ORDER OF THE DIRECTOR OF THE COMMUNICATIONS REGULATORY AUTHORITY OF THE REPUBLIC OF LITHUANIA

Size: px
Start display at page:

Download "ORDER OF THE DIRECTOR OF THE COMMUNICATIONS REGULATORY AUTHORITY OF THE REPUBLIC OF LITHUANIA"

Transcription

1 ORDER OF THE DIRECTOR OF THE COMMUNICATIONS REGULATORY AUTHORITY OF THE REPUBLIC OF LITHUANIA ON THE AMENDMENT OF THE ORDER NO. 1V-1013 ON THE APPROVAL OF THE RULES ON THE ENSURANCE OF SECURITY AND INTEGRITY OF PUBLIC COMMUNICATIONS NETWORKS AND PUBLIC ELECTRONIC COMMUNICATIONS SERVICES OF 21 OCTOBER 2011 OF THE DIRECTOR OF THE COMMUNICATIONS REGULATORY AUTHORITY OF THE REPUBLIC OF LITHUANIA 23 June 2015 No. 1V-776 Vilnius Pursuant to Paragraph 3 of Article 42 1 of the Law on Electronic Communications of the Republic of Lithuania and Items 1, 2 and 3 of Paragraph 1 of Article 8 of the Cybersecurity Law of the Republic of Lithuania: 1. I h e r e b y a m e n d the Order No. 1V-1013 of 21 October 2011 of the Director of the Communications Regulatory Authority of the Republic of Lithuanian On the Approval of the Rules on the Ensurance of Security and Integrity of Public Communications Networks and Public Electronic Communications Services : 1.1. I amend the title and set it forth as follows: ON THE APPROVAL OF THE RULES ON THE ENSURANCE OF SECURITY AND INTEGRITY OF PUBLIC COMMUNICATIONS NETWORKS, PUBLIC ELECTRONIC COMMUNICATIONS SERVICES AND ELECTRONIC INFORMATION HOSTING SERVICES I amend the preamble and set it forth as follows: Pursuant to Article 42 1 of the Law on Electronic Communications of the Republic of Lithuania, Items 1, 2 and 3 of Paragraph 1 of Article 8 of the Cybersecurity Law of the Republic of Lithuania and implementing Directive 2002/21/EC of the European Parliament and of the Council of 7 March 2002 on a Common Regulatory Framework for Electronic Communications Networks and Services (Framework Directive) (OJ 2004, Special Edition, Chapter 13, Volume 29, p. 349) as last amended on 25 November 2009 and the Directive 2009/140/EC of the European Parliament and of the Council (OJ 2009 L 337, p. 37): I amend Item 1 and set it forth as follows: 1. I a p p r o v e the Rules on the Ensurance of Security and Integrity of Public Communications Networks, Public Electronic Communications Services and Electronic Information Hosting Services (attached) I amend the Rules on the Ensurance of Security and Integrity of Public Communications Networks and Public Electronic Communications Services approved by the referred order and set them in the new wording (attached). 2. I d i r e c t to publish this order in the Register of Legal Acts. Director Feliksas Dobrovolskis

2 APPROVED BY the Order No. 1V-1013 of 21 October 2011 of the Director of the Communications Regulatory Authority of the Republic of Lithuania (New version of the Order No. 1V-776 of 23 June 2015 of the Director of the Communications Regulatory Authority of the Republic of Lithuania) THE RULES ON THE ENSURANCE OF SECURITY AND INTEGRITY OF THE PUBLIC COMMUNICATIONS NETWORKS, PUBLIC ELECTRONIC COMMUNICATIONS SERVICES AND ELECTRONIC INFORMATION HOSTING SERVICES I. GENERAL PROVISIONS 1. The Rules on the Ensurance of Security and Integrity of Public Communications Networks, Public Electronic Communications Services and Electronic Information Hosting Services (hereinafter referred to as the Rules) govern the rights and obligations of public communications networks and/or public electronic communications service providers in ensuring the security and integrity of public communications networks and/or public electronic communications services provided by them, the rights and obligations of electronic information hosting service providers ensuring security and integrity of electronic information hosting services provided by them, the terms and conditions for provision of information on cyber- or security incidents (hereinafter - the Incidents) and/or breaches of integrity, the applied incident management measures and technical information for the assessment of the cybersecurity condition of public communications networks, public electronic communications services and/or electronic information hosting services to the Communications Regulatory Authority of the Republic of Lithuania (hereinafter - the Authority) as well as the procedure for investigation of incidents and breaches of integrity. 2. Definitions used in these Rules: 2.1. Electronic Data shall mean data processed by means of information technologies Denial of Service, DoS, shall mean the action, which interferes with the work of public communications network and/or information system, or the provision of services provided via the public communications network System Compromise shall mean unlawful use of information system resources and/or unauthorized access to the information system 2.4. Malicious Software shall mean a software or a part thereof designed to unlawfully connect to or enabling an unauthorized access to an information system or a public communications network, disruption or alteration, also for take-over of the management of the operations of the information system or public communications network, destruction, damage, deletion or change of electronic data, elimination or restriction of the possibility to use electronic data, allowing for the misappropriation or other use of non-public electronic data for people, who do not have the right to do so Malicious Act shall mean an act or omission implying a threat to the security and integrity of public communications networks, public electronic communications services and/or electronic information hosting services Unlawful Use of Electronic Data shall mean the appropriation, distribution and publication of electronic data, their replacement by other electronic data, distortion of electronic data or another unlawful use thereof Breach of Integrity malfunction of a public communications network or a part thereof disrupting uninterrupted provision of public electronic communications services or electronic information hosting services provided over this network, or damage of equipment used by the

3 electronic information hosting service provider disrupting continuous provision of electronic information hosting services Rules on the Management of the Security of Public Communications Networks and Services shall mean the entirety of documents approved by public communications network and/or public electronic communications service providers establishing technical and organizational measures for the ensurance of security and integrity of public communications networks and/or public electronic communications services Other terms used in the Rules are defined in the Law on Electronic Communications of the Republic of Lithuania, Cybersecurity Law of the Republic of Lithuania, Law on Provision of Information to the Public of the Republic of Lithuania and the Law on the Protection of Minors against the Detrimental Effect of Public Information of the Republic of Lithuania. II. RIGHTS AND OBLIGATIONS OF THE PUBLIC COMMUNICATIONS NETWORKS AND/OR PUBLIC ELECTRONIC COMMUNICATIONS SERVICE PROVIDERS ENSURING THE SECURITY AND INTEGRITY OF THEIR SERVICES 3. Public communications networks and/or public electronic communications service providers must: 3.1. implement the appropriate technical and organizational measures ensuring the safety of public communications networks and/or public electronic communications services provided by them; these measures shall ensure the level of security complying with the posed threat, and prevent security incidents from happening, or reduce their impact on the public communications networks and/or public electronic communications services; 3.2. implement the appropriate technical and organizational measures ensuring that the traffic of false Internet Protocol (IP) addresses will be blocked in the public communications networks provided by them; 3.3. implement the appropriate technical and organizational measures ensuring that the traffic of the denial of service attacks will be blocked in the public communications networks provided by them; 3.4. implement the appropriate technical and organizational measures to ensure the integrity of their public communications networks for the continuous provision of public electronic communication services over these networks; 3.5. implement the appropriate technical and organizational measures to ensure the security of equipment used for provision of public communications networks and/or public electronic communications services; 3.6. approve and regularly update the Rules on the Management of the Security of Public Communications Networks and Services and follow them, and on the Authority's request, submit them to the Authority. The Rules on the Management of the Security of Public Communications Networks and Services shall specify the following: the descriptions of measures necessary for the management of incidents and breaches of integrity; the plan for the ensurance of continuity of the provision of public communications networks and/or public electronic communications services and application conditions thereof; the functions and responsibility of persons in charge of the management of incidents and breaches of integrity; the procedure and conditions for inspecting and testing of the equipment used for the provision of public communications networks and/or public electronic communications services; 3.7. immediately free of charge inform the recipients of public electronic communications services about the malfunctions of public communications networks and/or public electronic communications services due to an incident and/or breaches of integrity classified as having medium or high impact (according to Annex 1 to the Rules);

