Data, Privacy, Cookies and the FTC in Kevin Stark - ExactTarget Maltie Maraj - ExactTarget Nicholas Merker - Ice Miller
|
|
- Ellen Farmer
- 7 years ago
- Views:
Transcription
1 Data, Privacy, Cookies and the FTC in 2013 Kevin Stark - ExactTarget Maltie Maraj - ExactTarget Nicholas Merker - Ice Miller
2 BIOS Kevin Stark: Product Manager at ExactTarget. Focused on data security, identity management, authentication, and authorization problems. He is currently a member of ExactTarget s privacy working group. Twitter Maltie Maraj: Senior Counsel at ExactTarget supporting the sales organization with the drafting and negotiation of agreements, amendments and other related matters. She also provides support and counsel to various groups within ExactTarget regarding privacy and security regulations, practices and policies and intellectual property matters. She is currently a member of ExactTarget s privacy working group. Nicholas Merker: Associate in Ice Miller's Intellectual Property and Litigation Group. His practice includes patent drafting and prosecution; advice and counsel to companies regarding privacy and security regulations, practices and policies; drafting and negotiation of commercial agreements including software and SaaS agreements; infringement risk assessments; information technology audit preparation; and litigation support. Twitter Handle:@nmerker
3 PRIVACY AND THE MARKETER We want one-on-one conversations with consumers. This means collecting as much data as we can. BUT At what point does the consumer revolt? At what point does the government clamp down?
4 CONSUMER PRIVACY In a globally connected world, who protects the consumer? What laws, regulations, and jurisdictions are relevant?
5 TODAY S REGULATORY ENVIRONMENT CAN-SPAM EU Cookie Directive Do Not Track German Federal Data Protection Act
6 CAN-SPAM Well-defined, well understood legal and regulatory framework for FTC, States Attorneys General, and ISPs can sue under CAN- SPAM, however de facto adoption in many non-u.s. locales Functions on opt-out rather than opt-in Defines what type of content must be present Doesn t address privacy per se addresses spam Very specific to &hl=en&as_sdt=2&as_vis=1&oi=scholarr
7 EU COOKIE DIRECTIVE EU directive regulating the use of cookies on websites EU leaves implementation to member states Very specific to web sites and very specific to cookies (for now) ExactTarget 3sixty The ExactTarget Online Community
8 DO NOT TRACK Proposed HTTP header Web application requests that a web site disable tracking Very specific to HTTP Completely voluntary
9 GERMAN PRIVACY LAW Federal Data Protection Act (Bundesdatenschutzgesetz) Telemedia Act (Telemediengesetz) Speaks to privacy, consent, and tracking, irrespective of technology Describes in detail what must be disclosed and what type of consent must be obtained Relevant to anyone communicating to subscribers in Germany
10 UNITED STATES & THE CATEGORICAL APPROACH HIPAA Gramm-Leach-Bliley COPPA State Privacy Laws FTC National Labor Relations Board
11 PERSONALLY IDENTIFIABLE INFORMATION COPPA State Privacy Laws FTC National Labor Relations Board
12 STATE PRIVACY LAWS California Distinctive and easily-found Privacy Policy Information Gathered How the Information is Shared Process to Review and Request Changes to Stored Information Nebraska and Pennsylvania Prohibits false and/or misleading statements in privacy policies
13 STATE DATA BREACH LAWS Require enterprises to inform impacted consumers of the disclosure of personally identifiable information to an unauthorized third party Non-encrypted Definition of personally identifiable information varies Disclosure requirements vary
14 State Data Breach Laws Require enterprises to inform impacted consumers of the disclosure of personally identifiable information to an unauthorized third party Non-encrypted Definition of personally identifiable information varies Disclosure requirements vary
15 PRIVACY POLICY (FTC V. FACEBOOK) As a result of the settlement, Facebook is now: barred from making misrepresentations about the privacy or security of consumers' personal information; required to obtain consumers' affirmative express consent before enacting changes that override their privacy preferences; required to prevent anyone from accessing a user's material more than 30 days after the user has deleted his or her account; required to establish and maintain a comprehensive privacy program designed to address privacy risks associated with the development and management of new and existing products and services, and to protect the privacy and confidentiality of consumers' information; and required, within 180 days, and every two years after that for the next 20 years, to obtain independent, third-party audits certifying that it has a privacy program in place that meets or exceeds the requirements of the FTC order, and to ensure that the privacy of consumers' information is protected.
