E-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY
|
|
- Clyde Barber
- 8 years ago
- Views:
Transcription
1 E-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY Oana Dolea 7 th Annual Leg@l.IT Conference March 26th, 2013 Montreal, Canada
2 INTRODUCTION Mobile e-commerce vs. E-commerce Mobile e-commerce: more than just transactions 2
3 PRIVACY AND ONLINE CONFIDENCE Why a discussion about privacy and mobile e-commerce? Exponential growth mobile web economy may double by Confidence in the company behind the online transaction a leading trend influencing online business practices. Appropriate treatment of personal information online - an important tool for maintaining and growing that trust. Presentation will focus on: Applicable normative and self-regulatory mechanisms. Aspects of mobile e-commerce that pose privacy risks and can damage confidence in the brand. Practical strategies to promote privacy and confidence in online transactions. 3
4 NORMATIVE PRIVACY FRAMEWORKS Preserving trust in online transactions by understanding general principles set out in normative frameworks. Canada, US and EU significant differences underlying the complexity of the borderless context of online transactions. 4
5 NORMATIVE PRIVACY FRAMEWORKS: CANADA Applicable legislation Federal and provincial statutes that govern the collection, use, disclosure and management of personal information by private sector organizations. Personal Information Protection and Electronic Documents Act (PIPEDA) Applies to organizations engaged in commercial activities anywhere in Canada and when personal information is moved across borders (between provinces or internationally). 10 principles of PIPEDA: accountability, identifying purposes, consent, limiting collection, limiting use, disclosure and retention, accuracy, safeguards, openness, individual access, challenging compliance. 5
6 NORMATIVE PRIVACY FRAMEWORKS: CANADA Personal Information Defined very broadly as information about an identifiable individual. Organizations are generally required to seek consent for the use or disclosure of the personal information at the time of collection. Consent Requires knowledge as well as an understanding of the collection, use and dissemination of information, the repercussions thereof, and the existence of available alternatives. Freedom of choice is critical to privacy. Consent may be express or implied. 6
7 NORMATIVE PRIVACY FRAMEWORKS: CANADA Limits to Collection, Use and Disclosure Organizations must not require consent to the collection, use or disclosure of personal information beyond what is necessary to provide the product or service. Withdrawal of Consent An individual must be able to withdraw consent at any time, subject to legal or contractual restrictions and reasonable notice. Upon receipt of a withdrawal request, individuals must be informed of the implications of such withdrawal. Publicly Available Information Exception to consent requirements for publicly available information found in both federal and provincial legislation. The exception applies to the personal information of an individual that appears in a telephone directory or a professional or business directory, listing or notice that is available to the public. 7
8 NORMATIVE PRIVACY FRAMEWORKS: CANADA Cross-border flows of data: a Canadian provincial perspective Quebec - organizations must take reasonable steps to ensure that personal information transferred to service providers outside Quebec will not be used for other purposes and not be communicated to third parties without consent. Alberta - requires specific notice where the information is being transferred outside of Canada. Notice must include: The countries outside Canada in which the collection, use, disclosure or storage is occurring or may occur, and The purposes for which the service provider outside Canada has been authorized to collect, use or disclose personal information for or on behalf of the organization. 8
9 NORMATIVE PRIVACY FRAMEWORKS: UNITED STATES Constitutional Protection The United States Courts have compensated for the lack of any provision in the U.S. Constitution that grants an explicit right to privacy, by recognizing a right to privacy. Federal Legislation and Privacy Protection Privacy legislation in the U.S. follows a sectoral approach: laws are developed and enforced for a specific industry sector and protect only certain types of information. Information Held by the Federal Government Privacy Act of 1974 and the Computer Matching and Privacy Act - personal information held by the federal government. No authority over the collection and use of personal information held by other private and public sector entities. The United States has largely avoided legislation governing the treatment of sensitive personal information in records systems held by sources other than the federal government. 9
10 NORMATIVE PRIVACY FRAMEWORKS: UNITED STATES Private Sector The Fair Credit Reporting Act: prevents consumer reporting agencies from disclosing personal data on consumer reports without a showing of a legitimate business need. The Financial Services Modernization Act (Gramm-Leach Bliley Act) : contains privacy provisions protecting non-public financial information and requiring that financial institutions employ measures to secure customer data against anticipated threats to confidentiality. The Federal Trade Commission March 2012, FTC Privacy Report - best practices for businesses to protect consumers privacy and give them greater control over their personal data. Calls on companies handling consumer data to adhere to three core principles: Privacy by Design Simplified Consumer Choice Greater Transparency 10