4 3.8. inform free of charge the recipients of public electronic communications services about the measures that the recipients of public electronic communications services may take advantage of to eliminate the risk of the incidents and/or breaches of integrity associated with the terminal equipment of the recipients of public electronic communications services and indicate the likely costs of the use of such measures; 3.9. not later than before 5 working days inform the public electronic communications service recipients about scheduled works involving the probability of disruption of the security and/or integrity of public communications networks and/or public electronic communications services; publicly announce the recommendations for the public electronic communication service recipients about the measures ensuring cybersecurity when using services of the public communications networks and/or public electronic communications providers. 4. Providers of public communications networks and/or public electronic communications services have the right to take urgent measures, including temporary restrictions on provision of public communications networks and/or public electronic communications services for the recipients of these services, when the incident and/or a breach of integrity has occurred or the threat of the incident and/or a breach of integrity is apparent. III. RIGHTS AND OBLIGATIONS OF THE ELECTRONIC INFORMATION HOSTING SERVICE PROVIDERS WHEN ENSURING THE SECURITY AND INTEGRITY OF THEIR SERVICES 5. Providers of electronic information hosting service must: 5.1. implement the appropriate technical and organizational measures ensuring cybernetic security in order to ensure safety of electronic information hosting services provided by them; these measures shall ensure the level of security complying with the posed threat, and prevent security incidents from happening, or reduce their impact; 5.2. if necessary, in co-operation with the providers of public communications networks and/or public electronic communications services take the necessary measures ensuring cybernetic security; 5.3. implement the appropriate technical and organizational measures ensuring the security of their equipment used for provision of electronic information hosting services; 5.4. immediately and free-of-charge inform the electronic information hosting service recipients about the incident and/or breach of integrity related to the hosting of electronic information services classified to have medium or high impact (according to Annex 1 to the Rules); 5.5. not later than before 5 working days inform the electronic information hosting service recipients about scheduled works involving the probability of disruption of the security and/or integrity of electronic information hosting services; 5.6. publicly or otherwise inform the electronic information hosting service recipients about the countries where their electronic information that is being created, managed or presented for storage using electronic information hosting services may be stored and about the cases when information is transferred to other countries; 5.7. immediately terminate access to the information contained in their server in the following cases: if so required by the court; if the electronic information hosting service provider receives the notification from the Authority or otherwise becomes aware of the information stored in their server, publicizing and/or distribution of which is prohibited by the laws of the Republic of Lithuania, and the termination of the access is technically possible; 5.8. establish procedures for alerting the electronic information hosting service recipients on electronic information hosting security breaches and actions that the recipients and/or providers of electronic information hosting services must take in such case;

5 5.9. publicly announce the recommendations for the recipients of electronic information hosting services about the measures ensuring cybernetic security when using electronic information hosting services. 6. Providers of electronic information hosting services have the right: 6.1. to take urgent measures, including temporary restrictions on provision of electronic information hosting services for the recipients of these services when the incident and/or breach of integrity has occurred or the threat of the incident and/or breach of integrity is apparent; 6.2. to determine what electronic data can be used, stored, made public and processed using electronic information hosting services provided by them; 6.3. to restrict temporarily or to discontinue provision of electronic information hosting services to the recipients, having warned them in advance, if the recipients of electronic information hosting services have been identified to carry out malicious activity through the services; 6.4. to conduct periodic revision of publicly available electronic data in the servers of the electronic information hosting service provider in order to ensure compliance with the requirements of the legislation prohibiting publicizing and/or distribution of certain information. IV. PROCEDURE AND CONDITIONS FOR THE PROVISION OF INFORMATION ABOUT THE INCIDENTS AND/OR BREACHES OF INTEGRITY AS WELL AS MEASURES TAKEN FOR THEIR MANAGEMENT 7. Providers of public communications networks, public electronic communications services and/or electronic information hosting services must: 7.1. inform the Authority about: the following incidents: denial of service; information system compromise; unlawful use of electronic data; acts related to the malicious software; breaches of integrity; 7.2. inform the Authority immediately after the determination of the incident and/or breach of integrity: about determined incidents and/or breaches of integrity, which are having or had earlier a high impact (according to Annex 1 to the Rules) on the recipients of public communications networks, public electronic communications services and/or electronic information hosting services provided by them; about determined incidents and/or breaches of integrity, which have or may have a high impact (according to Annex 1 to the Rules) on the security and/or integrity of public communications networks, public electronic communications services and/or electronic information hosting services, as well as information systems, provided by other providers of public communications networks, public electronic communications services and/or electronic information hosting services of the Republic of Lithuania; 7.3. inform the Authority not later than within 1 working day after the incident and/or breach of integrity is found: about determined incidents and/or breaches of integrity, which are having or had earlier a medium impact (according to Annex 1 to the Rules) on the recipients of public communications networks, public electronic communications services and/or electronic information hosting services provided by them; about determined incidents and/or breaches of integrity, which have or may have a high impact (according to Annex 1 to the Rules) on the security and/or integrity of public communications networks, public electronic communications services and/or electronic information hosting services, as well as information systems, provided by other providers of public

