Computing and Privacy Laws! 17.7. 22.7. 2011 Prof. Dr. Thomas Fetzer, LL.M. Technische Universität Dresden Law School

Cloud Computing and Privacy Laws! 17.7. 22.7. 2011 Prof. Dr. Thomas Fetzer, LL.M. Technische Universität Dresden Law School DEUTSCH-FRANZÖSISCHE SOMMERUNIVERSITÄT! FÜR NACHWUCHSWISSENSCHAFTLER 2011! CLOUD COMPUTING : HERAUSFORDERUNGEN UND MÖGLICHKEITEN UNIVERSITÉ DʼÉTÉ FRANCO-ALLEMANDE POUR JEUNES CHERCHEURS 2011! CLOUD COMPUTING

More information

Annex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015

Annex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015 Annex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015 The following comprises a checklist of areas that genomic research organizations or consortia (collectively referred

More information

INFORMATION TECHNOLOGY CHARTER

INFORMATION TECHNOLOGY CHARTER INFORMATION TECHNOLOGY CHARTER INFORMATION TECHNOLOGY CHARTER Reference : extract- internal rules and regulations Name Position Date and signature Author Revised by Validation: Bruno Frédéric Head of IT

More information

Work programme 2016 2018

Work programme 2016 2018 ARTICLE 29 Data Protection Working Party 417/16/EN WP235 Work programme 2016 2018 Adopted on 2 February 2016 This Working Party was set up under Article 29 of Directive 95/46/EC. It is an independent European

More information

White Paper. Improved Delivery and Management of Critical Information: Solicitors Regulation Authority Compliance

White Paper. Improved Delivery and Management of Critical Information: Solicitors Regulation Authority Compliance White Paper Improved Delivery and Management of Critical Information: Solicitors Regulation Authority Compliance Author Document Number Revision Issue Date Copyright : : : : : Ben Martin WHP-1010 V2.2

More information

Contracting with a Cloud Service Provider DATA PROTECTION WORKSHOP NJERI OLWENY, MICROSOFT

Contracting with a Cloud Service Provider DATA PROTECTION WORKSHOP NJERI OLWENY, MICROSOFT Contracting with a Cloud Service Provider DATA PROTECTION WORKSHOP NJERI OLWENY, MICROSOFT Overview Cloud computing offers great opportunities for organizations, including schools, hospitals and businesses

More information

TELEFÓNICA UK LTD. Introduction to Security Policy

TELEFÓNICA UK LTD. Introduction to Security Policy TELEFÓNICA UK LTD Introduction to Security Policy Page 1 of 7 CHANGE HISTORY Version No Date Details Authors/Editor 7.0 1/11/14 Annual review including change control added. Julian Jeffery 8.0 1/11/15

More information

AskAvanade: Answering the Burning Questions around Cloud Computing

AskAvanade: Answering the Burning Questions around Cloud Computing AskAvanade: Answering the Burning Questions around Cloud Computing There is a great deal of interest in better leveraging the benefits of cloud computing. While there is a lot of excitement about the cloud,

More information

COUNCIL OF THE EUROPEAN UNION. Brussels, 22 November 2006 15644/06 DATAPROTECT 45 EDPS 3

COUNCIL OF THE EUROPEAN UNION. Brussels, 22 November 2006 15644/06 DATAPROTECT 45 EDPS 3 COUNCIL OF THE EUROPEAN UNION Brussels, 22 November 2006 15644/06 DATAPROTECT 45 EDPS 3 COVER NOTE from: Secretary-General of the European Commission, signed by Mr Jordi AYET PUIGARNAU, Director date of

More information

Declaration of Internet Rights Preamble

Declaration of Internet Rights Preamble Declaration of Internet Rights Preamble The Internet has played a decisive role in redefining public and private space, structuring relationships between people and between people and institutions. It

More information

Data Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture

Data Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture Data Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture 2 Data Security and Privacy Principles for IBM SaaS Contents 2 Introduction