11 NORMATIVE PRIVACY FRAMEWORKS: UNITED STATES State Legislation and Privacy Protection 1. California Online Privacy Protection Act (OPPA) Reaches beyond California s borders - functions as a national law, potentially impacting every commercial website that collects personally identifiable information from consumers. Requires operators of commercial websites or online services to post a privacy policy that must contain certain features. Does not contain any enforcement provisions. However, OPPA presumably could be enforced through California s Unfair Competition Law. 2. Other States Laws Nebraska and Pennsylvania: amended their unfair business practice statutes. Minnesota and Nevada: laws that impose confidentiality requirements on Internet service providers with respect to their subscribers. 11
12 NORMATIVE PRIVACY FRAMEWORKS: EUROPEAN UNION European Data Protection Directive (Directive 95/46/EC ) Applies when the controller is established or operates within the EU, but also whenever the controller uses equipment located inside the EU to process personal data. Controllers from outside the EU who process personal data inside the EU must nevertheless comply with the directive. A controller is a natural or legal person, public authority, agency, or any other body which alone or jointly with others determines the purposes and means of processing of personal data. Based on principles of: Notice Purpose Consent Security Disclosure Access Accountability 12
13 NORMATIVE PRIVACY FRAMEWORKS: EUROPEAN UNION Two broad sets of obligations on data controllers: Registration - Companies are required to register with the relevant national authority in all relevant countries. Compliance - Personal data may only be collected for specified, explicit, and legitimate purposes. Personal data must be adequate, relevant, and not excessive in relation to the purposes for which they are processed. EU Data Directive also requires data controllers to: Only use personal data collected for specific purposes for those purposes (with certain exceptions for historical, statistical, or scientific purposes) and no longer than is necessary. Be clear about the reason it collects personal data and use the data in strict compliance with its declared intentions. Implement appropriate security measures to protect personal information against accidental or unlawful destruction, and against accidental loss, alteration, unauthorized disclosure, or unauthorized access. 13
14 NORMATIVE PRIVACY FRAMEWORKS: EUROPEAN UNION Amendments to the EU Data Protection Directive In February 2013, close to 900 amendments were proposed to the EU Data Protection Directive, generally as follows: Designation of the main establishment Flexibility in the public sector Personal data and pseudonymisation Consent Governance International transfers 14
15 HARMONIZATION OF DIFFERENCES? EU U.S. Transfer of Personal Data Under the EU Directive, personal data may only be transferred outside the EU if the data will receive adequate protection in the importing country. Safe Harbor set of voluntary data protection measures that U.S. companies may undertake to bring them within a safe harbor of adequate protection under the Directive. The Safe Harbor Agreement was adopted in May 2000 and requires compliance with 7 principles: Notice Choice to opt out Notice and choice to opt out when transferring to third parties Access to one s information Protection and security of personal information Data integrity and enforcement. Breach of the Safe Harbor Principles by a company that has committed to them may be actionable under the Federal Trade Commission Act (FTC Act). 15
16 HARMONIZATION OF DIFFERENCES? EU Canada Transfer of Personal Information The EU Commission has recognized PIPEDA as providing adequate protection for the transfer of personal information from the EU to Canada. This allows for the continued flow of personal information between the EU and Canada. Thus, EU companies can share personal information with Canadian companies and store personal information in Canada. 16
17 HARMONIZATION OF DIFFERENCES? Gap between the U.S. and Canada Same harmonization does not exist between Canada and the U.S., leading to a gap in protecting data flows between both countries. FTC and the Office of the Privacy Commissioner of Canada continuously work together in bringing forth legal proceedings and work collectively in enforcing the standards of privacy and security. The Privacy Commissioner recently supported the FTC in legal proceedings over a website operated by a US company which advertised and sold confidential consumer information to third parties without consent. 17
18 SELF-REGULATORY PRIVACY FRAMEWORKS Territorial-based normative frameworks are often insufficient to provide a uniform set of privacy rules, in a borderless online context. Various self-regulating protocols developed in response OECD Privacy Guidelines Platform for Privacy Preferences Standard use of confidentiality policies 18
19 TARGETED BEHAVIOURAL ADVERTISING, PRIVACY AND ONLINE CONFIDENCE E-commerce and online environment Potential challenges to privacy that can affect customer trust in online transactions. Targeted Behavioural Advertising Using cookies, algorithms collect both information identifiable and nonidentifiable information about an individual. Algorithms tracking individuals online activities in order to deliver tailored advertisements that user is more likely to click, view and ultimately purchase. 19
20 TARGETED BEHAVIOURAL ADVERTISING, PRIVACY AND ONLINE CONFIDENCE Why is Targeted Behavioural Advertising problematic for privacy? Rate at which behavioural profiles are growing and accumulating more and more personal information. Even a piece of non-identifiable information, in the presence of many other pieces of information, can quickly become identifiable information. Sensitive information can fall into or be seen by the wrong people. In most cases, lack of awareness means lack of truly informed consent to the collection, use and disclosure of individuals personal information for the purposes of target behavioural advertising. 20