6 communications networks, public electronic communications services and/or electronic information hosting service of the Republic of Lithuania; 7.4. inform the Authority about the events referred to in subparagraphs 7.2 and 7.3 of the Rules electronically following the procedure, which is described on the website in the absence of such a possibility, to submit a notification by at cert@cert.lt according to the form set out in Annex 2 of the Rules, encrypting the contents of the notification by the public key 0xA3BACE47; in the absence of such possibilities, inform the Authority by telephone (8 5) or fax (8 5) ; 7.5. submit to the Authority contact information of the person in charge, whom to contact with on a round-the-clock basis, and also with his address, so that the Authority and the providers of public communications networks, public electronic communications services and/or electronic information hosting services would be able to immediately exchange information about incidents and/or breaches of integrity, as well as their management arrangements; if the person in charge or his contact information changes, the updated information has to be provided to the Authority no later than on the next working day following the change of data. 8. Providers of public communications networks, public electronic communications services and/or electronic information hosting services have the right to inform the Authority by their own choice about other important events relating to the security and integrity of public communications networks, public electronic communications services and/or electronic information hosting services. V. PROCEDURE AND CONDITIONS FOR SUBMISSION OF TECHNICAL INFORMATION REQUIRED FOR THE ASSESSMENT OF THE CYBERSECURITY STATUS OF PUBLIC COMMUNICATIONS NETWORKS, PUBLIC ELECTRONIC COMMUNICATIONS SERVICES AND/OR ELECTRONIC INFORMATION HOSTING SERVICES 9. Providers of public communications networks, public electronic communications services and/or electronic information hosting services are required to provide the Authority with the technical information necessary for the assessment of the state of cybernetic security of public communications networks, public electronic communications services and/or electronic information hosting services. 10. The information specified in Paragraph 9 of the Rules shall be provided: at the request of the Authority, following the formats and time limits required; at the request of the provider of public communications networks, public electronic communications services and/or electronic information hosting services. 11. When providing the information referred to in Paragraph 9 of the Rules the requirements of the Law of the Republic of Lithuania on Legal Protection of Personal Data must be complied with. VI. INVESTIGATION OF INCIDENTS AND VIOLATIONS OF THE INTEGRITY 12. Having assessed the risk level of the registered incident and/or breach of integrity according to Annex 1 to the Rules, the Authority takes the necessary steps to investigate the incident and/or breach of integrity and to clarify all circumstances specified in the notification of the provider of public communications networks, public electronic communications services and/or electronic information hosting service: investigation of incidents and/or breach of integrity, which have been classified as having a high impact (according to Annex 1 to the Rules), shall be started immediately upon the receipt of the notification of the public communications networks, public electronic communications services and/or electronic information hosting service provider; investigation of incidents and/or breaches of integrity, which have been classified as having medium impact (according to Annex 1 to the Rules), shall be started only upon the

7 completion of the investigations of the incidents and/or breaches of integrity having a high impact (according to Annex 1 to the Rules), or no later than within 3 working days from the day of the receipt of the notification on an incident and/or breach of integrity by the public communications networks, public electronic communications services and/or electronic information hosting service provider. 13. If during the assessment of the registered incident and/or breach of integrity it has been found that the notification on an incident and/or breach of integrity submitted by a provider of public communications networks, public electronic communications services and/or electronic information hosting services contains not all information specified in Annex 2 to the Rules, the information is inaccurate or incomplete, the Authority shall inform the provider of public communications networks, public electronic communication services and/or electronic information hosting services, who has submitted the notification, and set at least 1 day period to complete and/or correct the notification. 14. When performing investigations of the incidents and/or breaches of integrity the Authority shall communicate information within its competence: to the State Data Protection Inspectorate about any incident related to personal data security breaches and personal data security breaches; to the police, if any signs of criminal activity are detected; to the Cyber Security and Telecommunications Service under the Ministry of National Defence about the incidents that may affect the State information resources and/or activities of the critical information infrastructure. 15. The Authority shall ensure protection of confidential information obtained in the course of investigation of the incidents and/or breaches of integrity from unauthorized disclosure of such information, as well as shall ensure that this information is not disclosed, copied or used for other purposes, which may cause negative consequences for the person, who submitted confidential information, with the exception of the cases provided for in legal acts. 16. If necessary, the Authority shall inform the Office of the Government of the Republic of Lithuania, the national regulatory authorities of other European Union Member States, the European Network and Information Security Agency and the public about the incident and/or breach of integrity. 17. The Authority regularly collects information on notifications submitted by the public communications networks, electronic communications services and/or public electronic information hosting service providers and the actions taken, and annually provides the summarized information to the European Commission and the European Network and Information Security Agency. VII. FINAL PROVISIONS 18. For violation of the Rules the providers of public communications networks, public electronic communications services and/or electronic information hosting services shall be responsible according to the procedure prescribed by law. Annex 1 to the Rules on the Ensurance of the Security and Integrity of Public Communications Networks, Public Electronic Communications Services and Electronic Information Hosting Services

8 TABLE FOR THE ASSESSMENT OF THE IMPACT OF DISRUPTIONS OF THE PROVISION OF PUBLIC COMMUNICATIONS NETWORKS, PUBLIC ELECTRONIC COMMUNICATIONS SERVICES AND/OR ELECTRONIC INFORMATION HOSTING SERVICES TO RECIPIENTS Duration of service disruption Number of service recipients or % of the total number of service recipients of a provider Longer than one hour but shorter than two hours Impact Longer than two hours >1000 or > 5 % Medium High Where the number of recipients of services is unknown, area of service coverage within the city territory > 1 km 2 Medium High Where the number of recipients of disrupted services is unknown, area of service disruption coverage outside the city territory > 10 km 2 Medium High

9 Annex 2 to the Rules on the Ensurance of the Security and Integrity of Public Communications Networks, Public Electronic Communications Services and Electronic Information Hosting Services (name of legal entity or full name of natural person) (address of the registered office of legal entity or permanent residence of natural person) (telephone, fax, ) To: Communications Regulatory Authority of the Republic of Lithuania Algirdo St. 27A, LT Vilnius Tel.: (8 5) , fax: (8 5) cert@cert.lt NOTIFICATION ON AN INCIDENT AND/OR A BREACH OF INTEGRITY Contact information Description of an incident and/or abreach of integrity Management of an incident and/or a breach of integrity Other important information No. (date) (place of conclusion) Full name of the person in charge of the management of cybernetic or security incident (hereinafter - the Incident) and/or a breach of integrity: Position: Address: Telephone, Type: Time: Description of the damaged public communications networks, public electronic communications services and/or electronic information hosting services, information systems, software, etc.: Information about the causes of an incident and/or a breach of integrity: Description of an incident and/or a breach of integrity (please, give as much details as possible): The approximate number of the service recipients, whom an incident and/or a breach of integrity caused damage to, or the percentage of the total number of the provider's service recipients: Applied (scheduled to be applied) measures and/or actions taken (or scheduled to be taken) for the management of an incident and/or a breach of integrity

10

GOVERNMENT OF THE REPUBLIC OF LITHUANIA

GOVERNMENT OF THE REPUBLIC OF LITHUANIA GOVERNMENT OF THE REPUBLIC OF LITHUANIA RESOLUTION NO 796 of 29 June 2011 ON THE APPROVAL OF THE PROGRAMME FOR THE DEVELOPMENT OF ELECTRONIC INFORMATION SECURITY (CYBER-SECURITY) FOR 20112019 Vilnius For

More information

LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT

LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT 2300 Pursuant to its authority from Article 59 of the Rules of Procedure of the Croatian Parliament, the Legislation Committee determined the revised text

More information

Microsoft Online Subscription Agreement/Open Program License Amendment Microsoft Online Services Security Amendment Amendment ID MOS10

Microsoft Online Subscription Agreement/Open Program License Amendment Microsoft Online Services Security Amendment Amendment ID MOS10 Microsoft Online Subscription Agreement/Open Program License Amendment Microsoft Online Services Security Amendment Amendment ID This Microsoft Online Services Security Amendment ( Amendment ) is between