16 FTC v. FACEBOOK AFTERMATH Misrepresentation Modifications Account Deletion
17 ACTIVITY TRACKING (FTC V. GOOGLE)
18 PRIVATE AGREEMENTS / TERMS OF USE (FACEBOOK)
19 PRIVATE AGREEMENTS (B2B) Contract provisions may create privacy obligations Representations and Warranties Provisions With Material Breach BAA, Security Agreements, Confidentiality
20 EU DATE PROTECTION DIRECTIVE - UK May 26 th 2011, the UK regulations implementing the amended EU Privacy and Electronic Communications ( E-Privacy ) Directive came into effect. Key changes include: Breach notification telecommunication operators and ISPs are required to notify the ICO of a breach Cookies organizations are required to obtain the consent of users to the organization s storage of cookies on their devices Enforcement powers for breaches of the Privacy regulations impose civil penalties up to 500,000 for serious breaches of the Privacy Regulations of there is: there is a serious breach of the data protection principles; this is likely to cause substantial damage or substantial distress; and the breach is deliberate or reckless The ICO has been especially active this past year and as stated in their 2011/2012 Annual Report, 10 civil penalty notices were issued totaling 1,171,000 in addition to 2 enforcement notices and 76 undertakings. General trend towards harsher penalties for breach throughout the EU (e.g., CNIL/Google)
21 SANCTIONS IN THE UK The ICO can issue an Enforcement Notice for breaches of the data protection principles. Failure to comply with an Enforcement Notice is a criminal offence, punishable by an unlimited fine (also for directors). Both failure to notify and the unlawful obtaining/disclosing of personal data are criminal offences punishable by unlimited fines (also for directors). The Government has the power to increase the sentence for unlawfully obtaining or disclosing personal data to two years imprisonment. The ICO regularly asks for undertakings from organizations in breach in order to name and shame them. Commissioner Christopher Graham at the ICO Data Protection Officer Conference 2011, pushing for increased use of prison sentences.
22 SCOPE OF THE LAW Data protection laws impose standards on data controllers and grant rights to data subjects; data controllers are defined as individuals or entities who decide the purposes for which and manner in which data is processed; personal data is defined as information by which a living individual may be identified.
23 JURISDICTION Data Controllers established in the UK and Data Controllers that are not established in the EEA but use equipment located in the UK to carry out data processing activities (other than merely for the purposes of transit) Use of equipment may include the hosting of a website in the UK or the use of cookies.
24 DATA PROTECTION DIRECTIVE PRINCIPLES Data must be fairly and lawfully processed with the consent of the individual. Data may only be obtained for specified legal purposes, and may not be further processed in any manner incompatible with that purpose. Data must be adequate, relevant, and not excessive in relation to the purpose(s) for which it is collected. Data must be accurate and, where necessary, kept up to date. Data must not be kept longer than necessary. Data must be processed in accordance with the rights of the data subject under the Directive (right to inspect and correct data). Security measures must be taken against unauthorized/unlawful processing and against accidental loss, destruction or damage of data. Data must not be transferred outside the EEA unless the recipient country provides adequate data protection. Also: notification, data transfer permission, security documentation.
25 CONSENT The ICO s legal guidance on the DP Act explains that in order for the Data Subject to signify his agreement to Personal Data relating to him being processed: there must be some active communication between the parties; the adequacy of any consent or purported consent must be evaluated; and consent must be appropriate to the particular circumstances.
26 ONLINE / ELECTRONIC CONSENT Electronic consent will suffice if appropriate safeguards are taken to ensure a Data Subject is aware of the Data Controller s data processing notice: has granted consent (e.g., inclusion of a hyperlink directly above a consent button); and prevent consent by mistake (e.g., a double click acceptance process). The Data Controller should be able to evidence that such safeguards have been put in place (e.g., the Data Controller should be able to demonstrate that the user was provided with sufficient notice and that consent was informed and voluntary).
27 ONGOING DEVELOPMENTS Proposed changes to the EU General Data Protection Regulations still being considered throughout the member states: Increased requirements around consent The right to be forgotten
28 US TRENDS February 2012 Online Privacy Principles released by the White House: Consumer Data Privacy in a Networked World NOT Law simply sets out the Obama Administration's policies for developing a comprehensive online privacy framework The Paper also describes a process for implementation and FTC enforcement.
29 DIGITAL ADVERTISING ALLIANCE ( DAA ) Browser based do not track regime proposed by DAA Endorsed by the White House Not deemed acceptable by the EU because the browser based option is still an opt-out rather than an opt-in mechanism for web surfers
30 FEDERAL TRADE COMMISSION S POSITION In March 2012, the FTC released its final privacy report, Protecting Consumer Privacy in an Era of Rapid Change. Applies to all commercial entities that collect or use consumer data that can be reasonably linked to a specific consumer, computer, or device, unless the entity collects only non-sensitive data from fewer than 5,000 consumers per year and does not share the data with third parties Calls for companies to incorporate privacy by design into their practices; Offer consumers choice about how their data is collected; and Provide consumers with more transparency about their practices Privacy notices should be clearer, shorter, and more standardized to enable better comprehension and comparison of privacy practices.
31 FTC s POSITION The FTC intends that the report be used by Congress in crafting baseline legislation. Like the White House s Paper, this is NOT Law. The FTC makes clear that to the extent that the best practices stated in the report extend beyond existing legal requirements, they are not intended to serve as a template for law enforcement actions or regulations under laws currently enforced by the FTC.