More information

Risks and Countermeasures in the Public Cloud

Risks and Countermeasures in the Public Cloud Risks and Countermeasures in the Public Cloud Alessandro Vallega fond member of AIEA Security Business Development, Oracle Italy Oracle Community for Security Director Clusit Board of Directors Paragliding

More information

The impact of the personal data security breach notification law

The impact of the personal data security breach notification law ICTRECHT The impact of the personal data security breach notification law On 1 January 2016 legislation will enter into force in The Netherlands requiring organisations to report personal data security

More information

The problem of cloud data governance

The problem of cloud data governance The problem of cloud data governance Vasilis Tountopoulos, Athens Technology Center S.A. (ATC) CSP EU Forum 2014 - Thursday, 22 nd May, 2014 Focus on data protection in the cloud Why data governance in

More information

Enterprise Risk Management & Board members. GUBERNA Alumni Event June 19 th 2014 Prepared by Gaëtan LEFEVRE

Enterprise Risk Management & Board members. GUBERNA Alumni Event June 19 th 2014 Prepared by Gaëtan LEFEVRE Enterprise Risk Management & Board members GUBERNA Alumni Event June 19 th 2014 Prepared by Gaëtan LEFEVRE Agenda Introduction Do we need Risk Management? The 8 th EU Company Law Directive Art 41, 2b Three

More information

Presidency conclusions on establishing a strategy to combat the manipulation of sport results

Presidency conclusions on establishing a strategy to combat the manipulation of sport results COU CIL OF THE EUROPEA U IO EN Presidency conclusions on establishing a strategy to combat the manipulation of sport results 3201st EDUCATIO, YOUTH, CULTURE and SPORT Council meeting Brussels, 26 and 27

More information

CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES:

CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES: CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES: Privacy Responsibilities and Considerations Cloud computing is the delivery of computing services over the Internet, and it offers many potential

More information

Data Privacy and Security for Market Research in the Cloud

Data Privacy and Security for Market Research in the Cloud Data Privacy and Security for Market Research in the Cloud Peter Milla IIeX2015 NA Agenda Page 2 1. Background 2. Why the Cloud? 3. Data Privacy and Data Security in the Cloud 4. How do We Deal with It?

More information

RFP AMENDMENT#2 DDP MODIFICATION#2

RFP AMENDMENT#2 DDP MODIFICATION#2 RETURN BIDS TO: RETOURNER LES SOUMISSIONS Á: Parks Canada Agency Bids Receiving 111 Water Street East Cornwall, ON K6H 6S3 RFP AMENDMENT#2 DDP MODIFICATION#2 Proposal to: Parks Canada Agency We hereby

More information

Panel 1. Greater Regulation of Special Threats to Privacy. Data Protection in the 21st Century

Panel 1. Greater Regulation of Special Threats to Privacy. Data Protection in the 21st Century Panel 1 Greater Regulation of Special Threats to Privacy Data Protection in the 21st Century Questions for Panel 1 Greater Regulation of Special Threats to Privacy I. Need for reform What are currently

More information

COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS

COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS EUROPEAN COMMISSION Brussels, XXX [ ](2011) XXX draft COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS

More information

Note concernant votre accord de souscription au service «Trusted Certificate Service» (TCS)

Note concernant votre accord de souscription au service «Trusted Certificate Service» (TCS) Note concernant votre accord de souscription au service «Trusted Certificate Service» (TCS) Veuillez vérifier les éléments suivants avant de nous soumettre votre accord : 1. Vous avez bien lu et paraphé

More information

Insurance Europe key messages on the European Commission's proposed General Data Protection Regulation

Insurance Europe key messages on the European Commission's proposed General Data Protection Regulation Position Paper Insurance Europe key messages on the European Commission's proposed General Data Protection Regulation Our reference: SMC-DAT-12-064 Date: 3 September 2012 Related documents: Proposal for

More information

Acquia Comments on EU Recommendations for Data Processing in the Cloud

Acquia Comments on EU Recommendations for Data Processing in the Cloud Acquia Comments on EU Recommendations for Data Processing in the Cloud Executive Summary On July 1, 2012, European Union (EU) data protection regulators provided guidelines for service providers processing