21 TARGETED BEHAVIOURAL ADVERTISING, PRIVACY AND ONLINE CONFIDENCE Consent Implied, Express and In-between Informed consent express consent, rather than the implied consent achieved through notice in a privacy policy. The EU Cookie Directive (Directive 2009/136) goes some way to address the issue of consent to the collection of personal information from a user s Internet activity. Debate about what is sufficient consent: UK Information Commissioner s Office : [ ] The crucial consideration is that the individual must fully understand that by the action in question, they will be giving consent. US Federal Trade Commission 2007 report identified principles for self-regulation of targeted behavioural advertising: Transparency and control Reasonable security, and limited data retention Affirmative express consent for material changes to existing privacy promises Affirmative express consent (or prohibition against) using sensitive data for behavioural advertising 21
22 MOBILE E-COMMERCE: UNIQUE CHALLENGES TO ONLINE CONFIDENCE Practical aspects of Mobile e-commerce present privacy-related questions: Enforcement of inter-jurisdictional compliance Mobile user + divergent legal frameworks = confusing enforcement of privacy. Negative perceptions of geo-location functions Perception of lack of control over personal information that could be extracted from location data. 22
23 PRACTICAL TIPS FOR INCREASING ONLINE CONFIDENCE 1) Adopt a privacy by design approach to all products. 2) Establish business processes with regard privacy that prevent or mitigate negative perceptions. 3) Emphasize a maximum of transparency. 23
24 CONCLUSION Integrity and trust important currencies in the sphere of online commerce. Privacy protection as more than a legal requirement an important marketing tool. 24
25 25 QUESTIONS?
26 26 THANK YOU!
Taking care of what s important to you
A v i v a C a n a d a I n c. P r i v a c y P o l i c y Taking care of what s important to you Table of Contents Introduction Privacy in Canada Definition of Personal Information Privacy Policy: the ten
More informationWidePoint Solutions Corp. SAFE HARBOR PRIVACY POLICY
WidePoint Solutions Corp. SAFE HARBOR PRIVACY POLICY Your privacy is important to us. At WidePoint Solutions Corp. we value your trust. We want you to know how we collect, use, and share and protect information
More informationPIPEDA and Online Backup White Paper
PIPEDA and Online Backup White Paper The cloud computing era has seen a phenomenal growth of the data backup service industry. Backup service providers, by nature of their business, are compelled to collect
More informationCANADIAN PRIVACY AND DATA RESIDENCY REQUIREMENTS. White Paper
CANADIAN PRIVACY AND DATA RESIDENCY REQUIREMENTS White Paper Table of Contents Addressing compliance with privacy laws for cloud-based services through persistent encryption and key ownership... Section
More informationJohnson Controls Privacy Notice
Johnson Controls Privacy Notice Johnson Controls, Inc. and its affiliated companies (collectively Johnson Controls, we, us or our) care about your privacy and are committed to protecting your personal
More informationPrivacy Law in Canada
Privacy Law in Canada Federal and provincial privacy legislation has a profound impact on the way virtually all organizations carry on business across the country. Canada s privacy laws, while likely the
More informationPolicy Implications: Privacy, Security and Liability Big Data in Telecom. June 7 2012 TIA 2012: INSIDE THE NETWORK Dallas TX
Policy Implications: Privacy, Security and Liability Big Data in Telecom June 7 2012 TIA 2012: INSIDE THE NETWORK Dallas TX Who We Are Leading trade association in support of information and communications
More informationDoing Business. A Practical Guide. casselsbrock.com. Canada. Dispute Resolution. Foreign Investment. Aboriginal. Securities and Corporate Finance
About Canada Dispute Resolution Forms of Business Organization Aboriginal Law Competition Law Real Estate Securities and Corporate Finance Foreign Investment Public- Private Partnerships Restructuring
More informationCOUNCIL OF THE EUROPEAN UNION. Brussels, 22 November 2006 15644/06 DATAPROTECT 45 EDPS 3
COUNCIL OF THE EUROPEAN UNION Brussels, 22 November 2006 15644/06 DATAPROTECT 45 EDPS 3 COVER NOTE from: Secretary-General of the European Commission, signed by Mr Jordi AYET PUIGARNAU, Director date of
More informationConsumer Confidence Trustmarks
Consumer Confidence Trustmarks September 14, 2001 Issue Chair Contact Point (Europe/Africa) Contact Point (Asia/Oceania) Carleton S. Fiorina Chairman & CEO Hewlett-Packard Dr. Klaus Mangold CEO DaimlerChrysler
More informationI. Need for Federal Privacy Legislation
Intel Corporation is pleased to file comments on the Department of Commerce National Telecommunications and Information Administration s Notice of Inquiry, Information Privacy and Innovation in the Internet
More informationInformation Governance Policy
Information Governance Policy 1 Introduction Healthwatch Rutland (HWR) needs to collect and use certain types of information about the Data Subjects who come into contact with it in order to carry on its
More informationQUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN 18 085 048 237. better health cover shouldn t hurt
QUEENSLAND COUNTRY HEALTH FUND privacy policy Queensland Country Health Fund Ltd ABN 18 085 048 237 better health cover shouldn t hurt 1 2 contents 1. Introduction 4 2. National Privacy Principles 5 3.