32 FTC s IMPLEMENTATION OF THE FRAMEWORK OVER THE NEXT YEAR Do Not Track: The Commission praises industry s progress in implementing an online Do Not Track mechanism, and it plans to work with industry to complete the implementation of an easyto-use, persistent, and effective mechanism. Mobile: The Commission calls on companies providing mobile services to work toward improved privacy protections, including the development of short, meaningful disclosures. Commission staff hosted a public workshop on May 30, 2012, to address, among other issues, mobile privacy disclosures and how they can be short, effective, and accessible to consumers on small screens. According to the report, the Commission hopes that the workshop will lead to further industry self-regulation in this area. Data brokers: The Commission supports targeted legislation that would provide consumers with access to the information about them held by a data broker. The Commission also calls on data brokers that compile data for marketing purposes to further increase the transparency of their practices by considering the creation of a centralized website where data brokers could: (1) identify themselves to consumers and describe how they collect and use consumer data; and (2) detail the access rights and other choices they provide with respect to the consumer data they maintain. Large platform providers: The Commission to host a public workshop during the second half of 2012 to explore the privacy issues associated with the comprehensive tracking of consumers online activities by large platforms, such as ISPs, operating systems, browsers, and social media. Enforceable self-regulatory codes: The Commission will work with the Department of Commerce and industry stakeholders to create sector-specific codes of conduct. Commission staff will participate in that project.
33 FUTURE US TRENDS Federal law on data security and privacy imminent Federal breach notification Opt-in instead of Opt-out for consent More pressure on industry to accelerate the pace of selfregulations
34 EXACTTARGET AND PRIVACY Honor each individual's unique preferences one of the core tenets of ExactTarget How permission is granted, what is required, and how it is enforced will always be changing We will honor permission, period We will always help you to honor permission We will always be transparent about our privacy policies We will always work very hard to protect the privacy of your subscribers
35 QUESTIONS
Online Interest-Based Advertising: The Road Traveled and the Road Ahead
Online Interest-Based Advertising: The Road Traveled and the Road Ahead Genie Barton VP & Director, Online Interest-Based Advertising Program Advertising Self-Regulatory Council (ASRC)/ Council of Better
More informationMONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY
MONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY Page 1 of 16 Contents Policy Information 3 Introduction 4 Responsibilities 7 Confidentiality 9 Data recording and storage 11 Subject Access 12 Transparency
More informationAn overview of UK data protection law
An overview of UK data protection law Our team Vinod Bange Partner +44 (0)20 7300 4600 v.bange@taylorwessing.com Graham Hann Partner +44 (0)20 7300 4839 g.hann@taylorwessing.com Chris Jeffery Partner +44
More informationE-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY
E-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY Oana Dolea 7 th Annual Leg@l.IT Conference March 26th, 2013 Montreal, Canada INTRODUCTION Mobile e-commerce vs. E-commerce Mobile e-commerce:
More informationAll rights reserved. 2011, EuroPriSe/ULD
January 2011 Position paper on certifiability of online behavioural advertising systems according to EuroPriSe Follow-up EuroPriSe - European Privacy Seal at the Unabhängiges Landeszentrum für Datenschutz
More information1. Introduction. 2. Sectoral Areas Affected. 3. Data Security. 4. Data Breach Requirements. 5. Traffic Data
1. Introduction Special data protection rules apply to the protection of Personal Data by Data Controllers in the electronic communications sector. These are in addition to the general obligations that
More informationUser tracking: Scope and Implementation eprivacy Directive Article 5(3)
User tracking: Scope and Implementation eprivacy Directive Article 5(3) Email Sender & Provider Coalition April 3, 2012 Presented By Karin Retzer 2012 Morrison & Foerster LLP All Rights Reserved mofo.com
More informationANTI-SPAM LAWS IN WESTERN COUNTRIES: A COMPARISON
PRB 09-24E ANTI-SPAM LAWS IN WESTERN COUNTRIES: A COMPARISON Alysia Davies Legal and Legislative Affairs Division 18 January 2010 PARLIAMENTARY INFORMATION AND RESEARCH SERVICE SERVICE D INFORMATION ET
More informationPrivacy Policy for culinarydreamsinc.com
Privacy Policy for culinarydreamsinc.com This privacy policy has been compiled to better serve those who are concerned with how their 'Personally identifiable information' (PII) is being used online. PII,
More informationPolicy Implications: Privacy, Security and Liability Big Data in Telecom. June 7 2012 TIA 2012: INSIDE THE NETWORK Dallas TX
Policy Implications: Privacy, Security and Liability Big Data in Telecom June 7 2012 TIA 2012: INSIDE THE NETWORK Dallas TX Who We Are Leading trade association in support of information and communications
More informationPRIVACY POLICY. www.haiti-now.org -- PO Box 190 662 Miami Beach, FL 33139 -- Tel. +1 786-664- 7747
PRIVACY POLICY This Privacy Policy sets forth the policies of Ayiti Now Corp ("ANC") with respect to nonpublic information you provide to us through this web site (the "Site"). These policies may be changed
More informationWebsite Disclaimer http://www.website-law.co.uk/ourdocumentlicence.html. Disclaimer 1
Website Disclaimer http://www.website-law.co.uk/ourdocumentlicence.html (1) Introduction Disclaimer 1 This disclaimer governs your use of our website; by using our website, you accept this disclaimer in
More informationFord & Thomas Insurance Agency
Ford & Thomas Insurance Agency PRIVACY POLICY NOTICE (As of February 14, 2012) PURPOSE OF THIS NOTICE As provided by law, we are generally prohibited from sharing nonpublic personal information about you
More informationAcceptable Use Policy
Acceptable Use Policy TERMS & CONDITIONS www.tagadab.com INTRODUCTION Tagadab has created this (AUP) for our customers to protect our resources, our customer s resources, and to ensure that Tagadab Ltd
More information[ 2014 Privacy & Security Update ].
