Privacy & Big Data: Enable Big Data Analytics with Privacy by Design. Datenschutz-Vereinigung von Luxemburg Ronald Koorn DRAFT VERSION 8 March 2014
|
|
- Evan Johnston
- 8 years ago
- Views:
Transcription
1 Privacy & Big Data: Enable Big Data Analytics with Privacy by Design Datenschutz-Vereinigung von Luxemburg Ronald Koorn DRAFT VERSION 8 March 2014
2 Agenda? What is 'Big Data'? Privacy Implications Privacy by Design Take aways Q&A 1
3 What is Big Data? Evolution or revolution? 2
4 What is Big Data? Big data is high-volume, high-velocity & high-variety information assets that demand cost-effective, innovative forms of information processing for enhanced insight & decision-making (Gartner) Volume + = Velocity Variety Value Un-Structured Structured Big Data every day more than 2.5 exabytes ( ) of data is created 3
5 Big Data context Individual vs. Business Compliance Legal Corporate Social Responsibility Integrity & Fraud Protection Business Process Management Big Data & Privacy Records Mgmt. / Data retention Security Data Quality Controls/ Auditing 4
6 The Big Data market infancy & immature 8 5
7 Examples of Big Data applications: Analysis of Earnings per Antenna Measurement of revenue per antenna cell at one single day. Green dots indicate the antennae with relative large amount of revenue, while the red dots indicate antennae with relatively low revenue. Dots in the sea indicate antennae on oil rigs. Measurement of the average revenue per antenna versus the amount of connections. The size of the dots indicate the total sum of revenue. Outliers can be spotted easily to find out issues with costly antennae. Based on this information it is possible to prioritize maintenance of infrastructure by identifying the most important antennae. 8
8 Examples of Big Data applications: Modeling Mortgage Risks Risk modeling for a banks collection of mortgages based on life-changing events. By combining public information on an online house-selling website (funda.nl) with internal bank data on transactions a model has been built to describe and predict the length of mortgages at that bank (blue curve). Analysis of the difference in house-selling price and the mortgage at the bank. The red curve corresponds to customers in so-called special treatment for negative financial reasons, while the blue curve corresponds to normal customers that have not been in this special treatment. 10
9 Big Data & Privacy Regulation Analytics Trending Fraud Insights BIG DATA Data Management Process improvements Data Protection & Privacy Purpose limitation Profiling Outsourcing/ external partners Data minimization Rights of data subjects Privacy Impact Assessments Privacy by Design 12
10 Privacy Requirements for Big Data projects Privacy Principles Big Data Implications DPA notification DPA to be notified (depending on use) Transparency Data subjects (and work council) to be notified (esp. autom. decision-making) Purpose Binding Limit further incompatible use Legitimate Grounds Consent to individual profiling Data Quality Match & enrich in/external data sources Rights of Data Subjects Data subjects to be notified and right to object / opt-out Security Datawarehouse is single point of failure/ success; strong access controls. Logging, monitoring & data destruction required Outsourcing / Onward transfer Data ownership, contracts 13
11 Big Data & compatible use We have a lot of customer data in various data silos. What data are we allowed to use and how are we allowed to use it? Analyse on a case-by-case basis Data accumulated by the controller, received from the customer may be combined and used without consent for purposes that are not incompatible with the original purposes of the respective collection and processing (excl. traffic data and communication content) Insurance company Compatible use: Profiling for marketing purposes Incompatible use: Profiling for decision making on insurance policies Processing and combining of data from external sources shall be assessed more prohibitively Credit union Compatible use: Adding publicly available data on a person's default history Incompatible use: Adding acquired health data for inclusion in assessment for mortgage eligibility If profiling may have legal effect on data subjects, explicit consent required; also other restrictions to profiling apply Other data protection provisions on the duties of the controller, the rights of data subjects and on direct marketing always apply 14