More informationData, Privacy, Cookies and the FTC in 2013. Kevin Stark - ExactTarget Maltie Maraj - ExactTarget Nicholas Merker - Ice Miller
Data, Privacy, Cookies and the FTC in 2013 Kevin Stark - ExactTarget Maltie Maraj - ExactTarget Nicholas Merker - Ice Miller BIOS Kevin Stark: Product Manager at ExactTarget. Focused on data security,
More informationPrivacy Risk Assessments
Privacy Risk Assessments Michael Hulet Principal November 8, 2012 Agenda Privacy Review Definition Trends Privacy Program Considerations Privacy Risk Assessment Risk Assessment Tools Generally Accepted
More informationProtecting your privacy
Protecting your privacy Table of Contents Answering your questions about privacy Your privacy... 1 Your consent... 1 Answering your questions about privacy... 2 About cookies... 9 Behavioural Advertising/Online
More informationBest Practices for Protecting Individual Privacy in Conducting Survey Research
Best Practices for Protecting Individual Privacy in Conducting Survey Research CONTENTS Foreword... 1 Introduction... 2 Privacy Considerations at Each Stage of a Survey Research Project... 5 Stage 1: Issue
More informationAN INTRODUCTION TO THE EU DIRECTIVE ON THE PROTECTION OF PERSONAL DATA
AN INTRODUCTION TO THE EU DIRECTIVE ON THE PROTECTION OF PERSONAL DATA By Peter K. Yu Introduction The Internet and new communications technologies have made shopping more convenient than ever. Online
More informationArticle 29 Working Party Issues Opinion on Cloud Computing
Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,
More informationPROTECTION OF PERSONAL INFORMATION
PROTECTION OF PERSONAL INFORMATION Definitions Privacy Officer - The person within the Goderich Community Credit Union Limited (GCCU) who is responsible for ensuring compliance with privacy obligations,
More informationCloud Computing: Legal Risks and Best Practices
Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent
More informationBRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS
BRITISH COUNCIL DATA PROTECTION CODE FOR PARTNERS AND SUPPLIERS Mat Wright www.britishcouncil.org CONTENTS Purpose of the code 1 Scope of the code 1 The British Council s data protection commitment and
More informationWe will not collect, use or disclose your personal information without your consent, except where required or permitted by law.
HSBC Privacy Notice HSBC's Privacy Principles HSBC Bank Canada is a subsidiary of HSBC Holdings plc which, together with its subsidiaries and affiliates, is one of the world s largest banking and financial
More informationHow To Ensure Health Information Is Protected
pic pic CIHI Submission: 2011 Prescribed Entity Review October 2011 Who We Are Established in 1994, CIHI is an independent, not-for-profit corporation that provides essential information on Canada s health
More informationLaw Firm Compliance: Key Privacy Considerations for Lawyers and Law Firms in Ontario
PRIVACY COMPLIANCE ISSUES FOR LAW FIRMS IN ONTARIO By Sara A. Levine 1 Presented at Law Firm Compliance: Key Privacy Considerations for Lawyers and Law Firms in Ontario Ontario Bar Association, May 6,
More informationtechnical factsheet 176
technical factsheet 176 Data Protection CONTENTS 1. Introduction 1 2. Register with the Information Commissioner s Office 1 3. Period protection rights and duties remain effective 2 4. The data protection
More informationThe Manitoba Child Care Association PRIVACY POLICY
The Manitoba Child Care Association PRIVACY POLICY BACKGROUND The Manitoba Child Care Association is committed to comply with the legal obligations imposed by the federal government's Personal Information
More informationBest Practices in Data Management - A Guide for Marketers -
Best Practices in Data Management - A Guide for Marketers - Prepared with support from the Office of the Privacy Commissioner of Canada s Contributions Program INTRODUCTION As consumers personal information
More informationPrivacy and Electronic Communications Regulations
ICO lo Notification of PECR security breaches Privacy and Electronic Communications Regulations Contents Introduction... 2 Overview... 2 Relevant security breaches... 3 What is a service provider?... 3
More informationIndex All entries in the index reference page numbers.