U.S. Privacy Law: Hiding in Plain Sight U.S. Federal Trade Commissioner Julie Brill Second German-American Data Protection Day Munich, Germany April 30, 2015 Thank you, Dr. Ehmann, for your kind introduction.
More informationPrivacy Policy obaahealth.com
Privacy Policy obaahealth.com This privacy policy has been compiled to better serve those who are concerned with how their 'Personally identifiable information' (PII) is being used online. PII, as used
More informationtechnical factsheet 176
technical factsheet 176 Data Protection CONTENTS 1. Introduction 1 2. Register with the Information Commissioner s Office 1 3. Period protection rights and duties remain effective 2 4. The data protection
More informationThe Data Protection Landscape. Before and after GDPR: General Data Protection Regulation
The Data Protection Landscape Before and after GDPR: General Data Protection Regulation Data Protection regulations across Europe Current regulations & guidance European Directives 95/46/EC (Data Protection)
More informationCOMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER THE FEDERAL TRADE COMMISSION. In the Matter of Myspace, LLC. FTC File No. 102 3058.
COMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER to THE FEDERAL TRADE COMMISSION In the Matter of Myspace, LLC FTC File No. 102 3058 June 8, 2012 By notice published on May 14, 2012, the Federal Trade
More informationGUIDE TO THE ISLE OF MAN DATA PROTECTION ACT. CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4
GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4 PREFACE The following provides general guidance on data protection
More informationKoch Communications Privacy Policy
Koch Communications Privacy Policy This privacy policy has been compiled to better serve those who are concerned with how their 'Personally identifiable information' (PII) is being used online. PII, as
More informationDATA PROTECTION POLICY
Reference number Approved by Information Management and Technology Board Date approved 14 th May 2012 Version 1.1 Last revised N/A Review date May 2015 Category Information Assurance Owner Data Protection
More informationROEHAMPTON UNIVERSITY DATA PROTECTION POLICY
ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY Originated by: Data Protection Working Group: November 2008 Impact Assessment: (to be confirmed) Recommended by Senate: 28 January 2009 Approved by Council:
More informationData Protection Policy
Data Protection Policy September 2015 Contents 1. Scope 2. Purpose 3. Data protection roles 4. Staff training and guidance 5. About the Data Protection Act 1998 6. Policy 7. The Information Commissioner's
More informationOnline Behavioral Tracking and Targeting Concerns and Solutions from the Perspective of:
Online Behavioral Tracking and Targeting Concerns and Solutions from the Perspective of: Center for Digital Democracy Consumer Federation of America Consumers Union Consumer Watchdog Electronic Frontier
More informationWhat personal information do we collect from the people that visit our blog, website or app?