More information

Checklist: Cloud Computing Agreement

Checklist: Cloud Computing Agreement Checklist: Cloud Computing Agreement crosslaw s checklists Date : 21 November 2015 Version 1.4 Tags : ICT Law Johan Vandendriessche Johan is partner and heads the ICT/IP/Data Protection practice. He combines

More information

ENIL. European Network on Independent Living. Christian Bayerlein

ENIL. European Network on Independent Living. Christian Bayerlein ENIL European Network on Independent Living Christian Bayerlein ENIL About us: History, Aims and Mission, People Institutions P.A. models, terms, advantages Socio-economic advantages The UN-Convention

More information

Managing Cyber Risk through Insurance

Managing Cyber Risk through Insurance Managing Cyber Risk through Insurance Eric Lowenstein Aon Risk Solutions This presentation has been prepared for the Actuaries Institute 2015 ASTIN and AFIR/ERM Colloquium. The Institute Council wishes

More information

Drawing Lines in the Cloud: Jurisdictional Access to Data. Nancy Libin Mary Ellen Callahan

Drawing Lines in the Cloud: Jurisdictional Access to Data. Nancy Libin Mary Ellen Callahan Drawing Lines in the Cloud: Jurisdictional Access to Data Nancy Libin Mary Ellen Callahan OVERVIEW Introduction to Cloud Computing Definition Benefits and Risks How does the physical location of data or

More information

EMMANUEL CE VA MIDDLE SCHOOL. IT Security Standards

EMMANUEL CE VA MIDDLE SCHOOL. IT Security Standards EMMANUEL CE VA MIDDLE SCHOOL IT Security Standards 1. Policy Statement The work of Schools and the County Council is increasingly reliant upon Information & Communication Technology (ICT) and the data

More information

What s the Path? Information Life-cycle part of Vendor Management

What s the Path? Information Life-cycle part of Vendor Management Disclaimer The materials provided in this presentation and any comments or information provided by the presenter are for educational purposes only and nothing conveyed or provided should be considered

More information

The United Nations Convention against Corruption An Overview

The United Nations Convention against Corruption An Overview The United Nations Convention against Corruption An Overview The United Nations Convention against Corruption Adopted by the General Assembly: Resolution 58/4, 31 October 2003 Entry into Force: 14 December

More information

Altiris Patch Management Solution for Windows 7.5 SP1 from Symantec Third-Party Legal Notices

Altiris Patch Management Solution for Windows 7.5 SP1 from Symantec Third-Party Legal Notices Appendix A Altiris Patch Management Solution for Windows 7.5 SP1 from Symantec Third-Party Legal Notices This appendix includes the following topics: Third-Party Legal Attributions CabDotNet XML-RPC.NET

More information

Anchor Bay Schools Software Policy

Anchor Bay Schools Software Policy Anchor Bay Schools Software Policy Table of Contents 1. Statement of Ethics... Page 1 2. Purchasing and Acquisition... Page 1 3. Registration... Page 1 4. Installation of Software... Page 2 5. Individual

More information

INFORMATION SECURITY POLICY. Contents. Introduction 2. Policy Statement 3. Information Security at RCA 5. Annexes

INFORMATION SECURITY POLICY. Contents. Introduction 2. Policy Statement 3. Information Security at RCA 5. Annexes INFORMATION SECURITY POLICY Ratified by RCA Senate, February 2007 Contents Introduction 2 Policy Statement 3 Information Security at RCA 5 Annexes A. Applicable legislation and interpretation 8 B. Most

More information

Privacy and Cloud Computing for Australian Government Agencies

Privacy and Cloud Computing for Australian Government Agencies Privacy and Cloud Computing for Australian Government Agencies Better Practice Guide February 2013 Version 1.1 Introduction Despite common perceptions, cloud computing has the potential to enhance privacy

More information

Working Party on Information Security and Privacy

Working Party on Information Security and Privacy Unclassified DSTI/ICCP/REG(2003)5/REV1 DSTI/ICCP/REG(2003)5/REV1 Unclassified Organisation de Coopération et de Développement Economiques Organisation for Economic Co-operation and Development 02-Jul-2003