Index All entries in the index reference page numbers. A Audit of organizations, 37-38, Access to personal information 162-163 by individual, 22, 31, 151-154 B assistance by organization, Biometrics, 123-125
More informationCredit Union Code for the Protection of Personal Information
Introduction Canada is part of a global economy based on the creation, processing, and exchange of information. The technology underlying the information economy provides a number of benefits that improve
More informationMIS Privacy Statement. Our Privacy Commitments
MIS Privacy Statement Our Privacy Commitments MIS Training Institute Holdings, Inc. (together "we") respect the privacy of every person who visits or registers with our websites ("you"), and are committed
More informationINTRODUCTION. Application of the Principles
INTRODUCTION These Canadian Self-Regulatory Principles for Online Behavioural Advertising (the Principles ) were developed by the Digital Advertising Alliance of Canada (the DAAC ), a consortium of leading
More informationPrivacy Statement. What Personal Information We Collect. Australia
Privacy Statement Kelly Services, Inc. and its subsidiaries ("Kelly Services" or Kelly ) respect your privacy and we acknowledge that you have certain rights related to any personal information we collect
More informationPrivacy Law in Canada
by PATRICIA WILSON & MICHAEL FEKETE Protection of personal information remains at the forefront of public policy debate in. Federal and provincial privacy legislation has a profound impact on the way virtually
More informationTHE PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT (PIPEDA) PERSONAL INFORMATION POLICY & PROCEDURE HANDBOOK
THE PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT (PIPEDA) PERSONAL INFORMATION POLICY & PROCEDURE HANDBOOK REVISED August 2004 PERSONAL INFORMATION POLICY & PROCEDURE HANDBOOK Introduction
More informationCloud Computing: Privacy and Other Risks
December 2013 Cloud Computing: Privacy and Other Risks by George Waggott, Michael Reid and Mitch Koczerginski, McMillan LLP Introduction While the benefits of outsourcing organizational data storage to
More informationEU Data Protection Directive and U.S. Safe Harbor Framework: An Employer Update. By Stephen H. LaCount, Esq.
EU Data Protection Directive and U.S. Safe Harbor Framework: An Employer Update By Stephen H. LaCount, Esq. Overview The European Union Data Protection Directive 95/46/EC ( Directive ) went effective in
More informationPrivacy Law Basics and Best Practices
Privacy Law Basics and Best Practices Information Privacy in a Digital World Stephanie Skaff sskaff@fbm.com What Is Information Privacy? Your name? Your phone number or home address? Your email address?
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY Approval date: June 2014 Approved by: Board Responsible Manager: Executive Director of Resources Next Review June 2016 Data Protection Policy 1. Introduction Data Protection Policy
More informationPrivacy Policy. Effective Date: November 20, 2014
Privacy Policy Effective Date: November 20, 2014 Welcome to the American Born Moonshine website (this Site ). This policy describes the Privacy Policy (this Policy ) for this Site and describes how Windy
More informationThe Impact of EU Data Protection Legislation. Thomas Rivera Hitachi Data Systems
Privacy PRESENTATION vs Data TITLE Protection: GOES HERE The Impact of EU Data Protection Legislation Thomas Rivera Hitachi Data Systems SNIA Legal Notice The material contained in this tutorial is copyrighted
More informationESTRO PRIVACY AND DATA SECURITY NOTICE
ESTRO PRIVACY AND DATA SECURITY NOTICE This Data Privacy and Security Policy is a dynamic document, which will reflect our continuing vigilance to properly handle and secure information that we are trusted
More informationSCHEDULE "C" to the MEMORANDUM OF UNDERSTANDING BETWEEN ALBERTA HEALTH SERVICES AND THE ALBERTA MEDICAL ASSOCIATION (CMA ALBERTA DIVISION)
SCHEDULE "C" to the MEMORANDUM OF UNDERSTANDING BETWEEN ALBERTA HEALTH SERVICES AND THE ALBERTA MEDICAL ASSOCIATION (CMA ALBERTA DIVISION) ELECTRONIC MEDICAL RECORD INFORMATION EXCHANGE PROTOCOL (AHS AND
More informationCLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES:
CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES: Privacy Responsibilities and Considerations Cloud computing is the delivery of computing services over the Internet, and it offers many potential
More informationOffice of the Data Protection Commissioner of The Bahamas. Data Protection (Privacy of Personal Information) Act, 2003. A Guide for Data Controllers
Office of the Data Protection Commissioner of The Bahamas Data Protection (Privacy of Personal Information) Act, 2003 A Guide for Data Controllers 1 Acknowledgement Some of the information contained in
More informationJOB APPLICANT PRIVACY NOTICE
JOB APPLICANT PRIVACY NOTICE Table of Contents 1. Purpose... 3 2. What Personal Information ADM Collects... 3 3. How ADM Uses Your Personal Information... 4 4. How ADM Protects Your Personal Information...