12 Big Data & Profiling General restrictions to profiling Additional restrictions to profiling that may have legal or comparable effects The data subjects shall be informed of profiling The data subjects have the right to object to profiling Profiling for e.g. marketing purposes is restricted by the purpose limitation Profiling that has the effect of discriminating against individuals on the basis of race or ethnic origin, political opinions, religion or beliefs, trade union membership, sexual orientation or gender identity, or that results in measures which have such effect, is prohibited Profiling shall not be based solely on special categories of data Profiling of children under 13 poses particular concerns A person may be subjected to profiling which leads to measures producing legal effects concerning the data subject or does similarly significantly affect the interests, rights or freedoms of the concerned data subject only if the processing: (a) is necessary for the entering into, or performance of, a contract; (b) is expressly authorized by a Union or Member State law; or (c) is based on the data subject's consent Such profiling shall not be based solely or predominantly on automated processing and shall include human assessment, including an explanation of the decision reached after such an assessment Privacy Impact assessment required beforehand 15
13 Why is Privacy & Information Security getting so difficult? Regulatory Proliferation of laws and regulations Rise of compliance red tape & costs Laws applicable regardless of the company s main establishment Nonregulatory Call for greater accountability & better data governance Implementation of Privacy by Design Proliferation of policy papers, best practices & guidelines Enforcement Sensitive issues Rising appetite of the enforcement authorities to confront the private sector, especially the IT sector Creation of quasi- precedent and custom-based data protection system Employees Privacy / Data protection International data transfers & Outsourcing post-nsa revelations Marketing & Big Data Online & Mobile Services Proliferation of data breaches Innovation trends Personalization of services Maximization of benefits flowing from data usage Building consumer trust is an ultimate asset 16
14 Privacy by Design: Privacy Impact Assessment Phase 1 Determine Scope & Approach Phase 2 Inventory Dataflows, Sources, Elements & Results Phase 3 Identify Applicable Legislation & Expectations Phase 4 Map Regulatory Requirements on Big Data Analytics Phase 5 Identify Big Data Privacy Risks Phase 6 Select Privacy by Design solutions Phase 7 Implementation & Auditing 18
15 Privacy by Design Appropriate & proportionate technical & organisational measures and procedures implemented in such a way that the processing will meet the requirements of the Privacy regulation & ensure the protection of the rights of data subjects Or, more concretely 1. Proactive not Reactive Preventative not Remedial 2. Privacy as the Default Setting 3. Privacy Embedded into Design 4. Full Functionality Positive-Sum, not Zero-Sum 5. End-to-End Security Full Lifecycle Protection 6. Visibility & Transparency Keep it Open 7. Respect User Privacy Keep it User-Centric* From compliance to default mode of operation * Cavoukian - Reed: Big Privacy: Bridging Big Data and the Personal Data Ecosystem through Privacy by Design (2013) 19
16 Privacy by Design: Security is insufficient for Big Data Privacy Privacy Privacy Policy Notification Subject Rights Purpose Binding Legitimate Grounds Data Quality Lawful transfer (incl. outside EU) Security Policy Classification Logical Security Physical Security Availability Compliance Incident Mgmt. Security Security Organisation Personnel Security IT Services Mgmt. System Development 20
17 Effectiveness Privacy by Design & Default Privacy Enhancing Technologies (PET) Level 4 Data Anonymization Level 1 General PET Controls Role-based Access Controls Encryption Level 2 Data Separation Pseudonymization Separation of data in domains Use of Trusted Third Party Level 3 Privacy Management Systems Advanced data management tools P3P / EPAL Privacy Rights Management No recording of personal data Anonymization / data deletion at collection Requirements on system design 21
18 Privacy by Design: Anonymization vs. Pseudonymization Anonymization: No privacy legislation applicable Totally anonymous is challenging with substantive data sets Less useful for combining internal and external data Limited security requirements remaining after de-identification Pseudonymization: EU Regulation still applicable, in some countries the EU Directive is not Useful for longitudinal data analytics & research Close to the data source Use of Trusted Third Party effective solution No indirect inheritance possible (non-reversible, i.e. one-way hashing) Susceptible for inference attaches (potential re-identification) 22
19 Effects of upcoming EU Data Protection Regulation on Big Data US-based data warehouse with EU citizens within scope Privacy Impact Assessment mandatory Data minimization & profiling only achievable with anonymization / pseudonymization Separate & explicit consent for (big) data analysis may be required (incl. parental consent for minors) Extensive data breach notification required Data portability easier to provide Right to be erased (for all registrations, incl. transferred data) Privacy by Design required Penalties can be prohibitive 25