Privacy Policy This privacy policy has been compiled to better serve those who are concerned with how their 'Personally identifiable information' (PII) is being used online. PII, as used in US privacy
More informationPrivacy Bulletin. Key Differences between US and Canadian Anti-Spam Laws
Privacy Bulletin April 2014 Key Differences between US and Canadian Anti-Spam Laws Canada's Anti-Spam Law (or "CASL") will be in effect in July 2014, about ten years after the U.S. has enacted its anti-spam
More informationOnline and Mobile Privacy Notice ( Privacy Notice )
Online and Mobile Privacy Notice ( Privacy Notice ) Introduction This Privacy Notice applies to the operations of Cigna Global Health Benefits and its affiliated companies listed at the end of this Privacy
More informationPrivacy Policy. Effective Date: November 20, 2014
Privacy Policy Effective Date: November 20, 2014 Welcome to the American Born Moonshine website (this Site ). This policy describes the Privacy Policy (this Policy ) for this Site and describes how Windy
More informationThe Digital Marketing Ecosystem: Trends, Risks and Obligations
The Digital Marketing Ecosystem: Trends, Risks and Obligations Teena H. Lee, Vice President, Privacy and E-commerce Counsel The Estée Lauder Companies Inc. Bridget C. Treacy, Partner, Hunton & Williams
More informationPrivacy Policy. February, 2015 Page: 1
February, 2015 Page: 1 Revision History Revision # Date Author Sections Altered Approval/Date Rev 1.0 02/15/15 Ben Price New Document Rev 1.1 07/24/15 Ben Price Verify Privacy Grid Requirements are met
More informationStaying Out of Trouble: Key Privacy, Data Security, and Advertising Mistakes That Can Put You in the Enforcement Crosshairs
Staying Out of Trouble: Key Privacy, Data Security, and Advertising Mistakes That Can Put You in the Enforcement Crosshairs April 1, 2015 Reed Freeman Heather Zachary Overview Current State of the Market
More informationHIPAA PRIVACY AND SECURITY AWARENESS
HIPAA PRIVACY AND SECURITY AWARENESS Introduction The Health Insurance Portability and Accountability Act (known as HIPAA) was enacted by Congress in 1996. HIPAA serves three main purposes: To protect
More informationMerthyr Tydfil County Borough Council. Data Protection Policy
Merthyr Tydfil County Borough Council Data Protection Policy 2014 Cyfarthfa High School is a Rights Respecting School, we recognise the importance of ensuring that the United Nations Convention of the
More informationData Protection and Community Councils Briefing Note
Data Protection and Community Councils Briefing Note This briefing note has been prepared in response to specific queries raised by Community Councils in Marr in relation to their Data Protection requirements.
More informationPrivacy, Data Collection and Information Management Practice Team November 13, 2003
Overview of Current Anti-Spam Regulations Privacy, Data Collection and Information Management Practice Team The proliferation of unsolicited commercial e-mail, more commonly known as spam, has prompted
More informationDealing with data breaches in Europe and beyond
Dealing with data breaches in Europe and beyond Karin Retzer and Joanna Łopatowska Morrison & Foerster LLP www.practicallaw.com/6-505-9638 The use of increasingly advanced technology means that the ways
More informationTOY INDUSTRY CHECKLIST FOR MOBILE APPS AND PROMOTIONS
TOY INDUSTRY CHECKLIST FOR MOBILE APPS AND PROMOTIONS JULY 2012 Overview Members of the toy industry are fast embracing the world of mobile applications ( apps ). Apps offer a new world of engaging content
More information3/17/2015. Overview HIPAA. Who s Covered? Who s Not Covered? PRIVACY & SECURITY. Regulatory Patchwork: Mobile Health
PRIVACY & SECURITY Regulatory Patchwork: Mobile Health Anna Watterson, Davis Wright Tremaine, LLP Overview When HIPAA applies to mobile apps When FTC has jurisdiction over mobile apps Other considerations:
More informationDATA PROTECTION LAWS OF THE WORLD. Panama
DATA PROTECTION LAWS OF THE WORLD Panama Date of Download: 19 November 2015 PANAMA Last modified 26 January 2015 LAW IN PANAMA In recent years, Panama has taken significant legislative steps to regulate
More informationFRANCE. Chapter XX OVERVIEW
Chapter XX FRANCE Merav Griguer 1 I OVERVIEW France has an omnibus privacy, data protection and cybersecurity framework law. As a member of the European Union, France has implemented the EU Data Protection
More informationE-mail Marketing: CAN- SPAM Act Compliance David J. Ervin and Christopher M. Loeffler, Kelley Drye and Warren LLP
E-mail Marketing: CAN- SPAM Act Compliance David J. Ervin and Christopher M. Loeffler, Kelley Drye and Warren LLP This Practice Note is published by Practical Law Company on its PLC Law Department web
More informationPRIVACY POLICY. comply with the Australian Privacy Principles ("APPs"); ensure that we manage your personal information openly and transparently;
PRIVACY POLICY Our Privacy Commitment Glo Light Pty Ltd A.C.N. 099 730 177 trading as "Lighting Partners Australia of 16 Palmer Parade, Cremorne, Victoria 3121, ( LPA ) is committed to managing your personal
More informationARYZTA PRIVACY POLICY
ARYZTA PRIVACY POLICY TABLE OF CONTENTS 1. Privacy Statement 2. Consent 3. Consent to Share and Disclose Information, Including International Data Transfers 4. Consent to Electronic Notice If There is
More informationQUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN 18 085 048 237. better health cover shouldn t hurt
QUEENSLAND COUNTRY HEALTH FUND privacy policy Queensland Country Health Fund Ltd ABN 18 085 048 237 better health cover shouldn t hurt 1 2 contents 1. Introduction 4 2. National Privacy Principles 5 3.