More information

Office 365 Data Processing Agreement with Model Clauses

Office 365 Data Processing Agreement with Model Clauses Enrollment for Education Solutions Office 365 Data Processing Agreement (with EU Standard Contractual Clauses) Amendment ID Enrollment for Education Solutions number Microsoft to complete 7392924 GOLDS03081

More information

on Electronic Signature and change to some other laws (Electronic Signature Act) The Parliament has hereby agreed on this Act of the Czech Republic:

on Electronic Signature and change to some other laws (Electronic Signature Act) The Parliament has hereby agreed on this Act of the Czech Republic: 227/2000 Coll. ACT of 29 th June 2000 on Electronic Signature and change to some other laws (Electronic Signature Act) Amendment: 226/2002 Coll. Amendment: 517/2002 Coll. Amendment :440/2004 Coll. Amendment:

More information

Enrollment for Education Solutions Addendum Microsoft Online Services Agreement Amendment 10 EES17 --------------

Enrollment for Education Solutions Addendum Microsoft Online Services Agreement Amendment 10 EES17 -------------- w Microsoft Volume Licensing Enrollment for Education Solutions Addendum Microsoft Online Services Agreement Amendment 10 Enrollment for Education Solutions number Microsoft to complete --------------

More information

ON MUTUAL COOPERATION AND THE EXCHANGE OF INFORMATION RELATED TO THE OVERSIGHT OF AUDITORS

ON MUTUAL COOPERATION AND THE EXCHANGE OF INFORMATION RELATED TO THE OVERSIGHT OF AUDITORS Mr. Ryutaro Hatanaka Commissioner Financial Services Agency Government of Japan 3-2-1 Kasumigaseki Chiyoda-ku, Tokyo Japan 100-8967 Dr. Kunio Chiyoda Chairman Certified Public Accountants and Auditing

More information

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 February 2005 6566/05 LIMITE COPEN 35 TELECOM 10

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 February 2005 6566/05 LIMITE COPEN 35 TELECOM 10 COUNCIL OF THE EUROPEAN UNION Brussels, 24 February 2005 6566/05 LIMITE COPEN 35 TELECOM 0 REPORT from : Working Party on cooperation in criminal matters to : Article 36 Committee No. prev. doc. : 5098/04

More information

<Choose> Addendum Windows Azure Data Processing Agreement Amendment ID M129

<Choose> Addendum Windows Azure Data Processing Agreement Amendment ID M129 Addendum Amendment ID Proposal ID Enrollment number Microsoft to complete This addendum ( Windows Azure Addendum ) is entered into between the parties identified on the signature form for the

More information

STATUTORY INSTRUMENTS. S.I. No. 336 of 2011

STATUTORY INSTRUMENTS. S.I. No. 336 of 2011 STATUTORY INSTRUMENTS. S.I. No. 336 of 2011 EUROPEAN COMMUNITIES (ELECTRONIC COMMUNICATIONS NETWORKS AND SERVICES) (PRIVACY AND ELECTRONIC COMMUNICATIONS) REGULATIONS 2011 (Prn. A11/1165) 2 [336] S.I.

More information

GUIDELINES FOR THE PROVISION OF INTERNET SERVICE PUBLISHED BY THE NIGERIAN COMMUNICATIONS COMMISSION

GUIDELINES FOR THE PROVISION OF INTERNET SERVICE PUBLISHED BY THE NIGERIAN COMMUNICATIONS COMMISSION GUIDELINES FOR THE PROVISION OF INTERNET SERVICE PUBLISHED BY THE NIGERIAN COMMUNICATIONS COMMISSION These Guidelines apply to all Licensees providing Internet access services or any other Internet Protocol

More information

CROATIAN PARLIAMENT 1364

CROATIAN PARLIAMENT 1364 CROATIAN PARLIAMENT 1364 Pursuant to Article 88 of the Constitution of the Republic of Croatia, I hereby pass the DECISION PROMULGATING THE ACT ON PERSONAL DATA PROTECTION I hereby promulgate the Act on

More information

Data Processing Agreement for Oracle Cloud Services

Data Processing Agreement for Oracle Cloud Services Data Processing Agreement for Oracle Cloud Services Version December 1, 2013 1. Scope and order of precedence This is an agreement concerning the Processing of Personal Data as part of Oracle s Cloud Services

More information

The potential legal consequences of a personal data breach

The potential legal consequences of a personal data breach The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.

More information

Guidelines on Data Protection. Draft. Version 3.1. Published by

Guidelines on Data Protection. Draft. Version 3.1. Published by Guidelines on Data Protection Draft Version 3.1 Published by National Information Technology Development Agency (NITDA) September 2013 Table of Contents Section One... 2 1.1 Preamble... 2 1.2 Authority...

More information

ACT. on the amendment of the Gambling Law and some other Acts 1

ACT. on the amendment of the Gambling Law and some other Acts 1 Journal of Laws No. 134, item 779 ACT of 26 May 2011 on the amendment of the Gambling Law and some other Acts 1 Article 1 The following amendments are made to the Gambling Law of 19 November 2009 (Journal

More information

HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT HIPAA BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement ("BA AGREEMENT") supplements and is made a part of any and all agreements entered into by and between The Regents of the University

More information

INTERMACS REGISTRY BUSINESS ASSOCIATE AGREEMENT

INTERMACS REGISTRY BUSINESS ASSOCIATE AGREEMENT INTERMACS REGISTRY BUSINESS ASSOCIATE AGREEMENT This Agreement dated as of is made by and between The Board of Trustees of the University of Alabama, on behalf of INTERMACS Registry ( Business Associate

More information

UGANDA REVENUE AUTHORITY TERMS AND CONDITIONS FOR WEB PORTAL USE

UGANDA REVENUE AUTHORITY TERMS AND CONDITIONS FOR WEB PORTAL USE 1. DISCLAIMER NOTICE UGANDA REVENUE AUTHORITY TERMS AND CONDITIONS FOR WEB PORTAL USE The information provided by UGANDA REVENUE AUTHORITY (URA) on the web portal relating to products and services (or

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT (this Agreement ), effective as of May 1, 2014 (the Effective Date ), by and between ( Covered Entity ) and Orchard Software Corporation,

More information

Corporate Policy. Data Protection for Data of Customers & Partners.