20 Take Aways Big Data projects are better safeguarded by following 5 keys: 1. Accountability / Data Governance 2. Privacy Impact Assessment 3. Anonymization / Pseudonymization 4. Organizational, contractual, technical controls (entire data lifecycle!) 5. Address public opinion & obtain consent / opt-in 26
21 Interested in discussion? Big Data is too important to leave to (data) nerds Privacy is too important to leave (solely) to lawyers 27
22 Thank you KPMG IT Advisory P.O. Box AA Utrecht The Netherlands Tel. +31 (0)
Article 29 Working Party Issues Opinion on Cloud Computing
Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,
More informationBinding Corporate Rules ( BCR ) Summary of Third Party Rights
Binding Corporate Rules ( BCR ) Summary of Third Party Rights This document contains in its Sections 3 9 all provision of the Binding Corporate Rules (BCR) for Siemens Group Companies and Other Adopting
More informationPrivacy by Design. Ian Brown, Prof. of Information Security and Privacy Oxford Internet Institute, University of Oxford @IanBrownOII
Privacy by Design Ian Brown, Prof. of Information Security and Privacy Oxford Internet Institute, University of Oxford @IanBrownOII Privacy by Design principles 1. Proactive not Reactive; Preventative
More informationData Protection. Processing and Transfer of Personal Data in Kvaerner. Binding Corporate Rules Public Document
Data Protection Processing and Transfer of Personal Data in Kvaerner Binding Corporate Rules Public Document 1 of 19 1 / 19 Table of contents 1 Introduction... 4 1.1 Scope... 4 1.2 Definitions... 4 1.2.1
More information1. Understanding Big Data
Big Data and its Real Impact on Your Security & Privacy Framework: A Pragmatic Overview Erik Luysterborg Partner, Deloitte EMEA Data Protection & Privacy leader Prague, SCCE, March 22 nd 2016 1. 2016 Deloitte
More informationCorporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data
Corporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data *) For the purposes of these Corporate Guidelines, Third Countries are all those countries, which do not
More informationData protection compliance checklist
Data protection compliance checklist What is this checklist for? This checklist is drawn up on the basis of analysis of the relevant provisions of European law. Although European law aims at harmonizing
More informationGuidelines on Data Protection. Draft. Version 3.1. Published by
Guidelines on Data Protection Draft Version 3.1 Published by National Information Technology Development Agency (NITDA) September 2013 Table of Contents Section One... 2 1.1 Preamble... 2 1.2 Authority...
More informationA Pragmatic Guide to Big Data & Meaningful Privacy. kpmg.be
A Pragmatic Guide to Big Data & Meaningful Privacy kpmg.be From predicting criminal behavior to medical breakthroughs, from location-based restaurant recommendations to customer churn predictions, the
More informationBig Data, Not Big Brother: Best Practices for Data Analytics Peter Leonard Gilbert + Tobin Lawyers
Big Data, Not Big Brother: Best Practices for Data Analytics Peter Leonard Gilbert + Tobin Lawyers March 2013 How Target Knew a High School Girl Was Pregnant Before Her Parents Did just because you can,
More informationAlixPartners, LLP. General Data Protection Statement
AlixPartners, LLP General Data Protection Statement GENERAL DATA PROTECTION STATEMENT 1. INTRODUCTION 1.1 AlixPartners, LLP ( AlixPartners ) is committed to fulfilling its obligations under the data protection
More informationPrivacy by Design The 7 Foundational Principles Implementation and Mapping of Fair Information Practices
Privacy by Design The 7 Foundational Principles Implementation and Mapping of Fair Information Practices Ann Cavoukian, Ph.D. Information & Privacy Commissioner, Ontario, Canada Purpose: This document
More informationlegal & ethical data sharing prof.dr. Ronald Leenes r.e.leenes@uvt.nl TILT - Tilburg Institute for Law, Technology, and Society
legal & ethical data sharing prof.dr. Ronald Leenes r.e.leenes@uvt.nl TILT - Tilburg Institute for Law, Technology, and Society overview the problem revisited secondary use data protection regulation Data
More informationDATA PROTECTION ACT 1998 COUNCIL POLICY
DATA PROTECTION ACT 1998 COUNCIL POLICY Page 1 of 5 POLICY STATEMENT Blackpool Council recognises the need to fully comply with the requirements of the Data Protection Act 1998 (DPA) and the obligations
More informationBHF Southern African Conference
BHF Southern African Conference Navigating the complexities of the new legislative framework Peter Hill, Director: IT Governance Network TOPICS TO BE COVERED The practical implementation of the PPI Act
More informationPrivacy by Design Setting a new standard for privacy certification
Privacy by Design Setting a new standard for privacy certification Privacy by Design is a framework based on proactively embedding privacy into the design and operation of IT systems, networked infrastructure,
More informationCorporate Policy. Data Protection for Data of Customers & Partners.
