Cyber Security Legislation Privacy Protections are Substantially Similar
|
|
- Mervin Hancock
- 8 years ago
- Views:
Transcription
1 Cyber Security Legislatin Privacy Prtectins are Substantially Similar By Rb Strayer and David Beardwd The fur mst prminent cyber security legislative prpsals the Obama administratin s legislative text; Cyber Intelligence Sharing and Prtectin Act (CISPA), H.R. 3253, spnsred by Cngressman Mike Rgers; the Cybersecurity Act f 2012, S. 2105, spnsred by Senatrs Lieberman, Cllins, Rckefeller and Feinstein; and the Strengthening and Enhancing Cybersecurity by Using Research, Educatin, Infrmatin and Technlgy Act (SECURE IT Act), S. 3342, spnsred by Senatr McCain and several ther Republican senatrs all apply strict cnditins t cyber security infrmatin sharing and have versight measures t prtect privacy and civil liberties. Each prpsal establishes infrmatin-sharing mechanisms that wuld prtect persnal infrmatin frm misuse and mandates nging versight t ensure respect fr privacy and civil liberties. Caviling ver minr differences with its prpsal, the administratin threatens t vet the Huse-passed CISPA, largely based n its privacy prtectins. 1 There is substantial cmmn grund rather than majr divergence amng these prpsals n hw t prtect privacy and civil liberties, as explained belw. PRIVACY AND CIVIL LIBERTIES PROVISIONS IN CURRENT PROPOSALS The Obama Administratin Prpsal The administratin s prpsal assigns the Department f Hmeland Security with the respnsibility f carrying ut cyber security infrmatin sharing. 2 Private-sectr infrmatin used by the gvernment must be related t cyber threats t federal netwrks r critical infrastructure, persnal infrmatin must be prtected frm unauthrized access r disclsure, and thse using federal netwrks must be ntified that their traffic may be mnitred. 3 Shared infrmatin may als be used fr law enfrcement purpses with the apprval f the attrney general if it is evidence f the past, current r imminent cmmissin f a crime. 4 Private sectr, 5 as well as state and Cyber Security Legislatin Privacy Prtectins are Substantially Similar 1
2 lcal, 6 cperatin with the federal gvernment is prtected frm public disclsure. Finally, versight f these measures wuld be prvided by the chief privacy and civil liberties fficers f DHS and DOJ thrugh annual reprts t Cngress, 7 and separately by the Privacy and Civil Liberties Oversight Bard (PCLOB), which wuld prvide an initial evaluatin t Cngress within tw years f enactment. 8 CISPA The Cyber Intelligence Sharing and Prtectin Act, H.R. 3523, passed the Huse by a bipartisan vte f It wuld allw the directr f natinal intelligence (DNI) t establish intelligence-sharing mechanisms between the intelligence cmmunity and the private sectr. CISPA grants mre cntrl t the private sectr than the ther prpsals in limiting the use f infrmatin prvided t the federal gvernment r ther private sectr entities. It allws cmpanies submitting infrmatin t set additinal annymizatin standards 10 and prhibit sharing f the infrmatin with specific federal agencies. 11 Shared infrmatin is prtected frm public disclsure 12 r use fr unfair trade advantage. 13 Data prvided t the gvernment may nly be used fr cyber security purpses, investigating and prsecuting crimes which culd result r have resulted in death, serius bdily har m, r the explitatin f a minr, and in cases f threats t natinal security. 14 Persnal recrds n library use, bk sales and purchases, firearm sales, tax returns, educatin, and medical histry are als excluded frm use in intelligence sharing. 15 The inspectr general f the intelligence cmmunity prvides versight thrugh annual reprts t Cngress, 16 but the PCLOB is nt required t participate in versight under the bill. 17 The Cybersecurity Act f 2012 The Cybersecurity Act f 2012, S. 2105, authrizes additinal public-private infrmatin sharing with DHS, similar t the Obama administratin s prpsal, and amng private sectr entities. The bill requires that DHS establish guidelines fr sharing cyber security threat and vulnerability infrmatin t prtect privacy and civil liberties, in cnsultatin with the attrney general and DNI. 18 It wuld als establish a full-time privacy fficer t ensure cmpliance with the guidelines. 19 The federal gvernment must als explicitly prtect against the disclsure f persnal infrmatin, and any cyber intelligence shared with the gvernment wuld be prtected frm public disclsure Cyber Security Legislatin Privacy Prtectins are Substantially Similar 2
3 The gvernment may nly use shared infrmatin against cyber threats 22 and t prevent, investigate, r prsecute the past, current, r imminent cmmissin f a crime with the apprval f the attrney general with the attrney general weighing the value f any such law enfrcement actin against the need t prtect persnal infrmatin. 23 Businesses may share cyber intelligence as lng as they fllw these restrictins and d nt use shared infrmatin t gain an unfair trade advantage. 24 Oversight wuld cme frm the chief privacy and civil liberties fficers f DHS and DOJ thrugh annual reprts t Cngress, 25 as well as the PCLOB, which wuld prvide an initial evaluatin t Cngress within tw years f enactment, as in the administratin s prpsal. 26 The inspectr general f each relevant agency wuld als prvide annual evaluatins. 27 The SECURE IT Act The SECURE IT Act, S. 3342, wuld establish cyber intelligence sharing between the private sectr and multiple cyber security centers thrughut the federal gvernment. 