Corporate Policy. Data Protection for Data of Customers & Partners. Corporate Policy. Data Protection for Data of Customers & Partners. 02 Preamble Ladies and gentlemen, Dear employees, The electronic processing of virtually all sales procedures, globalization and growing

More information

THE RULES ON THE SECURITIES SETTLEMENT SYSTEM OF THE CENTRAL SECURITIES DEPOSITORY OF LITHUANIA I. GENERAL PROVISIONS

THE RULES ON THE SECURITIES SETTLEMENT SYSTEM OF THE CENTRAL SECURITIES DEPOSITORY OF LITHUANIA I. GENERAL PROVISIONS APPROVED BY the CSDL Board meeting on October 19, 2007 Minutes No. 4 THE RULES ON THE SECURITIES SETTLEMENT SYSTEM OF THE CENTRAL SECURITIES DEPOSITORY OF LITHUANIA I. GENERAL PROVISIONS 1. The Rules on

More information

ZIMPERIUM, INC. END USER LICENSE TERMS

ZIMPERIUM, INC. END USER LICENSE TERMS ZIMPERIUM, INC. END USER LICENSE TERMS THIS DOCUMENT IS A LEGAL CONTRACT. PLEASE READ IT CAREFULLY. These End User License Terms ( Terms ) govern your access to and use of the zanti and zips client- side

More information

PRESIDENT S DECISION No. 40. of 27 August 2013. Regarding Data Protection at the European University Institute. (EUI Data Protection Policy)

PRESIDENT S DECISION No. 40. of 27 August 2013. Regarding Data Protection at the European University Institute. (EUI Data Protection Policy) PRESIDENT S DECISION No. 40 of 27 August 2013 Regarding Data Protection at the European University Institute (EUI Data Protection Policy) THE PRESIDENT OF THE EUROPEAN UNIVERSITY INSTITUTE, Having regard

More information

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 The following consists of the joint explanatory statement to accompany the Cybersecurity Act of 2015. This joint explanatory statement

More information

Service Schedule for Business Email Lite powered by Microsoft Office 365

Service Schedule for Business Email Lite powered by Microsoft Office 365 Service Schedule for Business Email Lite powered by Microsoft Office 365 1. SERVICE DESCRIPTION Service Overview 1.1 The Service is a hosted messaging service that delivers the capabilities of Microsoft

More information

Council of the European Union Brussels, 5 March 2015 (OR. en)

Council of the European Union Brussels, 5 March 2015 (OR. en) Council of the European Union Brussels, 5 March 2015 (OR. en) Interinstitutional File: 2013/0027 (COD) 6788/15 LIMITE TELECOM 59 DATAPROTECT 23 CYBER 13 MI 139 CSC 55 CODEC 279 NOTE From: Presidency To:

More information

COMPUTER MISUSE AND CYBERSECURITY ACT (CHAPTER 50A)

COMPUTER MISUSE AND CYBERSECURITY ACT (CHAPTER 50A) COMPUTER MISUSE AND CYBERSECURITY ACT (CHAPTER 50A) (Original Enactment: Act 19 of 1993) REVISED EDITION 2007 (31st July 2007) An Act to make provision for securing computer material against unauthorised

More information

DATA PROTECTION LAWS OF THE WORLD. India

DATA PROTECTION LAWS OF THE WORLD. India DATA PROTECTION LAWS OF THE WORLD India Date of Download: 6 February 2016 INDIA Last modified 27 January 2016 LAW IN INDIA There is no specific legislation on privacy and data protection in India. However,

More information

H. R. 5005 11 SEC. 201. DIRECTORATE FOR INFORMATION ANALYSIS AND INFRA STRUCTURE PROTECTION.

H. R. 5005 11 SEC. 201. DIRECTORATE FOR INFORMATION ANALYSIS AND INFRA STRUCTURE PROTECTION. H. R. 5005 11 (d) OTHER OFFICERS. To assist the Secretary in the performance of the Secretary s functions, there are the following officers, appointed by the President: (1) A Director of the Secret Service.

More information

PRIVACY AND DATA SECURITY MODULE

PRIVACY AND DATA SECURITY MODULE "This project has been funded under the fourth AAL call, AAL-2011-4. This publication [communication] reflects the views only of the author, and the Commission cannot be held responsible for any use which

More information

The primary responsibility for the data processing lies within the Administration Department, which the FINCOP Unit is part of.

The primary responsibility for the data processing lies within the Administration Department, which the FINCOP Unit is part of. Opinion on a Notification for Prior Checking received from the Data Protection Officer of the European Training Foundation Regarding the Processing Operations to Manage Calls for Tenders Brussels, 22 April

More information

S. 2519 AN ACT. To codify an existing operations center for cybersecurity.

S. 2519 AN ACT. To codify an existing operations center for cybersecurity. TH CONGRESS D SESSION S. 1 AN ACT To codify an existing operations center for cybersecurity. 1 Be it enacted by the Senate and House of Representa- tives of the United States of America in Congress assembled,

More information

Service Schedule for BT Business Lite Web Hosting and Business Email Lite powered by Microsoft Office 365

Service Schedule for BT Business Lite Web Hosting and Business Email Lite powered by Microsoft Office 365 1. SERVICE DESCRIPTION 1.1 The Service enables the Customer to: set up a web site(s); create a sub-domain name associated with the web site; create email addresses. 1.2 The email element of the Service

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (the Agreement ) is by and between ( Covered Entity )and CONEX Med Pro Systems ( Business Associate ). This Agreement has been attached to,

More information

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) TERMS AND CONDITIONS FOR BUSINESS ASSOCIATES

HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) TERMS AND CONDITIONS FOR BUSINESS ASSOCIATES HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT (HIPAA) TERMS AND CONDITIONS FOR BUSINESS ASSOCIATES I. Overview / Definitions The Health Insurance Portability and Accountability Act is a federal law

More information

California State University, Sacramento INFORMATION SECURITY PROGRAM

California State University, Sacramento INFORMATION SECURITY PROGRAM California State University, Sacramento INFORMATION SECURITY PROGRAM 1 I. Preamble... 3 II. Scope... 3 III. Definitions... 4 IV. Roles and Responsibilities... 5 A. Vice President for Academic Affairs...

More information

BUSINESS ASSOCIATE ADDENDUM

BUSINESS ASSOCIATE ADDENDUM BUSINESS ASSOCIATE ADDENDUM This BA Agreement, effective as of the effective date of the Terms of Use, adds to and is made part of the Terms of Use by and between Business Associate and Covered Entity.

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Agreement ( Agreement ) is made and entered into this day of [Month], [Year] by and between [Business Name] ( Covered Entity ), [Type of Entity], whose business address

More information

Embedded Network Solutions Australia Pty Ltd (ENSA) INTERNET ACCEPTABLE USE POLICY

Embedded Network Solutions Australia Pty Ltd (ENSA) INTERNET ACCEPTABLE USE POLICY T: 1300 00 ENSA (3672) F: 03 9421 6109 (ENSA) INTERNET ACCEPTABLE USE POLICY 1 ABOUT THIS POLICY... 2 2 GENERAL... 2 3 ILLEGAL ACTIVITY... 2 4 SECURITY... 2 5 RISKS OF THE INTERNET... 3 6 CONTENT PUBLISHING...