More informationBBB Wise Giving Alliance & The International Committee of Fundraising Organizations Advancing Trust in the Charitable Sector Federal Trade
BBB Wise Giving Alliance & The International Committee of Fundraising Organizations Advancing Trust in the Charitable Sector Federal Trade Commission, Bureau of Consumer Protection Allison M. Lefrak, Attorney,
More informationData Processing Agreement for Oracle Cloud Services
Data Processing Agreement for Oracle Cloud Services Version December 1, 2013 1. Scope and order of precedence This is an agreement concerning the Processing of Personal Data as part of Oracle s Cloud Services
More informationIf you have any questions about any of our policies, please contact the Customer Services Team.
Acceptable Use Policy (AUP) 1. Introduction Blue Monkee has created this Acceptable Use Policy (AUP) for hosting customers to protect our resources and the resources of our other customers and hosting
More informationData Protection. Processing and Transfer of Personal Data in Kvaerner. Binding Corporate Rules Public Document
Data Protection Processing and Transfer of Personal Data in Kvaerner Binding Corporate Rules Public Document 1 of 19 1 / 19 Table of contents 1 Introduction... 4 1.1 Scope... 4 1.2 Definitions... 4 1.2.1
More informationPrivacy and Electronic Communications Regulations
ICO lo Notification of PECR security breaches Privacy and Electronic Communications Regulations Contents Introduction... 2 Overview... 2 Relevant security breaches... 3 What is a service provider?... 3
More informationPersonal Information Protection and Electronic Documents Act
PIPEDA Self-Assessment Tool Personal Information Protection and Electronic Documents Act table of contents Why this tool is needed... 3 How to use this tool... 4 PART 1: Compliance Assessment Guide Principle
More informationSTATUTORY INSTRUMENTS. S.I. No. 336 of 2011
STATUTORY INSTRUMENTS. S.I. No. 336 of 2011 EUROPEAN COMMUNITIES (ELECTRONIC COMMUNICATIONS NETWORKS AND SERVICES) (PRIVACY AND ELECTRONIC COMMUNICATIONS) REGULATIONS 2011 (Prn. A11/1165) 2 [336] S.I.
More informationShipman & Goodwin LLP. HIPAA Alert STIMULUS PACKAGE SIGNIFICANTLY EXPANDS HIPAA REQUIREMENTS
Shipman & Goodwin LLP HIPAA Alert March 2009 STIMULUS PACKAGE SIGNIFICANTLY EXPANDS HIPAA REQUIREMENTS The economic stimulus package, officially named the American Recovery and Reinvestment Act of 2009
More informationFLASH DELIVERY SERVICE
Privacy Policy FLASH DELIVERY SERVICE is Committed to Protecting Your Privacy Protecting our customers' privacy is an important priority at FLASH DELIVERY SERVICE and we are committed to maintaining strong
More informationCorporate Compliance: A Global Perspective
Corporate Compliance: A Global Perspective 6/27/2012 37 Offices in 18 Countries Current Compliance Environment Ever-intensifying regulatory burden new areas of regulation existing regulations becoming
More informationThe U.S.-EU Safe Harbor Guide to Self-Certification
U.S.-EU Safe Harbor Framework A Guide to Self-Certification Table of Contents Introduction.............................................................1 Overview...............................................................3
More informationPlus500UK Limited. Statement on Privacy and Cookie Policy
Plus500UK Limited Statement on Privacy and Cookie Policy Statement on Privacy and Cookie Policy This website is operated by Plus500UK Limited ("we, us or our"). It is our policy to respect the confidentiality
More informationThe potential legal consequences of a personal data breach
The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.
More informationE-mail Marketing: CAN- SPAM Act Compliance
PRACTICE NOTES E-mail Marketing: CAN- SPAM Act Compliance The following is an excerpt from a Practice Note on our website that examines the federal Controlling the Assault of Non-Solicited Pornography
More informationDATA AND PAYMENT SECURITY PART 1
STAR has teamed up with Prevention of Fraud in Travel (PROFiT) and the Fraud Intelligence Network (FIN) to offer our members the best advice about fraud prevention. We recognise the increasing threat of
More informationEU Data Protection Directive and U.S. Safe Harbor Framework: An Employer Update. By Stephen H. LaCount, Esq.
EU Data Protection Directive and U.S. Safe Harbor Framework: An Employer Update By Stephen H. LaCount, Esq. Overview The European Union Data Protection Directive 95/46/EC ( Directive ) went effective in
More informationGENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS
GENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS December 2005 2 GENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS I. OBJECTIVE... 1 II. SCOPE... 1 III. APPLICATION OF LOCAL LAWS...