More information

Cloud Services Agreement & SLA

Cloud Services Agreement & SLA Cloud Services Agreement & SLA This agreement ( Agreement ) is between APH Inc. (which may be doing business as Codero, or other fictitious names, and which is referred to in this Agreement as Codero )

More information

Cloud Security Introduction and Overview

Cloud Security Introduction and Overview Introduction and Overview Klaus Gribi Senior Security Consultant klaus.gribi@swisscom.com May 6, 2015 Agenda 2 1. Cloud Security Cloud Evolution, Service and Deployment models Overview and the Notorious

More information

RAPPORT FINANCIER ANNUEL PORTANT SUR LES COMPTES 2014

RAPPORT FINANCIER ANNUEL PORTANT SUR LES COMPTES 2014 RAPPORT FINANCIER ANNUEL PORTANT SUR LES COMPTES 2014 En application de la loi du Luxembourg du 11 janvier 2008 relative aux obligations de transparence sur les émetteurs de valeurs mobilières. CREDIT

More information

PRIVACY CHECKLIST FOR CLOUD SERVICE CONTRACTS

PRIVACY CHECKLIST FOR CLOUD SERVICE CONTRACTS PRIVACY CHECKLIST FOR CLOUD SERVICE CONTRACTS CIRRUS WORSHOP 28 February 2013, The Interna

More information

Data Management Session: Privacy, the Cloud and Data Breaches

Data Management Session: Privacy, the Cloud and Data Breaches Data Management Session: Privacy, the Cloud and Data Breaches Annelies Moens Head of Sales and Operations, IIS President, iappanz IACCM APAC Australia Sydney, 1 August 2012 Overview Changing privacy regulation

More information

Technical Service Bulletin

Technical Service Bulletin Technical Service Bulletin FILE CONTROL CREATED DATE MODIFIED DATE FOLDER OpenDrive 02/05/2005 662-02-25008 Rev. : A Installation Licence SCO sur PC de remplacement English version follows. Lors du changement

More information

Jeanne Kelly, Partner Cloud Computing: The Legal Issues

Jeanne Kelly, Partner Cloud Computing: The Legal Issues Jeanne Kelly, Partner Cloud Computing: The Legal Issues 14 June 2010 One of the things we really need to watch out for is that we don t hold cloud deployment back because we have some storyline about how

More information

Role of contracts in Cloud Computing an Overview. Kevin McGillivray Doctoral Candidate (NRCCL)

Role of contracts in Cloud Computing an Overview. Kevin McGillivray Doctoral Candidate (NRCCL) Role of contracts in Cloud Computing an Overview Kevin McGillivray Doctoral Candidate (NRCCL) Barriers/Challenges to Cloud Transparency Compliance Legal Shared infrastructure Subcontractors (and their

More information

CONTRACT MANAGEMENT POLICY

CONTRACT MANAGEMENT POLICY CONTRACT MANAGEMENT POLICY Division I : General provisions 1. Purpose The Town of Kirkland hereby establishes various rules pertaining to contract management with a view to promoting transparency, fairness,

More information

Privacy, the Cloud and Data Breaches

Privacy, the Cloud and Data Breaches Privacy, the Cloud and Data Breaches Annelies Moens Head of Sales and Operations, Information Integrity Solutions Legalwise Seminars Sydney, 20 March 2013 About IIS Building trust and privacy through global

More information

PRIVACY POLICY The Kik Privacy Policy was last updated on April 22, 2016.