28 These centers must fllw standards set by the secretaries f cmmerce and hmeland security t prtect persnal infrmatin and trade infrmatin, 29 and thse prviding infrmatin wuld be prtected frm legal reprisal r public disclsure f shared cntent. 30 Additinal cntrl is prvided t the private sectr, as thse sharing infrmatin must prvide cnsent befre infrmatin may be shared with state, lcal r tribal gvernments fr any reasn. 31 Any shared infrmatin may again nly be used fr cyber security, natinal security, r law enfrcement purpses, althugh this bill is the mst permissive fr law enfrcement use by allwing any federal agency t use infrmatin against any crime cdified in sectin 2516 f title 18 f the U.S. Cde. 32 Oversight is carried ut by the PCLOB and all agency and department heads verseeing cyber security centers wh, tgether, must submit an initial evaluatin t Cngress within ne year f enactment and biennial reprts thereafter. 33 The inspectr general f each relevant agency wuld als prvide annual evaluatins. 34 Additinally, the Cuncil f the Inspectrs General n Integrity and Efficiency is authrized t cnduct versight, thugh n requirements are placed n the frequency f their review. 35 Cyber Security Legislatin Privacy Prtectins are Substantially Similar 3
4 MEASURES IN COMMON TO PROTECT PRIVACY AND CIVIL LIBERTIES All fur prpsals allw a gvernment agency t set enfrceable guidelines fr the sharing f cyber security infrmatin between the private sectr and the gvernment, as fllws: Administratin s Prpsal: The secretary f hmeland security, with review and apprval by the attrney general. 36 CISPA: The directr f natinal intelligence, in cnsultatin with the secretary f hmeland security. 37 Cybersecurity Act: The directr f the Department f Hmeland Security s cyber security center, in cnsultatin with the attrney general, DNI, and the privacy fficer f the DHS center. 38 SECURE IT Act: The secretary f cmmerce, in cnsultatin with the secretary f hmeland security. 39 Persnally identifiable infrmatin (PII) may nt be included in the infrmatin shared, unless it is necessary t include that infrmatin fr security purpses. 40 Each prpsal requires the prtectin f PII whenever it is nt critical fr security purpses. This keeps PII limited t the cmpany entrusted t prtect it, as well as relevant gvernment investigatrs. There are als prvisins in each bill that prevent the disclsure f persnal infrmatin t the public in the critical circumstances when it is shared. CISPA als allws fr prviders t set additinal requirements fr annymizatin. There must be cntinuus versight f cmpliance with privacy and civil liberty measures, as well as evaluatin f their impact. 41 Oversight will help t prevent intentinal r accidental abuse and identify develping needs in regulatins. The Privacy and Civil Liberties Oversight Bard s membership awaits Senate cnfirmatin. Once its members are cnfirmed, the PCLOB will serve as an independent agency t versee activity acrss the gvernment, and each f the fur initiatives, except CISPA, wuld include the Bard in versight, 42 thugh the riginally filed versin f CISPA included the Bard. 43 Cyber Security Legislatin Privacy Prtectins are Substantially Similar 4
5 The three prpsals that include the PCLOB als prescribe ther grups f gvernment fficers t lead dual versight, with the administratin prpsal and the Cybersecurity Act invlving the chief privacy and civil liberties fficers f DHS and DOJ, 44 the SECURE IT Act requiring reprting frm the relevant agency r department heads and chief privacy and civil liberties fficers 45 as well as the Cuncil f the Inspectrs General n Integrity and Efficiency, 46 and bth the Cybersecurity and SECURE IT Acts requiring versight by the inspectr general f each agency using shared infrmatin. 47 CISPA wuld require the inspectr general f the intelligence cmmunity t cnduct multi-agency versight. 48 Infrmatin shared with the federal gvernment may nly be used fr cyber security, fr natinal security purpses, and by law enfrcement t prsecute a crime; and nt regulatry actin. 49 Cyber intelligence prvided t the federal gvernment is prtected frm public disclsure thrugh the Freedm f Infrmatin Act (FOIA) r ther means. 50 This cnditin is necessary fr intelligence sharing, as disclsed exchanges culd reveal vulnerabilities in private security r cause reputatinal harm pssibilities which currently may preclude mre rbust infrmatin sharing. CONCLUSION The fur majr prpsals frm the administratin, Huse, and Senate establish cmmn grund n many privacy prtectins. The bills vary t limited degrees n the mechanism f the sharing, cntrl ver the prcess by the private sectr, and agency respnsibilities, but the cre prvisins n privacy and civil liberties are largely agreed upn. These differences are f the type that typically can be wrked ut thrugh the legislative prcess as bills mve thrugh the cmmittees t flr actin and eventual cnference between the Huse and Senate, and d nt amunt t an issue that shuld pse an insurmuntable bstacle t the enactment f cyber security legislatin. 1 Executive Office f the President, Office f Management and Budget, Statement f Administratin Plicy: H.R Cyber Intelligence Sharing and Prtectin Act. 25 April Cyber Security Legislatin Privacy Prtectins are Substantially Similar 5