More informationPrivacy Policy of Dessauer Group II LLC
Privacy Policy of Dessauer Group II LLC This privacy policy has been compiled to better serve those who are concerned with how their 'Personally identifiable information' (PII) is being used online. PII,
More informationADVANCED CABLE COMMUNICATIONS WEBSITE PRIVACY POLICY COLLECTION AND USE OF INFORMATION FROM USERS
ADVANCED CABLE COMMUNICATIONS WEBSITE PRIVACY POLICY Advanced Cable Communications ( Company ) strives to offer visitors to its website (the Site ) the many advantages of Internet technology and to provide
More informationBUSINESS ASSOCIATE AGREEMENT ( BAA )
BUSINESS ASSOCIATE AGREEMENT ( BAA ) Pursuant to the terms and conditions specified in Exhibit B of the Agreement (as defined in Section 1.1 below) between EMC (as defined in the Agreement) and Subcontractor
More informationZubi Advertising Privacy Policy
Zubi Advertising Privacy Policy This privacy policy applies to information collected by Zubi Advertising Services, Inc. ( Company, we or us ), on our Latino Emoji mobile application or via our Latino Emoji
More informationRECOGNIZING that the Participants each have functions and duties with respect to the protection of personal information in their respective countries;
MEMORANDUM OF UNDERSTANDING BETWEEN THE UNITED STATES FEDERAL TRADE COMMISSION AND THE INFORMATION COMMISSIONER S OFFICE OF THE UNITED KINGDOM ON MUTUAL ASSISTANCE IN THE ENFORCEMENT OF LAWS PROTECTING
More informationBAILIWICK OF GUERNSEY DATA PROTECTION
BAILIWICK OF GUERNSEY DATA PROTECTION CODE OF PRACTICE: CRIMINAL RECORDS CHECK PREFACE Section 56 of the Data Protection (Bailiwick of Guernsey) Law, 2001 ( the DP Law ), as amended by Ordinance in 2010
More informationData protection compliance checklist
Data protection compliance checklist What is this checklist for? This checklist is drawn up on the basis of analysis of the relevant provisions of European law. Although European law aims at harmonizing
More informationData protection issues on an EU outsourcing
Data protection issues on an EU outsourcing Saam Golshani, Alastair Gorrie and Diego Rigatti, Orrick Herrington & Sutcliffe www.practicallaw.com/8-380-8496 Outsourcing can mean subcontracting a process
More informationPersonal Data Protection Policy
Personal Data Protection Policy Please take a moment to read the following Policy. If there is anything you do not understand then please contact us. We are committed to protecting privacy. This Personal
More informationHow To Know What You Can And Can'T Do At The University Of England Students Union
HOW WE USE YOUR INFORMATION This privacy notice tells you what to expect when University of Essex Students Union (referred to as the SU herein) collects personal information. It applies to information
More informationPRACTICAL LAW DATA PROTECTION MULTI-JURISDICTIONAL GUIDE 2012/13. The law and leading lawyers worldwide
PRACTICAL LAW MULTI-JURISDICTIONAL GUIDE 2012/13 The law and leading lawyers worldwide Essential legal questions answered in 30 key jurisdictions Analysis of critical legal issues AVAILABLE ONLINE AT WWW.PRACTICALLAW.COM/DATAPROTECTION-MJG
More informationTop Issues for Safeguarding Brand Reputation When Engaging In Social Media Activities
Top Issues for Safeguarding Brand Reputation When Engaging In Social Media By: Alan L. Friel, Akash Sachdeva, Jesse Brody and Jatinder Bahra Social media has changed the way people communicate, and enabled
More informationHIPAA Privacy and Security Changes in the American Recovery and Reinvestment Act
International Life Sciences Arbitration Health Industry Alert If you have questions or would like additional information on the material covered in this Alert, please contact the author: Brad M. Rostolsky
More informationInternet Services Terms and Conditions
Internet Services Terms and Conditions 1. These terms and conditions These General Terms and Conditions apply to you if you are a business or residential telecommunications customer of Telnet Telecommunication
More informationSurveying with CustomerGauge - Legal Considerations:
Resource Sheet Surveying with CustomerGauge - Legal Considerations: Adam Dorrell Please Note this is not a legal document, and should be used for guidance only. You are advised to seek legal advice before
More informationE-commerce and the law Anna Soilleux and Katherine Teasdale May 2014
E-commerce and the law Anna Soilleux and Katherine Teasdale May 2014 Overview IP in a website Contracting via the Internet Selling goods and services Consumer terms what do they need to contain? User generated
More information10/4/2012. Marketing: Passport to the EU. October 30, 2012. Legalese. Dennis Dayman
Marketing: Passport to the EU October 30, 2012 1 Legalese This presentation is being provided for informational purposes only. Nothing in this presentation shall be construed as creating a representation,
More informationCovered California. Terms and Conditions of Use
Terms and Conditions of Use Contents: Purpose Of This Agreement Privacy Policy Modification Of This Agreement Permission To Act On Your Behalf How We Identify You Registration Additional Terms For Products
More informationProcessor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries
Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries Sopra HR Software as a Data Processor Sopra HR Software, 2014 / Ref. : 20141120-101114-m 1/32 1.
More informationnexusfordevelopment.org Privacy Policy
nexusfordevelopment.org Privacy Policy This privacy policy has been compiled to better serve those who are concerned with how their 'Personally identifiable information' (PII) is being used online. PII,
More informationData Protection and Privacy Policy
Data Protection and Privacy Policy 1. General This policy outlines Conciliation Resources commitments to respect the privacy of people s personal information and observe the relevant data protection legislation.