More information

Terms of use of information and communication technologies at the University of Burgundy

Terms of use of information and communication technologies at the University of Burgundy Terms of use of information and communication technologies at the University of Burgundy Adopted by the Board of the University of Burgundy on June 28, 2007. This Charter constitutes the internal regulations

More information

REQUIREMENTS RESPECTING THE SECURITY OF OFFSHORE FACILITIES

REQUIREMENTS RESPECTING THE SECURITY OF OFFSHORE FACILITIES REQUIREMENTS RESPECTING THE SECURITY OF OFFSHORE FACILITIES Definitions 1. In these requirements: C-NLOPB means the Canada-Newfoundland and Labrador Offshore Petroleum Board; Chief Safety Officer means

More information

EXHIBIT C BUSINESS ASSOCIATE AGREEMENT

EXHIBIT C BUSINESS ASSOCIATE AGREEMENT EXHIBIT C BUSINESS ASSOCIATE AGREEMENT THIS AGREEMENT is made and entered into by and between ( Covered Entity ) and KHIN ( Business Associate ). This Agreement is effective as of, 20 ( Effective Date

More information

2) applied methods and means of authorisation and procedures connected with their management and use;

2) applied methods and means of authorisation and procedures connected with their management and use; Guidelines on the way of developing the instruction specifying the method of managing the computer system used for personal data processing, with particular consideration of the information security requirements.

More information

BUSINESS ASSOCIATE AGREEMENT HIPAA Protected Health Information

BUSINESS ASSOCIATE AGREEMENT HIPAA Protected Health Information BUSINESS ASSOCIATE AGREEMENT HIPAA Protected Health Information I. PREAMBLE ( Covered Entity ) and ( Business Associate ) (jointly the Parties ) wish to enter into an Agreement to comply with the requirements

More information

Online Lead Generation: Data Security Best Practices

Online Lead Generation: Data Security Best Practices Online Lead Generation: Data Security Best Practices Released September 2009 The IAB Online Lead Generation Committee has developed these Best Practices. About the IAB Online Lead Generation Committee:

More information

Ohio Supercomputer Center

Ohio Supercomputer Center Ohio Supercomputer Center Intrusion Prevention and Detection No: Effective: OSC-12 5/21/09 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original

More information

ELECTRICITY SUPPLY/ TRADE LICENSE KORLEA INVEST A.S

ELECTRICITY SUPPLY/ TRADE LICENSE KORLEA INVEST A.S Hamdi Mramori Street, No 1 Prishtina 10000 Kosovo Tel: +381 (0) 38 247 615 ext. 103 Fax: +381 (0) 38 247 620 e-mail: info@ero-ks.org www.ero-ks.org ELECTRICITY SUPPLY/ TRADE LICENSE GRANTED TO: KORLEA

More information

Computer Security Incident Reporting and Response Policy

Computer Security Incident Reporting and Response Policy SECTION: 3.8 SUBJECT: Computer Security Incident Reporting and Response Policy AUTHORITY: Executive Director; Chapter 282.318, Florida Statutes - Security of Data and Information Technology Resources;

More information

Practical Overview on responsibilities of Data Protection Officers. Security measures

Practical Overview on responsibilities of Data Protection Officers. Security measures Practical Overview on responsibilities of Data Protection Officers Security measures Manuel Villaseca Spanish Data Protection Agency mvl@agpd.es Security measures Agenda: The rol of DPO on security measures

More information

4-column document Net neutrality provisions (including recitals)

4-column document Net neutrality provisions (including recitals) 4-column document Net neutrality provisions (including recitals) [Text for technical discussions. It does not express any position of the Commission or its services] Proposal for a REGULATION OF THE EUROPEAN

More information

OLYMPIC COLLEGE POLICY

OLYMPIC COLLEGE POLICY TITLE: Acceptable Use Policy POLICY NUMBER: OCP 200-17 REFERENCE: RCW 42.52.160, RCW 42.52.180, RCW 42.17, WAC 292-110-010, http://isb.wa.gov/policies/security.aspx, http://www.governor.wa.gov/execorders/archive.asp,

More information

PORTERS HR Business Cloud Terms of Use

PORTERS HR Business Cloud Terms of Use PORTERS HR Business Cloud Terms of Use A Customer using the PORTERS HR Business Cloud Service ( PORTERS HR Business Cloud ) shall be deemed to have agreed to the following provisions and conditions simultaneously

More information

One Hundred Thirteenth Congress of the United States of America

One Hundred Thirteenth Congress of the United States of America S. 2519 One Hundred Thirteenth Congress of the United States of America AT THE SECOND SESSION Begun held at the City of Washington on Friday, the third day of January, two thous fourteen An Act To codify

More information

REPUBLIC OF LITHUANIA. LAW ON ELECTRONIC SIGNATURE

REPUBLIC OF LITHUANIA. LAW ON ELECTRONIC SIGNATURE REPUBLIC OF LITHUANIA. LAW ON ELECTRONIC SIGNATURE CHAPTER I. GENERAL PROVISIONS... 1 ARTICLE 1. Purpose of the Law... 1 ARTICLE 2. Basic Definitions of this Law... 2 CHAPTER II. SIGNATURE CREATION, VERIFICATION,

More information

HOSTING SERVICES ADDENDUM TO MASTER SOFTWARE LICENCE AGREEMENT

HOSTING SERVICES ADDENDUM TO MASTER SOFTWARE LICENCE AGREEMENT HOSTING SERVICES ADDENDUM TO MASTER SOFTWARE LICENCE AGREEMENT Last Updated: 10 June 2015 This Hosting Services Addendum to the Master Software Licence Agreement ( Addendum ) will only apply to the extent

More information

MCOLES Information and Tracking Network. Security Policy. Version 2.0

MCOLES Information and Tracking Network. Security Policy. Version 2.0 MCOLES Information and Tracking Network Security Policy Version 2.0 Adopted: September 11, 2003 Effective: September 11, 2003 Amended: September 12, 2007 1.0 POLICY STATEMENT The Michigan Commission on

More information

BUSINESS ASSOCIATE ADDENDUM

BUSINESS ASSOCIATE ADDENDUM BUSINESS ASSOCIATE ADDENDUM This Business Associate Addendum ( Addendum ) adds to and is made a part of the Q- global Subscription and License Agreement by and between NCS Pearson, Inc. ( Business Associate

More information

CBIA Service Corporation Privacy and Security Notice

CBIA Service Corporation Privacy and Security Notice July 1, 2012 CBIA Service Corporation Privacy and Security Notice THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE

More information

APIP - Cyber Liability Insurance Coverages, Limits, and FAQ

APIP - Cyber Liability Insurance Coverages, Limits, and FAQ APIP - Cyber Liability Insurance Coverages, Limits, and FAQ The state of Washington purchases property insurance from Alliant Insurance Services through the Alliant Property Insurance Program (APIP). APIP

More information

Network & Information Security Policy

Network & Information Security Policy Policy Version: 2.1 Approved: 02/20/2015 Effective: 03/02/2015 Table of Contents I. Purpose................... 1 II. Scope.................... 1 III. Roles and Responsibilities............. 1 IV. Risk

More information

The Law on the Return of Unlawfully Removed Objects of Cultural Heritage

The Law on the Return of Unlawfully Removed Objects of Cultural Heritage THE NATIONAL ASSEMBLY OF THE REPUBLIC OF SLOVENIA Number: 612-04/03-7/1 Ljubljana, Nov. 28, 2003 At the session held on November 28, 2003, The National Assembly of the Republic of Slovenia enacted the

More information

T H E G O V E R N M E N T

T H E G O V E R N M E N T [Symbol of the State of Israel] RESHUMOT (Official Gazette) BILLS T H E G O V E R N M E N T Shvat 7, 5768 356 January 14, 2008 Page Electronic Commerce Bill, 5768 2008..................................