6 2 White Huse, Cmprehensive Natinal Cybersecurity Initiative, available at: White Huse, Cybersecurity Authrity and Infrmatin Sharing Act f 2011 (Cybersecurity Authrity Act) 3 Cybersecurity Authrity Act 244(b) 4 244(b)(3) 5 White Huse, Cybersecurity Regulatry Framewrk fr Cvered Critical Infrastructure Act 7(d) 6 Cybersecurity Authrity Act 245(f) 7 248(e) 8 248(f) 9 Final Vte Results fr Rll Call April H.R (RFS) 2 (50 U.S.C. 1104(b)(3)(A)) 11 2 (50 U.S.C. 1104(b)(3)(C)(iv)) 12 2 (50 U.S.C. 1104(b)(3)(D)) 13 2 (50 U.S.C. 1104(b)(3)(B)) 14 2 (50 U.S.C. 1104(c)(1)) 15 2 (50 U.S.C. 1104(c)(4)) 16 2 (50 U.S.C. 1104(e)(1)) 17 H.R (IH) 2 (50 U.S.C. 1104(c)) 18 S (PCS) 243(c)(5) (j) (d-f) (g)(4) (g)(1) (g)(2) (b) (g)(5) (g)(6) (44 U.S.C. 3556(c)) 28 S (5): Cyber security centers that culd cnduct infrmatin sharing include the DOD Cyber Crime Center, U.S. Cyber Cmmand Jint Operatins Center and NSA/CSS Threat Operatins Center, the ODNI Intelligence Cmmunity Incident Respnse Center, the FBI Natinal Cyber Investigative Jint Task Frce, the DHS Natinal Cybersecurity and Cmmunicatins Integratin Center, and any subsequently established federal cyber security center. Available at: (44 U.S.C. 3553(a)(1)) (c)(3-7) (c)(2) (c) (a) (44 U.S.C. 3554(a)(4)) Cybersecurity Authrity Act H.R (50 U.S.C. 1104(b) (Prcedures and Guidelines)) 38 S (c)(5) Cyber Security Legislatin Privacy Prtectins are Substantially Similar 6
7 39 S (44 U.S.C. 3553) 40 Cybersecurity Authrity Act 248(a)(2); H.R (50 U.S.C. 1104(b)(3)(A)); S (c)(1)(E)(i); 702(b)(1); S (d)(1)(C) 41 Cybersecurity Authrity Act 248; H.R (50 U.S.C. 1104(e)); S (g)(4-7); S ; 106; 201 (44 U.S.C (a)(4)) 42 Cybersecurity Authrity Act 248(f); S (g)(6); S H.R (IH) 2 (50 U.S.C. 1104(c)) 44 Cybersecurity Authrity Act 248(e); S (g)(5) 45 S (a) S (44 U.S.C. 3556(c)); S (44 U.S.C. 3554(a)(4)) 48 H.R (RFS) 2 (50 U.S.C. 1104(e)) 49 Cybersecurity Authrity Act 244(b); Cybersecurity fr Critical Infrastructure Act 8(a)(1)(C); H.R (RFS) 2 (50 U.S.C. 1104(c)); S (g)(1-2); S (c)(1) 50 Cybersecurity Authrity Act 245(f); Cybersecurity fr Critical Infrastructure Act 7(d); H.R (50 U.S.C. 1104(b)(3)(D)); S (d); S (c)(3-7) Cyber Security Legislatin Privacy Prtectins are Substantially Similar 7
Personal Data Security Breach Management Policy
Persnal Data Security Breach Management Plicy 1.0 Purpse The Data Prtectin Acts 1988 and 2003 impse bligatins n data cntrllers in Western Care Assciatin t prcess persnal data entrusted t them in a manner
More informationMSB FINANCIAL CORP. MILLINGTON BANK AUDIT COMMITTEE CHARTER
MSB FINANCIAL CORP. MILLINGTON BANK AUDIT COMMITTEE CHARTER This Audit Cmmittee Charter has been amended as f July 17, 2015. The Audit Cmmittee shall review and reassess this Charter annually and recmmend
More informationAudit Committee Charter
Audit Cmmittee Charter Membership The Audit Cmmittee (the "Cmmittee") f the Bard f Directrs (the "Bard") f Philip Mrris Internatinal Inc. (the "Cmpany") shall cnsist f at least three directrs all f whm
More informationFAFSA / DREAM ACT COMPLETION PROGRAM AGREEMENT
FAFSA / DREAM ACT COMPLETION PROGRAM AGREEMENT If using US Pstal Service, please return t: Califrnia Student Aid Cmmissin Prgram Administratin & Services Divisin ATTN: Institutinal Supprt P.O. Bx 419028
More informationCASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT
CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT Plicy Number: 2.20 1. Authrity Lcal Gvernment Act 2009 Lcal Gvernment Regulatin 2012 AS/NZS ISO 31000-2009 Risk Management Principles
More informationHampton Roads Orthopaedics & Sports Medicine. Notice of Privacy Practices
This is being prvided t yu as a requirement f the privacy regulatins issued under the Health Insurance Prtability and Accuntability Act f 1996 (HIPAA). This ntice describes hw HROSM may use and disclse
More informationBLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS
BLUE RIDGE COMMUNITY AND TECHNICAL COLLEGE BOARD OF GOVERNORS SERIES: 1 General Rules RULE: 17.1 Recrd Retentin Scpe: The purpse f this rule is t establish the systematic review, retentin and destructin
More informationWHAT YOU NEED TO KNOW ABOUT. Protecting your Privacy
WHAT YOU NEED TO KNOW ABOUT Prtecting yur Privacy YOUR PRIVACY IS OUR PRIORITY Credit unins have a histry f respecting the privacy f ur members and custmers. Yur Bard f Directrs has adpted the Credit Unin
More informationCreating an Ethical Culture and Protecting Your Bottom Line:
Creating an Ethical Culture and Prtecting Yur Bttm Line: Best Practices fr Crprate Cdes f Cnduct Nte: The infrmatin belw and all infrmatin n this website is nt meant t be taken as legal advice. Please
More informationKey Steps for Organizations in Responding to Privacy Breaches
Key Steps fr Organizatins in Respnding t Privacy Breaches Purpse The purpse f this dcument is t prvide guidance t private sectr rganizatins, bth small and large, when a privacy breach ccurs. Organizatins
More informationMalpractice and Maladministration Policy
TR340 Malpractice and Maladministratin Plicy This plicy aims t: Define malpractice and maladministratin in the cntext f CIM/CAM studying members, Accredited study centres (ASCs), examinatin centres, invigilatrs
More informationProject Open Hand Atlanta. Health Insurance Portability and Accountability Act (HIPAA) NOTICE OF PRIVACY PRACTICES
Prject Open Hand Atlanta Effective Date: April 14, 2003 Health Insurance Prtability and Accuntability Act (HIPAA) The Health Insurance Prtability and Accuntability Act f 1996 (HIPAA) directs health care
More informationLINCOLNSHIRE POLICE Policy Document
LINCOLNSHIRE POLICE Plicy Dcument 1. POLICY IDENTIFICATION PAGE POLICY TITLE: ICT CHANGE & RELEASE MANAGEMENT POLICY POLICY REFERENCE NO: PD 186 POLICY OWNERSHIP: ACPO Cmmissining Officer: Prtfli / Business-area
More informationCHARTER OF THE COMPENSATION COMMITTEE OF THE BOARD OF DIRECTORS OF UPLAND SOFTWARE, INC.