Corporate Policy. Data Protection for Data of Customers & Partners. 02 Preamble Ladies and gentlemen, Dear employees, The electronic processing of virtually all sales procedures, globalization and growing
More informationInformation Governance Policy
Information Governance Policy 1 Introduction Healthwatch Rutland (HWR) needs to collect and use certain types of information about the Data Subjects who come into contact with it in order to carry on its
More informationData Protection in Ireland
Data Protection in Ireland 0 Contents Data Protection in Ireland Introduction Page 2 Appointment of a Data Processor Page 2 Security Measures (onus on a data controller) Page 3 8 Principles Page 3 Fair
More informationThe 7 Foundational Principles. Implementation and Mapping of Fair Information Practices. Ann Cavoukian, Ph.D.
Privacy by Design The 7 Foundational Principles Implementation and Mapping of Fair Information Practices Ann Cavoukian, Ph.D. Information & Privacy Commissioner Ontario, Canada Purpose: This document provides
More informationInformation Security Policies. Version 6.1
Information Security Policies Version 6.1 Information Security Policies Contents: 1. Information Security page 3 2. Business Continuity page 5 3. Compliance page 6 4. Outsourcing and Third Party Access
More informationPrivacy Policy. February, 2015 Page: 1
February, 2015 Page: 1 Revision History Revision # Date Author Sections Altered Approval/Date Rev 1.0 02/15/15 Ben Price New Document Rev 1.1 07/24/15 Ben Price Verify Privacy Grid Requirements are met
More informationPersonal Data Protection Policy
Personal Data Protection Policy Please take a moment to read the following Policy. If there is anything you do not understand then please contact us. We are committed to protecting privacy. This Personal
More informationDeclaration of Internet Rights Preamble
Declaration of Internet Rights Preamble The Internet has played a decisive role in redefining public and private space, structuring relationships between people and between people and institutions. It
More informationConnected car, big data, big brother?
Connected car, big data, big brother? Using geolocation in a trustworthy and compliant way Simon.Hania@tomtom.com Trends that threaten trust 2 Connected cars with downloadable apps Location services, cloud,
More informationEuropean Commission initiatives on e- and mhealth
European Commission initiatives on e- and mhealth Fundamental Rights Forum, 22 June 2016 WG 24: E-health: improving rights fulfilment through innovation Claudia Prettner, Unit for Health and Well-Being,
More informationINFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK
INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Information Governance Strategic
More informationComments and proposals on the Chapter IV of the General Data Protection Regulation
Comments and proposals on the Chapter IV of the General Data Protection Regulation Ahead of the trialogue negotiations later this month, EDRi, Access, Panoptykon Bits of Freedom, FIPR and Privacy International
More informationCrime Statistics Data Security Standards. Office of the Commissioner for Privacy and Data Protection
Crime Statistics Data Security Standards Office of the Commissioner for Privacy and Data Protection 2015 Document details Security Classification Dissemination Limiting Marker Dissemination Instructions
More informationMatthias Hauss- SRC Security Research & Consulting GmbH October 2011. PCI DSS Requirements in the Context of European Data Protection Law
Matthias Hauss- SRC Security Research & Consulting GmbH October 2011 PCI DSS Requirements in the Context of European Data Protection Law About SRC Two pillars: Card-based Payment Systems and IT security
More informationNAI Mobile Application Code
2013 NAI Mobile Application Code Introduction The NAI Mobile Application Code, like the 2013 NAI Code of Conduct, governs only NAI member companies. It does not govern all data collection by member companies,
More informationBEFORE THE DEPARTMENT OF COMMERCE NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY. Request for Comments Docket # 120214135-2135-01
BEFORE THE DEPARTMENT OF COMMERCE NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY Request for Comments Docket # 120214135-2135-01 Multistakeholder Process to Develop Consumer Privacy Codes of Conduct COMMENTS
More information3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014. Straightforward Security and Compliance
3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014 Continuous Education Services (elearning/workshops) Compliance Management Portals Information Security
More informationData Protection Policy.