More information

Name of Other Party: Address of Other Party: Effective Date: Reference Number as applicable:

Name of Other Party: Address of Other Party: Effective Date: Reference Number as applicable: PLEASE NOTE: THIS DOCUMENT IS SUBMITTED AS A SAMPLE, FOR INFORMATIONAL PURPOSES ONLY TO ABC ORGANIZATION. HIPAA SOLUTIONS LC IS NOT ENGAGED IN THE PRACTICE OF LAW IN ANY STATE, JURISDICTION, OR VENUE OF

More information

HIPAA BUSINESS ASSOCIATE ADDENDUM

HIPAA BUSINESS ASSOCIATE ADDENDUM HIPAA BUSINESS ASSOCIATE ADDENDUM This Addendum, dated as of, 2007 ( Addendum ), supplements and is made a part of the Services Agreement (as defined below) by and between ( Covered Entity ) and FUJIFILM

More information

Estate Planning and the Provision of Electronic Certification Services

Estate Planning and the Provision of Electronic Certification Services No. 248/71 (4) Regulation for the Provision of Electronic Signature Certification Services THE HELLENIC TELECOMMUNICATIONS & POST COMMISSION (EETT) Taking into account: a. Law No. 2867/2000 "Organization

More information

REGULATION (EEC) No 2309/93

REGULATION (EEC) No 2309/93 REGULATION (EEC) No 2309/93 Council Regulation (EEC) No 2309/93 of 22 July 1993 laying down Community procedures for the authorization and supervision of medicinal products for human and veterinary use

More information

SPECIAL CONDITIONS FOR THE WEBSTORAGE CDN SERVICE Latest version dated 13/11/2013

SPECIAL CONDITIONS FOR THE WEBSTORAGE CDN SERVICE Latest version dated 13/11/2013 DEFINITIONS: SPECIAL CONDITIONS FOR THE WEBSTORAGE CDN SERVICE Latest version dated 13/11/2013 Bandwidth: Volume of data exchanged (uploads and downloads) between the CDN and the users that download Files

More information

FMGateway by FMWebschool

FMGateway by FMWebschool FMGateway by FMWebschool Hosting Service Agreement 1. OVERVIEW This Hosting Service Agreement (this Agreement ) is entered into by and between FMWebschool, LLC, a/an Delaware limited liability company

More information

SaaS. Business Associate Agreement

SaaS. Business Associate Agreement SaaS Business Associate Agreement This Business Associate Agreement ( BA Agreement ) becomes effective pursuant to the terms of Section 5 of the End User Service Agreement ( EUSA ) between Customer ( Covered

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT ( Agreement ) is entered into by and between (the Covered Entity ), and Iowa State Association of Counties (the Business Associate ). RECITALS

More information

NATIONAL CYBERSECURITY PROTECTION ACT OF 2014

NATIONAL CYBERSECURITY PROTECTION ACT OF 2014 PUBLIC LAW 113 282 DEC. 18, 2014 NATIONAL CYBERSECURITY PROTECTION ACT OF 2014 VerDate Mar 15 2010 21:01 Feb 12, 2015 Jkt 049139 PO 00282 Frm 00001 Fmt 6579 Sfmt 6579 E:\PUBLAW\PUBL282.113 PUBL282 128

More information

Factsheet on the Right to be

Factsheet on the Right to be 101010 100101 1010 101 Factsheet on the Right to be 100 Forgotten ruling (C-131/12) 101 101 1) What is the case about and what did 100 the Court rule? 10 In 2010 a Spanish citizen lodged a complaint against

More information

2015 -- S 0134 SUBSTITUTE B ======== LC000486/SUB B/2 ======== S T A T E O F R H O D E I S L A N D

2015 -- S 0134 SUBSTITUTE B ======== LC000486/SUB B/2 ======== S T A T E O F R H O D E I S L A N D 0 -- S 01 SUBSTITUTE B LC000/SUB B/ S T A T E O F R H O D E I S L A N D IN GENERAL ASSEMBLY JANUARY SESSION, A.D. 0 A N A C T RELATING TO CRIMINAL OFFENSES - IDENTITY THEFT PROTECTION Introduced By: Senators

More information

1. Rights and obligations of the parties

1. Rights and obligations of the parties General Terms and Conditions for telecommunication and information services (hereinafter: General Terms and Conditions) are general terms and conditions of the company TUŠMOBIL d.o.o. (hereinafter: TMB)

More information

DATA BREACH COVERAGE

DATA BREACH COVERAGE THIS ENDORSEMENT CHANGES THE POLICY. PLEASE READ THIS CAREFULLY. DATA BREACH COVERAGE SCHEDULE OF COVERAGE LIMITS Coverage Limits of Insurance Data Breach Coverage $50,000 Legal Expense Coverage $5,000

More information

maintain and enforce on its user clients an acceptable use policy similar in scope and intent to this Acceptable Use Policy.

maintain and enforce on its user clients an acceptable use policy similar in scope and intent to this Acceptable Use Policy. CTC Acceptable Use Policy Consolidated Telephone Company doing business as Consolidated Telecommunications Company (CTC) has adopted this Acceptable Use Policy to encourage the use of its network and services

More information

Journal of Laws No. 19-2117 - Item 101. The Act on Concession for Works or Services 1 2 of 9 January 2009. Chapter 1 General Provisions

Journal of Laws No. 19-2117 - Item 101. The Act on Concession for Works or Services 1 2 of 9 January 2009. Chapter 1 General Provisions Journal of Laws No. 19-2117 - Item 101 101 The Act on Concession for Works or Services 1 2 of 9 January 2009 Chapter 1 General Provisions Art. 1.1. This Act specifies the rules and procedures for concluding

More information

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL Title: Computer and Network Security Policy Policy Number: 04.72.12 Effective Date: November 4, 2003 Issuing Authority: Office of the Vice President for

More information

SAMPLE BUSINESS ASSOCIATE AGREEMENT

SAMPLE BUSINESS ASSOCIATE AGREEMENT SAMPLE BUSINESS ASSOCIATE AGREEMENT This is a draft business associate agreement based on the template provided by HHS. It is not intended to be used as is and you should only use the agreement after you

More information

This Amendment consists of two parts. This is part 1 of 2 and must be accompanied by and signed with part 2 of 2 (Annex 1) to be valid.