CHARTER OF THE COMPENSATION COMMITTEE OF THE BOARD OF DIRECTORS OF UPLAND SOFTWARE, INC. PURPOSE The purpse f the Cmpensatin Cmmittee f the Bard f Directrs (the Bard ) f Upland Sftware, Inc. (the Cmpany
More informationGravesham Borough Council
Classificatin: Part 1 Public Key Decisin: Please specify - N Gravesham Brugh Cuncil Reprt t: Perfrmance and Administratin Cmmittee Date: 12 Nvember 2015 Reprting fficer: Subject: Crprate Perfrmance Manager
More informationHIPAA Notice of Privacy Practices. Central Ohio Surgical Associates, Inc.
HIPAA Ntice f Privacy Practices Central Ohi Surgical Assciates, Inc. THIS NOTICE OF PRIVACY PRACTICES (THE NOTICE ) DESCRIBES HOW HEALTH INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN
More informationUniversity of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments
University f Texas at Dallas Plicy fr Accepting Credit Card and Electrnic Payments Cntents: Purpse Applicability Plicy Statement Respnsibilities f a Merchant Department Prcess t Becme a Merchant Department
More informationTexas Woman's University University Policy Manual
Texas Wman's University University Plicy Manual Plicy Name: Plicy Number: 6.06 Date Passed: July 2004 Health Insurance Prtability& Accuntability Act (HIPAA) Date Reviewed: September 2008 Next Review: September
More informationFINANCIAL SERVICES FLASH REPORT
FINANCIAL SERVICES FLASH REPORT Draft Regulatry Cmpliance Management Guideline Released by the Office f the Superintendent f Financial Institutins May 5, 2014 On April 30, 2014, the Office f the Superintendent
More informationMANITOBA SECURITIES COMMISSION STRATEGIC PLAN 2013-2016
MANITOBA SECURITIES COMMISSION STRATEGIC PLAN 2013-2016 The Manitba Securities Cmmissin (the Cmmissin) is a divisin f the Manitba Financial Services Agency (MFSA). The ther divisin is the Financial Institutins
More informationUNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION. Statement of Thomas F. O Brien. Vice President & Chief Information Officer
UNITED STATES OF AMERICA FEDERAL ENERGY REGULATORY COMMISSION Revised Critical Infrastructure Prtectin Reliability Standards Dcket N. RM15-14-000 Statement f Thmas F. O Brien Vice President & Chief Infrmatin
More information0820.02 Workers Disability Compensation Claims Procedures Issued: January 1, 1994 Revised: March 29, 2012
State f Michigan Administrative Guide t State Gvernment 0820.02 Wrkers Disability Cmpensatin Claims Prcedures Issued: January 1, 1994 Revised: March 29, 2012 SUBJECT: APPLICATION: PURPOSE: CONTACT AGENCY:
More informationAccountants and Consulting Professional Liability Program. You have the best coverage. Disciplinary Proceedings. Subpoena Expenses
Accuntants and Cnsulting Prfessinal Liability Prgram Yu have the best cverage Fr mre than a dzen years, CPAGld has strived t be the mst innvative and frward thinking prfessinal liability insurance prgram
More informationCMS Eligibility Requirements Checklist for MSSP ACO Participation
ATTACHMENT 1 CMS Eligibility Requirements Checklist fr MSSP ACO Participatin 1. General Eligibility Requirements ACO participants wrk tgether t manage and crdinate care fr Medicare fee-fr-service beneficiaries.
More informationAudit Committee Charter. St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd
Audit Cmmittee Charter St Andrew s Insurance (Australia) Pty Ltd St Andrew s Life Insurance Pty Ltd St Andrew s Australia Services Pty Ltd Versin 2.0, 22 February 2016 Apprver Bard f Directrs St Andrew
More informationHow To Ensure Your Health Care Is Safe
Guidelines fr Custdians t assess cmpliance with the Persnal Health Infrmatin Privacy and Access Act (PHIPAA) This dcument is designed t help custdians evaluate readiness fr cmpliance with PHIPAA and t
More informationFINANCIAL OPTIONS. 2. For non-insured patients, payment is due on the day of service.
FINANCIAL OPTIONS 1. Fr thse patients wh carry dental insurance, all c-payments are due n date f service. We will file yur claim as a service t yu, and will d ur very best t maximize yur benefits. We accept
More informationBl$wing the Whistle $n the New Whistlebl$wer Pr$tecti$ns Created by the D$dd-Frank Act. By: Michael James L$mbardin$
Oct$ber 22, 2010 Bl$wing the Whistle $n the New Whistlebl$wer Pr$tecti$ns Created by the D$dd-Frank Act By: Michael James L$mbardin$ The "D&dd-Frank Wall Street Ref&rm and C&nsumer Pr&tecti&n Act" (D&dd-Frank)
More information1. What insurance coverage is provided for Sigma Chi chapters that are members of the Risk Management Foundation?