More informationBinding Corporate Rules ( BCR ) Summary of Third Party Rights
Binding Corporate Rules ( BCR ) Summary of Third Party Rights This document contains in its Sections 3 9 all provision of the Binding Corporate Rules (BCR) for Siemens Group Companies and Other Adopting
More informationWe ask that you contact our Privacy Officer in the event you have any questions or concerns regarding this Code or its implementation.
PRIVACY AND ANTI-SPAM CODE FOR OUR DENTAL OFFICE Please refer to Appendix A for a glossary of defined terms. INTRODUCTION The Personal Health Information Act (PHIA) came into effect on December 11, 1997,
More informationThe Health Information Act. Use and Disclosure of Health Information for Research
The Health Information Act Use and Disclosure of Health Information for Research The Health Information Act (HIA) sets out rules respecting the use and disclosure of health information for research purposes
More informationApplication of Data Protection Concepts to Cloud Computing
Application of Data Protection Concepts to Cloud Computing By Denitza Toptchiyska Abstract: The fast technological development and growing use of cloud computing services require implementation of effective
More informationPersonal Information Protection and Electronic Documents Act
PIPEDA Self-Assessment Tool Personal Information Protection and Electronic Documents Act table of contents Why this tool is needed... 3 How to use this tool... 4 PART 1: Compliance Assessment Guide Principle
More informationINTERNATIONAL SOS. Data Protection Policy. Version 1.05
INTERNATIONAL SOS Data Protection Policy Document Owner: LCIS Division Document Manager: Group General Counsel Effective: December 2008 Revised: 2015 All copyright in these materials are reserved to AEA
More informationThe U.S.-EU Safe Harbor Guide to Self-Certification
U.S.-EU Safe Harbor Framework A Guide to Self-Certification Table of Contents Introduction.............................................................1 Overview...............................................................3
More informationThe HR Skinny: Effectively managing international employee data flows
The HR Skinny: Effectively managing international employee data flows Topics we will cover today Laws affecting HR data flows HR international data protection challenges and strategic solutions Case study
More informationReport of the Information & Privacy Commissioner/Ontario. Review of the Canadian Institute for Health Information:
Information and Privacy Commissioner of Ontario Report of the Information & Privacy Commissioner/Ontario Review of the Canadian Institute for Health Information: A Prescribed Entity under the Personal
More informationEuropean Privacy Reporter
Is this email not displaying correctly? Try the web version or print version. ISSUE 02 European Privacy Reporter An Update on Legal Developments in European Privacy and Data Protection November 2012 In
More informationSCHEDULE "C" ELECTRONIC MEDICAL RECORD INFORMATION EXCHANGE PROTOCOL
SCHEDULE "C" to the MEMORANDUM OF UNDERSTANDING AMONG ALBERTA HEALTH SERVICES, PARTICIPATING OTHER CUSTODIAN(S) AND THE ALBERTA MEDICAL ASSOCIATION (CMA ALBERTA DIVISION) ELECTRONIC MEDICAL RECORD INFORMATION
More informationPersonal Information Protection and Electronic Documents Act (PIPEDA)
Introduction Personal Information Protection and Electronic Documents Act (PIPEDA) Policy and The Insurance Brokers Association of Alberta is committed to respect the privacy rights of individuals by ensuring
More informationCorporate Policy. Data Protection for Data of Customers & Partners.
Corporate Policy. Data Protection for Data of Customers & Partners. 02 Preamble Ladies and gentlemen, Dear employees, The electronic processing of virtually all sales procedures, globalization and growing
More information1. Introduction. 2. Sectoral Areas Affected. 3. Data Security. 4. Data Breach Requirements. 5. Traffic Data
1. Introduction Special data protection rules apply to the protection of Personal Data by Data Controllers in the electronic communications sector. These are in addition to the general obligations that
More informationPrivacy by Design The 7 Foundational Principles Implementation and Mapping of Fair Information Practices
Privacy by Design The 7 Foundational Principles Implementation and Mapping of Fair Information Practices Ann Cavoukian, Ph.D. Information & Privacy Commissioner, Ontario, Canada Purpose: This document
More informationPrivacy Policy for Data Collected by Blue State Digital s Clients
Privacy Policy for Data Collected by Blue State Digital s Clients Blue State Digital LLC. ("Blue State Digital", BSD or "we") provides various services to nonprofits and business entities ("Clients"),
More informationThe Digital Marketing Ecosystem: Trends, Risks and Obligations
The Digital Marketing Ecosystem: Trends, Risks and Obligations Teena H. Lee, Vice President, Privacy and E-commerce Counsel The Estée Lauder Companies Inc. Bridget C. Treacy, Partner, Hunton & Williams
More informationPRIVACY AND DATA SECURITY MODULE