Data Protection Policy. Data Protection Policy Foreword 2 Foreword Ladies and Gentlemen, In the information age, we offer customers the means to be always connected, even in their cars. This requires data
More informationData Security and Extranet
Data Security and Extranet Derek Crabtree Schools ICT Support Manager derek.crabtree@merton.gov.uk Target Operating Model 2011 Merton Audit Organisation name: London Borough of Merton Periodic plan date:
More informationFIDELITY APPLICANT PRIVACY AND PROTECTION NOTICE
FIDELITY APPLICANT PRIVACY AND PROTECTION NOTICE Last Updated: November 2012 FMR LLC and its affiliated entities ( Fidelity ) value your trust and are committed to the responsible management, use and protection
More informationWelcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information
Welcome to the Privacy and Security PowerPoint presentation in the Data Analytics Toolkit. This presentation will provide introductory information about HIPAA, the HITECH-HIPAA Omnibus Privacy Act, how
More informationImproving Unstructured Data Governance. Ryan Jancaitis Product Management Symantec
Improving Unstructured Data Governance Ryan Jancaitis Product Management Symantec Agenda 1 2 3 4 Overview Data Management Data Protection and Compliance Summary Unstructured Information Growth Leads to
More informationThe U.K. Information Commissioner s Office Report on Big Data and Data Protection
reau of National Affairs, Inc. (800-372-1033) http://www.bna.com WORLD DATA PROTECTION REPORT >>> News and analysis of data protection developments around the world. For the latest updates, visit www.bna.com
More informationA Q&A with the Commissioner: Big Data and Privacy Health Research: Big Data, Health Research Yes! Personal Data No!
A Q&A with the Commissioner: Big Data and Privacy Health Research: Big Data, Health Research Yes! Personal Data No! Ann Cavoukian, Ph.D. Information and Privacy Commissioner Ontario, Canada THE AGE OF
More informationDESTINATION MELBOURNE PRIVACY POLICY
DESTINATION MELBOURNE PRIVACY POLICY 2 Destination Melbourne Privacy Policy Statement Regarding Privacy Policy Destination Melbourne Limited recognises the importance of protecting the privacy of personally
More informationHow To Protect Your Data In European Law
Corporate Data Protection Code of Conduct for the Protection of the Individual s Right to Privacy in the Handling of Personal Data within the Deutsche Telekom Group 2010 / 04 We make ICT strategies work
More informationBIG DATA AND THE INTERNET OF THINGS
BIG DATA AND THE INTERNET OF THINGS 12 September 2013 Robert Bond Partner and Notary Public Janine Regan Solicitor Tughan Thuraisingam Paralegal Our team Speechly Bircham is an ambitious, full-service
More informationIndustrial Control Systems Cyber Emergency Response Team (ICS-CERT) 2014: 245 incidents reported
Protecting What Matters Most Christian Fahlke, Regional Sales Manager ALPS March 2015 Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) 2014: 245 incidents reported (Source: https://ics-cert.us-cert.gov/sites/default/files/monitors/ics-cert_monitor_sep2014-feb2015.pdf)
More information24 Highbury Crescent London N5 1RX UK Tel: + 44 (0) 207 563 9170 Fax: +44 (0) 207 563 9171
September 10, 2015 ICRT International Consumer Research & Testing 24 Highbury Crescent London N5 1RX UK Tel: + 44 (0) 207 563 9170 Fax: +44 (0) 207 563 9171 Dear Mr. Spiezle. As comments are invited before
More informationCYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES
POINT OF VIEW CYBERSECURITY IN FINANCIAL SERVICES Financial services institutions are globally challenged to keep pace with changing and covert cybersecurity threats while relying on traditional response
More informationAustralia s unique approach to trans-border privacy and cloud computing
Australia s unique approach to trans-border privacy and cloud computing Peter Leonard Partner, Gilbert + Tobin Lawyers and Director, iappanz In Australia, as in many jurisdictions, there have been questions
More informationInformation & ICT Security Policy Framework
Information & ICT Security Framework Version: 1.1 Date: September 2012 Unclassified Version Control Date Version Comments November 2011 1.0 First draft for comments to IT & Regulation Group and IMG January
More informationPrivacy Risk Assessments
Privacy Risk Assessments Michael Hulet Principal November 8, 2012 Agenda Privacy Review Definition Trends Privacy Program Considerations Privacy Risk Assessment Risk Assessment Tools Generally Accepted
More informationTHE MOBILE MAJORITY: BUILDING PRIVACY BY DESIGN INTO MOBILE APPS
THE MOBILE MAJORITY: BUILDING PRIVACY BY DESIGN INTO MOBILE APPS Clarissa Cerda, EVP, Chief Legal Officer and Secretary, LifeLock Kimberly Cilke, CIPP/US Deputy General Counsel, GoDaddy.com Timothy Sparapani
More informationI. System Activities that Impact End User Privacy
I. System Activities that Impact End User Privacy A. The Information Life Cycle a. Manual processes i. Interaction ii. Data entry b. Systems i. Operating and file ii. Database iii. Applications iv. Network
More information7.08.2 Privacy Rules for Customer, Supplier and Business Partner Data. Directive 7.08 Protection of Personal Data
Akzo Nobel N.V. Executive Committee Rules 7.08.2 Privacy Rules for Customer, Supplier and Business Partner Data Source Directive Content Owner Directive 7.08 Protection of Personal Data AkzoNobel Legal
More informationIM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy. Notification of Policy Release: Distribution by Communication Managers
IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy DOCUMENT INFORMATION Author: Vince Weldon Associate Director of IM&T Approval: Executive This document replaces: IM&T Policy No. 1 Anti Virus Version
More informationPRIVACY BREACH MANAGEMENT POLICY
PRIVACY BREACH MANAGEMENT POLICY DM Approval: Effective Date: October 1, 2014 GENERAL INFORMATION Under the Access to Information and Protection of Privacy Act (ATIPP Act) public bodies such as the Department
More information1. TYPES OF INFORMATION WE COLLECT.