Frequently Asked Questins 1. What insurance cverage is prvided fr Sigma Chi chapters that are members f the Risk Management Fundatin? Membership in the Risk Management Fundatin includes the fllwing mandatry
More informationTemplate on written coordination and cooperation arrangements of the supervisory college established for the <XY> Group/<A> Institution
COORDINATION AND COOPERATION ARRANGEMENTS EBA/RTS/2014/16 EBA/ITS/2014/07 Annex II Template n written crdinatin and cperatin arrangements f the supervisry cllege established fr the Grup/ Institutin
More informationCOPIES-F.Y.I., INC. Policies and Procedures Data Security Policy
COPIES-F.Y.I., INC. Plicies and Prcedures Data Security Plicy Page 2 f 7 Preamble Mst f Cpies FYI, Incrprated financial, administrative, research, and clinical systems are accessible thrugh the campus
More informationPrivacy and Security Training Policy (PS.Pol.051)
Privacy and Security Training Plicy (PS.Pl.051) Purpse T define the plicies and prcedures fr prviding privacy and security training in respect f the CnnectingGTA Slutin. Definitins Electrnic Service Prvider
More informationProvision Senate HELP Committee Bill (Affordable Health Choices Act) House Tri-Committee Bill, H.R. 3200 Individual Mandate
August 7, 2009 Cmparisn f the Cverage Prvisins in the Affrdable Health Chices Act as Apprved by the Senate HELP Cmmittee and the Huse Tri-Cmmittee Bill, H.R. 3200, America s Affrdable Health Chices Act
More informationPOLICY 1390 Information Technology Continuity of Business Planning Issued: June 4, 2009 Revised: June 12, 2014
State f Michigan POLICY 1390 Infrmatin Technlgy Cntinuity f Business Planning Issued: June 4, 2009 Revised: June 12, 2014 SUBJECT: APPLICATION: PURPOSE: CONTACT AGENCY: Plicy fr Infrmatin Technlgy (IT)
More informationTHE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM
THE CITY UNIVERSITY OF NEW YORK IDENTITY THEFT PREVENTION PROGRAM 1. Prgram Adptin The City University f New Yrk (the "University") develped this Identity Theft Preventin Prgram (the "Prgram") pursuant
More informationProcess for Responding to Privacy Breaches
Prcess fr Respnding t Privacy Breaches 1. Purpse 1.1 This dcument sets ut the steps that ministries must fllw when respnding t a privacy breach. It must be read in cnjunctin with the Infrmatin Incident
More informationUNITED STATES SECURITIES AND EXCHANGE COMMISSION Washington, D.C. 20549 FORM WB-DEC
UNITED STATES SECURITIES AND EXCHANGE COMMISSION Washingtn, D.C. 20549 FORM WB-DEC DECLARATION OF ORIGINAL INFORMATION SUBMITTED PURSUANT TO SECTION 21F OF THE SECURITIES EXCHANGE ACT OF 1934 A. SUBMITTER
More informationDirectors' And Officers' Liability
Directrs' And Officers' Liability (Last Revised January, 2005) The fllwing is intended fr general infrmatin nly, regarding sme f the issues relating t purchasing a business in Saskatchewan. We advise yu
More informationPENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK
Department f Health and Human Services OFFICE OF INSPECTOR GENERAL PENETRATION TEST OF THE INDIAN HEALTH SERVICE S COMPUTER NETWORK Inquiries abut this reprt may be addressed t the Office f Public Affairs
More informationMunicipal Advisor Registration
FACT SHEET Municipal Advisr Registratin SEC Open Meeting Sept. 18, 2013 The Securities and Exchange Cmmissin tday will cnsider whether t adpt a rule that wuld establish a permanent registratin regime fr
More informationRATIONALE TERMS OF REFERENCE FOR THE QUALITY COMMITTEE UNDER THE EXCELLENT CARE FOR ALL ACT. Authority
RATIONALE With the intrductin f the Excellent Care fr All Act, hspital bards must nw have a quality cmmittee that reprts t the bard. The template prvides sample terms f references fr rganizatins t adapt
More informationIf I am arrested, does this mean that I am considered guilty of a criminal offence?
What is cnsidered a crime in Canada? Mst criminal acts in Canada are listed and defined in the Criminal Cde f Canada. Hwever, sme are als listed in ther laws, such as the Cntrlled Drugs and Substances
More informationSEC FLASH REPORT. June 28, 2011
SEC FLASH REPORT The Securities and Exchange Cmmissin Issues Prpsal t Strengthen Audits and Reprting f Brker-Dealers t Prtect Custmer Assets and Requests Cmments June 28, 2011 On June 15, 2011, the U.S.
More informationSmall Business, Enterprise and Employment Bill: Insolvency fact sheets Contents
1 Small Business, Enterprise and Emplyment Bill: Inslvency fact sheets Cntents Directr Disqualificatin and Inslvency General Aims... 2 Administratin: sales t cnnected persns (prepack administratins)...