"This project has been funded under the fourth AAL call, AAL-2011-4. This publication [communication] reflects the views only of the author, and the Commission cannot be held responsible for any use which
More informationPRIVACY POLICY Personal information and sensitive information Information we request from you
PRIVACY POLICY Business Chicks Pty Ltd A.C.N. 121 566 934 (we, us, our, or Business Chicks) recognises and values the protection of your privacy. We also understand that you want clarity about how we manage
More informationSHAREYOURJOB.COM PRIVACY POLICY
SHAREYOURJOB.COM PRIVACY POLICY (last updated 9th October 2014) 1. Introduction 1.1 Shareyourjob.com Ltd ( Shareyourjob.com or we ) respects the privacy of our users and has developed this Privacy Policy
More information<Choose> Addendum Windows Azure Data Processing Agreement Amendment ID M129
Addendum Amendment ID Proposal ID Enrollment number Microsoft to complete This addendum ( Windows Azure Addendum ) is entered into between the parties identified on the signature form for the
More informationFINANCIAL PLANNING CLIENT AGREEMENT
FINANCIAL PLANNING CLIENT AGREEMENT This Financial Planning Agreement ( Agreement ) is entered into by and among LPL Financial Corporation ( LPL ), a registered investment advisor, the LPL Investment Adviser
More information7.0 Information Security Protections The aggregation and analysis of large collections of data and the development
7.0 Information Security Protections The aggregation and analysis of large collections of data and the development of interconnected information systems designed to facilitate information sharing is revolutionizing
More information// CODE OF ETHICS FOR DENTISTS IN THE EUROPEAN UNION
// CODE OF ETHICS FOR DENTISTS IN THE EUROPEAN UNION Adopted unanimously by the CED General Meeting on 30 November 2007, amending earlier versions of the CED Code of Ethics from 1965, 1982, 1998 and 2002.
More informationAN INTRO TO. Privacy Laws. An introductory guide to Canadian Privacy Laws and how to be in compliance. Laura Brown
AN INTRO TO Privacy Laws An introductory guide to Canadian Privacy Laws and how to be in compliance Laura Brown Air Interactive Media Senior DMS Advisor A Publication of 1 TABLE OF CONTENTS Introduction
More informationPersonal Information Protection Act ( PIPA ) Privacy-Proofing Your Retail Business Tips for Protecting Customers Personal Information 1
Personal Information Protection Act ( PIPA ) Tips for Protecting Customers Personal Information 1 More than ever before, retailers have to be prepared to deal with customers who ask questions about the
More informationMerthyr Tydfil County Borough Council. Data Protection Policy
Merthyr Tydfil County Borough Council Data Protection Policy 2014 Cyfarthfa High School is a Rights Respecting School, we recognise the importance of ensuring that the United Nations Convention of the
More informationSTATUTORY INSTRUMENTS. S.I. No. 336 of 2011
STATUTORY INSTRUMENTS. S.I. No. 336 of 2011 EUROPEAN COMMUNITIES (ELECTRONIC COMMUNICATIONS NETWORKS AND SERVICES) (PRIVACY AND ELECTRONIC COMMUNICATIONS) REGULATIONS 2011 (Prn. A11/1165) 2 [336] S.I.
More informationNORTHWESTEL CODE OF FAIR INFORMATION PRACTICES. Effective January 1, 2001
NORTHWESTEL CODE OF FAIR INFORMATION PRACTICES Effective January 1, 2001 The Northwestel Code of Fair Practices complies fully with the Personal Protection and Electronic Documents Act and incorporates
More informationCLOUD COMPUTING & THE PATRIOT ACT: A RED HERRING?
CLOUD COMPUTING & THE PATRIOT ACT: A RED HERRING? Lindsey Finch Senior Global Privacy Counsel Salesforce.com lfinch@salesforce.com David T.S. Fraser Partner McInnes Cooper David.fraser@mcinnescooper.com
More information3. Consent for the Collection, Use or Disclosure of Personal Information
PRIVACY POLICY FOR RENNIE MARKETING SYSTEMS Our privacy policy includes provisions of the Personal Information Protection Act (BC) and the Personal Information Protection and Electronic Documents Act (Canada),
More informationAlixPartners, LLP. General Data Protection Statement
AlixPartners, LLP General Data Protection Statement GENERAL DATA PROTECTION STATEMENT 1. INTRODUCTION 1.1 AlixPartners, LLP ( AlixPartners ) is committed to fulfilling its obligations under the data protection
More informationCOMMISSION STAFF WORKING DOCUMENT. on the existing EU legal framework applicable to lifestyle and wellbeing apps. Accompanying the document
EUROPEAN COMMISSION Brussels, 10.4.2014 SWD(2014) 135 final COMMISSION STAFF WORKING DOCUMENT on the existing EU legal framework applicable to lifestyle and wellbeing apps Accompanying the document GREEN
More informationHow To Understand The Data Protection Act
DATA PROTECTION ACT 2002 The Basics Purpose of the Act Balance the rights of an individual with an organisation s legitimate need to process personal data Promote openness and transparency Establish and
More informationROHIT GROUP OF COMPANIES PRIVACY POLICY This privacy policy is subject to change without notice. It was last updated on July 23, 2014.