PRIVACY POLICY GLOBAL ASSESSOR POOL, LLC, DBA PINSIGHT ( Company or we or us ) is committed to protecting your privacy. We prepared this Privacy Policy to describe our practices regarding the information
More informationCORPORATE POLICY & PROCEDURE NO. 7 INFORMATION GOVERNANCE POLICY. December 2014
CORPORATE POLICY & PROCEDURE NO. 7 INFORMATION GOVERNANCE POLICY December 2014 DOCUMENT INFORMATION Author: Barbara Sansom Information Governance Manager Equality Impact Assessment Consultation & Approval
More informationBriefly summarised, SURFmarket has submitted the following questions to the Dutch DPA:
UNOFFICIAL TRANSLATION Written opinion on the application of the Wet bescherming persoonsgegevens [Dutch Data Protection Act] in the case of a contract for cloud computing services from an American provider
More informationData Protection Good Practice Note
Data Protection Good Practice Note This explanatory document explains what charities and voluntary organisations need to do to comply with the Data Protection Act 1988 as amended by the Data Protection
More informationCONTRACTS REVIEW FOR INFORMATION GOVERNANCE COMPLIANCE PROCEDURE
This document is uncontrolled once printed. Please check on the CCG s Intranet site for the most up to date version CONTRACTS REVIEW FOR INFORMATION GOVERNANCE COMPLIANCE PROCEDURE Document Title: Contracts
More informationPrivacy & data protection in big data: Fact or Fiction?
Privacy & data protection in big data: Fact or Fiction? Athena Bourka ENISA ISACA Athens Conference 24.11.2015 European Union Agency for Network and Information Security Agenda 1 Privacy challenges in
More informationRisk management, information security and privacy compliance. new meeting of minds or ships in the night?
Risk management, information security and privacy compliance new meeting of minds or ships in the night? Peter Leonard September 2015 page 1 ships in the night + narrowly focussed conversations reasonable
More information1. Introduction. 2. Sectoral Areas Affected. 3. Data Security. 4. Data Breach Requirements. 5. Traffic Data
1. Introduction Special data protection rules apply to the protection of Personal Data by Data Controllers in the electronic communications sector. These are in addition to the general obligations that
More informationResolution on Privacy Protection in Social Network Services
30 th International Conference of Data Protection and Privacy Commissioners Strasbourg, 17 October 2008 Resolution on Privacy Protection in Social Network Services Proposer: Data Protection and Freedom
More informationThe Manitowoc Company, Inc.
The Manitowoc Company, Inc. DATA PROTECTION POLICY 11FitzPatrick & Associates 4/5/04 1 Proprietary Material Version 4.0 CONTENTS PART 1 - Policy Statement PART 2 - Processing Personal Data PART 3 - Organisational
More informationIT Privacy Certification Outline of the Body of Knowledge (BOK) for the Certified Information Privacy Technologist (CIPT)
Page 1 of 6 IT Privacy Certification Outline of the Body of Knowledge (BOK) for the Certified Information Privacy Technologist (CIPT) I. Understanding the need for privacy in the IT environment A. Evolving
More informationValue of the EU Data Protection Reform against the Big Data challenges. Keynote address 5th European Data Protection Days Berlin, 4.5.