PRIVACY POLICY The Kik Privacy Policy was last updated on April 22, 2016. PRIVACY POLICY The Kik Privacy Policy was last updated on April 22, 2016. At Kik your privacy is important to us. We ve created this policy to cover: 1. the information we collect, use and share about

More information

Practical Overview on responsibilities of Data Protection Officers. Security measures

Practical Overview on responsibilities of Data Protection Officers. Security measures Practical Overview on responsibilities of Data Protection Officers Security measures Manuel Villaseca Spanish Data Protection Agency mvl@agpd.es Security measures Agenda: The rol of DPO on security measures

More information

GOVERNMENT HOSTING. Cloud Service Security Principles Memset Statement. www.memset.com

GOVERNMENT HOSTING. Cloud Service Security Principles Memset Statement. www.memset.com GOVERNMENT HOSTING Cloud Service Security Principles Memset Statement Summary - March 2014 The Cabinet Office has produced a set of fourteen Cloud Service Security Principles to be considered when purchasers

More information

Reckon Tools Backup licence agreement

Reckon Tools Backup licence agreement Reckon Tools Backup licence agreement RECKON LIMITED ( RECKON ) AGREES TO PROVIDE AND YOU AGREE TO RECEIVE THE SERVICES SUBJECT TO THE FOLLOWING TERMS AND CONDITIONS: 1. Your subscription to the back-up,

More information

INFORMATION SECURITY GUIDE. Cloud Computing Outsourcing. Information Security Unit. Information Technology Services (ITS) July 2013

INFORMATION SECURITY GUIDE. Cloud Computing Outsourcing. Information Security Unit. Information Technology Services (ITS) July 2013 INFORMATION SECURITY GUIDE Cloud Computing Outsourcing Information Security Unit Information Technology Services (ITS) July 2013 CONTENTS 1. Background...2 2. Legislative and Policy Requirements...3 3.

More information

Israeli Law Information and Technology Authority. Privacy and Data Security in the Cloud - The Israeli Perspective

Israeli Law Information and Technology Authority. Privacy and Data Security in the Cloud - The Israeli Perspective הרשות למשפט, טכנולוגיה ומידע Israeli Law Information and Technology Authority Privacy and Data Security in the Cloud - The Israeli Perspective Amit Ashkenazi, Head of the Legal Department Outline Introduction

More information

NSW Government Digital Information Security Policy

NSW Government Digital Information Security Policy NSW Government Digital Information Security Policy Version: 2.0 Date: April 2015 CONTENTS PART 1 PRELIMINARY... 3 1.1 Scope... 3 1.2 Application... 3 1.3 Objectives... 3 PART 2 POLICY STATEMENT... 4 Core

More information

Privacy in Surveillance Systems in Banking and Finance Call Centers

Privacy in Surveillance Systems in Banking and Finance Call Centers The project European Union Regulation of Financial Services online (175798-LLP-1-2010-1-CZ-AJM- MO) executed from 2011 to 2013 is cofinanced from the resources of Directorate General Education and Culture

More information

The HR Skinny: Effectively managing international employee data flows

The HR Skinny: Effectively managing international employee data flows The HR Skinny: Effectively managing international employee data flows Topics we will cover today Laws affecting HR data flows HR international data protection challenges and strategic solutions Case study

More information

DSTI/ICCP/REG(98)10/FINAL Or. Eng.

DSTI/ICCP/REG(98)10/FINAL Or. Eng. Unclassified DSTI/ICCP/REG(98)10/FINAL DSTI/ICCP/REG(98)10/FINAL Or. Eng. Unclassified Organisation de Coopération et de Développement Economiques OLIS : 18-Dec-1998 Organisation for Economic Co-operation

More information

The potential legal consequences of a personal data breach

The potential legal consequences of a personal data breach The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.

More information

How not to lose your head in the Cloud: AGIMO guidelines released

How not to lose your head in the Cloud: AGIMO guidelines released How not to lose your head in the Cloud: AGIMO guidelines released 07 December 2011 In brief The Australian Government Information Management Office has released a helpful guide on navigating cloud computing

More information

GAIN CLARITY CRITICAL ISSUES. Your Data in the Cloud : Benefits & Risks GAIN CONTROL. berrydunn.com

GAIN CLARITY CRITICAL ISSUES. Your Data in the Cloud : Benefits & Risks GAIN CONTROL. berrydunn.com GAIN CLARITY CRITICAL ISSUES Your Data in the Cloud : Benefits & Risks berrydunn.com AGENDA Defining Cloud Services Benefits and Risks Core Requirements Myths about Clouds Is Your Data in the Cloud Secure?

More information