This Amendment consists of two parts. This is part 1 of 2 and must be accompanied by and signed with part 2 of 2 (Annex 1) to be valid. Microsoft Online Subscription Agreement Amendment adding Office 365 Data Processing Agreement (with EU Standard Contractual Clauses) Amendment ID Proposal ID MOSA number Microsoft to complete This Amendment

More information

Commercial Internet Banking Agreement and Disclosures

Commercial Internet Banking Agreement and Disclosures Rev. 4/2015 Commercial Internet Banking Agreement and Disclosures 1. Coverage. This Agreement applies to your use of our commercial Internet Banking Service, which permits you to access your accounts with

More information

ELECTRONIC COMMERCE AND ELECTRONIC SIGNATURE ACT (ZEPEP-UPB1) (Official consolidated text)

ELECTRONIC COMMERCE AND ELECTRONIC SIGNATURE ACT (ZEPEP-UPB1) (Official consolidated text) ELECTRONIC COMMERCE AND ELECTRONIC SIGNATURE ACT (ZEPEP-UPB1) (Official consolidated text) On basis of article 153 of the National Assembly of Slovenia Rules of Procedure the National Assembly of the Republic

More information

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement ( Agreement ) by and between (hereinafter known as Covered Entity ) and Office Ally, LLC. (hereinafter known as Business Associate ), and

More information

EMPLOYER S LIABILITY INSURANCE RULES

EMPLOYER S LIABILITY INSURANCE RULES EMPLOYER S LIABILITY INSURANCE RULES Baku 2009 EMPLOYER S LIABILITY INSURANCE RULES GENERAL Employer s Liability Insurance Rules of the International Insurance Company OJSC, hereinafter referred to as

More information

Cloud Hosting Terms and Conditions

Cloud Hosting Terms and Conditions 1 DEFINITIONS. 1.1 The following definitions shall apply in this Schedule. Any reference in this Schedule to "day" will be a calendar day. "Acceptable Use Policy" "Affiliate" "Cloud Services" "Customer

More information

ACT ON LIABILITY FOR NUCLEAR DAMAGE

ACT ON LIABILITY FOR NUCLEAR DAMAGE ACT ON LIABILITY FOR NUCLEAR DAMAGE Published in the Official Gazette of the Republic of Slovenia - International Treaties, No. 77/2010 UNOFFICIAL TRANSLATION I. GENERAL PROVISIONS Article 1 (Contents)

More information

SUPPLIER SECURITY STANDARD

SUPPLIER SECURITY STANDARD SUPPLIER SECURITY STANDARD OWNER: LEVEL 3 COMMUNICATIONS AUTHOR: LEVEL 3 GLOBAL SECURITY AUTHORIZER: DALE DREW, CSO CURRENT RELEASE: 12/09/2014 Purpose: The purpose of this Level 3 Supplier Security Standard

More information

Section C: Data Use Agreement. Illinois Department of Healthcare and Family Services. And DATA USE AGREEMENT

Section C: Data Use Agreement. Illinois Department of Healthcare and Family Services. And DATA USE AGREEMENT Section C: Data Use Agreement Illinois Department of Healthcare and Family Services And DATA USE AGREEMENT This Data Use Agreement (the Agreement ) is effective as of (the Agreement Effective Date ) by

More information

BUSINESS ASSOCIATE AGREEMENT Health Insurance Portability and Accountability Act (HIPAA)

BUSINESS ASSOCIATE AGREEMENT Health Insurance Portability and Accountability Act (HIPAA) BUSINESS ASSOCIATE AGREEMENT Health Insurance Portability and Accountability Act (HIPAA) This Business Associate Agreement (the Agreement ) is made and entered into as of [Date] (hereinafter Effective

More information

PRIVACY ACT COMPLIANCE

PRIVACY ACT COMPLIANCE Department of Homeland Security Management Directive System MD Number: 0470.1 PRIVACY ACT COMPLIANCE 1. Purpose This directive establishes the Department of Homeland Security (DHS) policy for Privacy Act

More information

THE LAW ON FREE ACCESS TO INFORMATION

THE LAW ON FREE ACCESS TO INFORMATION THE LAW ON FREE ACCESS TO INFORMATION I. BASIC PROVISIONS Article 1 Access to the information filed with government agencies shall be free, whereas it shall be exercised in the manner prescribed by this

More information

KINGDOM OF SAUDI ARABIA. Capital Market Authority CREDIT RATING AGENCIES REGULATIONS

KINGDOM OF SAUDI ARABIA. Capital Market Authority CREDIT RATING AGENCIES REGULATIONS KINGDOM OF SAUDI ARABIA Capital Market Authority CREDIT RATING AGENCIES REGULATIONS English Translation of the Official Arabic Text Issued by the Board of the Capital Market Authority Pursuant to its Resolution

More information

Virgin Media Business Acceptable Use Policy (Internet)

Virgin Media Business Acceptable Use Policy (Internet) Virgin Media Business Acceptable Use Policy (Internet) 1 Introduction 1.1 This Acceptable Use Policy ( AUP ) specifies actions prohibited by Virgin Media Business to users of the Internet Services (in

More information

HIPAA PRIVACY AND SECURITY RULES BUSINESS ASSOCIATE AGREEMENT BETWEEN. Stewart C. Miller & Co., Inc. (Business Associate) AND

HIPAA PRIVACY AND SECURITY RULES BUSINESS ASSOCIATE AGREEMENT BETWEEN. Stewart C. Miller & Co., Inc. (Business Associate) AND HIPAA PRIVACY AND SECURITY RULES BUSINESS ASSOCIATE AGREEMENT BETWEEN Stewart C. Miller & Co., Inc. (Business Associate) AND City of West Lafayette Flexible Spending Plan (Covered Entity) TABLE OF CONTENTS

More information

GL ON THE MINIMUM LIST OF SERVICES AND FACILITIES EBA/GL/2015/06 06.08.2015. Guidelines

GL ON THE MINIMUM LIST OF SERVICES AND FACILITIES EBA/GL/2015/06 06.08.2015. Guidelines EBA/GL/2015/06 06.08.2015 Guidelines on the minimum list of services or facilities that are necessary to enable a recipient to operate a business transferred to it under Article 65(5) of Directive 2014/59/EU

More information

Personal Data Protection LAWS OF MALAYSIA. Act 709 PERSONAL DATA PROTECTION ACT 2010

Personal Data Protection LAWS OF MALAYSIA. Act 709 PERSONAL DATA PROTECTION ACT 2010 1 LAWS OF MALAYSIA Act 709 PERSONAL DATA PROTECTION ACT 2010 2 Laws of Malaysia ACT 709 Date of Royal Assent...... 2 June 2010 Date of publication in the Gazette......... 10 June 2010 Publisher s Copyright

More information

COMMISSION REGULATION (EU) No /.. of XXX

COMMISSION REGULATION (EU) No /.. of XXX EUROPEAN COMMISSION Brussels, XXX [ ](2013) XXX draft COMMISSION REGULATION (EU) No /.. of XXX on the measures applicable to the notification of personal data breaches under Directive 2002/58/EC on privacy

More information

CHAPTER 124B COMPUTER MISUSE

CHAPTER 124B COMPUTER MISUSE 1 L.R.O. 2005 Computer Misuse CAP. 124B CHAPTER 124B COMPUTER MISUSE ARRANGEMENT OF SECTIONS SECTION PART I PRELIMINARY 1. Short title. 2. Application. 3. Interpretation. PART II PROHIBITED CONDUCT 4.

More information

S. ll IN THE SENATE OF THE UNITED STATES A BILL

S. ll IN THE SENATE OF THE UNITED STATES A BILL TH CONGRESS ST SESSION S. ll To codify mechanisms for enabling cybersecurity threat indicator sharing between private and government entities, as well as among private entities, to better protect information

More information