ROHIT GROUP OF COMPANIES PRIVACY POLICY This privacy policy is subject to change without notice. It was last updated on July 23, 2014. The Rohit Group of Companies ( Rohit Group, Company, our, we ) understands
More informationPersonal Data Protection Policy
Personal Data Protection Policy Please take a moment to read the following Policy. If there is anything you do not understand then please contact us. We are committed to protecting privacy. This Personal
More informationQuestions and answers for custodians about the Personal Health Information Privacy and Access Act (PHIPAA)
Questions and answers for custodians about the Personal Health Information Privacy and Access Act (PHIPAA) This document provides answers to some frequently asked questions about the The Personal Health
More informationUNILEVER PRIVACY PRINCIPLES UNILEVER PRIVACY POLICY
UNILEVER PRIVACY PRINCIPLES Unilever takes privacy seriously. The following five principles underpin our approach to respecting your privacy: 1. We value the trust that you place in us by giving us your
More informationDeclaration of Internet Rights Preamble
Declaration of Internet Rights Preamble The Internet has played a decisive role in redefining public and private space, structuring relationships between people and between people and institutions. It
More informationMaximum Global Business Online Privacy Statement
Maximum Global Business Online Privacy Statement Last Updated: June 24, 2008. Maximum Global Business is committed to protecting your privacy. Please read the Maximum Global Business Online Privacy Statement
More informationAccountable Privacy Management in BC s Public Sector
Accountable Privacy Management in BC s Public Sector Contents Accountable Privacy Management In BC s Public Sector 2 INTRODUCTION 3 What is accountability? 4 Steps to setting up the program 4 A. PRIVACY
More informationAbilities Centre collects personal information for the following purposes:
Privacy Policy Accountability Abilities Centre is responsible for your personal information under its control. We have appointed a Privacy Officer who is accountable for our compliance with this Privacy
More informationCredit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information
Credit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information INTRODUCTION Privacy legislation establishes legal privacy rights for individuals and sets enforceable
More informationChangeIt Privacy Policy - Canada
ChangeIt Privacy Policy - Canada 1. Policy on Privacy of Personal Information Formulating Change Inc. ( FCI, we, us or our ) is committed to protecting the privacy and security of your Personal Information
More informationData Protection Good Practice Note
Data Protection Good Practice Note This explanatory document explains what charities and voluntary organisations need to do to comply with the Data Protection Act 1988 as amended by the Data Protection
More informationOffice 365 Data Processing Agreement with Model Clauses
Enrollment for Education Solutions Office 365 Data Processing Agreement (with EU Standard Contractual Clauses) Amendment ID Enrollment for Education Solutions number Microsoft to complete 7392924 GOLDS03081
More informationsingapore american school
Background The Singapore Personal Data Protection Act - 2012 (PDPA) establishes a data protection law that comprises various rules governing the collection, use, disclosure, and care of personal data.
More informationAlign Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved.
Align Technology Data Protection Binding Corporate Rules Processor Policy Confidential Contents INTRODUCTION TO THIS POLICY 3 PART I: BACKGROUND AND ACTIONS 4 PART II: PROCESSOR OBLIGATIONS 6 PART III:
More informationData Protection Policy.
Data Protection Policy. Data Protection Policy Foreword 2 Foreword Ladies and Gentlemen, In the information age, we offer customers the means to be always connected, even in their cars. This requires data
More informationThe 7 Foundational Principles. Implementation and Mapping of Fair Information Practices. Ann Cavoukian, Ph.D.
Privacy by Design The 7 Foundational Principles Implementation and Mapping of Fair Information Practices Ann Cavoukian, Ph.D. Information & Privacy Commissioner Ontario, Canada Purpose: This document provides
More informationPrivacy and Transparency for Consumer Trust and Consumer Centrality
1 1 2 2 Ecommerce Europe is the association representing around 5000+ companies selling products and/or services online to consumers in Europe. Ecommerce Europe is a major stakeholder in policy issues
More informationProtecting your privacy
Protecting your privacy Protecting your privacy is important to us. Transamerica Life Canada and its affiliates: Canadian Premier Life Insurance Company, Legacy General Insurance Company, Aegon Fund Management
More informationData Protection and Privacy Policy
Data Protection and Privacy Policy 1. General This policy outlines Conciliation Resources commitments to respect the privacy of people s personal information and observe the relevant data protection legislation.
More information