More informationCAN-SPAM Policy & Data Verification Guide
BIZ SERVICE PROVIDER CAN-SPAM Compliance & Data Verification Policy Document BSP CAN-SPAM Policy & Data Verification Guide BSP Page 1 of 5 Version 8.1 Effective Date; May 2015 BIZ SERVICE PROVIDER I. Summary
More informationCookies Under Control
Cookies Under Control On June 5, 2012 the new Dutch legislation on the use of cookies enters into force. What does this mean for the online marketing business? 1 CONTENTS 3 4 4 7 8 NEW RULES FOR THE USE
More informationCorporate ICT & Data Management. Data Protection Policy
90 Corporate ICT & Data Management Data Protection Policy Classification: Unclassified Date Created: January 2012 Date Reviewed January Version: 2.0 Author: Owner: Data Protection Policy V2 1 Version Control
More informationLIDL PRIVACY POLICY. Effective Date: June 11, 2015
LIDL PRIVACY POLICY Effective Date: June 11, 2015 Thank you for visiting Lidl US, LLC's (3500 S. Clark Street, Arlington, VA 22202) website (collectively, "Lidl," "we," or "us"). We are committed to providing
More informationThe Impact of EU Data Protection Legislation. Thomas Rivera Hitachi Data Systems
Privacy PRESENTATION vs Data TITLE Protection: GOES HERE The Impact of EU Data Protection Legislation Thomas Rivera Hitachi Data Systems SNIA Legal Notice The material contained in this tutorial is copyrighted
More informationCanada s New Anti-Spam Legislation: Overview and Implications for Businesses
dentons.com Focus on Communications Canada s New Anti-Spam Legislation: Overview and Implications for Businesses January, 2011 Contact Margot Patterson Dentons Canada LLP Counsel, Ottawa margot.patterson@dentons.com
More informationData Protection Policy
Data Protection Policy Prepared By: Malkiat Thiarai Head of Corporate Information Management Date of Publication: 23/01/2013 Version: 5.0 Classification: Not Protectively Marked Page 1 Table of Contents
More informationHow To Respect The Agreement On Trade In Cyberspace
CHAPTER 14 ELECTRONIC COMMERCE Article 14.1: Definitions For the purposes of this Chapter: computing facilities means computer servers and storage devices for processing or storing information for commercial
More information2.1 It is an offence under UK law to transmit, receive or store certain types of files.
Website Hosting Acceptable Use Policy 1. Introduction 1.1 Jarrett & Lam Consulting s Acceptable Use Policy for hosting customers to protect our resources, the resources of our customers and to ensure that
More informationFTA Releases Final Report on Consumer Privacy
APRIL 3, 2012 PRIVACY, DATA SECURITY & INFORMATION LAW UPDATE FTC Releases Final Report on Consumer Privacy: Calls for Enhanced Practices and Further Congressional Action On March 26, 2012, the Federal
More informationSan Juan County Abstract & Title Company 111 North Orchard Avenue Farmington, NM 87401 (505) 325-2808 FAX (505) 327-7483
San Juan County Abstract & Title Company 111 North Orchard Avenue Farmington, NM 87401 (505) 325-2808 FAX (505) 327-7483 PRIVACY POLICY November 3, 2014 San Juan County Abstract & Title Company (collectively,
More informationThe HR Skinny: Effectively managing international employee data flows
The HR Skinny: Effectively managing international employee data flows Topics we will cover today Laws affecting HR data flows HR international data protection challenges and strategic solutions Case study
More informationBusiness Conduct, Compliance and Ethics Program. important
Business Conduct, Compliance and Ethics Program important Table of Contents Letter from Troy Kirchenbauer As healthcare s first online direct contracting market, aptitude is committed to upholding the
More informationAugust 28, 2015. Re: In the Matter of Nomi Technologies, Inc., File No. 1323251
UNITED STATES OF AMERICA Federal Trade Commission WASHINGTON, D.C. 20580 Office of the Secretary August 28, 2015 Michelle Lease Policy Counsel Application Developers Alliance Re: In the Matter of Nomi
More informationWww.groundcontrolforhorses.com Privacy Policy
Www.groundcontrolforhorses.com Privacy Policy Use These Quick Links To Jump To The Different Sections Below. Information Collection Information Protection 3rd Party Disclosure Information Usage Cookie
More informationThe HITECH Act: Implications to HIPAA Covered Entities and Business Associates. Linn F. Freedman, Esq.
The HITECH Act: Implications to HIPAA Covered Entities and Business Associates Linn F. Freedman, Esq. Introduction and Overview On February 17, 2009, President Obama signed P.L. 111-05, the American Recovery
More informationOptum Website Privacy Policy
Optum Website Privacy Policy 1 Privacy Website Privacy Policy Introduction We recognize that the privacy of your personal information is important. The purpose of this policy is to let you know how we
More information