Value of the EU Data Protection Reform against the Big Data challenges Keynote address 5th European Data Protection Days Berlin, 4.5.2015 Giovanni Buttarelli European Data Protection Supervisor (Check
More informationDATA PROTECTION POLICY
Title Author Approved By and Date Review Date Mike Pilling Latest Update- Corporation May 2008 1 Aug 2013 DATA PROTECTION ACT 1998 POLICY FOR ALL STAFF AND STUDENTS 1.0 Introduction 1.1 The Data Protection
More informationPreparing for and Responding to an OCR HIPAA Audit
Preparing for and Responding to Carole Klove Carole.Klove@ucsfmedctr.or g Gerry Hinkley gerry.hinkley@pillsburylaw.com SIXTH NATIONAL HIPAA SUMMIT WEST October 10-12, 2012 Overview Background What to expect
More informationLEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction
LEEDS BECKETT UNIVERSITY Information Security Policy 1.0 Introduction 1.1 Information in all of its forms is crucial to the effective functioning and good governance of our University. We are committed
More informationOVERVIEW. stakeholder engagement mechanisms and WP29 consultation mechanisms respectively.
Joint work between experts from the Article 29 Working Party and from APEC Economies, on a referential for requirements for Binding Corporate Rules submitted to national Data Protection Authorities in
More informationOnline Lead Generation: Data Security Best Practices
Online Lead Generation: Data Security Best Practices Released September 2009 The IAB Online Lead Generation Committee has developed these Best Practices. About the IAB Online Lead Generation Committee:
More informationISO 27001 COMPLIANCE WITH OBSERVEIT
ISO 27001 COMPLIANCE WITH OBSERVEIT OVERVIEW ISO/IEC 27001 is a framework of policies and procedures that include all legal, physical and technical controls involved in an organization s information risk
More informationLEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT
LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT 2300 Pursuant to its authority from Article 59 of the Rules of Procedure of the Croatian Parliament, the Legislation Committee determined the revised text
More informationData Protection for Charities
Data Protection for Charities CFG 15 May 2014 Overview Overview and key definitions The data protection principles Fair and lawful processing Data security and outsourcing Rights of data subjects Recent
More informationProtection. Code of Practice. of Personal Data RPC001147_EN_D_19
Protection of Personal Data RPC001147_EN_D_19 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Rules Responsibility
More informationEUROPEAN UNION. Brussels, 12 July 2002 (OR. en) PE-CONS 3636/02 2000/0189 (COD) LEX 365 ECO 217 CODEC 778
EUROPEAN UNION THE EUROPEAN PARLIAMT THE COUNCIL Brussels, 12 July 2002 (OR. en) 2000/0189 (COD) LEX 365 PE-CONS 3636/02 ECO 217 CODEC 778 DIRECTIVE 2002/58/EC OF THE EUROPEAN PARLIAMT AND OF THE COUNCIL
More informationProtection. Code of Practice. of Personal Data RPC001147_EN_WB_L_1
Protection of Personal Data RPC001147_EN_WB_L_1 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Responsibility of Employees
More informationCredit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information
Credit Union Board of Directors Introduction, Resolution and Code for the Protection of Personal Information INTRODUCTION Privacy legislation establishes legal privacy rights for individuals and sets enforceable
More informationEuropean Privacy Reporter
Is this email not displaying correctly? Try the web version or print version. ISSUE 02 European Privacy Reporter An Update on Legal Developments in European Privacy and Data Protection November 2012 In
More informationASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES
ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES Leonard Levy PricewaterhouseCoopers LLP Session ID: SEC-W03 Session Classification: Intermediate Agenda The opportunity Assuming
More informationGENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS
GENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS December 2005 2 GENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS I. OBJECTIVE... 1 II. SCOPE... 1 III. APPLICATION OF LOCAL LAWS...
More informationSOA Governance & Security How BPM Can Help Philip Larson, Director of Product Management, Appian Corporation
SOA Governance & Security How BPM Can Help Philip Larson, Director of Product Management, Appian Corporation Copyright 2006 Appian Corporation. All rights reserved. Agenda! SOA Intro! How BPM And SOA Fit
More informationDATA PROTECTION AND DATA STORAGE POLICY
DATA PROTECTION AND DATA STORAGE POLICY 1. Purpose and Scope 1.1 This Data Protection and Data Storage Policy (the Policy ) applies to all personal data collected and dealt with by Centre 404, whether
More informationPrivacy Update for Australian Government Agencies. What we've seen in the first 12 months of the new APPs and what's next!