More informationNational Australia Bank Limited Group Disclosure & External Communications Policy
Natinal Australia Bank Limited Grup Disclsure & External Cmmunicatins Plicy Grup Disclsure & External Cmmunicatins Plicy Page 2 f 7 Grup Disclsure & External Cmmunicatins Plicy ( the Plicy ) 1. Overview
More informationHow To Deal With A Data Breach In The European Law
Data Prtectin: Regulating Cyber Security Jnathan Bamfrd Head f Strategic Liaisn Hw des DP regulatin affect cyber security? Data Prtectin Act 1998: apprpriate security Privacy and Electrnic Cmmunicatin
More informationUNIVERSITY INCIDENT PLANNING COMMITTEE TERMS OF REFERENCE
1. TITLE OF COMMITTEE UNIVERSITY INCIDENT PLANNING COMMITTEE University Incident Planning Cmmittee (IPC) 2. ESTABLISHMENT TERMS OF REFERENCE The University Incident Planning Cmmittee is established in
More informationDuration of job. Context and environment: (e.g. dept description, region description, organogram)
Rle Prfile Jb Descriptin Jb Title Ref n: Prgramme Manager, Services fr Internatinal Educatin Marketing Directrate r Regin East Asia Department/Cuntry Indnesia Lcatin f pst Jakarta Pay Band G Reprts t Senir
More informationADMINISTRATIVE PROCEDURE
ADMINISTRATIVE PROCEDURE TRANSPORTATION OF STUDENTS IN PRIVATE ADMINISTRATIVE PROCEDURE NO.: VI - 7 VEHICLES DRIVEN BY OTHER STUDENTS DATE : FEBRUARY 1996 AMENDED: OCTOBER 11, 2005 AMENDED: MARCH 18, 2008
More informationREFERENCE ACTION ANALYST STAFF DIRECTOR 1) Insurance, Business & Financial Affairs Policy Committee Reilly Cooper SUMMARY ANALYSIS
HOUSE OF REPRESENTATIVES STAFF ANALYSIS BILL #: HB 903 Wrkers' Cmpensatin Attrney's Fees SPONSOR(S): Flres and thers TIED BILLS: IDEN./SIM. BILLS: REFERENCE ACTION ANALYST STAFF DIRECTOR 1) Insurance,
More informationRichmond Clinical Commissioning Group Report Summary
Richmnd Clinical Cmmissining Grup Reprt Summary Meeting Title: Gverning Bdy Date: 16 September 2014 Reprt Title: Better Care Fund Plan Agenda Item: 8 Attachment: D Purpse: (please delete /N as apprpriate)
More informationCOMPREHENSIVE SAFETY ASSESSMENT INSTRUCTIONS for STUDY ABROAD PROGRAMS
COMPREHENSIVE SAFETY ASSESSMENT INSTRUCTIONS fr STUDY ABROAD PROGRAMS Belw is a list f items t address and questins that need t be addressed in the cmprehensive safety assessment. In additin t the safety
More informationAUDIT AND RISK COMMITTEE TERMS OF REFERENCE
AUDIT AND RISK COMMITTEE TERMS OF REFERENCE 1. TITLE OF COMMITTEE Audit and Risk Cmmittee 2. ESTABLISHMENT The Audit and Risk Cmmittee is established under Part 3 Sectin 19(1) f the Charles Darwin University
More informationRUTGERS POLICY. Responsible Executive: Vice President for Information Technology and Chief Information Officer
RUTGERS POLICY Sectin: 70.1.1 Sectin Title: Infrmatin Technlgy Plicy Name: Acceptable Use Plicy fr Infrmatin Technlgy Resurces Frmerly Bk: N/A Apprval Authrity: Senir Vice President fr Administratin Respnsible
More informationDepartment of Justice, Criminal Justice Standards Division Contact: Trevor Allen (919) 779-8211
Title: Annual In-Service Training Agency: Department f Justice, Criminal Justice Standards Divisin Cntact: Trevr Allen (919) 779-8211 Impact Summary: State Gvernment: N Lcal Gvernment: N (minimal) Substantial
More informationData Protection Act Data security breach management
Data Prtectin Act Data security breach management The seventh data prtectin principle requires that rganisatins prcessing persnal data take apprpriate measures against unauthrised r unlawful prcessing
More informationRevised Memorandum of Understanding between the Departments of Homeland Security and labor Concerning Enforcement Activities at Worksftes
Revised Memrandum f Understanding between the Departments f Hmeland Security and labr Cncerning Enfrcement Activities at Wrksftes I. Purpse This revised memrandum f understanding (MOU) is entered int by
More informationTHRIFTY DRUG STORES, INC. d/b/a THRIFTY WHITE DRUG / WHITE DRUG / BELL PHARMACY/VALLEY DRUG/ THRIFTY NYSTROM DRUG NOTICE OF PRIVACY PRACTICES
THRIFTY DRUG STORES, INC. d/b/a THRIFTY WHITE DRUG / WHITE DRUG / BELL PHARMACY/VALLEY DRUG/ THRIFTY NYSTROM DRUG NOTICE OF PRIVACY PRACTICES THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY
More information10 th May 2010. Dear Peter, Re: Audit Quality in Australia: A Strategic Review
10 th May 2010 Mr. Peter Levy Audit Quality Strategic Review Crpratins and Financial Services Divisin The Treasury Langtn Crescent PARKES ACT 2600 Dear Peter, Re: Audit Quality in Australia: A Strategic
More informationFirst Global Data Corp.
First Glbal Data Crp. Privacy Plicy As f February 23, 2015 Ding business with First Glbal Data Crp. ("First Glbal", First Glbal Mney, "we" r "us", which includes First Glbal Data Crp. s subsidiary, First
More informationOur Privacy Policy and Credit Reporting Privacy Policy. 1. Privacy at FlexiGroup Our Privacy Policy and Credit Reporting Privacy Policy
Our Privacy Plicy and Credit Reprting Privacy Plicy 1. Privacy at FlexiGrup Our Privacy Plicy and Credit Reprting Privacy Plicy Backgrund At Flexigrup it is imprtant t us that we manage yur persnal infrmatin
More informationBIBH Duty Statements and Governance chart reviewed and approved April 2014. BIBH Executive Governance & Management Arrangements
BIBH Duty Statements and Gvernance chart reviewed and apprved April 2014 BIBH Executive Gvernance & Management Arrangements BIBH COMMITTEE CEO - Paul O Cnnell Executive Secretary - Brian Firth Executive
More informationInternal Audit Charter and operating standards
Internal Audit Charter and perating standards 2 1 verview This dcument sets ut the basis fr internal audit: (i) the Internal Audit charter, which establishes the framewrk fr Internal Audit; and (ii) hw
More informationHow To Get A Credit By Examination
LAW ENFORCEMENT TECHNOLOGY CREDIT BY EXAMINATION FACT SHEET Texas Ri Salad Cllege, a Maricpa Cunty Cmmunity Cllege in Tempe, Arizna, is prud t annunce its Credit by Examinatin prgram in Law Enfrcement
More informationPhiladelphia Pittsburgh www.elc- pa.org
Philadelphia Pittsburgh www.elc- pa.rg The Schl District Financial Recvery Law (Act 141) and Basic Educatin Funding Frmulas Act 141, the Schl District Financial Recvery Law ( financially distressed schl
More informationHelicopter Landing Sites Planning, Implementation and Management
Directive # QH-HSD-039:2013 Effective Date: 01 July 2013 Review Date: 01 July 2016 Supersedes: Nil Landing Sites Planning, Implementatin and Management Purpse The purpse f this Health Service Directive
More informationPlus500CY Ltd. Statement on Privacy and Cookie Policy
Plus500CY Ltd. Statement n Privacy and Ckie Plicy Statement n Privacy and Ckie Plicy This website is perated by Plus500CY Ltd. ("we, us r ur"). It is ur plicy t respect the cnfidentiality f infrmatin and
More informationERISA Compliance FAQs: Fiduciary Responsibilities
Brught t yu by Mrris & Reynlds Insurance ERISA Cmpliance FAQs: Fiduciary Respnsibilities The Emplyee Retirement Incme Security Act f 1974 (ERISA) is a federal law that sets minimum standards fr emplyee
More informationTrustED Briefing Series:
TrustED Briefing Series: Since 2001, TrustCC has prvided IT audits and security assessments t hundreds f financial institutins thrugh ut the United States. Our TrustED Briefing Series are white papers
More informationDirectives to LHINs in respect of Reporting Requirements under the BPSAA. Issued By Minister of Health and Long-Term Care
Directives t LHINs in respect f Reprting Requirements under the BPSAA Issued By Minister f Health and Lng-Term Care Effective April 1, 2011 Table f Cntents 1. BACKGROUND... 2 2. REPORT ON THE USE OF CONSULTANTS...
More informationVCU Payment Card Policy
VCU Payment Card Plicy Plicy Type: Administrative Respnsible Office: Treasury Services Initial Plicy Apprved: 12/05/2013 Current Revisin Apprved: 12/05/2013 Plicy Statement and Purpse The purpse f this
More informationMulti-Year Accessibility Policy and Plan for NSF Canada and NSF International Strategic Registrations Canada Company, 2014-2021
Multi-Year Accessibility Plicy and Plan fr NSF Canada and NSF Internatinal Strategic Registratins Canada Cmpany, 2014-2021 This 2014-21 accessibility plan utlines the plicies and actins that NSF Canada
More informationSerius Infrmatin Gvernance Incidents - OverVIEW
Serius Infrmatin Gvernance Incident Plicy UNIQUE REF NUMBER: AC/IG/019/V1.2 DOCUMENT STATUS: Apprved by Audit Cmmittee 19 June 2013 DATE ISSUED: June 2013 DATE TO BE REVIEWED: June 2014 1 P age AMENDMENT
More informationBusiness Continuity Management Policy
Business Cntinuity Management Plicy Versin: 1.0 Last Amendment: Apprved by: Library Cuncil f New Suth Wales Plicy wner/spnsr: Directr, Operatins and Chief Financial Officer Plicy Cntact Officer: Senir
More informationGOVERNORS PHARMACY HIPAA NOTICE OF PRIVACY PRACTICES For Your Protected Health Information
GOVERNORS PHARMACY HIPAA NOTICE OF PRIVACY PRACTICES Fr Yur Prtected Health Infrmatin THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS
More informationGENERAL MOTORS COMPANY AUDIT COMMITTEE CHARTER. Most Recently Amended: December 8, 2015
GENERAL MOTORS COMPANY AUDIT COMMITTEE CHARTER Mst Recently Amended: December 8, 2015 Purpse The purpse f the Audit Cmmittee is t assist the Bard f Directrs f General Mtrs Cmpany in its versight f the
More informationEmergency Preparedness Plans. Page 1 of 19
Emergency Preparedness Plans Page 1 f 19 Page 2 f 19 Requirements SUA Respnsibilities t AA Designate a Disaster Aging Officer DADS Disaster Crdinatr - Glen Basn A&I AAA Sectin s Disaster Team Aimee Mick*,
More informationCell Phone & Data Access Policy Frequently Asked Questions
Cell Phne & Data Access Plicy Frequently Asked Questins 1. Wh is eligible fr a technlgy allwance? First and fremst, the technlgy allwance is fr the benefit f the University, rather than fr the cnvenience
More informationE-Business Strategies For a Cmpany s Bard
DATATEC LIMITED BOARD CHARTER / TERMS OF REFERENCE 1. CONSTITUTION The primary bjective f the Cmpany s Bard Charter is t set ut the rle and respnsibilities f the Bard f Directrs ( the Bard ) as well as
More informationE-ALERT Financial Institutions
E-ALERT Financial Institutins BEIJING BRUSSELS LONDON NEW YORK SAN DIEGO SAN FRANCISCO SILICON VALLEY WASHINGTON www.cv.cm March 19, 2010 SENATE FINANCIAL REFORM LEGISLATION ADDRESSES PROPRIETARY TRADING
More informationSecurity Services. Service Description Version 1.00. Effective Date: 07/01/2012. Purpose. Overview
Security Services Service Descriptin Versin 1.00 Effective Date: 07/01/2012 Purpse This Enterprise Service Descriptin is applicable t Security Services ffered by the MN.IT Services and described in the
More informationKey Steps to Responding to Privacy Breaches. Nova Scotia Freedom of Information and Protection of Privacy Review Office
Key Steps t Respnding t Privacy Breaches Nva Sctia Freedm f Infrmatin and Prtectin f Privacy Review Office ~ 1 ~ ~ 1 ~ 1 ~ Key Steps t Respnding t Privacy Breaches 1 Key Key Steps Steps t t Respnding
More informationFTE is defined as an employee who is employed on average at least 30 hours of service per week.