Privacy Update for Australian Government Agencies What we've seen in the first 12 months of the new APPs and what's next! Presented by Sharon Rowe and Alec Christie Canberra, 31 March 2015 What we are
More informationHow To Protect Your Privacy Online From Your Company Or Affiliates
Data Security and Privacy Proposed Threshold Questions and Initial Due Diligence Personal information means any information that can be used to identify a specific individual, for example, such individual
More informationUsing Data Analytics to Detect Fraud
Using Data Analytics to Detect Fraud Gerard M. Zack, CFE, CPA, CIA, CCEP Introduction to Data Analytics CPE Instructions Course Objectives How data analytics can be used to detect fraud Different tools
More informationAlign Technology. Data Protection Binding Corporate Rules Controller Policy. 2014 Align Technology, Inc. All rights reserved.
Align Technology Data Protection Binding Corporate Rules Controller Policy Contents INTRODUCTION 3 PART I: BACKGROUND AND ACTIONS 4 PART II: CONTROLLER OBLIGATIONS 6 PART III: APPENDICES 13 2 P a g e INTRODUCTION
More informationTable of contents: ***
Table of contents: *** In Europe the issue of personal data protection is settled by European Parliament s and European Council s Directive 95/46/WE of October 24, 1995 (which is basis of Polish regulations)
More informationAccess Control Policy
Version 3.0 This policy maybe updated at anytime (without notice) to ensure changes to the HSE s organisation structure and/or business practices are properly reflected in the policy. Please ensure you
More informationData Protection for the Guidance Counsellor. Issues To Plan For
Data Protection for the Guidance Counsellor Issues To Plan For Author: Hugh Jones Data Protection Specialist Longstone Management Ltd. Published by the National Centre for Guidance in Education (NCGE)
More informationCCBE RESPONSE REGARDING THE EUROPEAN COMMISSION PUBLIC CONSULTATION ON CLOUD COMPUTING
CCBE RESPONSE REGARDING THE EUROPEAN COMMISSION PUBLIC CONSULTATION ON CLOUD COMPUTING CCBE response regarding the European Commission Public Consultation on Cloud Computing The Council of Bars and Law
More informationFIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES
FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES The implications for privacy and security in the emergence of HIEs The emergence of health information exchanges (HIE) is widely
More informationInhouse Masterclass: Data Developments - Cyber Security & the Right to be Forgotten. MHC.ie
Inhouse Masterclass: Data Developments - Cyber Security & the Right to be Forgotten MHC.ie Rewriting the Past Oisin Tobin otobin@mhc.ie Agenda 1. Background 2. Findings and impact: a) Jurisdiction b) A
More informationHuman Services Quality Framework. User Guide
Human Services Quality Framework User Guide Purpose The purpose of the user guide is to assist in interpreting and applying the Human Services Quality Standards and associated indicators across all service
More informationQUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN 18 085 048 237. better health cover shouldn t hurt
QUEENSLAND COUNTRY HEALTH FUND privacy policy Queensland Country Health Fund Ltd ABN 18 085 048 237 better health cover shouldn t hurt 1 2 contents 1. Introduction 4 2. National Privacy Principles 5 3.
More informationEU Data Protection and Information Security for Banking & Financial Service sectors 4 th December 2014
EU Data Protection and Information Security for Banking & Financial Service sectors 4 th December 2014 Janine Regan, Associate George Willis, Associate charlesrussellspeechlys.com Janine Regan Associate
More informationData Loss Prevention. Keeping sensitive data out of the wrong hands*
Data Loss Prevention Keeping sensitive data out of the wrong hands* September 9, 2007 Aaron Davies-Morris, Director PwC Advisory Services Zeke Jaggernauth, Manager PwC Advisory Services Agenda Data Breaches
More informationOffice 365 Data Processing Agreement with Model Clauses
Enrollment for Education Solutions Office 365 Data Processing Agreement (with EU Standard Contractual Clauses) Amendment ID Enrollment for Education Solutions number Microsoft to complete 7392924 GOLDS03081
More informationHow To Respond To The Nti'S Request For Comment On Big Data And Privacy
Submission to the National Telecommunications and Information Administration (NTIA), U.S. Department of Commerce Docket No. 140514424 4424 01 RIN 0660 XC010 Comments of the Information Technology Industry
More information