On March 23, 2010, President Barack Obama signed int law cmprehensive health care refrm legislatin, the Patient Prtectin and Affrdable Care Act (H.R. 3590) passed in the Senate. The Health Care and Educatin
More informationSuccession Planning & Leadership Development: Your Utility s Bridge to the Future
Successin Planning & Leadership Develpment: Yur Utility s Bridge t the Future Richard L. Gerstberger, P.E. TAP Resurce Develpment Grup, Inc. 4625 West 32 nd Ave Denver, CO 80212 ABSTRACT A few years ag,
More informationHIPAA HITECH ACT Compliance, Review and Training Services
Cmpliance, Review and Training Services Risk Assessment and Risk Mitigatin: The first and mst imprtant step is t undertake a hlistic risk assessment that examines the risks and cntrls related t fur critical
More informationRepresent New College Stamford at both national and regional events and serve on appropriate external committees.
JOB DESCRIPTION Pst: Reprts t: Respnsible fr: Executive Directr Partnerships & Skills Principal and Chief Executive Apprenticeship Develpment Manager Head f Marketing Business Sales Team Salary: Attractive
More informationTHIRD PARTY PROCUREMENT PROCEDURES
ADDENDUM #1 THIRD PARTY PROCUREMENT PROCEDURES NORTH CENTRAL TEXAS COUNCIL OF GOVERNMENTS TRANSPORTATION DEPARTMENT JUNE 2011 OVERVIEW These prcedures establish standards and guidelines fr the Nrth Central
More informationSupersedes: DPS Policy 10.09 - Internet and Use Of The DPSnet, July 14, 2000 Effective: February 15, 2005 Pages: 1 of 5
Plicy: 13.01 SUBJECT: INTERNET USAGE Supersedes: DPS Plicy 10.09 - Internet and Use Of The DPSnet, July 14, 2000 Effective: February 15, 2005 Pages: 1 f 5 1.0 POLICY PURPOSE Detrit Public Schls (DPS) Internet
More informationChapter 7 Business Continuity and Risk Management
Chapter 7 Business Cntinuity and Risk Management Sectin 01 Business Cntinuity Management 070101 Initiating the Business Cntinuity Plan (BCP) Purpse: T establish the apprpriate level f business cntinuity
More informationCrnwall Partners in Care
Crnwall Partners in Care Mving Frward Versin 2.0 8 th January 2014 By Richard Mnk Crnwall Partners in Care August 2013 Page 1 f 6 CPIC mving frward This dcument has been created t help prvide a little
More informationNotice of Protection Provided by Utah Life and Health Insurance Guaranty Association
Ntice f Prtectin Prvided by Utah Life and Health Insurance Guaranty Assciatin This ntice prvides a brief summary f the Utah Life and Health Insurance Guaranty Assciatin ("the Assciatin") and the prtectin
More informationHealth Care Reform: The New Law
Health Care Refrm: The New Law Prfessr Sidney D. Watsn April 7, 2010 On March 23, 2010 President Obama signed int law the Patient Prtectin and Affrdable Care Act (H.R. 3590). On March 29, the President
More informationPurpose Statement. Objectives
Apprved by Academic Affairs Cuncil, June 24, 2014 Faculty Handbk Part VI: Other Plicies and Prcedures Sectin R. Intellectual Prperty Classified Emplyee Handbk Part VI: Other Plicies and Prcedures Sectin
More informationVermont Health Care Reform
Vermnt Health Care Refrm Hw it will affect yur business, and yur emplyees? Dr. Hsai, H202 (S057) Presented by: Tm Scull, Partner The Richards Grup A Few Initial Observatins The Gal f Federal Health Refrm
More informationEnvironment Protection Authority
Envirnment Prtectin Authrity EPA Cmplaints Management Plicy Intrductin This plicy sets ut the purpse, principles and prcess fr hw custmer feedback, including cmplaints, will be managed in the EPA t imprve
More informationMonitoring and Audit of Clinical Research Studies
Mnitring and Audit f Clinical Research Studies Categry: Summary: Equality Analysis undertaken: Plicy Implementatin f this plicy will ensure that the Trust fulfils its statutry bligatins which in turn will
More informationOutsourcing arrangements
Rules Ntice Guidance Nte Dealer Member Rules Please distribute internally t: Internal Audit Legal and Cmpliance Operatins Regulatry Accunting Senir Management Cntacts: Luis Piergeti Vice President, Financial
More informationGuidelines on Data Management in Horizon 2020
Guidelines n Data Management in Hrizn 2020 Versin 1.0 11 December 2013 Guidelines n Data Management in Hrizn 2020 Versin 16 December 2013 Intrductin In Hrizn 2020 a limited pilt actin n pen access t research
More information